on 11-03-2015 6:12 PM
Dear Experts,
My client having two Maintenance Plants XXXX & YYYY ( Logistic Plant = Maintenance Plant = Planning Plant)
I need to restrict cross plant Transaction data & Master data Creation & Editing while allowing cross plant Transaction data & Master data Display.
This is my Requirement
How can I handle this with standard SAP Authorization objects?
Please advice.
Thanks in Advance
Ashok M
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Maria & Pate,
Thanks for your ideas
In below example, To display Plant YYYY data we have assign Plant YYYY into I_SWERK
Then Both plat XXXX & YYYY are editable if we assign T-code IW32
Even for Planning Plant
There is no Authorization Level such as ( R - Read) or ( W - Write)
Is this Standard behavior of SAP?
Thanks
Ashok
Greetings Ashok,
It's best if you create more than 1 single role for this purpose:
1) create a role with t-codes such as IW32, IW38 & activity codes such as "02" - "Change" for the relevant authorization objects. This role controls the "Write" privilege. In the objects for this role and profile, only include the Plant XXXX
2) create a role with t-codes such as IW33, IW39 & activity codes such as "03" - "Display" for the relevant authorization objects. This role controls the "Read" privileges. In the objects for this role and profile, maintian both Plants XXXX & YYYY
3) If needed, create additional roles for MM* etc t-codes containing both Plants.
It is possible to combine these into one role, if you include multiple instances of Authorization Objects with different values in the role and profile. However, I feel maintenance is easier and more straightforward if these roles are separate.
What is vital is that you keep the t-codes, activity codes and Plants separated by Auth Object instance.
It's quite a basic requirement - your Authorizations consultant ought to be able to help with that with ease.
Thank you all for the valuable inputs
Ashok M
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ashok,
First i suggest you to use transaction SU24 and enter the transactions to check various authorization objects available.
1. Create / Change of Maintenance orders / Notifications / Equipment / Functional location can be restricted using the Authorization Object I_SWERK
Need separate roles for different plants
2. and 3. To restrict the display, you need to check whether setting up a different role for display alone. You need to select all the display transaction and pull into one role, this role provide access to two plants.
The transaction code you provide in the I_SWERK for the maintenance plant, will restrict the users for gng into the transaction
Regards
Terence
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
89 | |
7 | |
7 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.