Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Branchs controls by user

Former Member

‎12-04-2014 7:48 PM

0 Kudos

Hello, I'm from Argentina and we have this issue in our system: we need to separate users by Branch, so someone from Branch 1 (assigned by role) only can register documents for that same branch with transaction FB60. In the same way, someone with Branch 1 only can execute documents for that Branch in transaction F110.

We added these objects in both transactions SU24 and then in SU22 with no result:

J_1ACAE

J_1A_AFIP

J_1A_EAFIP

These objects are inside the role the user is assigned to and filled with the corresponding values.

Can someone tell me if it is possible to limit the users using only Roles or do we need another SAP tool to get this done?

We also need to use this same criteria in other transactions across the system.

We need a answer ASAP as we are about to get in productive system.

Thank you very much and regards

Preview file
248 KB
Preview file
43 KB
6 REPLIES 6

former_member298454
Active Participant

‎12-05-2014 8:08 AM

0 Kudos

Did you trace(ST01/STAUTHTRACE) the below actions and determine those authorization objects are being checked?

-   registering documents for that same branch with transaction FB60

-   execute documents for that Branch in transaction F110

Also ,Not advisble to tocuh the SAP deafult authorization content (SU22) as it wont direct impact on your custom roles.

Thanks,krishna

Former Member
In response to former_member298454

‎12-18-2014 6:27 PM

0 Kudos

Thank you, but I fixed it using user parameter 'JEA' + transaction variants (SHD0) for each transaction we need.

Now when we enter another transaction and load a document with another branch not corresponding to the user, and then we enter trx FB60 for example, this last and erroneous branch is loaded again. For the moment, only solution I know is logout and logon to load correct branch. I tried transactions for cleaning buffers, with no success.

Can any tell me if it is possible to limit/correct that value before be loaded with the last value showed, if it is incorrect for the user ?

Thank you and regards

Former Member
In response to former_member298454

‎12-19-2014 10:29 PM

0 Kudos

The user can do this themselves in SU3. Or the program can force them to ask for a parameter value even if not initial.

But user parameters should not be used for meaningful security ideally and only defaults and preferences which the user can influence. Unfortunately this is not the case in all applications.

J* applications also have a special meaning. Much like /xx/ namespaces. They can dodge SAP's own QA checks, so you might want to report it to SAP or the vendor.

Cheers,

Julius

Former Member
In response to former_member298454

‎12-19-2014 10:31 PM

0 Kudos

ps: you should not maintain SU22 ever! Which release are you on? Did you not read the warning?

pps: Also regarding "loading" -> is this a migration program using BDC calls to FB60?

Former Member
In response to former_member298454

‎12-21-2014 8:50 PM

0 Kudos

Hello Julius, changing SU22 was only a test and I've undone them. About your question regarding 'loading': no. We just need the user's parameter value to be used instead of memory values from previous executions.

Thank you

Former Member

‎12-05-2014 10:02 AM

0 Kudos

This message was moderated.