Question:
Hi All,
Our client requires that the purchase release transactions (ME54,ME55) be restricted at the cost center level. By default, the pfcg does not bring up the cost center related object for the ME54 and ME55 transactions. I am assuming that mere manual addition of cost center related object under pfcg will not provide the necessary restrictions. We will have to manually change the code in the program which the purchase release transactions check.
Is there any other solution other than changing the code?
Thanks,
Prashanth
Answer:
Did you read the rules and do a search before posting this question?
That comment may sound rude but this question gets asked and answered a lot and you could have found the answer yourself.
A simple search of the Security forum with key words Purchase an Cost cntre will bring several results like ...
http://sapfans.com/forums/viewtopic.php?t=131073&highlight=purchase+cost+center+centre&sid=72be90d391ee829a0d5d2dcfb514f109
and
http://sapfans.com/forums/viewtopic.php?t=117142&highlight=purchase+cost+center+centre&sid=72be90d391ee829a0d5d2dcfb514f109
_________________
Sandi
~~~~
Apparently Father Christmas, the Easter Bunny, the Tooth Fairy and Star Wars aren't real
Tuly kiwi.
Answer:
Hey I don't know what pissed you off that much. If you read my posting carefully you would understand that I had gone through the postings on the forum. What I wanted to know was if some body has found a work around for the mentioned issue without changing the code.
Answer:
I wasn't pissed off I was frustated. The same questions get asked over and over. Your question had been asked for the umpteenth time in the very recent past by someone else.
What makes you think that people who have answered this question time and time again are going to suddenly change their mind and give you a different answer.
You didn't indicate you'd searched, and you didn't specify what release you had*, so how could we know whether or not our answers would be applicable.
Rules* Post OS, DB, release, and version if possible.
I'm sorry if I sounded rude. I meant to sound blunt (clear, to the point, unambiguous etc).
_________________
Sandi
~~~~
Apparently Father Christmas, the Easter Bunny, the Tooth Fairy and Star Wars aren't real
Tuly kiwi.
Answer:
Great posting Sandi! I wasnīt aware of this cost centre topic. We donīt have the fat BUKRS problem, so never realy tried to seperate the buyers.
As you say, searching this site provides a great source of information. Just like OSS, you often have to read more than one posting to get the full picture, which is time consuming... Additionally, in OSS the search function works.
However it is tempting to just smack the question down here in a new topic sometimes in the hope that the comprehensive summary gets copied and pasted into a no effort answer.
There is a trade off between preformance and self-security in the human brain too, which results from using multiple workprocesses in the cerrebellum which are able to trick each other out with delays and substituted return-codes from different aspects of the personality, such that verbal logic which sounds good, over-rides conceptual reality and is executed by the person. This can be perfected in bad design such that you do not even notice it yourself anymore. Presumably, that is what happened to PrashanthM here.
For you, PrashanthM, my friend!
Donīt take it personally.
Some advise: Try to time your questions and schedule them when Sandiīs buffer is cleared.
SAP has changed the kernel.
Ned
Answer:
I check this briefly. Indeed room for improvement perhaps. But even if checked, John A. Jarboeīs statements:
"It is the cost centre stewardīs responsibility to monitor their costs"
and
"Securty is not a substitute for training ...and abdication of responsibilities"
are irreplacable by any automation or integration. Infact, due to automation and integration, they are even MORE important!!!!
This topic should be required by Business and not cosmetically solved by SAP security.
As a test, I ordered a helmet on the CIOīs cost centre with a sticker on the front reading "Achtung!! SOX audit!!". A last example before we change the kernel. Letīs see whether it gets detected...
Ned
Answer:
Hi All,
Our client requires that the purchase release transactions (ME54,ME55) be restricted at the cost center level. By default, the pfcg does not bring up the cost center related object for the ME54 and ME55 transactions. I am assuming that mere manual addition of cost center related object under pfcg will not provide the necessary restrictions. We will have to manually change the code in the program which the purchase release transactions check.
Is there any other solution other than changing the code?
Thanks,
Prashanth
Hi PrashanthM,
Another "lite" option for you:
Copy the transaction X times where X = the amount of seperation which you need.
Name range the transactions ZxxME54 for example, where xx = the cost centre groups required.
Do NOT grant the SAP standard ME54 transaction to the users.
Grant the ZxxME54 transactions as required.
Use transaction SE93 and include an additional authorization check at transaction start to segregate the users who should have the ability to release the POs. You could use the authorization group of the users, or any other appropriate object of your choice WITH the correct activity.
This will give you cosmetic security at the transaction code level of SAP.
Further more, you should check OSS for CONFIG notes relating to the data base table TCDCOUPLES and make further choices.
Hope that helps,
Ned
Answer:
Great posting Sandi! I wasnīt aware of this cost centre topic. We donīt have the fat BUKRS problem, so never realy tried to seperate the buyers.
As you say, searching this site provides a great source of information. Just like OSS, you often have to read more than one posting to get the full picture, which is time consuming... Additionally, in OSS the search function works.
However it is tempting to just smack the question down here in a new topic sometimes in the hope that the comprehensive summary gets copied and pasted into a no effort answer.
Ned
Thanks, I'm willing to help those who make the effort to help themselves. Due to time zones in different parts of the world the great John A. Jarboe usually gets here before me though.
I hould add that want users to understand that by searching they can compare answers offered and make a decsion that best suits their business need. Also a little research can help prevent you implementing a bad solution that someone has posted here maliciously or out of ignorance. Not every question posted will have been posted before but a good number of them have.
This site does not provide universal solutions to all SAP questions, at the drop of a hat. People who come here to help others expect the seekers to do some homework and provide a reasonable explanation of the system release etc so the helpers can proffer an informed opinion or answer.
Oh, and I've reset my user buffer thanks to a pint of beer at lunch so all is well with the world again
_________________
Sandi
~~~~
Apparently Father Christmas, the Easter Bunny, the Tooth Fairy and Star Wars aren't real
Tuly kiwi.
Answer:
Oh, and I've reset my user buffer thanks to a pint of beer at lunch so all is well with the world again
You should test your new buffer a a bit then. SAP does not have an authorization concept for developers! You neeed to trust them.
And routers, firewalls and checks are virtually useless too.
But I do concede, that a beer at lunch is the end of the hassles for the day
Cheers,
Ned