04-14-2010 1:23 PM
hai everybody,
currently i am in the implementation project... the requirement is i need to create the parent role then need to drive the role for the 56 depots(plants).....
currently i am in the development server to create the roles
for example i had created the parent role with the t code (va01 va02 va03)
and i derived the role then i given the organization level for the sales office (605) 605 is for the pune..
then i assigned the role to the user of pune
but the issue is the pune user is able to access everything
i am not able to rectify the issue
so please help me
thanks and regards
praveen
04-14-2010 1:48 PM
Hi Praveen,
Please elaborate more on the same. I think you meant sales organization. Sales organizaiton is specific to the company code.
Paste organization levels you have selected for the derived role.
For others,
Pune is a name of a city in India.
Regards,
Gowrinadh
04-14-2010 1:54 PM
hai gowrinath,
thanks for the response
Business area 605
Sales office 605
Shipping point 605
Plant 605
for the rest i had given the *
regards
praveen
04-14-2010 2:02 PM
You mean "you have given * for company code and sales organization and applied restrictions only on shipping point and plant level".
How many company codes you have? elaborate more on the requirement and sales organization setup.
Remember that organizational levels are different for different transactions. Please describe what transaction codes you are using.
Regards,
Gowrinadh
04-14-2010 8:49 PM
Praveen,
What authorization object are you using to derive plant values to in your roles? Are you sure that VA01-VA03 are leveraging that authorization object correctly?
The only fields for Org Values i see using VA01-VA03 are:
Company code
Controlling area
Division
Sales organization
Distribution channel
Thanks,
Matt
Edited by: Matthew Urban on Apr 14, 2010 12:50 PM
04-17-2010 10:45 AM
hai matt,
what you said is write....
can u please tell me that how can i restrict this t-codes now ..
these tcodes are dependent on wt u had said but i need to restrict these on the plant or the sales organization
let me know that how is it possible...
thanks and regards,
praveen kumar babji kandula
04-21-2010 7:45 AM
Hi Praveen
First create master role with required Tcodes
then derived role for respective company code and give org level data in derived role specific to
that copmany code
04-21-2010 10:24 AM
There seems to be a communication break-down here....
the operator i suppose, has maintained the values for the object V_VBKA_VKO and this object does have the sales office, sales group values to maintain.
@OP: you would have to check in the ABAP code of the Sales order , if the authority check is carried out on V_VBKA_VKO, i havent checked it, but i am 90% confident that this object is not considered for VA01, VA02, VA03 (it is useful to some extent for VA05)
your authorization restrictions would work right, if you have this object check in the ABAP code and if you have the correct proposals for the transactions in SU24