cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization for limiting manual batch number entry in VA01/VA02

Go to solution
Former Member

on ‎04-17-2012 9:49 PM

0 Kudos

Hi

We have a situation where a business user who has access to the sales order entry screen goes in and sometimes changes the batch determined using batch determination.  so basically hardpeg a batch on an order overriding the selection which came from batch determination.

Is there a way we can limit this, so that batches proposed by the batch determination can only be overridden by a manager or above? some kind of authorization check or an exit or something?

We ran a security trace on the sales order entry screen and could not see any object of relevance which could be used to control it?

Was wondering if it was even possible?

Thanks

sap ques.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Shiva_Ram
Active Contributor
‎04-17-2012 10:07 PM
0 Kudos

You can try with user exit USEREXIT_CHECK_VBAP in program MV45AFZB.

Regards,

Show replies
Show replies
Former Member
‎04-18-2012 3:57 AM
0 Kudos
Hi shiva, Thank you for the reply ..but what are v doing in the exit?  Do we create a custom authorization object and do a authority check against that?  Is that exit for the line item section of the screen in va01/02 where v enter line items and do batch determination? Thanks Sap ques

Answers (1)

Answers (1)

former_member223981
Active Contributor
‎04-18-2012 3:07 PM
0 Kudos

I checked if there were any relevant authorisation checks in VA02 but like you, could not find any. I guess the SAP argument for this is that they are empowering the user rather than inhibiting them.

An alternative approach [to Shiva's suggestion] you could take is to use USEREXIT_FIELD_MODIFICATION. Within this subroutine, you can maintain your own logic deciding whether the batch field will be changeable. For example, you could have a logic akin to this:

IF SCREEN-NAME = 'VBAP-CHARG'

<Insert authorisation object coding logic>

     IF SY-SUBRC = 0

          SCREEN-INPUT = '1'

     ELSE

          SCREEN-INPUT = 0.

ENDIF.

By saying that SCREEN-INPUT = 0, it will make the field display only, rather than changeable. Obviously, you will need to discuss with your ABAP team that exact details of the code yuo would need to maintain. It may be possible to use a standard authorisation object and insert into the code here (One that perhaps your managers are authorised for and general users are not). Or iy may be possible to avoid the use of authorisation objects completely by using an IF on SY-UNAME [depending in how many managers or users you wish to limit].

Note 208245 may provide some useful information on the logic behind SCREEN-INPUT & SCREEN-NAme.

Show replies
Show replies
Former Member
‎04-18-2012 3:17 PM
0 Kudos

Hi Neol,

I will try this logic and discuss this with my ABAPer...

Sound like it may be doable...I think going with an authirization object is probably the right approach as I can control that with a role. If I do SY-UNAME, we will have to hardcode the name and then if the user leaves I gotta to another transport to fix that....

Thanks

sap ques

Shiva_Ram
Active Contributor
‎04-18-2012 3:35 PM
0 Kudos

Check any Z-table is used in the system. You can store the user ID in the Z-table and the user exit logic can check against the entry. If an employee leaves the company, the Z-table entry can be removed.

Regards,

Ask a Question