Readsoft User's Forum
Register Latest Topics
 
 
 


Reply
  Author   Comment  
Prost1988

Member
Registered:
Posts: 15
Reply with quote  #1 
Hello,

With the first COCKPIT screen (transaction /COCKPIT/1), we can select invoices from company codes.

We want to restrict user access for some of our company codes.

For example, we process invoices in Process Director for 10 company codes (let's say C1 to C10). But access should be restricted for companies C2 and C8 to only some authorized users.

How can we do these access restrictions ?

Thanks for help.

Kind Regards
David
0
cherylc

Moderator
Registered:
Posts: 159
Reply with quote  #2 
Hi David,
I have attached a screen shot of the authorisation objects.  Its in Z_ICS_AUTH.
authorisation Readsoft.png 

A word of warning when SAP Security set this up.  When an invoice flows to PD, it will likely take on the company code that is in the Purchase Order (check your control settings).  Sometimes, the PO number is read incorrectly by the system (or the vendor quotes the wrong PO number) and the system picks up another number in a different company code.

This is better illustrated by way of example.

We are a multinational company and our Purchase Orders are issued consecutively across all company codes.  So say a company in the US (company code 100) has a PO number 45123456.  And company code 700 (in Australia) has PO number 45123466.  Imagine Interpret reads the PO number on the Australian invoice as 45123456 (i.e. it gets one digit wrong) and no-one in Accounts Payable in Australia has access to company 100, then the invoice goes into a black hole!  Our US company is not using PD. 

I know this from painful experience, because a few years after we went live with the system, I was forever on the holy grail in search of black hole invoices.  I would then need to use my access (being in IT I have access to all company codes) to send the invoices to company 700.  What a pain!  Getting SAP Security to make any changes to access was an issue because it is difficult to conceptualise the difference between pre-MIRO invoices in PD and posted MIRO invoices in SAP.  So Security thinks they are giving away too much access and understandably dig their heels in.

So make sure that while users cannot change anything in other company codes, some users need display access to all company codes.  Some users need to be super users who can resolve any invoices in the wrong company code. Preferably not IT users [wink]. Note well, I have found PD invoices in Mexico and in Turkey, and in other subsidiary countries who don't even use Readsoft or Process Director [frown]    

Also note that I think the authorisation object is a general one and might impact other non-Readsoft transactions, so ensure to test this.

Hope this helps.
Kind regards
Cheryl







__________________
Cheryl
LinkedIn: https://au.linkedin.com/in/cherylc-651471a0
0
Prost1988

Member
Registered:
Posts: 15
Reply with quote  #3 
Hi Cheryl

Thanks for answer !

I cannot find Z_ICS_AUTH among our authorisation objects.
Is it a specific object for your company or is it a standard object for Process Director ?
(I have to say I am not a specialist of authorisation management !!) 

But it should help and maybe we have to create an equivalent object.

Other question : how did you create this screenshot of the authorisation objects ?

Kind regards
David


0
cherylc

Moderator
Registered:
Posts: 159
Reply with quote  #4 
Hi David

I don't recall us creating this auth object.  Looking at it, it was created by one of the Tech guys in Readsoft Australia
 

Are you able to do a search for auth objects of class MM_R?  That should return it.
Try trans [image]

I created the screen shot from an email that I had received from Readsoft.

Cheers



__________________
Cheryl
LinkedIn: https://au.linkedin.com/in/cherylc-651471a0
0
IanM

New Member
Registered:
Posts: 4
Reply with quote  #5 
David,
I have attached how you create your authorisation object and activate it for PD, like Z_ICS_AUTH.

Hope you find this useful.

Regards
Ian

 
Attached Files
pdf AuthorisationObject.pdf (40.56 KB, 20 views)

0
Prost1988

Member
Registered:
Posts: 15
Reply with quote  #6 
Hi Cheryl and Ian,

Thank you very much for your answers.
It is very helpful.

I will try to do things in our test environment as indicated in the PDF file ! 

Kind Regards
David

0
nicothebee

Senior Expert Member
Registered:
Posts: 77
Reply with quote  #7 
Hello,

Just beware with the "Maximum N° of hints": the system will consider authorisations AFTER applying this limit.
Therefore, it may happen that the system selects less documents than this specified N° of hints, because the user is not allowed for some of the documents.

The authorisation object will prevent the user to select documents he has no authorisation for, but it is still a good practice to select the company code in the selection screen.

Nicolás
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.



Follow @readsoftuser