Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

S_ALR_87012178

Former Member

‎11-03-2008 2:22 PM

0 Kudos

Hello Expert!

We have 8 branches customer, the customer display and their balance should be restrict by business area;

we have set the customer number by the branch wise, for eg,

customer number starting from 10* means 1000 - branch

11* means 1100 - branch and so

the TA code s_alr_87012178 are not bound to any authorization object therefore cannot be restrcited.

I did many possibility to restrict him by the following task;

I have maintained field KUNNR from KNA1 table and create the authorization group and define into the role....not success

I have inserted the authorization group F_KNA1_GRP in the check indicator (s_alr_XX) ....also but no luck.

Is there anyone have worked on the authorization for the S_ALR_87912178 ?

Regards

Anwer Waseem

SAP BASIS

Please

5 REPLIES 5

Former Member

‎11-03-2008 7:36 PM

0 Kudos

Hi Anwer,

Unless coded, you cannot force a program to make checks on the objects you have mentioned, be it N number of SU24 or Role udpates. S_ALR* reports are mostly deemed non-critical, most having limited checks within them.

If this restriction is a business req., then check with an ABAPer for a user exit within that program,(and if not) consider a custom report.

Hope this helps

Abhishek

Former Member

‎11-03-2008 7:56 PM

0 Kudos

> 

>         I have maintained field KUNNR from KNA1 table and create the authorization group and define into the role....not success
> 
>        I have inserted the authorization group F_KNA1_GRP in the check indicator (s_alr_XX) ....also but no luck.

You can't always force auth checks with SU24 updates, i would prefer Julius & Co. Blog :

Part 1 :

Part 2 :

You can do what Abi has written...custom program / user exits...

Regards,

Zaheer

Former Member
In response to Former Member

‎11-03-2008 9:00 PM

0 Kudos

Thanks for mentioning the SU24 blogs. Hope you enjoyed them

But in this case, I would tip on a config "error" (misunderstanding) between the functional folks and the security expectations.

See the comments in the second blog to Gretchen => I forgot to mention the "funkies"...

Cheers,

Julius

Former Member

‎11-03-2008 8:53 PM

0 Kudos

I recommend that you talk to your functional guru about the intended use of these groups, and see table KNB1 as well.

You cannot do this if your "funkies" do not know about or foresee such a requirement (in a consistent way).

> I have maintained field KUNNR from KNA1 table and create the authorization group and define into the role....not success

How did you do that?

> I have inserted the authorization group F_KNA1_GRP in the check indicator (s_alr_XX) ....also but no luck.

Most likely, this is a configuration problem.

It is difficult to (remotely) help you without knowing what is going on on your side. Please provide more information (and search for F_KNA1_GRP and similar objects in the forum) as they have been discussed before.

Cheers,

Julius

Former Member

‎11-08-2008 9:28 AM

0 Kudos

Hello

Thanks all of you!

You have shared here your expereince!

Yeah! you you right! i should talk to abap or functional for the user exit or alternate solution by the functional.!!

Regards