На главную

 

 

 

10.10.2011  
    Ошибка авторизации F_BKPF_BES в транзакции MIR4.
 
    Отправил следующее письмо в Service.sap.com (см. ниже).
    Мучают вопросы: они всегда так отвечают? Можно надеятся что что-то исправят?
     
    ZlobinY:
    Missing authorization check F_BKPF_BES in MIR4.
    We make invoice posting using transaction MIR4 . The system checks
    authorization object 'F_BKPF_BES'.
    We press button ‘POST’ on screen 6000 (SAPLMR1M) and the system checks
    authority object ‘F_BKPF_BES’ with data ACTVT = 01. That is right.
    But when we press button ‘POST’ on screen 'Simulation' 6250 (SAPLMR1M)
    system checks authority object ‘F_BKPF_BES’ with data ACTVT = 77.
    As far as a result is the same (posting), we suppose ACTVT value to be
    the same too.
    So unauthorised users can post an invoice.
    Thanks
     
    Вкратце означает :
    Пользователю дали права на предварительный ввод счета (но не на проводку)
    Проверяется много объектов полномочий, в том числе "F_BKPF_BES"=01.
    На главном экране MIR4 нажимаем кнопку "Проводка". Нет прав. Правильно.
    На экране "Моделирование" нажимаем кнопку "Проводка". Есть права.
    Таким образом, неавторизованный пользователь может провести счет. Почему?
     
    SAP:
    06.10.2011 - 11:25:27 CET - Reply by SAP
    Dear Mr. Lobashev,
    would you please try to do it with the validation, see the note
    42615 and its related. You can use the usex-exit for doing it.
    You have the user in sy-usnam and you need just to call the command
    for check the authority.
    authority-check object 'F_BKPF_BLA'
    id 'ACTVT' '01' " means posting
    id 'BRGRU' '0002'.
    please consinder the information from attached note 399953 according
    Authority check objekt F_BKPF_BUK in MIR4,MIR7
    Please check alos the follwoing information:
    Transactions of logistics invoice verification belong to MM and we
    can only guarantee that MM authorization objects are checked by our
    transactions MIRO, MIR4, MIR7... Authorization objects from FI,
    such as F_BKPF_BES are sometimes checked by FI programs after we send
    the posting data to FI interface, but we can't influence that.
    You could also try restricting the authorization for object M_RECH_WRK
    instead. This object can combine "Plant" and "Activity". For "Activity"
    the values are e.g.
    '01' Create/Post
    '03' Display
    '77' Park
    So if a user has authorization for activities '03' + '77', he will be
    able to
    - create an invoice in MIR7 and park it or 'save as complete' (77)
    - display the invoice with MIR4 (03)
    - change it in MIR4 (77)
    But he will not be able to post it, because this requires activity '01'.
    Best regards,
    Erika Szanto
    Support Consultant
    AGS Primary Support, Global Support Center Hungary
     
    Вкратце означает :
    Такого не может быть
     
    ZlobinY:
    2011-10-07
    Good day. Your answer was:
    "But he will not be able to post it, because this requires activity '01'"
    We would like to show you this file :
    Please explain how it is possible?
    Yuriy Zlobin
     
    Вкратце означает :
    Вот посмотрите видео
     
    SAP:
    09.10.2011 - 13:59:03 CET - Reply by SAP
    Dear Mr. Zlobin,
    the reason of this issue is that system does not check FI authorization
    objects after you called simulation screen in MIR7.
    Please check below statments from NOTE 399953:
    In transactions MIRO, MIR7 and MIRA, the system checks authorization
    object F_BKPF_BUK or F_BKPF_BES as follows:
    1. When you call transaction MIRO.
    2. When you change the company code.
    3. When you make a direct posting to the G/L account.
    For this case, as the possible workaround, you may consider
    below suggestion:
    1> FI subsitution or
    Use the FI validation to implement the required functionality.
    2> Restrict the authority with MM authorization objects(e.g.M_RECH_WRK)
    Please check also the information from the note:136740
    Transactions of logistics invoice verification belong to MM and we
    can only guarantee that MM authorization objects are checked by our
    transactions MIRO, MIR4, MIR7... Authorization objects from FI,
    such as F_BKPF_BES are sometimes checked by FI programs after we send
    the posting data to FI interface, but we can't influence that.
    Should you have any further inquries, please do not heistate to return
    this ticket back to us for further discussion.
    Best regards,
    Erika Szanto
    Support Consultant
    AGS Primary Support, Global Support Center Hungary
     
    Вкратце означает :
    Система не проверяет FI права после вызова экрана "Моделирование".
    ...
    Мы, ММ-щики, готовим данные в ММ и посылаем их в FI для проводки,
    после этого мы знать ничего не знаем.
     

    _________________
    SAP ERP 2005
Злобин Юрий
12.09.2018г.
г.Ярославль
html counterсчетчик посетителей сайта