Q

Purchase request authorization with specifically coded user exits

I am an SAP R/3 4.6 security administrator and after a chat with our SAP consultants I understood that they have created some user-exits for the purchase request process (specifically the release strategy). They claim that the exits they have created define the order of the approvals that have to be made and as such even when the user has the authorization to approve a purchase request (tcode: ME54), he or she will not be able to unless it's their turn for approval. The SAP consultants have not documented the functioning of the exits they have created. However, by performing a review of the users authorizations (through RSUSR002) I have found that 60% of users are able to make approvals for the manager level (that should be around 5% of users). How can I better check that the process is adequatly secured? Could it be that the 60% of users cannot perfom an approval at the manager level because of the exit? Note that they have all the required authorizations and transaction (ME54) for that.
Unfortunately, since the consultants coded in specific user exits for the approval functionality, none of the SAP delivered reports are going to be reliabe in determing who has what (unless the code is looking for a specific auth value). It sounds like that built some sort of workflow functionality into the transaction to allow it to wait for different approvers. I would have an ABAP person evaluate the code and document its intentions.
This was last published in April 2003

Dig Deeper on SAP security administration

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchManufacturingERP

SearchOracle

SearchDataManagement

SearchAWS

SearchBusinessAnalytics

SearchCRM

SearchContentManagement

SearchFinancialApplications

Close