Upload
sivas6130
View
7
Download
0
Embed Size (px)
DESCRIPTION
Note
Citation preview
SAP Note
Header Data
Symptom
This SAP note describes new switchable authorization checks for RFC function modules in application Materials Management Purchasing.
Other Terms
SACF, RFC, authorization
Reason and Prerequisites
Remote calls to RFC function modules are protected by checks on the authorization object S_RFC. Authorizations for S_RFC must be limited to the required minimum authorizations for all users to ensure system security. Many RFC function modules can be sufficiently protected using S_RFC authorization checks. These RFC function modules often do not perform additional functional authorization checks. Please see SAP note 2008727 for further information on RFC Security.
It was identified that S_RFC authorization checks might not be sufficient to ensure secure execution for RFC function modules covered by this note. Activate new switchable authorization checks and update corresponding roles if these RFC function modules are included in S_RFC authorizations in your system.
Solution
New switchable authorization checks have been implemented. The checks are delivered inactive to ensure compatibility with your running processes. The checks can be activated in transaction SACF as described in attached manual correction instruction.
New authorization scenario(s)
The following new authorization scenarios can be maintained in transaction SACF after implementation of this SAP note.
Scenario 1:
Templates - Document templates in Purchase Requisition / Purchase Order
You can use document templates to simplify the creation of documents by using SAP GUI transactions ME21N (PO) and/or ME51N. This feature is also used in WebDynpro application Single Processing of Purchase Requisitions (SPPR)
Affected business processes and roles
Create/Change business document Purchase Requisition and/or Purchase Order
Affected RFC function modules
TEMPLATE_UPDATE
Scenario 2:
SAP Sourcing Integration - Create document type, document name, document line concatenated as text into IMG text id of related PR and RFQ item
You are activating the SAP Sourcing integration in SAP ERP.
Affected business processes and roles
Create and/or Change Purchase Requisition and/or Request for Quotation
Affected RFC function modules
2028954 - Switchable authorization checks for RFC in Application MM-PUR
Version 2 Validity: 11.06.2014 - active Language English (Master)
Released On 11.06.2014 05:04:26
Release Status Released for Customer
Component MM-PUR-INT-ESO Integration ESO
EP-PCT-PUR-BP BP for Buyer
MM-PUR-PO-GUI Userinterface - Purchase Orders
MM-PUR-REQ-GUI Userinterface - Purchase Requisitions
Priority Correction with medium priority
Category Program error
Other Components
BBP_ES_PR_RFQ_UPDATE_INT
------------------------------------------------------------------------ |Manual Activity | ------------------------------------------------------------------------ |VALID FOR | |Software Component SAP_APPL SAP Application | | Release 600 SAPKH60001 - SAPKH60025 | | Release 603 Until SAPKH60314 | | Release 604 SAPKH60401 - SAPKH60415 | | Release 605 Until SAPKH60512 | | Release 606 SAPKH60601 - SAPKH60612 | | Release 616 Until SAPKH61607 | | Release 617 SAPKH61701 - SAPKH61704 | ------------------------------------------------------------------------
1. Start transaction SE91 for message class MMPUR_BASE.
2. Navigate to message numbers 300 and 301.
3. Mark both entries and choose button 'Change'.
4. Enter for message number 300 the following text:
Ext. RFC not allowed for & 1 (SAP note 2028954)
5. Enter for message number 301 the following text:
Install note 1882417
6. Mark both messages (300 and 301) as self-explanatory.
------------------------------------------------------------------------ |Manual Activity | ------------------------------------------------------------------------ |VALID FOR | |Software Component SAP_APPL SAP Application | | Release 602 Until SAPKH60215 | ------------------------------------------------------------------------
1. Start transaction SE91.
2. Create message class MMPUR_BASE with the following attributes:
a) Package: MMPUR_BASE
b) Short text: General message class for application MM-PUR
3. Navigate to message numbers 300 and 301 on tabstrip 'Messages'.
4. Mark both entries and choose button 'Change'.
5. Enter for message number 300 the following text:
Ext. RFC not allowed for & 1 (SAP note 2028954)
6. Enter for message number 301 the following text:
Install note 1882417
7. Mark both messages (300 and 301) as self-explanatory (if not defaulted).
Validity
Software Component From Rel. To Rel. And Subsequent
SAP_APPL 600 600
602 602
603 603
604 604
605 605
606 606
616 616
617 617
Correction Instructions
Support Packages & Patches
Correction Instructions
Software Component Valid from Valid to Number
SAP_APPL 600 600 1737237
SAP_APPL 602 602 1737236
SAP_APPL 603 603 1737235
SAP_APPL 604 604 1737233
SAP_APPL 605 605 1737231
SAP_APPL 606 606 1737184
SAP_APPL 616 616 1737230
SAP_APPL 617 617 1737188
Support Packages
Software Component Release Support Package
SAP_APPL 600 SAPKH60026
602 SAPKH60216
603 SAPKH60315
604 SAPKH60416
605 SAPKH60513
606 SAPKH60613
616 SAPKH61608
617 SAPKH61705