Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to block access to one storage location ?

Go to solution
Former Member

‎05-13-2011 3:14 PM

0 Kudos

Hello Security gurues,

We have hundreds of storage locations in our system. One of the storage location is physically removed, but we don't want to delete it from system because there are history records for it. Hence, we want to prohibit all inventory transactions, for this one storage location, by way of authorization. So how to create a security role to take care of this ?

We have many security roles with SLoc as authorization object - but we don't want to end up listing all the SLoc in each of these roles, just for restricting one SLoc. I was wondering whether there is any way of having a "negative" authorization in a role, so that just one "negative" entry for this SLoc is sufficient.

In case "negative" authorization is possible, kindly show me how. And, whether we will need to add that "negative" authorization in all the roles where SLoc object is there, or "negative" in any one of them will serve as over-all restriction ?

Thanks,

- Chetan

1 ACCEPTED SOLUTION

Go to solution
mvoros
Active Contributor

‎05-16-2011 12:17 AM

0 Kudos

Hi,

you can try to use authorization object M_MSEG_LGO. By default there is no authorization check for any storage location but you can turn it on for particular storage locations in SPRO -> material Management -> Inventory Management & Physical Inventory -> Authorization Management -> Authorization Check for Storage Locations. So there are two possibilities: authorization check is not active right now and your roles don't have authorizaiton for M_MSEG_LGO. In that case you jsut need to activate check for your storage location and nobody should be able to use it. The second possibility is that the check is active or there are roles with authorization for M_MSEG_LGO. In this case you need to activate check if it's not active and remove authorization for M_MSEG_LGO from all roles.

Cheers

3 REPLIES 3

Go to solution
Former Member

‎05-13-2011 7:07 PM

0 Kudos

Hi Chetan,

We have not come across a negative auth (Exclusion Method) from standard SAP. It is acheivable via custom programs ...

Is SLOC a org level field .. If yes, cant we range the values accordingly ? We generally resort to value ranges in such situations ...

Rgds,

Sri

Go to solution
Former Member

‎05-15-2011 9:37 AM

0 Kudos

Hi Chetan,

Greetings!!!!

If that storage location is not accountable for stock you can mainatain ranges for the SLc's.. Also there is no negative authorization concepts in SAP you can see the data for that SLOC in table /ISDFPS/FORCE:

Thanks

Sandeep

Go to solution
mvoros
Active Contributor

‎05-16-2011 12:17 AM

0 Kudos

Hi,

you can try to use authorization object M_MSEG_LGO. By default there is no authorization check for any storage location but you can turn it on for particular storage locations in SPRO -> material Management -> Inventory Management & Physical Inventory -> Authorization Management -> Authorization Check for Storage Locations. So there are two possibilities: authorization check is not active right now and your roles don't have authorizaiton for M_MSEG_LGO. In that case you jsut need to activate check for your storage location and nobody should be able to use it. The second possibility is that the check is active or there are roles with authorization for M_MSEG_LGO. In this case you need to activate check if it's not active and remove authorization for M_MSEG_LGO from all roles.

Cheers