Skip to Content
0
Former Member
Jul 02, 2010 at 08:51 PM

Regarding Parking and Posting access

127 Views

Hi All,

The requirement for my client scenario is as follows:

There are about 6 company codes (lets name it as AAA) which need to be isolated based on the following rule:

Users belonging to AAA should be able to PARK as well as POST to all entities whereas Users belonging to other than AAA should not be able to POST to AAA. They should be able to POST to non AAA only and PARK everywhere.

Also a user who PARK's should not be able to POST.

Options which I have tried are -

- Created a separate role with activity 01 for the object F_SKA1_BUK and gave the AAA entities only and at the same time removed 01 activity for the same object in a separate role. The combination of these two roles gave the result as

- Was able to PARK and POST to AAA entities using FB01 (True)

- Was unable to post to other entities (Failed - user should have been able to)

- The person who parked was not allowed to Post (True)

The other combination with 01 activity to non-AAA entities and minus 01 activity to AAA entities:

- Failed to PARK to non AAA entities (Failed - user should have been able to) failed at 01 activity

- Was able to PARK to only non AAA. (True)

- Was unable to POST to AAA entities (True)

- The person who parked was not allowed to Post (True)

I came to know that this can be achieved by creating separate roles for posting and parking Tcodes and using SOD.

I have an already existing GL role - I removed all the posting tcodes in the original GL role so that it can allow only parking to all entities. Then I created a separate role and put all the Posting Tcodes in it and maintained the objects in the same was as they were maintained in the original GL role but here I have given only the AAA entities. Can some one help me in this approach.

Regards

Shakeel