on 2016 Apr 01 8:23 PM
Hello Gurus,
I have a situation, where one of the user been able to change/update the Outbound delivery for other location or plant.
Here is the situation :
User A is located in North America and he has been assigned with North America plants/CC/Shipping points.
We had been reported that User A updated Outbound deliver "12345678" which belongs to Indian plant. We checked and found that roles are already restricted at shipping point, plant and company code level. And at Org level he didn't have Indian plant at all. But still he "User A" were able to update deliver which belongs to Indian plant.
I understand that, Each delivery been assigned to respective plant and all data stored at LIKP table.
My question is, there is any way to have restriction around this and prevent user not to perfom such acivity in SAP system if they don't have plant number been assigned at org level.
Regards,
Kumar
moved to Logistics.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Bernhard!!
Is that mean, if user has access to VL02N then they can update/change any outbound delivery.
We as a Security Consultant do not have any control to prevent such incident?
Not sure Logistic team will answer this question or not, I believe this has to be handle by security group.
Anyways Many thanks !!
As you can read in KBA 1794615 - Logistics Execution Authorization V_LIKP_VST there are a lot standard messages that will prevent changing a delivery if the authorization is not given.
From this point of view you have to recheck your authorization setup for this user.
Eventually it could help to know what field was actually changed, maybe the change is coming from a different transaction/process
Plant is not scope of authorization check in VL02N. Only authorization object V_LIKP_VST Delivery: Authorization for Shipping Points is checked.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Mike for your response!!
However question will remain same, how come User located or authorized for North America can update or change outbound deliver which belongs to Indian or any Non North America geography.
Transaction Code : VL02N
** Note he is been authorized only North America Shipping Point/Plant/CC.
Regards,
Manish
User | Count |
---|---|
110 | |
9 | |
8 | |
6 | |
5 | |
5 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.