Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization restriction for Goods issue against an Order

Former Member

‎10-17-2008 8:25 AM

0 Kudos

Hello All,

We have a situation wherein the user is able to issue goods using tcode MIGO by choosing Goods issue --> Others and mentioning an order number that belongs to another plant in the account assignment tab and issues a material which belongs another plant.

For eg we have material A that has been created for plant 1. The user issues the material (movement type 261)and the account is assigned to an order which has been created for plant 2.

I could not find any authorization object that restricts this.

I checked the objects M_MSEG_BWA and M_MSEG_WWA and he has authorizations only for plant 1 and all movement types.

Any pointers to restrict this access will be appreciated.

Thanks & Regards,

Subramaniam Iyer

5 REPLIES 5

Former Member

‎10-17-2008 11:01 AM

0 Kudos

hi,

Please check the authorization object M_MSEG_WMB. This authorization object is for activities of material documents for specific plant.

Regards,

Sneha

Former Member
In response to Former Member

‎10-17-2008 11:10 AM

0 Kudos

The org values have been mainatined via the organization levels button which apply to all objects within the role.So, the object M_MSEG_WMB also has authorization for plant 1only.

jurjen_heeck
Active Contributor
In response to Former Member

‎10-17-2008 11:22 AM

0 Kudos

> The org values have been mainatined via the organization levels button

In that case you may need separate roles per plant/movement type combination.

Former Member
In response to Former Member

‎10-17-2008 11:53 AM

0 Kudos

The user has access for two plants to post goods movements ie. plant 1 & 3. He is not authorised for plant 2. Both the plants are maintained in the role via the org levels button. He has access to all movement types for these two plants through this role. But, that is not the concern right now.

We need to somehow restrict the user to post goods issues against orders for plant2 for which he is not authorized. The system does not check the authorization neither does it disallow the posting of goods issue using tcode MIGO while using GI others. Is there a solution to the above problem?

Former Member

‎10-19-2008 8:48 AM

0 Kudos

Hi,

MIGO transaction by default restricted with Plant. If you say that the user A is having access to only Plant 1 & 3, but not for 2, please check the below authorization objects does not have any manual objects inserted into the Role and restricted with the value only in organization field.

M_MSEG_LGO

M_MSEG_WMB

M_MSEG_WWA

M_MSEG_WWE

This issue may occur because if the objects are maintained manually in the role. If so, when you check in the organization field, it may not be showing the value which are manually added into the manual object.

Also, please check the other roles are assigned to the user. If any of the other roles assigned to the user having any of the above objects with * value, this may provide the user to do the Goods movement for any plant.

To check the issue, please go to SUIM and check the user under "Roles by Complex Selection Criteria" and make sure that you are checking the objects for the particular user. This should be able to identify whether the user is getting access from any other roles assigned to the user.

Regards

Anandm