Skip to Content
avatar image
Former Member

Vendor info change (XK02/MK02) investigation

Hi! Security Experts, We have an issue where vendor information was changed by multiple user-ids, and the corresponding actual users are saying they have not changed. The user-ids used to change the info don't have access to MK02/XK02 at S_TCODE level but looks like they have access to rest of the authorizations with activity 02. Need help investigating how the changes occured and who made them?

I have asked my functional experts to research if there is a way to get to vendor-info change screen via a different t-code other than MK02/XK02, because the user-ids have every other authorization then S_TCODE. Ran ST03N on the user-ids based on the timestamp to narrow down the t-code list through which the vendor-change screen might have been launched. No luck yet and if you have any ideas on further investigation please share.

Thank You,

Rama.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Jul 30, 2009 at 09:27 PM

    Copy the user to a test user (in QAS) and display a G/L document in FB03 where the posting key entry is for a vendor account.

    Double-click the vendor account....

    Same goes for a whole range of other transactions.

    > The user-ids used to change the info don't have access to MK02/XK02 at S_TCODE level but looks like they have access to rest of the authorizations with activity 02.

    That is what you gave them. That is what you get.

    S_TCODE is only a very general "start" level authority to functionality. It does not necessarily prevent the user from using it.

    Most likely the error is in your role design...

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Julis,

      There is no intention to blame the user - the issue is described so to make/present the scenerio. Infact, the changes occured multiple times by using multiple user-ids and hence insisting on know-exactly what has happened

      Rama.

  • avatar image
    Former Member
    Jul 30, 2009 at 10:11 PM

    Hi,

    You also may want to check tcode couples. Go to transaction SE97 and enter XK02 or MK02. This returns a list of call transactions that the users might be authorized for. Remove all tcode ranges from your role profiles, otherwise you will always get into situations like this.

    Regards, Matthias Hessler

    Add comment
    10|10000 characters needed characters exceeded