- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Authorization for Transaction in BDC
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Authorization for Transaction in BDC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2009 6:59 AM
Dear All,
We are facing a problem in our implementation. We have developed a Custom Program an in that we are using a BDC of Transaction FB60. However, the requirement is that if the user wants to run T.Code FB60 from SAP GUI straightaway; he/she should be stopped doing it. But if he/she uses that Custom Program (Z-Program), it should not stop them.
Does anybody have the idea as to how the Authorization strategy can be devised for this kind of issue?
Thanks,
Shalin Shah
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2009 7:22 AM
Hi Shalin,
Don't assign user the transaction code FB60 (S_TCODE should not have FB60). This will prevent the user to run the FB60 directly, however, you will have to add the required authorization objects manually so that the BDC program runs. (a quick authorization trace (ST01) would give you the auth objects checked)
SU24 for FB60 : these should be added manually to user's roles.
F_BKPF_BEK
F_BKPF_BES
F_BKPF_BLA
F_BKPF_BUK
F_BKPF_GSB
F_BKPF_KOA
F_FAGL_SEG
Cheers !!
Zaheer
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2009 7:22 AM
Hi Shalin,
Don't assign user the transaction code FB60 (S_TCODE should not have FB60). This will prevent the user to run the FB60 directly, however, you will have to add the required authorization objects manually so that the BDC program runs. (a quick authorization trace (ST01) would give you the auth objects checked)
SU24 for FB60 : these should be added manually to user's roles.
F_BKPF_BEK
F_BKPF_BES
F_BKPF_BLA
F_BKPF_BUK
F_BKPF_GSB
F_BKPF_KOA
F_FAGL_SEG
Cheers !!
Zaheer
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-05-2009 3:24 PM
Hi Zaheer,
Can u explain how did you find the authorization check mentioned for the transaction FB60. please provide me the steps if possible.
Shalin,
Zaheer steps are fine, and aslo try removing the authorization FB60 for that particular user and then run the program in user login and find the failing authorization values using SU53 and assign it to the user hope this will help u.
Regards,
Venki
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-05-2009 3:47 PM
@Venki : That was just the SU24 dump for the transaction FB60.
@Shalin : I re-read your question, seems like users have the roles assigned to them which allows them to user the Z program (BDC) for FB60, then you can take some screenshot/snaps of the existing role and remove the FB60 transaction and then manually add back the auth objects removed because of FB60 removal. So you will not have to re-invent the wheel...
Cheers !!
Zaheer
- SAP Managed Tags:
- Security
