Solved: OB52 can we restrict userid BASIS

Former Member · ‎07-05-2010

hi

kindly inform whether there option is availabe to put restrictions on the basis of USERID

in OB52 instead of A, D, K, M , S like /

Becoz in our scenario some users have to work in cross modules so period to be restricted on

USERID basis?

Edited by: johnrambo on Jul 5, 2010 4:31 PM

Edited by: johnrambo on Jul 7, 2010 10:13 AM

Former Member · ‎07-07-2010

Hi ,

Ob52 very critical transaction normally in many of the projects a firefighter role is build and assigned to the users who require them for month end closing.

See if you have firefighter product which is now called as SAP GRC 5.3 (SPM / Super privelege management)

if you have to still do it role based follow other experts instructions.

From my understanding you might have to build role exclusively for the users who need them.

Former Member · ‎07-07-2010

Hi

It can be restricted thru T.Code : PFCG in that we can limit the user access.

Thanks & Regards,

Mani

Former Member · ‎07-07-2010

You control this via the role assignments to the users. This is a basic RBAC concept & is how we provide the restriction at userid level.

Former Member · ‎07-07-2010

Hi ,

Ob52 very critical transaction normally in many of the projects a firefighter role is build and assigned to the users who require them for month end closing.

See if you have firefighter product which is now called as SAP GRC 5.3 (SPM / Super privelege management)

if you have to still do it role based follow other experts instructions.

From my understanding you might have to build role exclusively for the users who need them.

Former Member · ‎07-07-2010

> Ob52 very critical transaction normally in many of the projects a firefighter role is build and assigned to the users who require them for month end closing.

Month end closing should not normally be an unforeseen emergency activity....

OB52 is a maintenance view with current settings activated. You can use S_TABU_LIN or add your own code to the events if you want to.

I agree with you that bottling down the access makes sense way beyond SoD and all that jazz - for example the sequence of closing events: you have to know what you are doing and speculation is not a good idea....

Cheers,

Julius

Former Member · ‎07-07-2010

Hi,

if your are looking for OB52 restriction

What you need to do is make sure that in OB52 a split is made between the group that is allowed and the group that is not allowed.

refer SAP documentation on it.

Use

A posting period can be made available to only a limited set of users using the authorization group.

Procedure

If only a limited set of users is to be able to post in a particular posting period, proceed as follows:

Add the posting period authorization (authorization object F_BKPF_BUP) to the authorizations of the selected users. Assign an

authorization group (e.g. '0001').

Enter the account type '+' for the posting period variant to which the restriction is to apply. Enter the period(s) whose use is to be

restricted in the first period, those which are available to all users in the second period, and the authorization group (e.g.

'0001') in the last column.

Useful links:

/thread/807592 [original link is broken]

http://sap.ittoolbox.com/groups/technical-functional/sap-acct/ob52-by-company-code-only-3604273

http://www.sapfans.com/forums/viewtopic.php?f=24&t=34112

http://www.sapfans.com/forums/viewtopic.php?f=24&t=30364&p=98471

NOTE:

if needed, you can even change the standard setting in SU24