Skip to Content
avatar image
Former Member

Adding another Auth-check to ME28

Hello All ,

we are planning to add additional authorization check (M_BEST_EKG )for Tcode me28 .

is it advicable to add additonal check for standard tcode.

if we add are there any consequences ?

Or

we can create customized tcode for me28 then include the checks

please advice which is better way of implementing .

Edited by: Julius Bussche on Feb 6, 2009 6:41 PM

Please use meaningfull subject titles in future

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    Feb 12, 2009 at 05:58 AM

    Hi Sagar,

    The best way to deal this is to create new "Z" Tcode by coping from ME28 and assign the authorization object (M_BEST_EKG) using SU24 and the object need to be checked and maintained you can maintain the field values which will effect globaly.

    Regards,

    Lokesh.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 06, 2009 at 04:00 AM

    Hi,

    It is always recommended to create a custom Z transaction code and impart the objects of the standard tcode. My strict advise is to leave ME28 without any modifications and go with a new transaction code.

    The issues that you may see further are while upgrading the SAP system, or installing any security related support patches. If there is a change in the standard transactions, it will create new problems.

    Do let me know if you need any other information.

    Rgds,

    Raghu

    -


    <removed_by_moderator>

    Edited by: Julius Bussche on Feb 6, 2009 9:10 AM

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      The check maintain indicator is for SAP to propose the objects when maintaining the authorizations in PFCG.

      If you want that your security admin to know the objects that need to be maintained then changing the indicator to C/M will be a good idea.

      Even, if the indicator is not set to C/M but only check the authorizations check is surely going to take place. If you find an missing athorization for this object you can then manually assign the object in the role.

  • Feb 06, 2009 at 07:25 AM

    Hi Sagar,

    Speak to your development team to see if there are any user exits/enhancement points in the transaction where this additional validation can be added. This way you are not hacking about with standard code and you get to use the original transaction.

    Add comment
    10|10000 characters needed characters exceeded