on 05-11-2015 2:03 PM
Hi Team,
As per SAP standard, one is able to change the status of Availability Control (AVAC) within PS through CJBW (deactivate AVAC), CJBV (activate AVAC) and CJBN (reconstruct AVAC). As such we have limited the access to these transaction codes to our PS super users only as they are critical actions.
We have found that a few users have been able to deactivate AVAC on a project through the following transactions:
FBV0 - Post parked document |
FBVB - Post parked document |
FV50 - Park General Ledger Account Documents |
FV60 - Park Incomming Invoice |
IW32 - Change Work Order |
ME21N - Create Purchase Order |
ME22N - Change Purchase Order |
ME54N - Release Purchase Requisition |
MIGO_GI - Goods Issues |
ML81N - Service Entry Sheet |
MR8M - Cancel Invoice |
The above was identified using table JCDS - status change logs which was executed for WBS element objects when project overspend was investigated. If the above is true, this would cause a situation in that any person who has access to the above would be able to deactivate AVAC on a project.
This can not be allowed as all forms of capital governance is lost in that individuals within the the Buying/Procurement/Contract department can override budget controls put in place by the Capital Portfolio department.
We have tried many times to replicate the issue but we have been unsuccessful and after taking this issue to SAP and no assistance being available as we can not provide steps to replicate, we would like to know if anyone else has seen this issue or has had this same issue?
We have subsequently setup a CJBN batch job to execute daily as a preventative measure but this still will not prevent the issue from reoccuring.
Any help or guidance is greatly appreciated.
Thanks a lot.
Syanne
Hi,
I doubt how come budget deactivated by above mentioned transactions. This could not be true because these transactions are meant for other purposes.
I feel CJBW must have played its role. Why don't you ask your Basis guy to audit the same. You need to cross check the role and authorization of CJBW to user id's. You may also check if any user status or any validations making this happen.
Else, wait for other experts to comment on this. I may be wrong with my advise.
Regards,
Amit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Amit,
Thank you for your response.
We were also shocked when we saw these transactions in the JCDS table. We also do not see how a Change Purchase Order or Park General Ledger Account Documents transaction could deactivate AVAC for a project.
One or two of the users do have access to CJBW but that still does not explain the data being seen in JCDS.
We will ask the Basis team and Auths team if any analysis can be done but without being able to replicate the issue, we do not have high hopes.
Thanks a lot.
Syanne
Hi,
above TCODEs will not affect availability control. availability control will depend on your config whether to activate on budgeting or can not be activated.
please check your settings and also check authorizations with basis. if AVAC is activated or deactivated than you will find entries in JCDS/JEST tables.
thanks
Sunil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sunhil,
Thank you for your response.
As per the JCDS table, the transactions above were used to de-activate the AVAC (I0005) status. This is what is so troubling about this scenario.
We do believe this is a bugg in the system but without us (or the business users) knowing how this was done, SAP nor Basis can help us to debugg this issue.
Logging this message is our last option available to find out how or why this may be happening. All other options thus far have not been successful.
Thanks a lot.
Syanne
Hi,
Did you check the Authorization Object C_PROJ_TCD ?
Department of Authorization : PSARG
Transaction Type : TRTYP
Normally this will be populated if you add transactions, i found this gives access.
I am not sure about how JCDS work, but if you have given the access to users, this might give some lead for your issue.
Regards
Terence
User | Count |
---|---|
107 | |
12 | |
11 | |
6 | |
5 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.