Question:
Can anybody throw any light on why ME23N and ME22N require authorisation objects M_BANF_BSA and M_BEST_BSA activity 01, the user is unable to execute the transaction without these authorisations and can execute the transactions once the authorisations are added to his user id. We are running SAP V4.6C Basis Support Package 46 for 4.6C
Answer:
I know that these objects are needed to define which purchasing document types can be accessed/used - M_BANF_BSA for requisition types and M_BEST_BSA for PO types.
Like you I'm surprised that activity 01 is demanded - in a change or display situation. Are you sure that no other (more appropriate) activity value will work ?
_________________
Best Regards
Bazza
Answer:
46C SPK 48
ME23N Requires 03 in M_BEST_EKO to successfully execute
ME22N Requires 02 in M_BEST_EKO to successfully execute
However that is not what controls change of PO, the user must also have at minimum M_BEST_EKO with 02
Test a user with only a role that you design for testing.
Testing with a role with these objects should get you through a successful execution of ME22/3N.
M_BANF_BSA and M_BEST_BSA are not required to execute these tcodes. For example from the SAP standard menu.
If you are in a business application screen, and you are attempting to do something, and you are receiving this error, you are going about the evaluation of authorizations the wrong way.
Do not go by what tcode is called by another screen, or what your SU53 might say as the authorization you really need.
Do not analyze authorizations needed by tcodes. You could give only ME23N or something similar to a user and find out they can change out the wazzu. Why? Becuase the authorization objects and values mentioned above exist in one of their roles. The program that executes when they attempt to save changes to a PO does not check the users authorizations for ME23N but for the auth objects and values mentioned.
So quit querying "who has tcode ME(anything) and look for who has the auth object and values that are enforced by the program.
_________________
Gary Morris
SAP Security Analyst/Developer
garymorris@sapsecurity.net