Hi,
Does anyone know why the Kanban transactions (PK*) have mostly disabled authorization check indicators in SU24?
In PK13N, for example, there is functionality to do a goods receipt (MIGO GR) and also functionality to create POs (and maybe more that I have not looked into yet).
However, the related auth objects in SU24 are not enabled (check indicator = do not check). This seems strange for these authorization objects.
Especially in light of SoD. Users could create POs or do Goods Receipt via PK13 without proper auth check and these 2 functions conflict already (using default GRC ruleset).
But that's beside the point. The question is: Is there a good reason why these are disabled and how is this NOT a secuty risk?
Now, there is one object that is enabled: C_KANBAN
But, I feel that this is insufficient to really secure the goods receipt action and the PO creation action.
For reference, a list of disabled auth objects:
C_STUE_WRK CS BOM Plant (Plant Assignments)
C_TCLS_MNT Authorization for Characteristics of Org. Area
F_BKPF_KOA Accounting Document: Authorization for Account Types
F_FICA_CTR Funds Management Funds Center
F_FICA_FTR Funds Management FM Account Assignment
F_FICB_FKR Cash Budget Management/Funds Management FM Area
F_FICB_FPS Cash Budget Management/Funds Management Commitment Item
F_LFA1_APP Vendor: Application Authorization
F_SKA1_BUK G/L Account: Authorization for Company Codes
L_BWLVS Movement Type in the Warehouse Management System
L_LGNUM Warehouse Number / Storage Type
M_BANF_BSA Document Type in Purchase Requisition
M_BANF_EKG Purchasing Group in Purchase Requisition
M_BANF_EKO Purchasing Organization in Purchase Requisition
M_BANF_WRK Plant in Purchase Requisition
M_BEST_BSA Document Type in Purchase Order
M_BEST_EKG Purchasing Group in Purchase Order
M_BEST_EKO Purchasing Organization in Purchase Order
M_BEST_WRK Plant in Purchase Order
M_LPET_EKO Purchasing Org. in Scheduling Agreement Delivery Schedule
M_MRES_BWA Reservations: Movement Type
M_MRES_WWA Reservations: Plant
M_MSEG_BWA Goods Movements: Movement Type
M_MSEG_BWE Goods Receipt for Purchase Order: Movement Type
M_MSEG_BWF Goods Receipt for Production Order: Movement Type
M_MSEG_LGO Goods Movements: Storage Location
M_MSEG_WMB Material Documents: Plant
M_MSEG_WWA Goods Movements: Plant
M_MSEG_WWE Goods Receipt for Purchase Order: Plant
M_MSEG_WWF Goods Receipt for Production Order: Plant
M_RAHM_BSA Document Type in Outline Agreement
M_RAHM_EKG Purchasing Group in Outline Agreement
M_RAHM_EKO Purchasing Organization in Outline Agreement