on 12-08-2012 12:40 PM
hi All,
I am facing an issue related to 'Authorization Group' control. Please advise.
Requirement:
The document created should be ACCESSIBLE only to a set of Users within the organization.
Process folllowed:
SE54 - Authorization group is created
PFCG - A role is maintained for the set of Users for CV02N, CV03N and the Authorization group created in above step is assigned in: 'Maintained: Authorization for authorization group'
CV01N/02N: The Authorization group value is assigned in the 'Authorization Group' field
Error: The User who's not assigned to in PFCG is also able to view the document.
Note: The Entry for 'Authorization Group' in SE54 is maintained for Table: DRAW. The relevant document type is entered in: Maintained Authorization for document access. The other User has access to SAP_ALL transactions.
Q-1) Am I missing any other inputs to make this work?.
Q-2) Can I create multiple 'Authorization Group' and control the access at EACH Document level?
-Thanks
Hi sdn sap,
The other User has access to SAP_ALL transactions.
:
:
Q-1) Am I missing any other inputs to make this work?.
If the user has SAP_ALL role assigned to him, then whatever role/ authorization you create will not impact the user with SAP_ALL.
You must not give SAP_ALL to any user. This is violation of SOD. You better discuss with business and design the roles. Only then, what you have done, with respect to Authorization group, will work.
Q-2) Can I create multiple 'Authorization Group' and control the access at EACH Document level?
Yes, you can do this.
Regards,
Amaresh Makal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
108 | |
12 | |
11 | |
6 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.