04-05-2010 2:50 PM
Hi all,
we have a requirement to restrict pricing condition (type) in VA01,VA02 transaction. then i went into SU24 and the object V_KONH_VKS was defaulty set to "Do not check" and proposal to "NO", i changed it to "Check" and proposal to "Yes".
now the inetersting thing is i went in to VA02 program and searched for Auth-Check or Authority-check, but it was not showing the object V_KONH_VKS.
Q1. so will my change in SU24 work and user will be restricted?
Q2. i know the purpose of Authorization Objects in SU24, but why SAP gave so many objects in SU24 that are not even in the program code? i thought if the object is not in the code, it won't work even if we add it to SU24.
Thanks,
SS
04-05-2010 9:53 PM
> i thought if the object is not in the code, it won't work even if we add it to SU24.
Yes, it won't "work" in the way you are expecting it to find it. But it is very usefull to derive authorizations from entry points for further navigation and you will not see all checks via the Ctrl + F search. You might not see any of them...
I regularly use "dummy" transactions, and if you do use parameter transactions then it makes sense to maintain them exactly, otherwise the SAP "core" transaction is proposed, again and again and again...
Run a trace before posting your question and you should be able to help yourself.
Cheers,
Julius
Edited by: Julius Bussche on Apr 5, 2010 10:54 PM
04-05-2010 9:53 PM
> i thought if the object is not in the code, it won't work even if we add it to SU24.
Yes, it won't "work" in the way you are expecting it to find it. But it is very usefull to derive authorizations from entry points for further navigation and you will not see all checks via the Ctrl + F search. You might not see any of them...
I regularly use "dummy" transactions, and if you do use parameter transactions then it makes sense to maintain them exactly, otherwise the SAP "core" transaction is proposed, again and again and again...
Run a trace before posting your question and you should be able to help yourself.
Cheers,
Julius
Edited by: Julius Bussche on Apr 5, 2010 10:54 PM
04-06-2010 3:13 PM
Julius,
Thanks a lot for your response.
once more question why SAP is proposing or adding lot of objects in SU24. some of them even never gets activated or seems to be unrelated to transaction.
Thanks in advance,
SS
04-06-2010 8:33 PM
Hmmm... I see your question more clearly now. Please mark it "unresolved" again.
That a lot of objects are "checked" is fine and no concern for you, but "no check" indicators in large quantities are suspect.
Perhaps someone misunderstood the meaning of the check indicator (in SAP's own development systems it is different) or there are functions in the menus or navigation which can access condition types, etc simply to display them.
Another possibility is that the checks have been built into the F4 search help?
Cheers,
Julius
04-09-2010 2:52 AM
05-23-2012 11:48 AM
Hi we would like to restrict access to pricing condtions in va01 & va02 for some users. Our SAP security analyst has updated (VIA su24) the authorisation object V_KONH_VKS to "Check" and proposal to "Yes".
However we are unaware of which exits this object should be applied to? Our abap programmer has suggested adding this object to the code in the pricing reuirements (in pricing procedure) but we have many of these routines and many pricing conditions. Is there user exits in include MV45AFZZ to add the authorisation object to which would activate it?
Thanks in advance,
Conor