cancel
Showing results for 
Search instead for 
Did you mean: 

Can we use I_BEGRP to restrict users from "blank" authorization group?

0 Kudos

Hi - I see that there have been a lot of clever answers to authorizing in PM - I feel lucky today hoping to get your feed back on this 🙂

In transaction code IH08 (display equipments) we want to restrict some users to certain equipments and have looked into the use of authorization groups and the authorization object I_BEGRP.

We have created a role with access to authorization group X and expected that the user would only view a list of relevant equipments assigned to this authorization group - but the list also contains all the equipments without authorization group X assigned - all the blank ones.

Is this an error in SAP - or is it just the way it is supposed to work?

- or have we missed something here?

Please, if you have any idea - don't hesitate to write - it is quite urgent 🙂

Best regards

Jennifer McKay

Accepted Solutions (0)

Answers (3)

Answers (3)

sebastian_lenartowicz
Active Contributor
0 Kudos

Greetings Jennifer,

If I remember correctly, the Authorization Group for Equipments can only be used effectively if it is combined with a non-blank value in the Equipment master data. In other words, the Authorization Group prohibits anybody without the relevant  I_BEGRP value from displaying or changing the Equipment - and if the value is left blank, then there is nothing to base this restriction on.

As

former_member215526
Active Participant
0 Kudos

Hello Jennifer Ilum Mckay,

I'm not expert on this but I can recommend to verify in case the transaction "s_bce_68001425" if this object is combined with other roles for the same user.

And if you add an other authorization group "Y" in one equipment, this appears?

Good luck,

Xavier

0 Kudos

Hi Xavier

Thank you for your reply.

No, it I add another authorization group 'Y' the user will not be able to access these master data. So in that way it works fine.

BR

Jennifer

jogeswararao_kavala
Active Contributor
0 Kudos

Hello Jennifer,

We have this situation and we filled all the Authorization Group fields with some values. We did not leave anything blank. I think there is no short-cut for this, Means the Equipments with blank BEGRP field will appear in any structure. They will not be filtered. BTW, this topic I documented sometime ago.

Good luck

KJogeswaraRao

0 Kudos

Hi, It was actually because of your document regarding "IH01 Structure Customizing ..." that I got the idea of writing on SDN - I got the fealing that there are some very high skilled users in here 🙂

I have set up the authorizations and it works fine whenever we have typed in an authorization group on the master data. And it also ensures that users are only allowed to see / maintain the master data with the authorization groups that they have in their roles.

I have worked with authorizations for many years and in some parts of SAP (on S_TABU_DIS - access to tables) it works in the way that if you need access to tables without authorization group, you need to be authorized to the authorization group = blank (' '). The use of authorization groups differs in SAP - and I was just hoping that it was working this way in EAM as well.

For us it will be a major work load to update our master data with authorization group.

Thanks for your reply.

BR

Jennifer