Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MIGO-Plnt restriction in ECC

Former Member

‎06-28-2007 6:36 AM

0 Kudos

Hi,

I have few goods movement derived roles with MIGO,ME2V transactions.

which have been restricted by plant. In org level I have populated with plant value.

we do have purchase org, purchasing group as * in org.level. but there is no relation between purch.group and plant.

I have assigned this goods movement role to a user . actually user should able to accees that perticular plant data. but he is able to access purchase orders in other plants as well.that means -ve testing is failed.

when I traced , what ever the auth,object and values are showing in trace report.. those objects are laredy existing in role.

can we restrict plant in MIGO ? can any one help me in this regard.

this is an urjent requirement .

Thanks in advance.

5 REPLIES 5

Former Member

‎05-27-2008 7:40 AM

0 Kudos

Hello,

Were you able to solve this issue? I have the same problem.

Thank you,

Rhonda

Private_Member_119218
Active Participant

‎05-27-2008 8:42 AM

0 Kudos

In the trace, are all authorizations checks successful? Does this user have any other roles?

Either way, object M_MSEG_WWA determines (in this case) what plants a user has access to. Review the roles this user is assigned to for this object. It can be that another role grants access to other plants.

Bernhard_SAP
Employee
Employee

‎05-27-2008 9:43 AM

0 Kudos

HI,

if the standard authority-checks are not sufficient, there are some exits available wher you coul perform own checks.....

I have found:

MB_CF001 Updating of material document data upon posting

MBCF0002 Filling the item text in the material document

MBCFC003 Maintaining batch master data upon goods movements

MBCFC004 Maintaining batch specifications upon goods movements

MBCF0005 Filling the item data on goods receipt/ issue slips

MBCF0006 Transferring the number of the WBS element for subcontracting

MBCF0007 Posting a reservation

MBCF0009 Filling the Storage location field

IQSM0007 Serial numbers, user exit for goods movements

XMBF0001 Stock determination: - changing the stock determination rule -

Adjusting the stock determination item table

Each enhancement is documented.

b.rgds, Bernhard

Former Member
In response to Bernhard_SAP

‎05-27-2008 12:34 PM

0 Kudos

Hello,

Thank you for your replys. I understand that there is a role that prevents a user from viewing another plant's data, however, for my example, the user has access to 2 plants, but I want to prevent them from creating GRs that contain items from multiple plants.

Maybe a user exit is the only option and not solved by a user profile or role.

Rhonda

Former Member
In response to Bernhard_SAP

‎05-27-2008 12:47 PM

0 Kudos

> I understand that there is a role that prevents a user from viewing another plant's data, however, for my example, the user has access to 2 plants, but I want to prevent them from creating GRs that contain items from multiple plants.

>

> Maybe a user exit is the only option and not solved by a user profile or role.

I agree with you. I don't think that security in the form of authority-checks for the same activity will do this.

If you are lucky, then sometimes there are some customizing settings in the IMG which can activate such "two eggs in the same nest must be from the same bird" checks. Of course, that check might be suppressed by a successfull authority-check against auth object M_CUCKOOK

If you wish, I can move this thread to an appropriate functional forum (logistics?).

Cheers,

Julius