07-24-2014 4:32 AM
Hi,
We have a request to assign all users to RoleA, RoleB at calendar month end. Then after calendar month end, to remove RoleA, RoleB from all users and assign all users to RoleY, RoleZ.
I'm currently doing it thru SU10, adding and removing roles to users at calendar month end.
Is it possible to automate this (assign roles to users then remove roles from users) for every month? May I know the detailed steps to do it?
Thank you.
07-24-2014 5:11 AM
Hi
You would need to build something custom for this
That aside, is there a reason why you need to do this? If this is a common activity I would be questioning the design reasoning and see if there is an alternative approach
Do you have specific access you want to restrict from all users each month-end?
Regards
Colleen
07-24-2014 7:46 AM
Hi Colleen,
Yes, there's specific access that would like to restrict from all users every month end.
regards,
zl
07-24-2014 7:53 AM
do you want to share what that is? Someone might have an alternative solution for you?
07-24-2014 8:44 AM
I agree with Colleen.
Firstly what are you trying to achieve?
Secondly it is sufficiently important as to not operate another control to achieve that objective?
07-24-2014 8:47 AM
Hi,
Would like to restrict users from doing goods movement during month end.
regards,
zl
07-24-2014 8:55 AM
Hello
If the requirement is really 'non -negotiable' then there are several means to automate it.
I hope this helps.
But, like colleen i doubt the reasoning behind this requirement. What is it what they want to achieve? And is this the best way to do it? In our company we do have authorization roles for 'Month End Closing' activities, but they are assigned to users 'all the time'
07-24-2014 10:03 AM
Thanks, is there any specific movement activity that is causing the problem? It's not unknown for inventory activities to require a movement block (MI32/33) for month/period end activities. Generally I would expect the control to be that users are told not to do it and non-compliance has implications. Of course, if this is super-high risk for whatever reason then M. Coenjaerts has given some good methods.
07-24-2014 10:28 AM
Hi,
This is a request from our Finance Users. During month end, there should not be any goods movement but people always forget and do goods movement during month end. And this affect the finance month end closing.
'goods movement' role are removed from users at month end, and after month end users are assigned back 'goods movement' role.
may i know which methods can be scheduled to run by itself?
07-24-2014 1:04 PM
It seems a bit strange that finance are requesting the business to stop day to day operational activities so they can close the books. I question if there is an underlying issue with the business process and design.
07-24-2014 1:11 PM
I have seen clients opts this option during financial year end during which, they would not want any goods movements to happen so that the finance team can reconcile the records. For that, instead of locking the movement types, they would lock the related transaction itself like for outgoing deliveries, couple of movement types are there. Instead of locking all these movement types, they would lock the transaction codes like VL01N, VL10* etc.
G. Lakshmipathi
07-24-2014 1:16 PM
Thanks - thats what I was wonderIng if SM01 transaction locking might be solution or if some function config. When movement types mentioned I immediately thought MIGO and locking that would not help if goods receipt allowed. I assume solution depends on what movenent type?
but you witnessed situation where they relied on authorisations to achieve temporary lock down?
07-24-2014 1:25 PM
Hi
If you want to schedule (so that it runs automatically), then option (1) works best: you can schedule ABAP programs to run in the background, to be started at a certain time , or after a certain event.(using SM36/SM37)
Open (4) could also be schedule, but then this needs to be done outside SAP. Using Windows Task Scheduler or CRON job scheduling in case of unix/linux based systems.
Option (2) and (3) most of the time require "human intervention": you have to prepare the "data set" (which users/roles-assigments you are going to change), generate and start the BIM/CATT script
07-24-2014 4:35 PM
I won't pretend to be a functional expert in logistics or finance, but it seems to me that this is likely a configuration and/or business process issue and not a security issue. I'm pretty sure it is not common for organizations to take away access to MIGO entirely during month-end close. I think rather that most organizations will just do something like lock the period that is being closed, so new postings go to the new period. This should happen anyway, since closing is usually done after the period in question has expired.
You might have a look at , but otherwise this question might be better raised at .
Regards,
Matt