RE: [sap-security] Restrict Authorization to ME21N for some Creditors
Posted by
Admin at
|
Share this post:
|
|
0 Comments
 | Posted by Dave Thornburgh on Mar 25 at 8:19 PM |  Mark as helpful |
Mario �
Regarding �creditors�: I feel the need to quote a very good movie. �You
keep using that word. I do not think it means what you think it means.�
It�s not enough to create the authorization object and assign it to the
transaction in SU24. The program code will not enforce an authorization
unless the code is written to do just that. In order for your additional
object to have any effect, you will need to find an appropriate user exit,
BADI, or enhancement spot where you can check the object and influence the
program�s behavior as a result.
Dave
From: MarioVS via sap-security [mailto:sap-security@Groups.ITtoolbox.com]
Sent: Thursday, March 25, 2010 12:38 PM
To: Dave Thornburgh
Subject: [sap-security] Restrict Authorization to ME21N for some Creditors
Posted by MarioVS
on Mar 25 at 3:45 PM
Hi, all
We need some creditors cannot create Order with the ME21N Transaction code,
but when I restrict LIFNR fields to some creditors can create order, this
restriction does not function, the system allows you to create order
creditors who are not authorized:
Perform the following steps to create into the MM_E object class the
authorization Object YACREEDOR:
1-1-With the SU20 transaction code Create Field LIFNR pointing to the table
recorded M_KREDA in the package TEST
2-With the SU21 / SU03 transactions codes Create a new object authorization
"YACREEDOR" in MM_E object class with BUKRS, EKGRP, EKORG and LIFNR fields
With the SU24 transaction code, update the ME21N with the YACREEDOR
authorization Object .
I appreciate your help with regard to this case
MarioVS
**************************************************
**************************************************
*******************************
Este mensaje puede contener informaci�n privilegiada y confidencial. Dicha
informaci�n es exclusivamente para el uso del individuo o entidad al cual
es enviada. Si el lector de este mensaje no es el destinatario del mismo,
queda formalmente notificado que cualquier divulgaci�n, distribuci�n,
reproducci�n o copiado de esta comunicaci�n est� estrictamente
prohibido. Si este es el caso, favor de eliminar el mensaje de su
computadora e informar al emisor a trav�s de un mensaje de respuesta. Las
opiniones expresadas en este mensaje son propias del autor y no
necesariamente coinciden con las de CODETEL
Gracias.
CODETEL
This message may contain information that is priviliged and confidential. It
is intended only for the use of the individual or entity to which it is
addressed. If the reader of this message is not the intended recipient, you
are hereby notified that any dissemination, distribution, reproduction or
copying of this communication is strictly prohibited. If this is the case,
please proceed to destroy the message from your computer and inform the
sender through reply mail. Information in this message that does not
directly relate to the official business of the company shall be understood
as neither given nor endorsed by it.
Thank you.
CODETEL
__.____._ Regarding �creditors�: I feel the need to quote a very good movie. �You
keep using that word. I do not think it means what you think it means.�
It�s not enough to create the authorization object and assign it to the
transaction in SU24. The program code will not enforce an authorization
unless the code is written to do just that. In order for your additional
object to have any effect, you will need to find an appropriate user exit,
BADI, or enhancement spot where you can check the object and influence the
program�s behavior as a result.
Dave
From: MarioVS via sap-security [mailto:sap-security@Groups.ITtoolbox.com]
Sent: Thursday, March 25, 2010 12:38 PM
To: Dave Thornburgh
Subject: [sap-security] Restrict Authorization to ME21N for some Creditors
Posted by MarioVS
on Mar 25 at 3:45 PM
Hi, all
We need some creditors cannot create Order with the ME21N Transaction code,
but when I restrict LIFNR fields to some creditors can create order, this
restriction does not function, the system allows you to create order
creditors who are not authorized:
Perform the following steps to create into the MM_E object class the
authorization Object YACREEDOR:
1-1-With the SU20 transaction code Create Field LIFNR pointing to the table
recorded M_KREDA in the package TEST
2-With the SU21 / SU03 transactions codes Create a new object authorization
"YACREEDOR" in MM_E object class with BUKRS, EKGRP, EKORG and LIFNR fields
With the SU24 transaction code, update the ME21N with the YACREEDOR
authorization Object .
I appreciate your help with regard to this case
MarioVS
**************************************************
**************************************************
*******************************
Este mensaje puede contener informaci�n privilegiada y confidencial. Dicha
informaci�n es exclusivamente para el uso del individuo o entidad al cual
es enviada. Si el lector de este mensaje no es el destinatario del mismo,
queda formalmente notificado que cualquier divulgaci�n, distribuci�n,
reproducci�n o copiado de esta comunicaci�n est� estrictamente
prohibido. Si este es el caso, favor de eliminar el mensaje de su
computadora e informar al emisor a trav�s de un mensaje de respuesta. Las
opiniones expresadas en este mensaje son propias del autor y no
necesariamente coinciden con las de CODETEL
Gracias.
CODETEL
This message may contain information that is priviliged and confidential. It
is intended only for the use of the individual or entity to which it is
addressed. If the reader of this message is not the intended recipient, you
are hereby notified that any dissemination, distribution, reproduction or
copying of this communication is strictly prohibited. If this is the case,
please proceed to destroy the message from your computer and inform the
sender through reply mail. Information in this message that does not
directly relate to the official business of the company shall be understood
as neither given nor endorsed by it.
Thank you.
CODETEL
Copyright © 2010 Toolbox.com and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Dave ThornburghSAP Security Enthusiast
Contributed 100 posts in a group to earn a Bronze Achievement
Related Content
In the Spotlight
White Papers
In the Spotlight
Earn Recognition for Your Contributions at Toolbox for IT. Gain Points for Community Achievements
View this thread online
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
_.____.__ 
