Skip to Content
0
Former Member
May 09, 2014 at 06:43 PM

Kanban authorization checks (SU24, PK13N, PK*)

206 Views

Hi,

Does anyone know why the Kanban transactions (PK*) have mostly disabled authorization check indicators in SU24?

In PK13N, for example, there is functionality to do a goods receipt (MIGO GR) and also functionality to create POs (and maybe more that I have not looked into yet).

However, the related auth objects in SU24 are not enabled (check indicator = do not check). This seems strange for these authorization objects.

Especially in light of SoD. Users could create POs or do Goods Receipt via PK13 without proper auth check and these 2 functions conflict already (using default GRC ruleset).

But that's beside the point. The question is: Is there a good reason why these are disabled and how is this NOT a secuty risk?

Now, there is one object that is enabled: C_KANBAN

But, I feel that this is insufficient to really secure the goods receipt action and the PO creation action.

For reference, a list of disabled auth objects:

C_STUE_WRK CS BOM Plant (Plant Assignments)

C_TCLS_MNT Authorization for Characteristics of Org. Area

F_BKPF_KOA Accounting Document: Authorization for Account Types

F_FICA_CTR Funds Management Funds Center

F_FICA_FTR Funds Management FM Account Assignment

F_FICB_FKR Cash Budget Management/Funds Management FM Area

F_FICB_FPS Cash Budget Management/Funds Management Commitment Item

F_LFA1_APP Vendor: Application Authorization

F_SKA1_BUK G/L Account: Authorization for Company Codes

L_BWLVS Movement Type in the Warehouse Management System

L_LGNUM Warehouse Number / Storage Type

M_BANF_BSA Document Type in Purchase Requisition

M_BANF_EKG Purchasing Group in Purchase Requisition

M_BANF_EKO Purchasing Organization in Purchase Requisition

M_BANF_WRK Plant in Purchase Requisition

M_BEST_BSA Document Type in Purchase Order

M_BEST_EKG Purchasing Group in Purchase Order

M_BEST_EKO Purchasing Organization in Purchase Order

M_BEST_WRK Plant in Purchase Order

M_LPET_EKO Purchasing Org. in Scheduling Agreement Delivery Schedule

M_MRES_BWA Reservations: Movement Type

M_MRES_WWA Reservations: Plant

M_MSEG_BWA Goods Movements: Movement Type

M_MSEG_BWE Goods Receipt for Purchase Order: Movement Type

M_MSEG_BWF Goods Receipt for Production Order: Movement Type

M_MSEG_LGO Goods Movements: Storage Location

M_MSEG_WMB Material Documents: Plant

M_MSEG_WWA Goods Movements: Plant

M_MSEG_WWE Goods Receipt for Purchase Order: Plant

M_MSEG_WWF Goods Receipt for Production Order: Plant

M_RAHM_BSA Document Type in Outline Agreement

M_RAHM_EKG Purchasing Group in Outline Agreement

M_RAHM_EKO Purchasing Organization in Outline Agreement