Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Lock Actions in PA40

Go to solution
Former Member

‎08-30-2006 6:16 AM

0 Kudos

HI Folks,

We have a new requirement in our role redesign project that Iam working on, where in a particular users in a business group should not be able to do certain actions in the pA40 screen. Restricting at the infotype level is not the answer because for allowing them to do a certain action which need ITs X, Y and Z is also letting them perform any actions that would involve ITs X, Y and Z. The Business is able to complete some other actions as well, which we donot want them to perform. Is there any way of restricting/ providing additional security to a selected actions in the PA40 screen. Smillar thoughts on the PA30 menu tabs as well is appreciated.

Any and all thoughts on this concern is highly appreciated!

1 ACCEPTED SOLUTION

Go to solution
manohar_kappala2
Contributor

‎08-30-2006 3:04 PM

0 Kudos

Hi Madhavi,

The problem is with the P_ORGIN, if you have the Auth Level W for the infotypee 0000(actions)

then he will be able to perform the action tryby removing that n let me know, it should work.

Also if you want him to perform some actions then for IT 0000 adjust the subtype accordingly.

Say for Hiring action you need a combination of 0000 with Subtype 01 with Auth level write.

Hope this helps

Message was edited by: Manohar Kappala

6 REPLIES 6

Go to solution
Former Member

‎08-30-2006 8:33 AM

0 Kudos

Hello Madhavi,

This can be achieved through trial and error method only. Basically it would make use of authorization object PLOG. Create a test user then a test role which has PA40 assigned to it. Then keep on modifying the values in authorization object PLOG and record the results. This will take some time but is a good analytical approach.

Regards.

Ruchit.

Go to solution
Former Member
In response to Former Member

‎08-30-2006 9:01 PM

0 Kudos

Hey Ruchit,

The issue was with P_ORGIN not PLOG. Any way thank you so much for giving me the leads and telling me that it is in the hands of security personal, and not some functional guy's job.

Go to solution
manohar_kappala2
Contributor

‎08-30-2006 3:04 PM

0 Kudos

Hi Madhavi,

The problem is with the P_ORGIN, if you have the Auth Level W for the infotypee 0000(actions)

then he will be able to perform the action tryby removing that n let me know, it should work.

Also if you want him to perform some actions then for IT 0000 adjust the subtype accordingly.

Say for Hiring action you need a combination of 0000 with Subtype 01 with Auth level write.

Hope this helps

Message was edited by: Manohar Kappala

Go to solution
Former Member
In response to manohar_kappala2

‎08-30-2006 9:00 PM

0 Kudos

Thank You so much Manohar, for your valuable guidence. It did solved our problem. I was able to resolve the issue. Otherwise I would have pushed it to the config team thinking it was some configuration requirement. Thanks a lot for your time and advise.

Go to solution
manohar_kappala2
Contributor
In response to manohar_kappala2

‎08-31-2006 5:36 AM

0 Kudos

hi Madhavi,

Well good to know my advice was of some help.

U are welcome!!!!

Enjoy SAP Security

Go to solution
Former Member
In response to manohar_kappala2

‎09-24-2007 8:14 PM

0 Kudos

Since these are dummy infptypes and used only for security purposes, do these need to be made available as a country specific IT in v_t582A? Currently, I do not have this listed, but security team is insisting that it needs to be added to the list of IT's, but from a functional side, there is no logic I can see.

Help appreciated.