Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

AC 10.0 - built the same function-ID's but get a different result

0 Kudos

Hi all,

in our prod.system we have for example 2 function-ID's with the following characteristics:

1) ZFI_2001

Z01      F_SKA1_BUK      ACTVT 01                                   AND

Z03      F_SKA1_BUK      BUKRS *                                    AND

Z04      S_TCODE TCD      FS00                                        OR

Z04      S_TCODE TCD      FS15                                        OR

Z04      S_TCODE TCD      FS16                                        OR

Z04      S_TCODE TCD      FSS0                                       OR

Z04      S_TCODE TCD      FSS1                                       OR

Z05      F_SKA1_KTP      ACTVT 01                                   AND

Z05      F_SKA1_KTP      KTOPL *                                     AND

2) ZFI_2010

Z01      F_BKPF_BUK      ACTVT 01                                   AND

Z02      F_BKPF_GSB      ACTVT 01                                   AND

Z02      F_BKPF_GSB      GSBER *                                    AND

Z03      F_BKPF_KOA      ACTVT 01                                   AND

Z03      F_BKPF_KOA      KOART S                                   AND

Z04      F_BKPF_BUK      BUKRS *                                    AND

Z05      S_TCODE TCD      F-02                                          OR

Z05      S_TCODE TCD      F-04                                          OR

Z05      S_TCODE TCD      F-06                                          OR

Z05      S_TCODE TCD      F-07                                          OR

Z05      S_TCODE TCD      F-21                                          OR

Z05      S_TCODE TCD      F-27                                          OR

Z05      S_TCODE TCD      F-30                                          OR

Z05      S_TCODE TCD      F-41                                          OR

Z05      S_TCODE TCD      F-42                                          OR

Z05      S_TCODE TCD      F-51                                          OR

Z05      S_TCODE TCD      F-52                                          OR

Z05      S_TCODE TCD      FB01                                          OR

Z05      S_TCODE TCD      FB05                                          OR

Z05      S_TCODE TCD      FB11                                          OR

Z05      S_TCODE TCD      FB41                                          OR

Z05      S_TCODE TCD      FB50                                          OR

Z05      S_TCODE TCD      FBV0                                          OR

In access control I built the same function-ID's:

1) ZFI_2001

SAP Core FI/CO - Produktivsystem P03 Man     FS00     F_SKA1_BUK     ACTVT     01     AND     activ

SAP Core FI/CO - Produktivsystem P03 Man     FS00     F_SKA1_BUK     BUKRS     *     AND     activ

SAP Core FI/CO - Produktivsystem P03 Man     FS00     F_SKA1_KTP     ACTVT     01     AND     activ

SAP Core FI/CO - Produktivsystem P03 Man     FS00     F_SKA1_KTP     KTOPL     *     AND     activ

SAP Core FI/CO - Produktivsystem P03 Man     FSS0     F_SKA1_BUK     ACTVT     01     AND     activ

SAP Core FI/CO - Produktivsystem P03 Man     FSS0     F_SKA1_BUK     BUKRS     *     AND     activ

SAP Core FI/CO - Produktivsystem P03 Man     FSS1     F_SKA1_BUK     ACTVT     01     AND     activ

SAP Core FI/CO - Produktivsystem P03 Man     FSS1     F_SKA1_BUK     BUKRS     *     AND     activ

SAP Core FI/CO - Produktivsystem P03 Man     FSS1     F_SKA1_KTP     ACTVT     01     AND     activ

SAP Core FI/CO - Produktivsystem P03 Man     FSS1     F_SKA1_KTP     KTOPL     *     AND     activ

The rest is inactiv.

2) ZFI_2010

SAP Core FI/CO - Produktivsystem P03 Man     F-02     F_BKPF_BUK     BUKRS     *            

SAP Core FI/CO - Produktivsystem P03 Man     F-02     F_BKPF_GSB     ACTVT     01

SAP Core FI/CO - Produktivsystem P03 Man     F-02     F_BKPF_GSB     GSBER     *

SAP Core FI/CO - Produktivsystem P03 Man     F-02     F_BKPF_KOA     ACTVT     01

SAP Core FI/CO - Produktivsystem P03 Man     F-02     F_BKPF_KOA     KOART     S

SAP Core FI/CO - Produktivsystem P03 Man     F-04     F_BKPF_BUK     ACTVT     01

SAP Core FI/CO - Produktivsystem P03 Man     F-04     F_BKPF_BUK     BUKRS     *

SAP Core FI/CO - Produktivsystem P03 Man     F-04     F_BKPF_GSB     ACTVT     01

SAP Core FI/CO - Produktivsystem P03 Man     F-04     F_BKPF_GSB     GSBER     *

SAP Core FI/CO - Produktivsystem P03 Man     F-04     F_BKPF_KOA     ACTVT     01

This is only the beginning from a long list.

But unfortunately I get a different result.

Has anybody an idea what could be the mistake? I think that it will be the same! Isn't it?

Regards

Thorsten

5 REPLIES 5

kevin_tucholke1
Contributor
0 Kudos

Thorsten:

In your functions that you say are from your 'prod.system', I don't understand what the columns mean.  Is that saying that all of those transactions are connected to all of those objects??  I can understand what you list for the access control side, but am confused aobut what the former list is stating.

Also, I am very surprised that you have so many organizational levels active in your rule set.  I want to make sure that you are aware that in Access Control, a * in the rule set only means *, if you are looking for ANY value you need to use $ instead.  Please review SAP note 1133589.  Even though this states for 5.x, this also applies to 10.0 as well.

thanks

Kevin Tucholke

0 Kudos

Hi Kevin,

thanks for your answer. I have been some days on holiday, that's why I can repeat till now.

The meaning of the columns are:

Group   Object               Field name     from                              AND/OR*

Z01      F_SKA1_BUK      ACTVT           01                              AND

Z03      F_SKA1_BUK      BUKRS           *                               AND

Z04      S_TCODE TCD      FS00                                             OR

Z04      S_TCODE TCD      FS15                                             OR

Z04      S_TCODE TCD      FS16                                             OR

Z04      S_TCODE TCD      FSS0                                            OR

Z04      S_TCODE TCD      FSS1                                            OR

Z05      F_SKA1_KTP      ACTVT           01                              AND

Z05      F_SKA1_KTP      KTOPL           *                                AND

Hopefully it will help you to understand my problem.

Thanks

Thorsten

0 Kudos

Thorsten:

Can you explain what you mean by "Group" above?  This term is not familiar to me.  If what you are saying is that all Actions in your first group above have all the permissions that are also listed, I don't think that you set up the AC functions correctly.  Also, I will state again, that in Access Control, * is NOT a wild card.  Please see previous post.

In my opinion, with the limited knowledge that I have, I don't believe you have the same rules between the examples.

Thanks.

Kevin Tucholke

Sr Consultant

SAP America

Business Analytics Competency Center

0 Kudos

Hi Kevin,

thanks for your first answer.

I have another question to you:

if I make an analysis there is the wrong function-ID evaluated. Where is the point to say to the system which rule set I want to evaluated. I just want to evaluate the own rule-set and not the "global"!

Maybe you can give me an screenshot?

Thanks

Thorsten

0 Kudos

set the configuration parameter 1025 to the rule set you want to default to...

set this by following below path:

SPRO -> Governance, Risk and Compliance ->Access Control - > Maintain configuration settings