cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization Issue - PS: Project Manager for Project Definition

zainm_bashir
Participant

on ‎05-19-2016 8:42 AM

0 Kudos

Hi Experts,

I am facing below strange issue with authorization of Person Responsible (Field = VERNR) at Project Definition Level:

Business has some high confidential R&D projects going on during the year. During system testing, we witnessed that if any unauthorized user wants to access that project then he can follow below steps:

While Entering Project Number he is not able to access any object of that Project. In order to access and control the project completely he will schedule the project. As soon as system schedules the project, system opens complete project for a moment which can be editable until you switch the tab from Basic Data to Control, that user can change the person responsible name and the project is all available for him.

This is a system loophole, you can say we have a change option available despite of no authorization just before we click or refresh the screen.

Please guide how to fix that bug if anyone have faced this kind of strange issue?

Regards,

Zain Bashir

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

MTerence
Active Contributor
‎05-19-2016 8:58 AM
0 Kudos

Hi Zain,

How he schedules the project ?\

Have you used ACL or based on general role concept.

Regards

Terence

Show replies
Show replies
zainm_bashir
Participant
‎05-19-2016 9:04 AM
0 Kudos

Hello,

It is based on General Role Concept. We are not using ACL.

Regards,
Zain Bashir

MTerence
Active Contributor
‎05-19-2016 9:41 AM
0 Kudos

Hi Zain,

In CJ20N, what are the steps user follows to schedule the project ?

Regards

Terence

zainm_bashir
Participant
‎05-19-2016 9:58 AM
0 Kudos

Please refer below steps for Project Schedule which is being followed by user:

Menu Bar --> Edit --> Dates --> Schedule.

Regards,

Zain Bashir

MTerence
Active Contributor
‎05-19-2016 11:22 AM
0 Kudos

Hi Zain,

This should be because of some authorization issue.

Contact your security team, i guess this can be due to Auth Object C_PROJ_TCD

Regards

Terence

zainm_bashir
Participant
‎05-19-2016 11:34 AM
0 Kudos

Hi Terence,

Please find attached screen shot, it looks fine to me. Can you please guide what exactly i should as them to do in that Object C_PROJ_TCD?

MTerence
Active Contributor
‎05-19-2016 11:45 AM
0 Kudos

Hi Zain,

Can you expand Auth Object C_PROJ_TCD and share the screenshot

Regards

Terence

zainm_bashir
Participant
‎05-19-2016 12:00 PM
0 Kudos

Hi,

Please refer below:

MTerence
Active Contributor
‎05-19-2016 12:18 PM
0 Kudos

Hi Zain,

You have given full authorization for the Auth object.

Auth Object : C_PROJ_TCD

Field Name : TRTYP

Restrict 'V - Change'

Regards

Terence

zainm_bashir
Participant
‎05-19-2016 12:56 PM
0 Kudos

Dear Terence,

Kindly elaborate which node should be changed to what ?  Thanks for your help !

MTerence
Active Contributor
‎05-19-2016 9:52 PM
0 Kudos

Hi Zain,

I dont have access to SAP now, i am trying to reply based on your screenshots.

You need to open this node and see what are the authorization provided, if its for full authorization, then you need to remove the object "V-Change"

You can contact your security team.

Regards

Terence

Ask a Question