Question:
dear friends,
my requirement is that the user should not be able to release the billling document to accounting(in the TCode VF02).as this authorization is available to the user by default in my case,i am not able to determine the authorization objects which need to be deactivated.
otherwise can we know what are authorization objects involved in any transaction?
kindly reply as i need this urgently before we go live.
thanks and regards
shekhar
Answer:
Try Security forum.
Answer:
topic moved out of Basis forum.
_________________
SapFans Moderator
NetWeaver ‘04–SAP Web AS for ORACLE certified
Search: /forums/search.php
SAP Notes: http://service.sap.com/notes
SAP Help: http://help.sap.com
Basic Rules: /forums/viewtopic.php?t=222759
Answer:
dear friends,
my requirement is that the user should not be able to release the billling document to accounting(in the TCode VF02).as this authorization is available to the user by default in my case,i am not able to determine the authorization objects which need to be deactivated.
What do you mean 'by default'? Is this transactino in a Role that everyone has access to? Why? Why not have it in a role that is is assigned only to those who need it to do their job?
otherwise can we know what are authorization objects involved in any transaction?
kindly reply as i need this urgently before we go live.
thanks and regards
shekhar
How is SU24 configured? That will show you which auths in your Role are inherited by adding VF02.
Have you traced the action (ST01) to see what objects are checked and looked at restricting those?
It sounds like you do not understand the design of your own security
_________________
Sandi
~~~~
Apparently Father Christmas, the Easter Bunny, the Tooth Fairy and Star Wars aren't real
Tuly kiwi.
Answer:
i checked the trace st01 and found that the authorization object i thought to be involved was not there....so i don't think there is anyway that i can restrict the user on the basis of authorization.if there was anything like disabling the Release tab on vf02 screen on the user's screen.
and yes u r technically right in saying that may be i do not understand the security implications.i am a PS consultant and trying to help out the SD scenario through BASIS intervention.
thanks and regards
shekhar