cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User doesn't have authorization to create PO, but PO is getting created by her/his ID.

Former Member

on ‎04-23-2012 11:31 AM

0 Kudos

Hi Experts,

We have one issue in which PO(for internal vendor) and SO (ZSO output type) is getting created by user's ID, but user doesn't have authorization to create it.

According to user, whenever he is trying to run t-code VF04, PO is getting created. User need to run VF04 on the first working day of each month..

Please suggest and revert if more inputs required.

Thanks in advance.

Regards,

Rudresh

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member184701
Active Contributor
‎04-26-2012 1:44 AM
0 Kudos

dear,

please try the following -

create a copy of this user in QAS (test system) and try to replicate this issue.

in QAS running SU01 for this account

you would simply to remove role by role (and run VF04 each time again looking for new PO orders)

when you get that perticular role (say, when you removed that role user is not able any more to create a PO), run PFCG for this role and discover it node by node - look for an object which allows to create those PO) - hit 'Glass' on each item level

you would engage your security guys...

you final result would be the following:

* that particular role has been fixed (say, some values for objec(s) were changed);
* that particular role has been removed from user account / another role has been added;
* another solution.

good luck

Show replies
Show replies
Jelena
Active Contributor
‎04-24-2012 9:57 PM
0 Kudos

I am not sure how exactly all these processes are connected, but obviously either the user actually does have authorization or there is some loophole where authorization is not checked.

Please note that if the user has access to transaction it does not necessarily mean that they cannot create a document. There could be some kind of an interface program that would bypass the transaction authorization check. More thorough review of the authorization objects would be needed. Using authorization trace (rx ST01) should help.

If you believe that authorization is not checked somehwre in SAP where it should, send a message to SAP.

Show replies
Show replies
former_member670403
Explorer
‎04-23-2012 1:24 PM
0 Kudos

Hi,

Please run ME21N or VA01 and afterwards /nSU53 and export the print screen here. We need to understand what your statement means . VF04 is for mass maintaing billing due list.

Regards

Show replies
Show replies
Ask a Question