topic strange authorization in Application Development and Automation Discussions

strange authorization

bashayreh — Tue, 03 Mar 2020 15:14:01 GMT

Hi All

I reached here because I have the following scenario:

1) we prevented changes and customization to our production client.

2) some of our finance users requires access to OB58 and FSE2 but they start getting:

client x has status 'not modifiable'

3) I unlocked both TCODES and disabled the error message 146.

4) I created a role to grant access for both TCOdes, and assigned that Role to some users.

5) the problem: I noticed all finance users got the access to these TCODES

what to do ... please advise

Re: strange authorization

TammyPowlas — Tue, 03 Mar 2020 15:35:54 GMT

Please run transaction SUIM - you can see which roles have access to the T-codes and which roles to change.

I don't recommend disabling the "not modifiable" message on OB52; please look at other alternatives - https://launchpad.support.sap.com/#/notes/356483

Re: strange authorization

Colleen — Wed, 04 Mar 2020 22:44:25 GMT

it's a bit difficult to see how the users are getting all access

I would look at the SU56 user buffer of a user who should not have the OB52 access and see how they are getting in.

Also, OB52 is not the only transaction or entry point to maintaining periodic end close. You can access via SM30/SM31/SM34 (one of them for the view) and there is a S_ALR* transaction out there as well (Can't remember of the top of my head... I usually look at the TSTCV or TSTCP definition of the SE93 transaction code to see what others have the some configuration).

Possibly, you users are getting to the the table view a different way.