Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Basic Security Question

former_member759680
Contributor

‎03-19-2008 11:39 AM

0 Kudos

Tcode - ME21N

Object - M_BEST_BSA

Activity - 04(Print)

Tcode - ME9F

Object - M_BEST_BSA

Activity - 03(Display)

Now, one user has both these Tcodes through different Roles.

the User is able to Print(Activity 04) using Tcode ME9F.

But he should only have Activity 03 for ME9F.

Why is this happening?

Please help me if I can restrict ME9F to display only.

Thanks.

2 REPLIES 2

Former Member

‎03-19-2008 11:53 AM

0 Kudos

Authorisation sets are additive.

SAP is looking for M_BEST_BSA, actvt=04 and it doesn't care where it gets it from as long as the check is satisfied.

M_BEST_BSA, actvt=04 & M_BEST_BSA, actvt=03 (and their respective doc types) will both be in the user buffer and available for all checks against those value sets.

Without customisation you will not be able to provide this restriction unless you remove actvt=04

former_member759680
Contributor

‎07-09-2008 5:32 AM

0 Kudos

Thanks everyone