Question:
You probably want to post this on the MM site as well but here is my take.
The release strategy can (I believe) be specific to various organizational elements (perhaps cost center but plant, purchasing group etc are more likely). When you grant access to the release code you are at the same time limiting the range of organizational elements that they can release for. The object that controls this is completely separate from cost center reporting.
Answer:
You probably want to post this on the MM site as well but here is my take.
The release strategy can (I believe) be specific to various organizational elements (perhaps cost center but plant, purchasing group etc are more likely). When you grant access to the release code you are at the same time limiting the range of organizational elements that they can release for. The object that controls this is completely separate from cost center reporting.
Yep - the Release stuff works on Code and Group.
However - in our company one can release at Group 1 Code X for Cost Centre nnnn but not for Cost Centre yyyy - therefore I need to control my PReq release (ME55 / ME54) by the value of our characteristics. Since multiple managers will have the same release code (01 for the sake of argument) but only 1 will be authorised to released at 01 for that specific Cost Centre then I want to know how to handle this.
Thank you.
_________________
Kind Regards
Rosie Brent
Please remember to search the forum and check the FAQ before posting questions, thank you.
Tuly Idiot most of the time, part-time Guru
Answer:
You need to take this up with an expert in release strategies. Can they extend the group structure for cost centers? (Heaven forbid the number codes that would generate).
If I recall it is very customizable but this customizing has always been done by MM experts not security. Make sure though that you have release strategies (if necessary) for requisitions charged to projects and requisitions charged to inventory.
Answer:
I can't have any more release stategies - I'll go round the flaming twist. What you're suggesting would mean (in my company) for each manager a release strategy specifically for them.... that's around 40 to maintain on a regular basis - this surely isn't an efficient way to handle this problem?
What I think would be the most sensible solution is to have an custom authorisation object which provides the correct values for person x.
When release strategy 01 is assigned to a P Req person x is checked for having all necessary authorisation on the basis not only of the release strategy - but also of the classification data sub-sets (cost centre, value of requisition etc.) This would need to go into ME55 and ME54 so that it works as if it were the standard checks.
Since SAP provides for release via classification data, there must surely be some way to validate authority for an individual via classification.
_________________
Kind Regards
Rosie Brent
Please remember to search the forum and check the FAQ before posting questions, thank you.
Tuly Idiot most of the time, part-time Guru
Answer:
Three things to consider.
1. Perform a ST01 trace on a release in the transaction s you are trying to control and then lLook at the available authorization listed in SU24 for the tcodes. For MM type transaction codes SAP deliveres alot of the authorizations set to 'N' so they do not fail though SAP is checking. Your control mau be there. (no access to a system at this point or I would check)
2. Look in the IMG (SPRO) to see if there is a configuration setting to turn on additional checks in MM release. MM has several configurable authorizaitons
3. Evaluate the risk (loss to the company), potential of occurance and long term cost to control. You may find it is not worth the trouble and use a detective report to manage the control. Remember in evaluating a scenario , one cannot control against collusion.
Answer:
You say that if you have more than 40 release strategies you'll go around the twist. How many authorizations do you want to have?
Anyway what is the risk? What if management said we'll fire you if you approve outside your cost center?
ps Is the requisition being posted to the cost center? How? As an accrual? I would have thought that the goods receipt would have caused the posting. If there is a posting to a cost center then the validations (as in FI validations) are active and they have user exits.
But remember this means an authorization per manager. If it were me I would code the manager as a the owner of the cost center (doesn't cost center accounting provide for this?) and then I would validate his user id against the cost center owner. Then of course you get into the substitute issue etc. Maybe a workflow solution would be better.
Of course if it were me I wouldn't do this at all. It isn't productive security.
Answer:
I agree that it seems barmy, but I've been boxed into a corner here, as per John's suggestion I've run a trace against the transactions and I can't find anything to help me there
However, I guess I may be able to do what has been requested by copying ME55 & ME54 into custom transactions and adding a custom authorisation. It's not pretty, it's not correct, but it'll provide the company with what they've asked for.
Thank you all for your suggestions.
_________________
Kind Regards
Rosie Brent
Please remember to search the forum and check the FAQ before posting questions, thank you.
Tuly Idiot most of the time, part-time Guru
Answer:
It occurs to me that requisitions are (or can be ) posted to cost centers as plans. I believe validations work here as well. Try the user exit. I gurantee you that copying the tcode will be a very unsatifactory solution. The requisition posting has so many impacts and changes so much in every version that you will regret this a lot.