Authorization Objects Involved in a Transaction

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

Post Reply
spedge
Posts: 67
Joined: Wed Feb 01, 2006 5:22 am

Authorization Objects Involved in a Transaction

Post by spedge » Sun Apr 08, 2007 3:02 am

dear friends,

my requirement is that the user should not be able to release the billling document to accounting(in the TCode VF02).as this authorization is available to the user by default in my case,i am not able to determine the authorization objects which need to be deactivated.

otherwise can we know what are authorization objects involved in any transaction?

kindly reply as i need this urgently before we go live.

thanks and regards
shekhar

snmsee
Posts: 3583
Joined: Thu Mar 09, 2006 9:09 am

Post by snmsee » Sun Apr 08, 2007 5:37 am

Try Security forum.

Snowy
Posts: 28796
Joined: Mon Oct 21, 2002 2:33 pm
Location: 3.1415926535

Post by Snowy » Mon Apr 09, 2007 8:39 am

topic moved out of Basis forum.

swright
Posts: 4467
Joined: Sun Oct 20, 2002 3:08 pm
Location: New Zealand

Re: Authorization Objects Involved in a Transaction

Post by swright » Mon Apr 09, 2007 3:00 pm

spedge wrote:dear friends,

my requirement is that the user should not be able to release the billling document to accounting(in the TCode VF02).as this authorization is available to the user by default in my case,i am not able to determine the authorization objects which need to be deactivated.
What do you mean 'by default'? Is this transactino in a Role that everyone has access to? Why? Why not have it in a role that is is assigned only to those who need it to do their job?
spedge wrote: otherwise can we know what are authorization objects involved in any transaction?

kindly reply as i need this urgently before we go live.

thanks and regards
shekhar
How is SU24 configured? That will show you which auths in your Role are inherited by adding VF02.
Have you traced the action (ST01) to see what objects are checked and looked at restricting those?

It sounds like you do not understand the design of your own security :?
Sandi
~~~~

Tuly kiwi. Image

Putting the Chur in Christchurch, bro!

spedge
Posts: 67
Joined: Wed Feb 01, 2006 5:22 am

Post by spedge » Tue Apr 10, 2007 12:55 am

i checked the trace st01 and found that the authorization object i thought to be involved was not there....so i don't think there is anyway that i can restrict the user on the basis of authorization.if there was anything like disabling the Release tab on vf02 screen on the user's screen.


and yes u r technically right in saying that may be i do not understand the security implications.i am a PS consultant and trying to help out the SD scenario through BASIS intervention.

thanks and regards
shekhar

Post Reply