Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

regards the issue on the role management

Former Member

‎04-14-2010 1:23 PM

0 Kudos

hai everybody,

currently i am in the implementation project... the requirement is i need to create the parent role then need to drive the role for the 56 depots(plants).....

currently i am in the development server to create the roles

for example i had created the parent role with the t code (va01 va02 va03)

and i derived the role then i given the organization level for the sales office (605) 605 is for the pune..

then i assigned the role to the user of pune

but the issue is the pune user is able to access everything

i am not able to rectify the issue

so please help me

thanks and regards

praveen

7 REPLIES 7

Former Member

‎04-14-2010 1:48 PM

0 Kudos

Hi Praveen,

Please elaborate more on the same. I think you meant sales organization. Sales organizaiton is specific to the company code.

Paste organization levels you have selected for the derived role.

For others,

Pune is a name of a city in India.

Regards,

Gowrinadh

Former Member
In response to Former Member

‎04-14-2010 1:54 PM

0 Kudos

hai gowrinath,

thanks for the response

Business area 605

Sales office 605

Shipping point 605

Plant 605

for the rest i had given the *

regards

praveen

Former Member
In response to Former Member

‎04-14-2010 2:02 PM

0 Kudos

You mean "you have given * for company code and sales organization and applied restrictions only on shipping point and plant level".

How many company codes you have? elaborate more on the requirement and sales organization setup.

Remember that organizational levels are different for different transactions. Please describe what transaction codes you are using.

Regards,

Gowrinadh

Former Member

‎04-14-2010 8:49 PM

0 Kudos

Praveen,

What authorization object are you using to derive plant values to in your roles? Are you sure that VA01-VA03 are leveraging that authorization object correctly?

The only fields for Org Values i see using VA01-VA03 are:

Company code

Controlling area

Division

Sales organization

Distribution channel

Thanks,

Matt

Edited by: Matthew Urban on Apr 14, 2010 12:50 PM

Former Member
In response to Former Member

‎04-17-2010 10:45 AM

0 Kudos

hai matt,

what you said is write....

can u please tell me that how can i restrict this t-codes now ..

these tcodes are dependent on wt u had said but i need to restrict these on the plant or the sales organization

let me know that how is it possible...

thanks and regards,

praveen kumar babji kandula

Former Member

‎04-21-2010 7:45 AM

0 Kudos

Hi Praveen

First create master role with required Tcodes

then derived role for respective company code and give org level data in derived role specific to

that copmany code

Former Member

‎04-21-2010 10:24 AM

0 Kudos

There seems to be a communication break-down here....

the operator i suppose, has maintained the values for the object V_VBKA_VKO and this object does have the sales office, sales group values to maintain.

@OP: you would have to check in the ABAP code of the Sales order , if the authority check is carried out on V_VBKA_VKO, i havent checked it, but i am 90% confident that this object is not considered for VA01, VA02, VA03 (it is useful to some extent for VA05)

your authorization restrictions would work right, if you have this object check in the ABAP code and if you have the correct proposals for the transactions in SU24