on 08-07-2012 4:50 AM
Hi,
My requirement is as explained below.
I have 2 users, say USER1 & USER2. Both these users have authorization for creating & changing document of document type ‘MNL’. But I don’t want USR2 to modify document created by USER1 & vice versa.
To achieve this, I have created 2 different roles for creating & changing document of document type ‘MNL’. Only difference in these 2 roles is of authorization group maintained in the role. Role assigned to USER1 has authorization group as ‘1111’ & role assigned to USER2 has authorization group as ‘2222’.
I have a 3rd role which is only for displaying all document types to both the users.
Details of these 3 roles are as below.
Authorisation Object | Role 1 | Role 2 | Role 3 | |
C_DRAW_BGR | 1111 | 2222 | * | |
C_DRAW_DOK | Activity | 52, 53 | 52, 53 | 53, 54 |
Document Type | MNL | MNL | * | |
C_DRAW_STA | Document Type | MNL | MNL | * |
Document Status | CR, IW, RL, VD | CR, IW, RL, VD | * | |
C_DRAW_TCD | Activity | 01, 02, 03 | 01, 02, 03 | 03 |
Document Type | MNL | MNL | * | |
C_DRAW_TCS | Activity | 01, 02, 03, 52, 53 | 01, 02, 03, 52, 53 | 03, 53, 56 |
Document Type | MNL | MNL | * | |
Document Status | CR, IW, RL, VD | CR, IW, RL, VD | * |
While creating new document of document type ‘MNL’, USER1 enters authorization group ‘1111’ whereas USER2 enters authorization group ‘2222’.
Even after these settings, USER 1 is able to change document created by USER 2 & vice versa.
I have followed same procedure for BOM (Bill Of Material) in PP module & it works fine there.
Would appreciate if you throw some light on where I am wrong & what I need to do to implement these user specific restrictions in DMS.
Regards,
Abhijit Khandekar
Hello Abhijit,
Your roles and authorizations are correct.
In addition to the authorization above, you might have to implement BAdi: DOCUMENT_AUTH01 & write your own authority check in method check authority.
Link : http://help.sap.com/saphelp_46b/helpdata/en/18/247237a323427ee10000009b38f8cf/content.htm
Cheers,
Simran
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Simran,
As commented by Amit, I am also of the opinion that it should work only with preparing & assigning roles correctly & maintaining proper authorisation group in the document so as to restrict the authorisation.
I even have implemented same functionality for controlling BOM authorisations.
Just surprised, why its not working in this case. Can you suggest any other solution?
Hi Amit,
Logically, what you have said is correct & should work in that manner only. I have checked it several times, but unfortunately doesn't succeed.
Regards,
Abhijit Khandekar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Guys,
It should work with the groups. I agree with it.
In case if it does not work for some reason then you can go for the custom development.
Authorization levels should be something like that:
1st
C_DRAW_BGR (auth groups)
C_DRAW_TCD (document type) or C_DRAW_TCS (document type with status)
Re- assign all the authorization and check.
All the Best,
Simran
User | Count |
---|---|
107 | |
12 | |
11 | |
6 | |
5 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.