cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Material master authorization based on material types?

former_member224727
Active Participant

on ‎03-14-2013 4:25 PM

0 Kudos

Currently for material master authorization we giving authorization based on authorization group but now business want restriction per material type as well.

Our BASIS team says functional consultant has to configure first to restrict authorization per material type. Since I'm new in area need help to find correct config node & how?

How to configure authorization group per material types?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member183818
Contributor
‎03-15-2013 2:56 AM
0 Kudos

Create a new role and assign the T Code to the role. In authorizations assign the material type and group. Attach it with the required users.

Show replies
Show replies
former_member224727
Active Participant
‎03-14-2013 7:37 PM
0 Kudos

In the material type config I assigned authorization group ZPQR. Now my requirement is how to assign this group to M_MATE_MAR authorization object? Reply appreciated. As per business req I want to restrict material master authorization for this particular material type for given group. Reply appreciated.

Show replies
Show replies
Former Member
‎03-14-2013 11:08 PM
0 Kudos

Hi,

What are your requirements for Material Type? Are you trying to protect one material type (ZPQR) or multiple material types? If you want to stop people using ZPQR then assigning an auth group against the material type is OK, they will still be able to access the types that have no auth group against them.

Assuming that you have done the config in OMS2 then you need to tell your Basis (or preferably Security) team to ensure that only specified roles have access to M_MATE_MAR for ZPQR auth group.  The scale of the work will depend on how the security has been built. 

former_member224727
Active Participant
‎03-15-2013 1:42 PM
0 Kudos

Thanks for reply. Actually I have specific user group they use only ROH material type. That means they have authorization to create/change ROH materials only. They should not have access to any other material type. To fullfill this req I assigned ZPQR authorization group to ROH material type in config. Now I asked BASIS to create role and assign this autho group to M_MATE_MAR object, but this is not working.

Please suggest what am I missing? Reply appreciated.

Former Member
‎03-15-2013 1:47 PM
0 Kudos

Hi,

You will have to assign auth groups to the other material types too.  If a material type doesn't have an auth group assigned to it then users will be able to use it without any material type auth check being performed.  You also need to ensure that the users who need restricting aren't getting M_MATE_MAR auths from anywhere else.

This is pretty basic security - I appreciate that this is not your area but your  Basis team should be giving you exactly this sort of info.

Cheers

former_member224727
Active Participant
‎03-18-2013 1:36 PM
0 Kudos

Hi Alex,

Let me repeat what I understood from your statement. So if I want to give authorization for ROH material only then I have to assign authorization to group for all material type including ROH in config, right? Correct me if wrong.

Once I assign authorization group to material type then I will assign ROH authorization group to M_MATE_MAR for particular user role. This way I can restrict authorization to ROH material type only. Correct?

Currently in our system authorization group field is blank at material type level in config. I have assigned to ROH only for my purpose, but as per your suggestion I have to assign to all material type.

Former Member
‎03-18-2013 2:01 PM
0 Kudos

Hi Eric

1. Let me repeat what I understood from your statement. So if I want to give authorization for ROH material only then I have to assign authorization to group for all material type including ROH in config, right? Correct me if wrong.

Correct.  You will need an auth group on ROH and at least one other different one on the rest

2. Once I assign authorization group to material type then I will assign ROH authorization group to M_MATE_MAR for particular user role. This way I can restrict authorization to ROH material type only. Correct?

Correct.  You also need to check that the user isn't getting M_MATE_MAR values from another role.

3. Currently in our system authorization group field is blank at material type level in config. I have assigned to ROH only for my purpose, but as per your suggestion I have to assign to all material type.

Yes, you will need to assign to all the other material types that you want to protect.  If you want one group of users only to use ROH then you will need one or more auth groups assigned to the rest. 

You can see some supporting info here: http://scn.sap.com/thread/1729357

former_member224727
Active Participant
‎03-18-2013 3:04 PM
0 Kudos

Thanks Alex for response. In given link it is mentioned that I have to first create autho group at SE54. Is this correct? Because I was just assigning auth group to directly material type level only. I haven't created at SE54.

So do I need to create entry of autho group at SE54 before I assign to material type level?

Why asking, because I assigned ZPQR auth group to particular material type. But I don't see this at SE54.

Former Member
‎03-18-2013 5:55 PM
0 Kudos

Hi, there is no need to create the auth group in SE54 first.  In this case it is a "nice to have" but won't affect functionality in any way. 

former_member224727
Active Participant
‎03-18-2013 7:20 PM
0 Kudos

Thats correct. i tested the way you suggested and it works fine.

Ask a Question