cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Limit access to KE4S (Repost billing documents into CO-PA)

former_member222075
Participant

on ‎05-08-2009 10:03 AM

0 Kudos

Hi

The transaction KE4S (repost SD billing documents into CO-PA) doesn't do any permission checks for organizational values. A user with access to this transaction could basically reverse all billings out of CO-PA with a single run.

We thought about using S_TABU_LIN. However as this only works for key fields it is not an option.

Has anyone developed a solution to create some permission checks for KE4S?

Best regards

Jean Daniel

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎05-08-2009 12:45 PM
0 Kudos

There is a transaction in SAP called SHD0 which might help you around this.

What it allows you to do, is take a field on a transaction screen, say company code, and then fill it in with a value, make it display only, and assign that specific, filled in screen, to a specific user.

For more details see the following:

A need exist to modify transactions to limit user access to certain fields.

Using transaction SHD0, a variant group is created.

All users needing the same access will be linked to this group.

All transactions with restrictions will have a transaction variant suitable to thevariant group created, and linked to the variant group.

For example, users from Company Code 1220, may only have access to 1220 plants.

Use transaction SHD0, enter the Tcode, say CO88, and press Enter.

Click on Standard Variant tab, then on the Variant Group subtab. Enter a groupname, say Z1220, and click on create. Add a description.

When ready, the variant groups need to be manually added to the transport.

    • Now a variant group is a created.

Click on Transaction Variants Tab.

The Transaction Variant field will automatically be filled with Z1220CO88, a concatenation of the variant group and transaction code.

Create the transaction variant by clicking on the create button, and making the required changes to the transaction.

When multiple transaction variants need to be created, go back to the Standardvariant tab, enter the Tcode, press Enter and then go back to the TransactionVariant tab.

    • Now the necessary limitations have been added, and the transaction variants created.

(The next step needs to be executed in the production system, because the users will not exist in the development system.)

Go to the Standard Variant tab, and enter the user name of the individual that may execute the transaction.

Click on the assign button.

Click on the Set proposal button.

    • Now the users have been linked, via the variant group, to the various transaction variants.

The users also have to have access to the standard TCode in their normal security roles.

If a user then executes the transaction, say CO88, then the system will route them via the variant group, via the transaction variant to the transaction. The user will only see, and be able to change what has been set up in the transaction variant.

(I have been getting inconsistent results when executing TCodes where the user does not exist in the Variant group.)

Show replies
Show replies
former_member222075
Participant
‎05-08-2009 1:24 PM
0 Kudos

Hi Piet

This is defintely a solution, thanks for your answer. I awarded you points.

It is not so nice, that this solution doesn't work when new users are created. Has anyone another option?

Best regards

Jean Daniel

Former Member
‎05-08-2009 2:09 PM
0 Kudos

SHD0 method will work for new users as well, part of setting up the user ID is then to attach the user ID to the transaction variant.

former_member222075
Participant
‎05-08-2009 2:34 PM
0 Kudos

Hi Piet

Yes, but with the manual process it is always risky that it gets forgotten. As it is a very critical transaction I wouldn't want to relay on this function.

Regards

JD

former_member222075
Participant
‎06-12-2009 10:07 AM
0 Kudos

Hi

We created a new transaction which transmits the entered values to the report RKERV002.

Unfortunately I cannot post the code as it is unreadable in the forum.

Best regards

JD

Edited by: Jean Daniel Keller on Jun 12, 2009 11:09 AM

Ask a Question