07-09-2010 11:36 AM
Dear All,
During role creation authorizations provided for cross plant at org. level and object level,now user did posting of vendor meterial for other plant by mistake,how to review and remove cross plant authorizations.
07-09-2010 12:44 PM
the question is not very easy to comprehend........i think you should rephrase the question and make it more meaningful
but from what i can understand, you will need to check the role content, if the posting acess can be restricted then you would have to do that, but be sure that all other users who have the role assigned will also be effected.
i think it is more easier to work on the problem if you could let us know the role content - what are the transactions you have in it?
07-09-2010 12:56 PM
1. ID the transactions they used to do it
2. ID the key auth objects that control the posting
3. Review the roles (in single roles & the combinations of roles) that give the access
4. Remove the access based on steps 1,2,3 or put in a mitigating control
07-09-2010 5:48 PM
Hi ,
I would say perform the test on your DEV(Test box) by putting the trace on for USER=TESTUSER / all his roles as in production or wherever.
See which plant he has access to by seeing the Organization level objects RC code = 0
Decide on which plant he should have access to .
Now find the roles in his user profile which have this object using SUIM tcode
get the role, drill down to the role find the object remove the cross plant object.
Remember if you are having parent child role , organization level is maintained in the child role itself.
transport the changes across the landscape.
Hope this helps