AW: Authorizations to Transactions only through workflow ?

Flaig Matthias M.Flaig at ProMinent.de
Tue Aug 5 09:42:49 EDT 2003 

Hi Susan,
 
it may be that the solution is quite easy:
Lets have a look at BUS2081 (Incomming Invoice), especially method =
display (which calls MIR4):
 
begin_method display changing container.
SET PARAMETER ID 'RBN' FIELD object-key-invoicedocnumber.
SET PARAMETER ID 'GJR' FIELD object-key-fiscalyear.
CALL TRANSACTION 'MIR4' AND SKIP FIRST SCREEN.
end_method.
 
The point is, that the ABAP statement call transaction(*) does not =
perform an authority check on object S_TCODE, you always have to program =
an authority check manually when using call transaction(**).=20
 
So it may work just to give the user all authorizations needed for MIR4 =
except the one for S_TCODE. Then try to execute IncommingInvoice.display =
from within a workflow and it should work, but the user will not bee =
able to enter MIR4 manually.
 
regards,
Matthias
 
(*)  the behavior was changed between different R/3 releases...
(**) some transaction do a check on s_tcode themselves wihtinn theri =
code, but i couldn't find it in MIR4
 
Mit freundlichen Gr=FC=DFen
 
Matthias Flaig
TIO
 
ProMinent Dosiertechnik GmbH
Im Schuhmachergewann 5-11
D-69123 Heidelberg
Germany
 
http://www.prominent.de
Email: m.flaig at ProMinent.de
Tel.: +49 (6221) 842-547
Fax: +49 (6221) 842-553
 
 
> -----Urspr=FCngliche Nachricht-----
> Von: Susan R. Keohan [mailto:skeohan at mit.edu]
> Gesendet: Montag, 4. August 2003 14:10
> An: SAP-WUG at MITVMA.MIT.EDU
> Betreff: Authorizations to Transactions only through workflow ?
>=20
>=20
> Hi all,
>=20
> Now please don't laugh.
>=20
> I have a requirement to deliver MIR4 (Display Invoice)=20
> through workflow (no problem) but to prevent
> access to the same transaction through the GUI.  MIR4 is very=20
> nice in that it doesn't give the users
> the ability to switch to another invoice or anything harmful.=20
>  The business process people are
> worried that some intrepid user will access MIR4 through the=20
> transaction box and go hunting for
> invoices that they should not see.
>=20
> So, is there a way to prevent the users from entering MIR4=20
> through any means except through their
> workflow tasks ?   I'm thinking that the only way to simulate=20
> this is to code a method that displays
> everything MIR4 does(lots of coding!), and take away the MIR4=20
> transactional authorizations, but am
> hoping there are brighter minds out there than mine.
>=20
> Thanks!
> Sue
> --
> Susan R. Keohan
> SAP Workflow Developer
> MIT Lincoln Laboratory
> 244 Wood Street
> LI-200
> Lexington, MA. 02420
> 781-981-3561
> skeohan at mit.edu
>=20

More information about the SAP-WUG mailing list