eliminate cross plant access for transaction posti...

Former Member · ‎07-09-2010

Dear All,

During role creation authorizations provided for cross plant at org. level and object level,now user did posting of vendor meterial for other plant by mistake,how to review and remove cross plant authorizations.

Former Member · ‎07-09-2010

the question is not very easy to comprehend........i think you should rephrase the question and make it more meaningful

but from what i can understand, you will need to check the role content, if the posting acess can be restricted then you would have to do that, but be sure that all other users who have the role assigned will also be effected.

i think it is more easier to work on the problem if you could let us know the role content - what are the transactions you have in it?

Former Member · ‎07-09-2010

1. ID the transactions they used to do it

2. ID the key auth objects that control the posting

3. Review the roles (in single roles & the combinations of roles) that give the access

4. Remove the access based on steps 1,2,3 or put in a mitigating control

Former Member · ‎07-09-2010

Hi ,

I would say perform the test on your DEV(Test box) by putting the trace on for USER=TESTUSER / all his roles as in production or wherever.

See which plant he has access to by seeing the Organization level objects RC code = 0

Decide on which plant he should have access to .

Now find the roles in his user profile which have this object using SUIM tcode

get the role, drill down to the role find the object remove the cross plant object.

Remember if you are having parent child role , organization level is maintained in the child role itself.

transport the changes across the landscape.

Hope this helps

eliminate cross plant access for transaction posting.