on 02-22-2011 9:23 AM
Hi Experts,
Based on the client requirement we have created a new Project Profile named as theShutdown Project. The type of Project is ShutDown. The client wants to restrict the same only for the Plant users usage.
I know that the type of the project can be restricted thru standard authorization object -
C_PRPS_ART. The coding mask is not restricted or defined as of now.
Since we could not find any standard authorization object which restricts specifically on Project Profile, we tried creating a Z
auth.object as follows:
u2022 SU20 -CREATE AUTHORIZATION FIELD
u2022 SU21 -CREATE AUTHORIZATION OBJECT
u2022 SU21 -LINK AUTHORIZATION FIELD AND AUTHORIZATION OBJECT
u2022 SU24 -ADD THE AUTHORIZATION OBJECT IN THE TCODE CJ20N AND CJ01
u2022 PFCG-CREATE ROLE WITH AUTHORIZATIONS TO TCODES- CJ20N AND CJ01. ALSO
ADD THE AUTHORIZATION OBJECT MANUALLY. GENERATE THE ROLE AND SAVE THE
SAME. LINK USER ID TO THE ROLE
u2022 SE38- LCJWBF7S. CREATE ENHANCEMENT IN FORM PROJ_SET AND ADD
AUTHORISATION CHECK OF THE ABOVE CREATED OBJECT
The issue is that the above procedure is restricting the access for all the other users too despite it being attached to a particular role only. Every project profile other than shutdown project is getting an error -"You are not authorisedfor this activity"
Please advice if our approach is correct or are there any alternative available.
Regards
Khushali
HI,
You need not have a separate Auth Object for "Project Profile".
Make use of your standard auth object "Project Type" only.
Introduce a simple validation to say that The only project type "Shutdown Projects" should be allowed for your Project Profile "Shutdown Project"
By this, while Project creation, system throws error (Error you defined in the validation) in case both the Profile & Type are incompatible. When the user selects the appropriate "Project Type", then the subsequent standard error would be related to authorization on Project Type for the desired users.
regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
Thanks for your prompt response. The problem that I am encountering with this solution is that lot of users only create project definition at the initial stage and the WBS element at the later stage. In a scenario like this the project already gets created and so the validation doesnt prove to be very effective.
Is there any other solution ????
Regards
Khushali
Hi,
1. You can proceed as suggested in the previous thread by Abdul.
2. Maintain the same Z auth object in all the other roles & give access to all project profiles except "shutdown"
3. The validation as mentioned in my previous thread ensures that projects with "Shutdown Profiles" will always be created with type "shutdown". & you already have "Project Type" as auth object. So, this should very well solve your issue.
regards
Check the forum - this sort of question has been answered lots of time
Create a separate Project code for shut down and use Use CNEX0002 to restrict user
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
108 | |
12 | |
11 | |
6 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.