Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access to MI07 by MI24

Former Member

‎01-15-2010 9:11 AM

0 Kudos

Hello,

Situation:

I have a role witch does'nt have the transaction MI07, I have affected this role to a user, So this role doesn't have access to this transaction (threre is no authorization to MI07). But we have in this role the transaction MI24 ( the user access to MI24)

The probleme:

In MI24 there is a button "Post Difference", when the user click on this button, he access to MI07 without problems !!!!!!!!!!!!!!!!!!!!!

Question:

Why the user can acces the MI07 though he doesn't have this transaction in his role.

How that happened? and how we can prevent this?

Thanks all

5 REPLIES 5

andrea_brusarestelletti
Active Contributor

‎01-15-2010 9:44 AM

0 Kudos

Good morning,

beside the transaction code, you have to check also authorization object M_ISEG_WDB, which is closely related to both the transactions: to avoid posting differences from transaction MI24 you must remove activity "01 - Create or generate" from this authorization object in the role you are having issue with, containing transaction MI24.

Hope to be helpful.

Best regards,

Andrea

Former Member
In response to andrea_brusarestelletti

‎01-15-2010 10:30 AM

0 Kudos

Thank you for your answer,

in the the code I have:

FORM INVENTUR_DB_DRUCK USING A-ACTVT

A-WERKS.

AUTHORITY-CHECK OBJECT 'M_ISEG_WDB'

ID 'ACTVT' FIELD A-ACTVT

ID 'WERKS' FIELD A-WERKS.

IF NOT SY-SUBRC IS INITIAL.

AUTH04 = X.

ENDIF.

ENDFORM

And in my role I have removed 01.Create or generate from ACTVITY. Now M_ISEG_WDB in my role has only:

*03.Display * and 04.Print, edit messages in Activity

But I have the same problem !!!!!!!!!!

Former Member
In response to andrea_brusarestelletti

‎01-15-2010 12:00 PM

0 Kudos

You have the same problem, because MI07 is called by tcode, not sy-tcode (T158).

If you want quick and easy help, delete the entry for MI07 in table T158I.

I do, however, agree that the overall behaviour of MI24 is not acceptable. I did a quick search in SMP but could not find a note on that issue, so my overall advise would be: risk note 11 and open a call with SAP.

andrea_brusarestelletti
Active Contributor

‎01-15-2010 1:26 PM

0 Kudos

Hello,

I don't know if you made this check, but you should verifiy with transaction SUIM that the user has not the authorization object M_ISEG_WDB with value "01" in any of the roles he is assigned to.

On top of that, I add that however with this settings, when you press "Posting difference" from transaction MI24, you will keep on going to the initial screen of transaction MI07, but if you the press enter to enter in the document, or save, the system will block the user because of lack of authorizations and won't allow posting the difference.

Best regards,

Andrea

Former Member

‎01-15-2010 2:03 PM

0 Kudos

Hi BOBALICE -

I believe you should be able to solve this issue by maintaining the TCDCOUPLES table with transaction SE97. This table controls whether or not an S_TCODE check is performed between call transactions. Ensure your Check Indicator in SE97 is set to "YES" for the MI24->MI07 relationship. The MI* series of transactions are notorious for having open call tcodes.

There have been a few good discussions on the TCDCOUPLES table if you search the forum history as well. If maintaining the TCDCOUPLES entry does not work, double-check the auth/check/calltransaction parameter to ensure it is not set to 0 which would force your system to ignore the TCDCOUPLES table and bypass the S_TCODE check for all call transactions