Recently we have created a role extracting from SAP_ALL profile. We have deactivated many Basis, and other Critical Tcodes for our Dev & QTY systems by identifying the authorization objects.
But- for SCC4 we want to know if there is any other way to restrict the access.
Since we created the role by extracting the profiles from SAP_ALL. S_TCODE has * value, and S_TABU_CLI: has "X" value.
- problem is we cant deactivate or limit the usage of S_TABU_CLI:X as we have many ZTcodes for direct maintenance, which needs this AO.
- At the same time, we are trying hard to restrict SCC4.
So, please suggest if there is any other alternative way to restrict Tcode SCC4, by not being able to run using the New Role.