Solved: Restriction on cost/revenue reports on roles

Former Member · ‎06-18-2014

Hello Experts,

My client deals with Power and Infra and has a requirement that at least 5 senior level project executives has to be assigned a same role within the same plant and should be authorized for all project profiles/types. These 5 senior executives should be able to view only cost/reports for the projects these executives are working on and should not be able to view all the projects in the plant.

Is that possible.? I am already in touch with Basis consultant and he is working on this. Is there any other alternative that can be look upon.?

Thanks,

Lakshmi Shukla

Former Member · ‎06-23-2014

Hello Experts,

Is there any enhancement available for this purpose.?

Thanks,

Lakshmi Shukla

Former Member · ‎06-18-2014

Hi,

Did you get a chance to discuss with your security team before positng this requirement? if so what was there response to your requirement. Let them set up test role and test accordingly. you need not to provide any authhorization object since they are very well aware which objects to pick up.

Discuss with your Security team and still not resolved you can post your requirement with specific question.

Thanks,

Sudhakar

Former Member · ‎06-18-2014

Hi,

If Plant is same, check If Profit Center is different for all 5 projects, then roles can be created with restriction of Profit Center. Check for Auth Object C_PROJ_PRC with your Basis Team.

Regrads

Shishir

former_member195427 · ‎06-18-2014

Hi

For reporting authorization : Create a Z-Role as ZS_COMP_PS_GEN_REP_DISP and input reports transaction into 'Menu' tab of this role. Insert the name of all those executives under 'User' tab (PFCG) to whom you want to authorize for displaying reports.

Now, if these reports are made to display specific projects then you have to do little development.

Example: CJI3, You create a screen format through development just like CJI3 and make fields project,posting date, layout etc. as input fields and during execution of it you need to call the standard transaction CJI3 using 'Call Transaction' functionality in ABAP and it will ultimately display project specific data. (You can develop 5 screens this way and can freeze project id's there also)

It's a bit tedious but can be effective. (tedious because you are not sure about the nomber of reports they will be using), a single screen can also be used to call multiple transactions with some preconditions, but it all depends upon ABAPer.

(The above is more useful when authorization comes specific to project id)

Now, to authorize as per project type use Auth. Obj C_PRPS_ART,

To authorize specifically to transaction, use Auth. Obj. C_PROJ_TCD

Regards

Saurabh

MTerence · ‎06-18-2014

Hi,

Do reach out a Security Consultant, who can easily help you out on this.

We have composite and single roles in security, you can have these reports added to the single role and assign to the composite role, make sure you are not having other transaction under other roles.

In one of our project we have moved all reports into couple of roles for PS, and we provide the roles to respective users.

This is simple, get in touch with a Security Consultant.

Thanks

Terence

Former Member · ‎06-18-2014

Hi,

Why dont you put a customer object for PS (like WERKS Plant) in tcode PFCG, then give only one role for all your 5 senior executives assigned in a project.?

Regards,

Amit

Restriction on cost/revenue reports on roles

Accepted Solutions (1)

Accepted Solutions (1)

Answers (5)

Answers (5)

Code de parrainage Bitget : qsk6 (Comment s'inscri...

Post asset acquisition back to old fiscal year

Bitget Referral Code: qsk6 ( How to sign up? )

Re: Build of MDKWebpackFactory failed for SSAM 231...

Re: Is it possible to group all open items into a ...