09-16-2009 7:36 PM
Hi Guys,
Can anyone tell me what filed value can be entered in the following authorization Object since these authorization object s are not belong to any functional folks. I was wondering if the functional folks know the value that needs to be entered in the following fields.
I assigned MM01, MM02 MM03 in this end user role and received these authorization objects.
Standard Authorization for Classification C_KLAH_BKL
Activity 01, 03 ACTVT
Classification authorization g ? BGRKL
Standard Authorization for Characteristics of Org. Area C_TCLS_MNT
Activity 23 ACTVT
Class Type 001 KLART
Organizational Area Indicator ? SICHT
Also same thing for this module PP (Production Planning), should I ask my FI/CO or MM functional team to tell me what values should be going into the following authorization Objects
Please let me know if anyone knows what values should be entered in the following authorization objects or Should I talk to my MM functional team to tell me what values should be there because PP is not there expertise thatu2019s what I concern
Standard CC Change Master - Authorization Group C_AENR_BGR
Activity 22 ACTVT
Authorization Group ? BEGRU
Standard CC Eng. Chg. Mgmt. Enhanced Authorization Check C_AENR_ERW
Activity 22 ACTVT\
AEFUN ?
AENST ?
BEGRU ?
RLKEY ?
Thanks in Advance
Faisal
Edited by: Faisal on Sep 16, 2009 10:03 PM
09-16-2009 9:12 PM
It depend on what you want to achieve when using those transactions.
Your functional expert should have worked that out and should give you the values.
It is your job to consider whether it achieves that which the funkie wants, or whether the choice of transaction is the problem in the first place and conflicting with the role build concept you have given them (or negotiated with them, while explaining the pro's and con's).
If you always just "make it work" and insert manually to achieve that then you are defeating the purpose.
Also, think about those who will need to maintain or upgrade these roles in future when the business process, or organization or system technology changes.
It is very easy to dog your own hole by taking a shortcut (or poping a * into a field).
My advise: Give them some feedback. Tell them you want proper information to work with. Have them test it (and do a few negative tests in your free time, also learn the business processes).
My 2 cents,
Julius
09-16-2009 9:12 PM
It depend on what you want to achieve when using those transactions.
Your functional expert should have worked that out and should give you the values.
It is your job to consider whether it achieves that which the funkie wants, or whether the choice of transaction is the problem in the first place and conflicting with the role build concept you have given them (or negotiated with them, while explaining the pro's and con's).
If you always just "make it work" and insert manually to achieve that then you are defeating the purpose.
Also, think about those who will need to maintain or upgrade these roles in future when the business process, or organization or system technology changes.
It is very easy to dog your own hole by taking a shortcut (or poping a * into a field).
My advise: Give them some feedback. Tell them you want proper information to work with. Have them test it (and do a few negative tests in your free time, also learn the business processes).
My 2 cents,
Julius
09-16-2009 9:12 PM
First you try to check the documentation of those Objects in SU21 and also in table TOBJ (TOBJT).
For fields and their respective tables, please check them in the table AUTHX.
For probable values of the Objects, please check USOBT_C entries. Also you may review the entries in USOTT and in SU22.
Let me know how much of you quires are left now.
regards,
Dipanjan
09-16-2009 10:09 PM
Hi Dipanjan,
> First you try to check the documentation of those Objects in SU21 and also in table TOBJ (TOBJT).
In a win :win situation the Security admin would know the objects already and their dependencies.
In a loose : loose situation the Functional consultant doesn't know the objects and the customizing dependencies either.
If all else fails SU24 will help you a part of the way, but it is not caste in stone and you still need to maintain fields which you don't possibly understand, without the help of a good funkie.
Cheers,
Julius
09-18-2009 1:41 PM
Hi,
You can assign those roles to test user in which these objects are.Then ask user to run that test user who needs that t-code.Just on system trace. They will provide some value and you will come to know which value they require.