03-19-2008 11:39 AM
Tcode - ME21N
Object - M_BEST_BSA
Activity - 04(Print)
Tcode - ME9F
Object - M_BEST_BSA
Activity - 03(Display)
Now, one user has both these Tcodes through different Roles.
the User is able to Print(Activity 04) using Tcode ME9F.
But he should only have Activity 03 for ME9F.
Why is this happening?
Please help me if I can restrict ME9F to display only.
Thanks.
03-19-2008 11:53 AM
Authorisation sets are additive.
SAP is looking for M_BEST_BSA, actvt=04 and it doesn't care where it gets it from as long as the check is satisfied.
M_BEST_BSA, actvt=04 & M_BEST_BSA, actvt=03 (and their respective doc types) will both be in the user buffer and available for all checks against those value sets.
Without customisation you will not be able to provide this restriction unless you remove actvt=04
07-09-2008 5:32 AM