on 03-14-2013 4:25 PM
Currently for material master authorization we giving authorization based on authorization group but now business want restriction per material type as well.
Our BASIS team says functional consultant has to configure first to restrict authorization per material type. Since I'm new in area need help to find correct config node & how?
How to configure authorization group per material types?
Create a new role and assign the T Code to the role. In authorizations assign the material type and group. Attach it with the required users.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In the material type config I assigned authorization group ZPQR. Now my requirement is how to assign this group to M_MATE_MAR authorization object? Reply appreciated. As per business req I want to restrict material master authorization for this particular material type for given group. Reply appreciated.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
What are your requirements for Material Type? Are you trying to protect one material type (ZPQR) or multiple material types? If you want to stop people using ZPQR then assigning an auth group against the material type is OK, they will still be able to access the types that have no auth group against them.
Assuming that you have done the config in OMS2 then you need to tell your Basis (or preferably Security) team to ensure that only specified roles have access to M_MATE_MAR for ZPQR auth group. The scale of the work will depend on how the security has been built.
Thanks for reply. Actually I have specific user group they use only ROH material type. That means they have authorization to create/change ROH materials only. They should not have access to any other material type. To fullfill this req I assigned ZPQR authorization group to ROH material type in config. Now I asked BASIS to create role and assign this autho group to M_MATE_MAR object, but this is not working.
Please suggest what am I missing? Reply appreciated.
Hi,
You will have to assign auth groups to the other material types too. If a material type doesn't have an auth group assigned to it then users will be able to use it without any material type auth check being performed. You also need to ensure that the users who need restricting aren't getting M_MATE_MAR auths from anywhere else.
This is pretty basic security - I appreciate that this is not your area but your Basis team should be giving you exactly this sort of info.
Cheers
Hi Alex,
Let me repeat what I understood from your statement. So if I want to give authorization for ROH material only then I have to assign authorization to group for all material type including ROH in config, right? Correct me if wrong.
Once I assign authorization group to material type then I will assign ROH authorization group to M_MATE_MAR for particular user role. This way I can restrict authorization to ROH material type only. Correct?
Currently in our system authorization group field is blank at material type level in config. I have assigned to ROH only for my purpose, but as per your suggestion I have to assign to all material type.
Hi Eric
1. Let me repeat what I understood from your statement. So if I want to give authorization for ROH material only then I have to assign authorization to group for all material type including ROH in config, right? Correct me if wrong.
Correct. You will need an auth group on ROH and at least one other different one on the rest
2. Once I assign authorization group to material type then I will assign ROH authorization group to M_MATE_MAR for particular user role. This way I can restrict authorization to ROH material type only. Correct?
Correct. You also need to check that the user isn't getting M_MATE_MAR values from another role.
3. Currently in our system authorization group field is blank at material type level in config. I have assigned to ROH only for my purpose, but as per your suggestion I have to assign to all material type.
Yes, you will need to assign to all the other material types that you want to protect. If you want one group of users only to use ROH then you will need one or more auth groups assigned to the rest.
You can see some supporting info here: http://scn.sap.com/thread/1729357
Thanks Alex for response. In given link it is mentioned that I have to first create autho group at SE54. Is this correct? Because I was just assigning auth group to directly material type level only. I haven't created at SE54.
So do I need to create entry of autho group at SE54 before I assign to material type level?
Why asking, because I assigned ZPQR auth group to particular material type. But I don't see this at SE54.
User | Count |
---|---|
108 | |
12 | |
11 | |
6 | |
5 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.