cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Roles authorization in PR release procedure

Go to solution
ramesh_reddy25
Participant

on ‎09-30-2013 3:09 PM

0 Kudos

Hi all,

I have configured PR release procedure. 3 level approval.

XX is the release group,

23 release strategies are there (one for each department).

47 RELEASE CODES (two for each department and Manager is the extra common approver)

For 01(release strategy)-01, 02, 47 are release codes

.

.

.

For 23(release strategy)- 45,46, 47 are release codes.


Characteristics created for PR document type, plant, Acc assignment, item category, and creator.

Now I’m getting problem is assigning approval authorization to each user (creator).

I need to restrict authorization by plant wise. Because for some users (creators) are applicable for only one and some other users of same department applicable to 2 or more plants.

How can suggest creating roles (6 plants are there). Because if I’m going to create roles by Release group, release code and plant wise, it will be huge job( 1000’s of roles need to create).

Please share your Ideas to solve this problem.


Thanks and regards

Ramesha

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

ACE-SAP
Active Contributor
‎09-30-2013 7:10 PM
0 Kudos

Hello

Indeed it's a tough jobs,

Managing a security at such a fine level can lead to a situation where security is getting hard to maintain (too many roles)... and by the end the security is getting unclear / weak.

I was able to solve this for one customer by using a VBA code based on Excel to mass generate these roles. I did RFC calls to these functions (with creating custom versions to set them as RFC enabled and remove some commented lines to update AGR_1251)

PRGN_1251_READ_FIELD_VALUES
PRGN_1251_SAVE_FIELD_VALUES
PRGN_1250_READ_AUTH_DATA
PRGN_1250_SAVE_AUTH_DATA

It could also be possible to play with text processor on downloaded roles, modifying them and mass uploading them (using eCATT for instance).

The internal structure of exported roles files is not that complex (but I did it quite a long time ago).

Regards

Show replies
Show replies

Answers (4)

Answers (4)

nishad_showkath
Explorer
‎10-01-2013 7:43 AM
0 Kudos

Hi Ramesh,

Can you give me the dump of table T16FS which shows the release stratergy what you have used. I would be able to guide you based on this input on how many roles you will require for this.

With Regards,

Nishad Showkath

Show replies
Show replies
Former Member
‎10-01-2013 6:01 AM
0 Kudos

Hi Ramesh,

In your release strategy, assign a Purchase Group to each department and applicable plants and decide the release levels according their DOP.

Gather the user assignment details like creator, 1st level, 2nd level, 3rd level.... approvers for each combination e.g Purchase group, Plant, Document Type

Based on this information you can design your roles.

Cheers,

Rama

Show replies
Show replies
Former Member
‎09-30-2013 5:27 PM
0 Kudos

Hi ,

        You can restrict/ control for plant through the authorization object M_BEST_WRK with field WERK.

Pls refer below screenshot for detail....

Regards

Abhishek Tiwari

Show replies
Show replies
ramesh_reddy25
Participant
‎10-01-2013 4:32 AM
0 Kudos

Hi thanks for your reply,

We can control by plant, Problem is we have 8 plants. We have to create too many roles, It will take more time for creating and testing..Any other Idea??

Regards

Ramesha

Prasoon
Active Contributor
‎09-30-2013 3:25 PM
0 Kudos

Hi,

   For plant, please check the authorization object: M_BANF_WRK

Regards,

AKPT

Show replies
Show replies
ramesh_reddy25
Participant
‎10-01-2013 4:33 AM
0 Kudos

Hi thanks for your reply,

We can control by plant, Problem is we have 8 plants. We have to create too many roles, It will take more time for creating and testing..Any other Idea??

Regards

Ramesha

Ask a Question