https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue/m-p/5546056#M1266277 <HTML><HEAD></HEAD><BODY><P>&gt; We cannot remove other roles due to bussiness compulsion. Is there any other way we can restrict the user.</P><P></P><P>SAP security is about allowing, not restricting. I guess you'd need to build an extra authority-check into your report which checks an additional (bespoke) object that isn't used by other programs.</P><P></P><P>Also, the fact that the user is obviously allowed to view other company codes makes me wonder why this restriction should be tighter for a specific report.....</P></BODY></HTML> Wed, 29 Apr 2009 07:48:35 GMT jurjen_heeck 2009-04-29T07:48:35Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue/m-p/5546055#M1266276 <HTML><HEAD></HEAD><BODY><P>Hi Freinds,</P><P></P><P>We have a report created in report painter 'FSI0' (Standard Tcode). We want to restrict the user authorization for this report in 'FSI0' on the company code authorization object. We are using 'F_BKPF_BUK' object in the role creation with company code.</P><P></P><P>The problem is that this role restricts the user on the object 'F_BKPF_BUK' for a particular company code, but there are other roles which are attached to the user giving access to other company codes. Hence the role gets bypassed.</P><P></P><P>We cannot remove other roles due to bussiness compulsion. Is there any other way we can restrict the user.</P><P></P><P>Thnks.</P><P>RR</P></BODY></HTML> Wed, 29 Apr 2009 07:25:57 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue/m-p/5546055#M1266276 Former Member 2009-04-29T07:25:57Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue/m-p/5546056#M1266277 <HTML><HEAD></HEAD><BODY><P>&gt; We cannot remove other roles due to bussiness compulsion. Is there any other way we can restrict the user.</P><P></P><P>SAP security is about allowing, not restricting. I guess you'd need to build an extra authority-check into your report which checks an additional (bespoke) object that isn't used by other programs.</P><P></P><P>Also, the fact that the user is obviously allowed to view other company codes makes me wonder why this restriction should be tighter for a specific report.....</P></BODY></HTML> Wed, 29 Apr 2009 07:48:35 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue/m-p/5546056#M1266277 jurjen_heeck 2009-04-29T07:48:35Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue/m-p/5546057#M1266278 <HTML><HEAD></HEAD><BODY><P>This message was moderated.</P></BODY></HTML> Wed, 27 May 2009 07:13:14 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-issue/m-p/5546057#M1266278 Former Member 2009-05-27T07:13:14Z