Solved: Dynamic authorization value for WERKS object

Former Member · ‎08-07-2012

Hi Gurus,

We have several plants (factories) in our company (~100).

A user in a plant should have access only to the corresponding plant.

To avoid creating hundreds of profiles, we try to put the value ' ' in the authorization object relative to the plant, and we put the value of the plant in the WRK user parameter. We try also the values &WRK and '' (without space).

But, it's not working...

Any advices please for this configuration ?

Thks in advance

Former Member · ‎08-07-2012

Hi,

Maintaining the plant values in the User Parameter (SU01-User ID-Parameter Tab) does not gives authorization to the user, it only gives user screen default value,

If you have many Plant, please follow master and child role concept and assign the plant according to the user authorization (Dont assign master role to the users, assign only child role to the user),

Maintain the values in the Organization level and generate the role and assign to the user (Either master and child role or single role)

Regards,

Lokeshwar.

Former Member · ‎08-07-2012

Hi,

Maintaining the plant values in the User Parameter (SU01-User ID-Parameter Tab) does not gives authorization to the user, it only gives user screen default value,

If you have many Plant, please follow master and child role concept and assign the plant according to the user authorization (Dont assign master role to the users, assign only child role to the user),

Maintain the values in the Organization level and generate the role and assign to the user (Either master and child role or single role)

Regards,

Lokeshwar.

Former Member · ‎08-07-2012

Thks Lokeshwar,

The problem with this solution is that we will have to maintain hundreds and hundreds of child roles.

It should be a way in SAP to make the value of an organizational element dynamic dependant on the user, and not on the role...

Former Member · ‎08-07-2012

Hi,

I dont think there would be any such solution because when the user execute any t-code or perform any activity it will check the Authorization Object for the user.

Regards,

Lokeshwar.

Former Member · ‎08-07-2012

I'm quite sure there is a solution. We have indications on it in several other posts.

Former Member · ‎08-07-2012

Hi,

Dynamic auths are available in BW but not in ECC unless you do a significant amount of customising.

If you need to have user specific auths then (and this is a broadly caveated statement) that should have been taken into account during the functional design and not left to a build method that requires lots of plant level auths to be created in lieu of a better functional design.

Former Member · ‎08-27-2012

Yes, you can read a lot of nonsense in the internet... 😉

There are justifiable scenarios for generation of authorizations and using variables (like in BI) but using it for an org. level field such as $WERKS which touches many objects is highly suspect from a consulting perspective.

Splitting RESPAREA and exploding the KOSTL's etc for ECC auths is Ok im my opinion, if the requirement cannot be killed and the business insists on maintaining the master data and hierarchies in PROD systems.

Question: If you wants WERKS to be a variable, which other field will determine the value or WERKS? Project Number?

You need to provide more infos about the requirement.

Cheers,

Julius