Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization - Storage Location in MM/PP

Go to solution
Former Member

‎10-07-2009 10:03 AM

0 Kudos

Dear All,

We have activated storage location wise authentication for some storage locations in Material Management.

Now in case of T-Code, COR6N, we want to restrict near about 15 storage location.

For testing purpose I have created new role with only one T-code COR6N. Also add auth.object M_MSEG_LGO and add storage locations which are allowed to use.

The testing is successful.

But when we have assign same to one existing users who also have other material movement related T-codes. In which storage location value is "*". So all the storage locations are allowed.

Is there any solution to that. Because it is very critical activity to find out where we have added M_MSEG_LGO object manully.

Thanks in advance.

Nirav Bhatt

1 ACCEPTED SOLUTION

Go to solution
jurjen_heeck
Active Contributor

‎10-07-2009 10:09 AM

0 Kudos

To find roles with this value you can go to the suim report roles by authorization values. Enter M_MSEG_LGO in the object field, hit ENTER and enter #* in the storage location field. The hash escapes the star so it should only return actual * values instead of everything. If this doesn't work you can try filtering table AGR_1251 for M_MSEG_LGO.

4 REPLIES 4

Go to solution
jurjen_heeck
Active Contributor

‎10-07-2009 10:09 AM

0 Kudos

To find roles with this value you can go to the suim report roles by authorization values. Enter M_MSEG_LGO in the object field, hit ENTER and enter #* in the storage location field. The hash escapes the star so it should only return actual * values instead of everything. If this doesn't work you can try filtering table AGR_1251 for M_MSEG_LGO.

Go to solution
arpan_paik
Active Contributor

‎10-07-2009 11:15 AM

0 Kudos

Hi Nirvat,

Jurjen gives you the way through which you can find other roles providing access to all storage location through M_MSEG_LGO through some other roles rather that the role that you create for COR6N.

Now if you want to restrict user for intended storage location that given in the role with COR6N then the only way is that you need to either remove other role with M_MSEG_LGO ( storage location * ) from user or restrict these roles. Either way lot of other users will afected. Take care of that as well. Else there is no other way to do this.

Arpan

Go to solution
Former Member

‎10-07-2009 2:36 PM

0 Kudos

Hi Nirav,

One option you may consider is to split the accesses in the roles into a functional role (which will contain the transaction COR6N) and then provide authorisation roles, which will contain the applicable storage locations within object M_MSEG_LGO.

In this way, you can assign the roles in combination depending on the storage locations your users require access to.

Note that * values will need to be removed from any roles allocated to these users already, as the combination would continue to give you the issue you've experienced here.

As always, liaison with the business is critical to ensure you keep the balance between functional requirements and effort required.

Good luck

Tom.

Go to solution
Former Member

‎11-27-2009 12:41 PM

0 Kudos

This message was moderated.