09-08-2011 12:48 PM
Dear All,
We have role with Transaction Code VA88
The transaction code VA88 is used to reverse document. A user from a different company code was able to change the sales order of a different company code.
When checked in i see that the Transaction Code VA88 uses "Sales Organization" field for generating output.
I see from SU24 that there is no Authorization Object set to check/restrict Sales Organization. This results in any user from any sales organization can reverse document for any salers organization.
I have added the Authorization Objects V_KNA1_VKO and V_VBAK_VKO in SU24 for Transaction code VA88 and set the restrication of Sales Organization in Org.Levels. However, though restricting the Sales Organization this transaction allows access to other other Sales Organization.
Please advice
Regards
09-08-2011 1:37 PM
Sumanth,
VA88 checks only for the authorization object K_VRGNG. Changing the check proposal for V_KNA1_VKO and V_VBAK_VKO will not solve your purpose, since the program associated with VA88 doesn't have a valid check on these objects.
If you wish to enable the authorization check on these objects, talk to your development team to have an authority check statement included on them.
But, my advise is to discuss with the Line of business to discuss on the impact on doing this restriction.
Regards,
Raghu
09-09-2011 3:11 PM
Hi
You can use tthe user exist EXIT_SAPLKOBS_001 and ABAP Devlopment team inster the Authority-check statement with the object you wanted to check.
Regards
Vikas