Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UseKOSTL & PRCTR fields from Security point of view?

Former Member

‎07-08-2011 12:12 PM

0 Kudos

Hi,

Related to the one I posted few days back. Not sure if I could open the same one again thus creating a new one. Apologies.

From that post it's clear that K_CCA replaces K_REPO_CCA. Right?

Now I would like to know, what about other 'cost centre' specfic objects e.g K_CSKS? Can't K_CCA and K_ORDER handle all sort of auth for cost centres? If not then I would like to know which other cost centre specfic obejcts are still valid in ECC and thus need to be maintained. If there would be some then in addition to RESPAREA perhaps KOSTL will also need to be promoted to org level.

Similaraly please throw some light on do we still have some PRCTR dependent objects in use?

Gill

6 REPLIES 6

Former Member

‎07-18-2011 9:45 AM

0 Kudos

Hi All,

Was offline for few days but didn't expect this thread to be unanswered after it being there for some time now

I request the experts to spare some time and share thier experienced on these CO fileds.

Gill

Former Member
In response to Former Member

‎07-25-2011 8:46 AM

0 Kudos

Hi,

Do we have any experts to comment on this please? I have seen across all forums that question similar to this hasn't ever been attended and I wonder why so? Experienced guys must have handled it many times and thus can help me. Please correct me if I am wrong.

Gill.

Former Member
In response to Former Member

‎07-25-2011 9:06 PM

0 Kudos

Nice rant..

Your question is a bit vague though and does not disclose how much you have worked out for yourself already, and the answer is quite a long one (so I suspect folks are shy of writing a book for you...).

There are some authorative SAP notes on the topic and there is a legacy problem in table TSTCA and some dummy coding checks. What is also a bit confusing is that the concepts for the switch from K_REPO* objects is different to that of K_CSK* objects.

Perhaps if you could describe how it works and what you have a problem with then a discussion and some good advise will follow.

Cheers,

Julius

Former Member
In response to Former Member

‎07-26-2011 6:41 AM

0 Kudos

Hey, I haven't worked on K_CSKS objects but does that mean it's better to commit a mistake first and then raise a question here? That doesn't sound a logical prerequisite and had it required a book to be written then it would have already been there in the market , isn't it?

arpan_paik
Active Contributor
In response to Former Member

‎07-26-2011 7:37 AM

0 Kudos

What are you afraid of? What kind of mistake you think you can make? That might give a heads up....

Regards,

Arpan Paik

Former Member
In response to Former Member

‎07-26-2011 8:13 AM

0 Kudos

Volker Lehnert's book on SAP application security has a whole section on controlling authorizations and references to several SAP notes which explain the transision from the old concept to the new one.

There is a link to it in the sticky FAQ thread.

Table TSTCA should however not be new to you, so you can spot your first problematic transactions quite easily, depending on which release and SP level you are on. You will have to consider that dependency when reading Volker's book.

Cheers,

Julius