Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict CO24 & CO27 by Plant number

Former Member

‎03-02-2011 10:52 PM

0 Kudos

Hi,

We are looking to restrict CO24 and CO27 transactions by Plant number. But irrespective of the Plant assigned to the user, they can see the data for any Plant. We need to restrict these trx based on the Plant number.

Below are the authorization objects in SU24

CO24 (MissingPartsInfoSyst):

C_AFKO_AWA CIM: Authorization for Prod.Order/Order Type/Plant/Activity

C_AFKO_AWK CIM: Plant for order type of order

CO27 (Picking list):

C_NAV_PROF Navigation Profile

M_MSEG_BWA Goods Movements: Movement Type

M_MSEG_WWA Goods Movements: Plant

Authorization objects checked as per ST01 trace:

CO24:

S_TCODE RC=0 tcode=CO24;TCD=CO24;

S_ALV_LAYO RC=0 tcode=CO24;ACTVT=23;

S_GUI RC=0 tcode=CO24;ACTVT=61;

CO27:

S_TCODE RC=0 tcode=CO27;TCD=CO27;

M_MSEG_WWA RC=0 tcode=CO27;ACTVT=01;WERKS= ;

C_AFKO_AWK RC=0 reason=B;tcode=CO27;WERKS=1110;AUFART=ZP01;

C_AFKO_AWA RC=0 reason=B;tcode=CO27;ACTVT=03;AUTYP=10;AUFART=ZP01;WERKS=1110;

S_ALV_LAYO RC=0 tcode=CO27;ACTVT=23;

S_GUI RC=0 tcode=CO27;ACTVT=61;

Can someone please help me with this?

Regards,

Chintan

4 REPLIES 4

Former Member

‎03-03-2011 7:48 AM

0 Kudos

Someone please suggest on this.

Thanks,

Chintan

Former Member
In response to Former Member

‎03-03-2011 1:04 PM

0 Kudos

CO24 appears to have no plant check so you will either have to:

1. Put in an alternative control (e.g. manager reviewing use of the transaction)

2. Accept it

3. Find an appropriate exit or enhancement point to add in additional auth check & resulting logic.

CO27 looks like it has some ability to restrict on the C_AFKO* auth objects, what happens when you try and run a selection with a plant that you are not authorised for? what is the trace result? is the auth object deactivated in SU24?

martin_voros
Active Contributor
In response to Former Member

‎03-03-2011 10:00 PM

0 Kudos

For option 3 the transaction C024 has BADI WORKORDER_INFOSYSTEM with method ORDER_TABLES_MODIFY which might be used for modifying results. Same BADI is used in CO27. If for some reason this BADI can;t be sued then there is still option using implicit enhancement points.

Cheers

Former Member
In response to Former Member

‎03-04-2011 12:16 AM

0 Kudos

Thanks Martin and Alex, I will check out these options.