on 05-08-2009 10:03 AM
Hi
The transaction KE4S (repost SD billing documents into CO-PA) doesn't do any permission checks for organizational values. A user with access to this transaction could basically reverse all billings out of CO-PA with a single run.
We thought about using S_TABU_LIN. However as this only works for key fields it is not an option.
Has anyone developed a solution to create some permission checks for KE4S?
Best regards
Jean Daniel
There is a transaction in SAP called SHD0 which might help you around this.
What it allows you to do, is take a field on a transaction screen, say company code, and then fill it in with a value, make it display only, and assign that specific, filled in screen, to a specific user.
For more details see the following:
A need exist to modify transactions to limit user access to certain fields.
Using transaction SHD0, a variant group is created.
All users needing the same access will be linked to this group.
All transactions with restrictions will have a transaction variant suitable to thevariant group created, and linked to the variant group.
For example, users from Company Code 1220, may only have access to 1220 plants.
Use transaction SHD0, enter the Tcode, say CO88, and press Enter.
Click on Standard Variant tab, then on the Variant Group subtab. Enter a groupname, say Z1220, and click on create. Add a description.
When ready, the variant groups need to be manually added to the transport.
Now a variant group is a created.
Click on Transaction Variants Tab.
The Transaction Variant field will automatically be filled with Z1220CO88, a concatenation of the variant group and transaction code.
Create the transaction variant by clicking on the create button, and making the required changes to the transaction.
When multiple transaction variants need to be created, go back to the Standardvariant tab, enter the Tcode, press Enter and then go back to the TransactionVariant tab.
Now the necessary limitations have been added, and the transaction variants created.
(The next step needs to be executed in the production system, because the users will not exist in the development system.)
Go to the Standard Variant tab, and enter the user name of the individual that may execute the transaction.
Click on the assign button.
Click on the Set proposal button.
Now the users have been linked, via the variant group, to the various transaction variants.
The users also have to have access to the standard TCode in their normal security roles.
If a user then executes the transaction, say CO88, then the system will route them via the variant group, via the transaction variant to the transaction. The user will only see, and be able to change what has been set up in the transaction variant.
(I have been getting inconsistent results when executing TCodes where the user does not exist in the Variant group.)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
107 | |
12 | |
11 | |
6 | |
6 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.