07-13-2011 8:54 PM
Hi Experts,
We're trying to restrict Goods Receipts by movement type. One of the security roles doesn't have movement type 501 (auth object M_MSEG_BWA). However, when a user is assigned this role, he is still able to perform 501 movement type goods receipts.
The authorization trace indicates a "reason=b" on the authorization check:
M_MSEG_BWA RC=0 reason=B;tcode=WPED;ACTVT=01;BWART=501;
The authorization does not come from any other roles assigned to the user account.
Does anybody has any idea what that "reason=b" is? Is there a way to make sure that SAP does not grant authorization when the user doesn't have it?
We're on ECC 6.0
Thanks!!
JY
07-14-2011 12:19 AM
That object is deactivated in SU24 for that transaction. Check note 1373111 for all reason codes.
Cheers
07-14-2011 12:19 AM
That object is deactivated in SU24 for that transaction. Check note 1373111 for all reason codes.
Cheers
07-14-2011 1:56 PM