Hi Guru,
I have a bit confusion with a snote implementation of note 1988565.....i mentioned the note body in below...
Solution
New switchable authorization checks have been implemented. The checks are delivered inactive to ensure compatibility with your running processes. The checks can be activated in transaction SACF as described in attached manual correction instruction.
New authorization scenario
The following new authorization scenario is available:
BKK_MISC - BKK: Miscellaneous Authority Checks in RFC Enabled Function Modules
This scenario includes the following authorization objects that might be checked if one of the function modules listed below are called by a customer application via external RFC, provided they are applicable:
- F_BKKA_ATT
- F_BKKA_BKA
- F_BKKA_BPG
- F_BKKA_GRP
- F_BKKA_PRG
- F_PROD_GRP
- S_TABU_DIS
Affected business processes, integration scenarios and users
This scenario might be relevant to integration scenarios developed by customers which involve one of the function modules listed below.
Implementation of the switchable authorization check
The switchable authorization scenario is provided via support package. It can also be pre-implemented via below correction instructions in systems with older support packages.
Activation of the authorization check
Follow the post-processing activities below to activate the authorization scenario.
Affected RFC function modules
- BKK_PRODUCT_CHECK_FUNCTION
- BKK_RFC_BANKACCT_BKKRS_COMCODE
- BKK_RFC_PROFIT_AND_LOSS_GET
- BKK_RFC_COND_GET_BKK9ACC (no longer RFC enabled)
- BKK_RFC_COND_GET_BKK9ACC_ACC (no longer RFC enabled
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component EA-FINSERV SAP R/3 Enterpr...|
| Release 600 SAPKGPFD01 - SAPKGPFD27 |
| Release 603 Until SAPK-60316INEAFINSRV |
| Release 604 SAPK-60401INEAFINSRV - SAPK-60417INEAFINSRV |
| Release 605 SAPK-60503INEAFINSRV - SAPK-60513INEAFINSRV |
| Release 606 SAPK-60601INEAFINSRV - SAPK-60612INEAFINSRV |
| Release 616 Until SAPK-61607INEAFINSRV |
| Release 617 SAPK-61701INEAFINSRV - SAPK-61705INEAFINSRV |
------------------------------------------------------------------------
Call transaction SE11, and create the new data element EV00011701:
- Short Description: Open FI-BA: Event 00011701
Short
Length: 10
Label: 00011701
Medium
Length: 10
Label: 00011701
Long
Length: 10
Label: 00011701
Heading
Length: 1
Label: X
------------------------------------------------------------------------
|Manual Post-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component EA-FINSERV SAP R/3 Enterpr...|
| Release 600 SAPKGPFD01 - SAPKGPFD27 |
| Release 603 Until SAPK-60316INEAFINSRV |
| Release 604 SAPK-60401INEAFINSRV - SAPK-60417INEAFINSRV |
| Release 605 SAPK-60503INEAFINSRV - SAPK-60513INEAFINSRV |
| Release 606 SAPK-60601INEAFINSRV - SAPK-60612INEAFINSRV |
| Release 616 Until SAPK-61607INEAFINSRV |
| Release 617 SAPK-61701INEAFINSRV - SAPK-61705INEAFINSRV |
------------------------------------------------------------------------
1. Only up to release EA-FINSERV 603: Call transaction SE91, and create the new message 007 in message class 1N:
Message: 007
Message Short Text: Internal product id &1 does not exist; Enter valid product id
SelfExplanatory: X
2. Call tansaction SM30, select table/view TBE01, and create the new entry 00011701:
Business Transaction Event: 00011701
Text: Authorization Check in Info System (RFC)
Text:
Sample Module: SAMPLE_INTERFACE_00011701
Country/Industry filter:
3. Call tansaction SM30, select table/view V_TBE02, and create the following new entry:
Attribute Type: C
Selection Attribute: BKK_AUTHORITY
Event: 00011701
------------------------------------------------------------------------
|Manual Activity |
------------------------------------------------------------------------
|VALID FOR |
|Software Component EA-FINSERV SAP R/3 Enterpr...|
| Release 600 From SAPKGPFD01 |
| Release 603 All Support Package Levels |
| Release 604 From SAPK-60401INEAFINSRV |
| Release 605 From SAPK-60503INEAFINSRV |
| Release 606 From SAPK-60601INEAFINSRV |
| Release 616 All Support Package Levels |
| Release 617 From SAPK-61701INEAFINSRV |
------------------------------------------------------------------------
Activation of the authorization check is required for all support packages where the authorization scenario is available. This is done by creating a productive authorization scenario from the scenario definition.
Step 1: Create the authorization scenario definition in older support packages (transported in your landscape):
- Start transaction SACF and check if scenario definition BKK_MISC exists. If it exists go to step 2.
- If the scenario definition does not exist in SACF download the file BKK_MISC.txt attached to this note.
- Start transaction SACF_TRANSFER
- Select radio button "Upload", select work area "Scenario Definition", deselect work area "Productive Scenarios", deselect "Test Mode", and execute (F8).
- When prompted choose the file BKK_MISC.txt and confirm upload
- Assign the scenario definition BKK_MISC to development package FKB.
Step 2: Create the productive authorization scenario from the scenario definition (transported in your landscape):
- Start transaction SACF, select "Scenario Definition", select the "Scenario Name" described above, and execute (F8)
- Double click on the scenario definition and press the button "Scenario" (or press F5) to transfer the scenario definition to a productive scenario
- Choose the initial scenario status "Active" or "Logging".
- The productive scenario status "Active" will activate the authorization check and logging to Security Audit Log in the current system and all systems where the productive scenario will be transported to.
- The productive scenario status "Logging" will activate logging to Security Audit Log in the current system and all systems where the productive scenario will be transported to. In status "Logging" the authorization check will always pass irrespective of the actual user authorizations. You can use this status to identify users that require the authorizations that are being checked.
- Using report RSAU_SELECT_EVENTS you can identify users that require authorizations due to the authorization scenario. Aanalyze messages IDs DUO (Authorization check on object &A in scenario &B successful) and DUP (Authorization check on object &A in scenario &B failed)
Step 3: Activate logging of SACF relevant audit messages in the Security Audit Log (not transported, configuration required in all systems of your landscape):
- Ensure that Security Audit Log is activated in transaction SM19, tab "Kernel Parameters"
- Activate the following message IDs in a static Security Audit Log configuration:
- DUO (Authorization check on object &A in scenario &B successful)
- DUP (Authorization check on object &A in scenario &B failed)
- DUQ (Active scenario &A for switchable authorization check was changed - &B)
My question is in this note solution, there is a pre implementation step.....then post implementation step if component version is same as per snote mentioned...for my system the post step is not required... then a manual step.....my question is after completing the pre step am i apply the snote through Tcode snote and then the manual activity i have to do?
Please suggest?
Thanks & Regards,
Samrat Chakraborty
9748068269
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.