Travel & Expense security.

Former Member · ‎10-07-2008

Hi All,

We are using WF to approve travel expenses. For a manager to be able to approve the trips, we are told that he needs aut.object P_TRAVL (field AUTHP = E). However - when given this authorization, the manager also gets access to a button "Change personnel number" in TRIP (or ESS). Via this he can actually create travel expenses for any employee he otherwise has access to.

This is viewed by our users as a security lopphole - which we agree on. Any hints how to solve this without having to dim out the button via code repairs? Can it be solved via field AUTHF?

Former Member · ‎10-07-2008

Any hints how to solve this without having to dim out the button via code repairs? Can it be solved via field AUTHF?

Yes thats right, with the exception that your 3 character field values should not begin with 'W'. For example you can have R** or R*4 etc.

Also use AUTHP with value 'E' to control the same person processing his/her own Travel Expenses but can process other's.

Gp

Former Member · ‎10-07-2008

I know that but the problem is that for that user to be able to execute his own T&E, we have to maintain W value for AUTHF with AUTHP as O..I maintain R for AUTHF with AUTHP as E and it shows the link to change personnel number..

Former Member · ‎10-07-2008

How about two P_TRAVL objs with

1st P_TRAVL

AUTHF - R**

AUTHP - E

2nd P_TRAVL

AUTHF - 1st Char - W, 2nd Char _(space) or 1 and 3rd Char - _(space) or 0 or 1.

AUTHP - O

Gp.

Former Member · ‎10-08-2008

nops..it did not work.

Former Member · ‎10-08-2008

Did you try using P_PERNR too.

Gp.

Former Member · ‎10-16-2008

Do you have Structural Authorization in place?? If so Structural Authoirzation will not work for T&E because they are Finance transaction codes. You can implement BADI "FITV_PERSNO_AUTH_CHK" so that Structural Authorization will work for those transaction codes.