cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VA21 displays denied fields

Former Member

on ‎04-18-2016 8:34 PM

0 Kudos

In VA21 we have a role that I've added the authorization object S_SCRP_TXT to. This object includes the field "Text ID". One of the values for this field is "Z919" which is described as "Internal Notes"  and is part of Text Object "VBBK".

In the Authorizations section of PFCG I've added all the values for the "Text ID" field except for "Z919" (see below) with the intent of denying user access to Z919 Internal Notes field.

However this is not working. The test user is still able to add text to this field as shown below in red.

Does anyone know why this is failing and how to deny access to this field (or any other field)?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

VeselinaPeykova
Active Contributor
‎04-19-2016 7:10 AM
0 Kudos

For some reason I doubt that this authorization object is the right one for the purpose.

From what I know, it is used in relation to SO10 texts, which is probably not how your users enter texts for Z919.

Did you run authorization trace to see if S_SCRP_TXT is checked at all when you enter this text for header note in VA21?

When I want to restrict editing for certain information entered directly in the sales document I prefer to use either SAP standard or z-fields instead of document text.

It is easier to report on, easier to validate user input, easier to manage with authorizations, transaction variants or in userexit_field_modification.

I have no idea what kind of information the business intends to set manually in VA21 header texts and how exactly they enter the information, can you explain briefly the process? Any possibility to derive it from a different source - master data, a preceding document?

Show replies
Show replies
Former Member
‎04-20-2016 3:53 PM
0 Kudos

Thanks for your reply Veselina. I’m relatively new to this but the object S_SCRP_TXT was recommended in the thread “Restricting field access in VA21” and this object does contain the "Text ID" field I’m trying to deny so I was surprised when excluding the value Z919 from the field didn’t deny the user access. I’ll try running a trace on this but you also mentioned using “userexit_field_modification”. That would be something more along the lines for an Abaper wouldn’t it?

VeselinaPeykova
Active Contributor
‎04-20-2016 6:29 PM
0 Kudos

Hello Stephen,

yes, to make use of userexit_field_modification you need a person with the authorizations and knowledge of ABAP developer.

Usually changes to roles is are not done by functional consultants, are you in charge of that as well?

If no, maybe you can ask a colleague from your security team to help you out with authorization setup and troubleshooting?

I don't imply that the recommendation to use this object is incorrect, but still - if it does not work as you expected, you need to find out what is going on and ST01 is one of the easiest ways to perform a fast check.

In my old sandbox this object is checked if the user adds a standard text (SO10) to the header note text for example. If the user simply types the text in the header note, which is a very common scenario, I don't think that this check will be executed.

I could be wrong, of course .

Former Member
‎04-21-2016 12:18 PM
0 Kudos

Steven, that's why I've suggested you to go for an exit option in old thread. Kindly have a look at this link in which user faced same issue as yours. Solution has also been proposed in this thread so choice is yours which option you would like to go for. Please try this and share your feedback accordingly. Thanks.

How to restrict user form viewing Text Type in ... | SCN

Former Member
‎04-21-2016 4:02 PM
0 Kudos

I am only involved with assigning authorizations so that's where I focused my solution attempts. If that could not be done I would have turned the task over to Functional Support to research the exit option. However, management has rescinded this request (at least for now) so I no longer have to pursue a solution. Thanks to all for you helpful suggestions. Your assistance is much appreciated.

Ask a Question