04-14-2008 1:44 PM
Hi,
I have made a secretary-role in my system that allows the secretaries to fill out travel expenses for other employees. But I want to restrict this role so that it is not possible to read other people's credit card transactions via the "insert credit card document"-button, this should only be possible for own trips. I have checked the object P_TRAVL but cannot see any fields in this object that can be used to restrict this? Is it possible to do this in the role via authorizations? The "insert credit card document"-function is the only function that the secretary should not be able to do for other people.
04-14-2008 6:48 PM
04-14-2008 8:18 PM
According to the system trace the P_PERNR-object is not checked during the "Insert credit card document"-operation.
04-14-2008 8:32 PM
It might be checked before the system makes the button available?
Can the user also use the button?
Try to restrict P_PERNR to the user's own records. See whether the check kicks in?
If SU24 has P_PERNR as "check" then theoretically it is possible (via the link between sy-uname and pernr which I believe is in IT 0105).
Cheers,
Julius
04-14-2008 8:50 PM
Hi and thanks for your suggestions!
The secretaries should be able to use the TRIP-transaction on behalf of other people, it is ONLY the credit card documents that should not be accessable by the secretary, therefore I don't think I can use the P_PERNR. Or do I misunderstand you?
Best regards,
Thor-Egil
04-14-2008 9:10 PM
Hi;
I only have end user experience with this... sorry
"Travel" from experience is web inclined. Your secretaries are accessing via SAPGUI, right?
In this case, PERNR is sometimes in some cases exposed to an external application which needs to take care of the security...
If you cannot find a PERNR field in your TRIP transaction, then you might need to look in customizing options (?) or an exit in the standard code to add this, possibly using P_PERNR as that is what the object is intended for as far as I know.
Also check tcode SM20 SU20 whether PERNR turns up in any "Travel" related auth objects?
Cheers,
Julius
Edited by: Julius Bussche on Apr 14, 2008 8:26 PM
04-14-2008 9:22 PM
04-14-2008 9:33 PM
Keep us posted if you find a solution and correct any incorrect statements in answers by quoting them
It helps others who use the search...
Cheers,
Julius