Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Exits in authorization checking (FI module)

former_member443015
Participant

‎08-10-2010 3:49 AM

0 Kudos

Hello all,

I am using SAP R/3 version 4.7 and FI module.

I would like to know are there any exit can be called automatically when performing authorization checking.

I need to create some roles to control to authority for different users from different departments. To reduce the effort, I am thinking to create one common role, and then call the user-exits. Inside the user-exit, I can check by retrieving the authorization information from tables.

Are there any exit can be called when performing authorization checking?

Many thanks

Sunny

4 REPLIES 4

mvoros
Active Contributor

‎08-10-2010 4:41 AM

0 Kudos

Hi,

If you want to perform custom authorization checks for each FI posting then I would suggest to use FI validations. They are called for each FI posting and you can hook up your own routine for validation.

But your approach with bespoke table is wrong and I highly recommend you to avoid z-tables with additional authorizations. Basically, you create another authorization source which you have to maintain. If you keep everything in roles then user management is easy. Another disadvantage is that you can't use CUA or IdM (Note: I guess that you can implement own custom step to manage custom records in z-table but it will significantly increase an implementation cost).

Cheers

Former Member

‎08-10-2010 7:52 AM

0 Kudos

Hi

Use master derive concept for authorization control and maintain data in orzanization levels

Steps go to PFCG create Master role give necessary t codes then save it.

then run transaction PFCG -->create derive roles and assigned master roles -->go to orzagination levels and maintain data like plant level,Shiping area,Shiping point etc as per requirment

Thanks

Manish Gupta

Former Member
In response to Former Member

‎08-10-2010 8:57 AM

0 Kudos

> 

> Hi
> 
> Use master derive concept for authorization control and maintain data in orzanization levels
> 
> Steps  go to PFCG create Master role  give necessary t codes then save it.
> 
> then run transaction PFCG -->create derive roles and assigned master roles -->go to orzagination levels and maintain data like plant level,Shiping area,Shiping point etc as per requirment
> 
> 
> Thanks
> Manish Gupta

I am interested to know, How is this related to the OP's question?

Former Member
In response to Former Member

‎08-10-2010 10:12 AM

0 Kudos

I think they are advising not to mess about with FI exits and use derived role concept to simplify role admin.

I've worked with a similar requirement for CO module and while it worked reasonably well when set up, cost many £'s and was not very cost effective if you compare it against other techniques that could have extended provisioning of roles based on other data sources.