PM Cross Plant Authorization Objects
My client having two Maintenance Plants XXXX & YYYY ( Logistic Plant = Maintenance Plant = Planning Plant)
I need to restrict cross plant Transaction data & Master data Creation & Editing while allowing cross plant Transaction data & Master data Display.
This is my Requirement
- Plant XXXX users should not be able to Edit Plant YYYY Maintenance Orders / Notifications / Equipment /Functional Locations and vice versa.
- Plant XXXX users should be able to Display Plant YYYY Maintenance Orders / Notifications / Equipment /Functional Locations and vice versa.
- Both Plant XXXX & YYYY users should be able to Display Both plants MM Transaction data & Master data ( eg: MM60 , MB52 )
How can I handle this with standard SAP Authorization objects?
Thanks in Advance
Sebastian Lenartowicz replied
It's best if you create more than 1 single role for this purpose:
1) create a role with t-codes such as IW32, IW38 & activity codes such as "02" - "Change" for the relevant authorization objects. This role controls the "Write" privilege. In the objects for this role and profile, only include the Plant XXXX
2) create a role with t-codes such as IW33, IW39 & activity codes such as "03" - "Display" for the relevant authorization objects. This role controls the "Read" privileges. In the objects for this role and profile, maintian both Plants XXXX & YYYY
3) If needed, create additional roles for MM* etc t-codes containing both Plants.
It is possible to combine these into one role, if you include multiple instances of Authorization Objects with different values in the role and profile. However, I feel maintenance is easier and more straightforward if these roles are separate.
What is vital is that you keep the t-codes, activity codes and Plants separated by Auth Object instance.
It's quite a basic requirement - your Authorizations consultant ought to be able to help with that with ease.