10-24-2012 11:26 AM
Hello everyone!
I have a question about bd87 transaction code.
I need to set BD87 to access only one specific IDoc. S_IDOCMONI authorization object should be able to do this , but in my case this is not the solution- the users still have access to all IDOCS.
By the authorization trace I've done , I found out that S_IDOCMONI does not checked at all , the only object checked is S_TCODE.
I also check the Status in SU24 and its defined well:
object "Proposal" (=Yes) and "Check Indicator" (=Check)
Do you have any idea why the restriction not working , could it be something else besides authority check failure in the program ?
10-24-2012 9:21 PM
Which release / SP are you on?
Which type of S_IDOCDEFT authorizations to the users have?
Cheers,
Julius
10-24-2012 9:22 PM
Hi Julia,
In fact there is currently no 'process' authority-check implemented in BD87. But a development request for this functionality exists already for future releases.
if users should be able to display idocs only, BD87 shall not be granted, but only WE02.
In BD87 the current implementation of the authority check is made in a way that you are allowed to process IDocs only if you have the authorization to display the IDoc. The concept behind is that if you are able to see the application data you should be able to process the IDoc. For the inbound process you have the possibility to remove the authorization to process the application data from the user profile. This way the IDoc will go into error status and can be processed later on by a user with sufficient authorizations.
But as soon the user has display auths for the idoc and s-tcode bd87, he will be able to process the idoc.
see also SAP note 1269516
Try this link if it helps you.
http://scn.sap.com/thread/3175859
Thanks,
VarunJain
02-08-2024 2:41 PM