Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to deny access to credit card documents when working on other employees

Former Member

‎04-14-2008 1:44 PM

0 Kudos

Hi,

I have made a secretary-role in my system that allows the secretaries to fill out travel expenses for other employees. But I want to restrict this role so that it is not possible to read other people's credit card transactions via the "insert credit card document"-button, this should only be possible for own trips. I have checked the object P_TRAVL but cannot see any fields in this object that can be used to restrict this? Is it possible to do this in the role via authorizations? The "insert credit card document"-function is the only function that the secretary should not be able to do for other people.

7 REPLIES 7

Former Member

‎04-14-2008 6:48 PM

0 Kudos

Have you tried P_PERNR?

Former Member

‎04-14-2008 8:18 PM

0 Kudos

According to the system trace the P_PERNR-object is not checked during the "Insert credit card document"-operation.

Former Member
In response to Former Member

‎04-14-2008 8:32 PM

0 Kudos

It might be checked before the system makes the button available?

Can the user also use the button?

Try to restrict P_PERNR to the user's own records. See whether the check kicks in?

If SU24 has P_PERNR as "check" then theoretically it is possible (via the link between sy-uname and pernr which I believe is in IT 0105).

Cheers,

Julius

Former Member

‎04-14-2008 8:50 PM

0 Kudos

Hi and thanks for your suggestions!

The secretaries should be able to use the TRIP-transaction on behalf of other people, it is ONLY the credit card documents that should not be accessable by the secretary, therefore I don't think I can use the P_PERNR. Or do I misunderstand you?

Best regards,

Thor-Egil

Former Member
In response to Former Member

‎04-14-2008 9:10 PM

0 Kudos

Hi;

I only have end user experience with this... sorry

"Travel" from experience is web inclined. Your secretaries are accessing via SAPGUI, right?

In this case, PERNR is sometimes in some cases exposed to an external application which needs to take care of the security...

If you cannot find a PERNR field in your TRIP transaction, then you might need to look in customizing options (?) or an exit in the standard code to add this, possibly using P_PERNR as that is what the object is intended for as far as I know.

Also check tcode SM20 SU20 whether PERNR turns up in any "Travel" related auth objects?

Cheers,

Julius

Edited by: Julius Bussche on Apr 14, 2008 8:26 PM

Former Member

‎04-14-2008 9:22 PM

0 Kudos

Thanks again, I will check out your suggestions!

Former Member
In response to Former Member

‎04-14-2008 9:33 PM

0 Kudos

Keep us posted if you find a solution and correct any incorrect statements in answers by quoting them

It helps others who use the search...

Cheers,

Julius