04-29-2009 8:25 AM
Hi Freinds,
We have a report created in report painter 'FSI0' (Standard Tcode). We want to restrict the user authorization for this report in 'FSI0' on the company code authorization object. We are using 'F_BKPF_BUK' object in the role creation with company code.
The problem is that this role restricts the user on the object 'F_BKPF_BUK' for a particular company code, but there are other roles which are attached to the user giving access to other company codes. Hence the role gets bypassed.
We cannot remove other roles due to bussiness compulsion. Is there any other way we can restrict the user.
Thnks.
RR
04-29-2009 8:48 AM
> We cannot remove other roles due to bussiness compulsion. Is there any other way we can restrict the user.
SAP security is about allowing, not restricting. I guess you'd need to build an extra authority-check into your report which checks an additional (bespoke) object that isn't used by other programs.
Also, the fact that the user is obviously allowed to view other company codes makes me wonder why this restriction should be tighter for a specific report.....
05-27-2009 8:13 AM