Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

User with activity and org levels

manmohanmittal
Explorer
0 Kudos

Dear,

I wish to create a role Buyer with having access to Tx like MK01, ME21N, MK02 and ME22N etc.

Is it possible to assign this role to a user where he can use Tx ME21N only for specific pur organization.

Say User 1 ME21N Pur Org A with role Buyer

User 2 ME21N Pur Org B with role Buyer

I wish to specifiy activity and organization level while creating/changing user than in roles.

Manmohan

7 REPLIES 7

Former Member
0 Kudos

Hi,

You need to have two different roles for the same. Also you can use the derived role concept.

Regards,

Gowrinadh

0 Kudos

Can you explain a bit about derived role concept please.

0 Kudos

Hi,

As you need two users to access two different purchase groups, you can create two roles with different purchase groups. if the users are one in head quarters (who should have access to all purchase groups) and other is in another country you need to create a derived role for ease of maintainance. please note the transactions and authorizations in both roles will be same except the organizational levels. please search in the forum for derived roles, you will get more information as well sap help documents on how to create derived roles.

Regards,

Gowrinadh

0 Kudos

Hi Manmohan,

As Gowrinadh posted derived role concept is the way for this. For the steps to do try the forum search with words "parent role and child role concept ".

Regards,

Shrinivasan. V

Former Member
0 Kudos

Step1

Create a single Role for buyer(Master/reference role /parent role) as per your company naming convention(This role donu2019t assign to user and donu2019t enter Org. levels which you want to give different Org.values)

Complete all the field values except your differ values.

Note: Derived role will not copy the Org.Levels

Step2

Go to PFCG enter your first role name as per your naming convention create

Description tab under drive from role enter your master role name

Enter

Go to generate tab select Change Authorization Data

Select copy data

All the Auth.object and field name ,field values will copy in the this new role except Org.level values then you can enter your new org.values ,generate and assign to users.

Former Member
0 Kudos

>

>

>

> I wish to specifiy activity and organization level while creating/changing user than in roles.

>

> Manmohan

Everything said is perfect except if you want to change the activity for the child roles. The child roles activity field will be same its parent role. Even if you change its value, it will be replaced by parent role value everytime the Parent role is generated(iff you use generate derived roles option).

So if you want the activity to be specific as well,

1.create the child role from the parent and generate it.

2. Then remove the Parent-Child relation by deleting the parent role name in 'Derive from role' in description tab.

3. Change the activity to the desired value in the child role and generate it again.

Note that this is only if you want activities to be different for Parent and derived roles.

If requirement is only for org. Values no pain ...

Hope this is clear and helps .

Regards,

Partha.

Edited by: Parthasarathy Sridharan on Mar 25, 2009 1:42 PM

0 Kudos

Hi Manmohan ,

As susggested by others in the above steps, Master and derived role concept is the method of implementing this. There are many ways of role implementations. First you need check whether what approach does your business follows if your business is alraedy in support phase if it is in implementation phase you are designing for the first time you need to check with your business what approach they want to implement and then accordingly you need to proceed.

2 ) Apart from master and derived role concept that is discussed as above other way of approach is SINGLE role concept. In this scenario you will create each individually for every purchase organization i.e one role for purch org A and and another role for purch. org B and maintain and generate each role individually.In this case when ever you make addition or removal of authorization or change to any filed values for these roles then you need modify all the single roles manually and also some risk involved in this approach.

3) Other approach is menu and value role concept :

In this concept we will two types of roles Menu role and Value / authorization role. In Menu role we will only transaction codes (ME21, ME21n, etc..) in the menu part of role and save it. We will not maintain the any authorizations in this role.

Now in the other role, i.e. in value role we will maintain all the authorization values manually including organizational values. For example in this case we have two different purchase organoizations A and B then we will create two different value roles one for purch. org A and other for purch. org B.

Then for user A who belongs to purch. org A we will assign the value role for purch org A along with menu role and for user B who belongs to purch. org B we will assign the value role for purch org B along with menu role. Menu role is common to both users but it will authorization it will just give transction easy access.All the required authorizations will be provided through value role.

So you need to decide with your business for which method to be implemented, keeping in view of following :

1)your business requirements

2)size of the buisness i.e. how many users, plants, company code, sales org and purch org are there, how much business can expand in future.

Accordingly you need to discuss what approach to be implemented as decided by the business.

Regards

Kanti