05-13-2011 3:14 PM
Hello Security gurues,
We have hundreds of storage locations in our system. One of the storage location is physically removed, but we don't want to delete it from system because there are history records for it. Hence, we want to prohibit all inventory transactions, for this one storage location, by way of authorization. So how to create a security role to take care of this ?
We have many security roles with SLoc as authorization object - but we don't want to end up listing all the SLoc in each of these roles, just for restricting one SLoc. I was wondering whether there is any way of having a "negative" authorization in a role, so that just one "negative" entry for this SLoc is sufficient.
In case "negative" authorization is possible, kindly show me how. And, whether we will need to add that "negative" authorization in all the roles where SLoc object is there, or "negative" in any one of them will serve as over-all restriction ?
Thanks,
- Chetan
05-16-2011 12:17 AM
Hi,
you can try to use authorization object M_MSEG_LGO. By default there is no authorization check for any storage location but you can turn it on for particular storage locations in SPRO -> material Management -> Inventory Management & Physical Inventory -> Authorization Management -> Authorization Check for Storage Locations. So there are two possibilities: authorization check is not active right now and your roles don't have authorizaiton for M_MSEG_LGO. In that case you jsut need to activate check for your storage location and nobody should be able to use it. The second possibility is that the check is active or there are roles with authorization for M_MSEG_LGO. In this case you need to activate check if it's not active and remove authorization for M_MSEG_LGO from all roles.
Cheers
05-13-2011 7:07 PM
Hi Chetan,
We have not come across a negative auth (Exclusion Method) from standard SAP. It is acheivable via custom programs ...
Is SLOC a org level field .. If yes, cant we range the values accordingly ? We generally resort to value ranges in such situations ...
Rgds,
Sri
05-15-2011 9:37 AM
Hi Chetan,
Greetings!!!!
If that storage location is not accountable for stock you can mainatain ranges for the SLc's.. Also there is no negative authorization concepts in SAP you can see the data for that SLOC in table /ISDFPS/FORCE:
Thanks
Sandeep
05-16-2011 12:17 AM
Hi,
you can try to use authorization object M_MSEG_LGO. By default there is no authorization check for any storage location but you can turn it on for particular storage locations in SPRO -> material Management -> Inventory Management & Physical Inventory -> Authorization Management -> Authorization Check for Storage Locations. So there are two possibilities: authorization check is not active right now and your roles don't have authorizaiton for M_MSEG_LGO. In that case you jsut need to activate check for your storage location and nobody should be able to use it. The second possibility is that the check is active or there are roles with authorization for M_MSEG_LGO. In this case you need to activate check if it's not active and remove authorization for M_MSEG_LGO from all roles.
Cheers