Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

can we lock the Transaction codes at Plant level or at company code level ?

Former Member
0 Kudos

can we lock the Transaction codes at Plant level or at company code level ? We have a requirement that users form one plant should be blocked form posting the identified transaction for specified duration , can we Block / lock , unlock the t-codes at plant level or at company code level

5 REPLIES 5

Bernhard_SAP
Employee
Employee
0 Kudos

you need to ask that quesiton in the space of the application you are talking about.....

b.rgds, Bernhard

0 Kudos

Hello Bernhard

i didn't get your answer ,can you please explain more on this ...

0 Kudos

Hi Vikas


can we lock the Transaction codes at Plant level or at company code level ? 

This part of your question is too generic for an answer to be given. IT implies you do not have the basic SAP security concept understanding. If you do, then you need to put more effort into asking a good question. You have senior security people in this thread willing to assist (and your questions hasn't been removed via moderation) but you've wasted 3 days on members asking you clarification questions or providing guess work answers.

The best way to answer your question is for your to provide an example - i.e. a specific transaction code

users form one plant should be blocked form posting the identified transaction for specified duration , can we Block / lock , unlock the t-codes at plant level or at company code level

If you want users to have access for some or the time but remove for other parts then you need to consider options such as:

  1. Have the authorisations in separate role that can be added or removed during a specific time - therefor you are making user admin changes via SU01/SU10 when you don't want the users to have access
  2. Look for SAP standard authorisations for this. For example, financial postings have F_BKPF_BUP for posting periods so you can prevent some users from posting but allow your accountants, etc to post into a specific period before it's closed. This one isn't plant level but is an example
  3. If you don't want the transaction executed by anyone during that period then use SM01 to lock the transaction. That won't do specific plant levels
  4. See if the configuration for the company or plant can somehow be changed to prevent postings during that time (again, functional knowledge and depends if it's for some users and not others)
  5. Work with developer for user exit to control this scenario

Options exist but really come back to a specific requirement and not vague details. The solution may not actually be security authorisation driven (or part of the solution is)

We have a requirement that 

Starting your vague SCN questions with this statement implies that you are spec dumping. It seems as though you have no idea what your customer wants and what the requirement is so you've posted a very generic question with no details

So where to next, please reply with your actual problem and what you have considered as solutions. This might be as simple as rewriting your question from:


that users form one plant should be blocked form posting the identified transaction for specified duration , can we Block / lock , unlock the t-codes at plant level or at company code level

to

During Month End [i.e. specified duration], we need to prevent [Block/Unlock] end users from posting financial documents via FB01 or similar transaction code [i.e. identified transactions] to company code ABCD [company code level].

Note - my example is quite high level example only as posting financial document can be via many different transaction codes.

Once you rewrite your questions and clarify exactly which problem you have to solve, you can then try searching SCN and other sites to see if such a solution has already been proposed.

If not, come back to this thread and explain what you are trying to achieve. In addition, tell us what you have considered as options and why they won't work. You might just get the help you needed

Regards

Colleen

Former Member
0 Kudos

This message was moderated.

former_member230681
Participant
0 Kudos

Hi Vikas

One of the way can be to create a separate role with the intended transaction posting access /plant access and assign that role to users for time they are supposed to perform posting.

Thanks

Anika