This website is not affiliated with, sponsored by, or approved by SAP AG.
5 posts • Page 1 of 1
Iam facing the following issue in ECC 6
raised from Security side as we donâ€™t have possibility on restricting the below transactions on either Plant level or some of the organizational level.
QE03, QI03, MBGR, ZQM_ORDER_COG, BMBC, COHVPI, COR2, QA05, QA10L, QI01, QI02, MIGO_GI, MIGO_GR, QPR1, QPR2, LT05, QS21, QS23, QS33, QS31, QS32, QS22, QS23, QDV1, QDV2, QDV7, CV02N, CC01, CC02
Any ideas on how security can be used to restrict the QM transactions listed here .
We arent getting WERKS( Plant ) when we do PFCG for these transactions.
Are you saying you can't use plant level because it is not available because of SAP or you can't use it becasue of your business processes?
Several of those transactions should have plant level security available to them.
Some of the transactions don't typically get security on the transaction as security is handled at a different level, i.e. BMBC. The transactions available via BMBC are used to control access.
LT05 should have security down to the warehouse level.
I only glanced at a few.
Maybe you can elaborate a bit.
Thanks for the reply. The transactions listed below cannot be restricted at the plant level. We checked for some of the QM transactions and during testing user A can view inspection methods in plant A and plant B. We are not able to restrict at the plant level. We also checked the security settings using PFCG , there is no plant field( WERKS) , so we cannot restrict based on plant using PFCG.
Kindly let me know if you have any past experiences or tech details which can help me out here. We are currently using ECC 6.0
Did you go through an updgrade to get to ECC 6.0?
Have you done your SU25 afterwards? And - of course, your SU24? Did you adjust all your roles and load the objects?
This is definitely an issue on your system - I went through an upgrade a couple of weeks ago and during the (ongoing) tests I can at least say for LT05 that it is leveled at LGNUM (not plant, though).
BMBC is (actively) checking these objects:
M_MATE_WRK <--- plant
M_MSEG_LGO <--- storage location (if this check is configured in customising)
Migo_GI checks on:
M_MSEG_WMB <-- plant
M_MSEG_WWE <-- plant
I have been tracing MIGO, all checks are performed.
Unfortunately I cannot check on the QM-transactions, since we don't have QM implemented ...
Please do the following: ask one of your test-users to have a session with you and run a ST01 on her/him whilst she/he is going through the transactions you mentioned. Check the objects you find positively processed against the ones proposed in SU24. Try to sort out the missing ones. Then have your Sec-team take a look at the whole thing again.
BTW. I am going to move this to the security forum. Folks there might have still more insights they can share.
5 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 3 guests