on 04-23-2012 11:31 AM
Hi Experts,
We have one issue in which PO(for internal vendor) and SO (ZSO output type) is getting created by user's ID, but user doesn't have authorization to create it.
According to user, whenever he is trying to run t-code VF04, PO is getting created. User need to run VF04 on the first working day of each month..
Please suggest and revert if more inputs required.
Thanks in advance.
Regards,
Rudresh
dear,
please try the following -
create a copy of this user in QAS (test system) and try to replicate this issue.
in QAS running SU01 for this account
you would simply to remove role by role (and run VF04 each time again looking for new PO orders)
when you get that perticular role (say, when you removed that role user is not able any more to create a PO), run PFCG for this role and discover it node by node - look for an object which allows to create those PO) - hit 'Glass' on each item level
you would engage your security guys...
you final result would be the following:
* that particular role has been fixed (say, some values for objec(s) were changed);* that particular role has been removed from user account / another role has been added;* another solution.good luck
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am not sure how exactly all these processes are connected, but obviously either the user actually does have authorization or there is some loophole where authorization is not checked.
Please note that if the user has access to transaction it does not necessarily mean that they cannot create a document. There could be some kind of an interface program that would bypass the transaction authorization check. More thorough review of the authorization objects would be needed. Using authorization trace (rx ST01) should help.
If you believe that authorization is not checked somehwre in SAP where it should, send a message to SAP.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Please run ME21N or VA01 and afterwards /nSU53 and export the print screen here. We need to understand what your statement means . VF04 is for mass maintaing billing due list.
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
99 | |
11 | |
11 | |
6 | |
6 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.