02-16-2010 11:08 PM
Hi all,
I created one role in PFCG and it works fine, then I made an object authorization in RSECADMIN with the next characteristics:
0TCAACTVT
0TCAIPROV
0TCAKYFNM
0TCAVALID
0MATERIAL EQ 764286
So the user only must be access to material 764286,
but when we test the user in RSECADMIN we can run all the queries and all the materials, when we must not have access to all queries neither all materials, we tried to generate the error logs but appears empty.
If I run the user in RRMX we only see the queries that has access this user, but we can see all the materials when that's incorrect because we limited in the RSECADMIN.
It's like a strange behaviour of the transaction RSECADMIN,
Does anybody know if the basis needs to turn on some component to fix this problem or to fix the transaction or what we need to do?
Thanks a lot.
Regards
02-16-2010 11:45 PM
02-17-2010 5:08 AM
Hi,
>>we can run all the queries
you can restrict the queries using S_RS_COMP & S_RS_COMP1 auth objects in your PFCG role.
>>all materials
Cross check in RSD1, whether 0MATERIAL is auth. relevant char. or not.
02-17-2010 4:06 PM
Hi,
Yes all the infoobjects that we use in the object at RSECADMIN have the flag of authorization relevant, and in the role we have the object S_RS_COMP & S_RS_COMP1 are limited just by one query if we run the user in rrmx or rsrt1 it works fine but if we run the test in RSECADMIN we have permission to run all the queries.
Thanks a lot
Regards
02-18-2010 7:56 AM
If 0material is not on the selection screen nor available in rows or columns there will be no check on restricting the figures. So put 0material somewhere in the query and use a variable of type authorisation and the query will be restricted.