Skip to Content
0

Read-Only user is able to update BP Master Data

Mar 28 at 04:03 AM

55

avatar image
Former Member

Hi All,

We have a user with "Read-Only" access to BP Master Data. When I logged on to that user's account, the BP Master Data fields are greyed off / disabled. However, that read-only user appears in the change logs of a few BP Master Data. The fields that had been updated are foreign name, default sales employee and account balance. I had tested if I can edit the BP Master field while logged in as read-only user by getting authorization from another user (the small screen that pops out where you enter another user's ID and password to authorize the change), but it is not possible. Any ideas how this user was able to edit those BP Master Data?

Thanks!

Best regards,

Rachel

10 |10000 characters needed characters left characters exceeded
Former Member

FYI, the change log in General Authorization shows this user's rights was last edited on June 2017. The BP Master change log shows the read-only user has edited some fields this March.

0
Former Member

*I meant March 2018

0
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Johan Hakkesteegt Mar 28 at 06:28 AM
0

Hi Rachel,

There are a couple of possibilities:

  • As there is no history of the user rights table, it is possible that the user had full rights on BP Master Data at the time the changes were made.
  • "Spoofing". The change log shows the current name assigned to the user code with which the changes were made. Meaning that the change may have been made by another user code that did have full rights, that currently has the same or very similar name as the read-only user. Please realize that the system sees 'John Smith' and 'John Smith' as two different names, even though to the naked eye they look to be the same.

Regards,

Johan

Show 7 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Hi Johan,

Thank you for your reply.

I had checked the change log in General Authorizations, the last update was June 2017. The change log in BP Master is showing that the user updated some fields this March.

I am checking OCRD.UserSign2 and ACRD.UserSign2 shows value 95. When I checked OUSR, the userID of the read-only user is also 95.

Thank you.

Best regards,

Rachel

0

Hi Rachel,

Are you using any addons that make changes to BP Master Data?

Regards,

Johan

0
Former Member

Hi Johan,

I had confirmed, there is no add-on that updates BP Master Data in that database.

Thank you.

Best regards,

Rachel

0

Hi Rachel,

The only way that I have heard of that a user can override some authorizations is through the DI API.

Considering that you are not using any addons, and the log shows no changes in user authorizations since the unexpected changes were made, I recommend that you contact your SAP Partner and/or log a support ticket on the SAP Service Marketplace.

Regards,

Johan

0
Former Member

Hi Johan,

I suspect it is SAP Bug. I had seen in SAP Note 1540721 there was a bug wherein it puts the wrong user name in the change log. However, it says it is for SAP versions lower than 8.82 PL 5. My version is 9.0. I think I need to report it to SAP.

Thank you for your inputs.

Best regards,

Rachel

1

Hi Rachel,

Please let us know what SAP support says about this.

Regards,

Johan

0
Former Member

Hi Johan,

As per SAP, this is documented in SAP Note 2051389. There is a bug in the change log. When user manually closes or cancels an SO, the BP Master Data change log gets updated with that user's ID. Hence, in our case, the user with read-only authorization to BP Master is appearing in the change logs.

Thank you.

Best regards,

Rachel

1