Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

access control by sales office and plant on order type

Former Member

‎07-20-2009 2:41 PM

0 Kudos

Hi,

I want to restrict the access in VA01 in that whenever a user use this combination

" <ordertype = z011> + <sales offc X> + <plant X>" he could able to create the document

but not on this combinatoin "<ordertype = z011>+<sales offc X> + <plant Y > "

i.e he could able to access the plant of the concerned sales office and not any other plant.

thanks

3 REPLIES 3

Former Member

‎07-20-2009 3:16 PM

0 Kudos

you need an enhancement for this. the plant is on the same organizational level as sales org but the two of them do not combine (at least not when it comes to authorizations in SD).

you could go for structural authorizations, but if that one decribed is your only issue, that would be shooting rockets at sparrows.

sdipanjan
Active Contributor

‎07-20-2009 6:35 PM

0 Kudos

You may use Authorization Object V_VBKA_VKO for this purpose. But w/o any check proposal in the program for VA01 it's irrelevant to add this Object in SU24 for VA01. You can go for inserting an Exit (for e.g. LV02PF0S which contains the Object V_VBKA_VKO in Authority-Check) to append a Check for Sales Office in VA01. [take help of ABAPer, may be I am not correct with the explanation language as I am not a Developer).

AUTHORITY-CHECK OBJECT 'V_VBKA_VKO'

ID 'VKORG' FIELD KNVV_TAB-VKORG

ID 'VTWEG' FIELD KNVV_TAB-VTWEG

ID 'SPART' FIELD KNVV_TAB-SPART

ID 'VKBUR' FIELD KNVV_TAB-VKBUR

ID 'VKGRP' FIELD KNVV_TAB-VKGRP

ID 'KTAAR' FIELD AUART

ID 'ACTVT' FIELD US_ACTIVITY.

Then add this object in SU24 w/ C/M proposal for VA01.

While maintaining Fields in the Profile generator for VA01, please put same Value as WERKS (Plant). Also make sure that the Sales Offices are properly created/maintained to use with such values (check table TVBUR).

Regards,

Dipanjan

Edited by: Dipanjan Sanpui on Jul 20, 2009 2:21 PM

Edited by: Dipanjan Sanpui on Jul 20, 2009 2:23 PM

Former Member
In response to sdipanjan

‎07-20-2009 10:07 PM

0 Kudos

I dont think that checking authority for VKORG is usefull here.

You would need the VKORG first (the value in the document, not the authorizations...), and subsequently check for WERKS for them to be compatible.

If my interpretation of the question is correct, this is a compatability of VKORG and WERKS question - and not a security question really.

The authority-checks should be performed anyway, as context specific checks generally only deactivate checks (setting sy-subrc to 0).

Whether to move it to ERP SD or ERP MM, please advise? If all else fails, ABAP General.

Cheers,

Julius