09-28-2007 8:46 AM
Hi,
We are running ECC6.0 R/3 system.We had a requirement as follows
In MIGO transaction , we want to restrict the user on document type i.e. we want that a particular user can prepare GRN for document type STO only. He cannot prepare GRN for other document type.
We checked SU24->maintain check indicators for transaction codes->enter migo->execute->check indicator.This returned us the authorisation objects present in Migo transaction.We checked the help of all these objects,but none of them we found suitable for above mentioned requirement.We were planning to find out the proper authorisation object to add to Profile generater.
The following is the objects which we have checked for.
A_B_ANLKL--> Asset Postings: Company Code/Asset Class
A_B_BWART--> Asset Postings: Asset Class/Transaction Type
B_USERSTAT--> Status Management: Set/Delete User Status
B_USERST_T--> Status Management: Set/Delete User Status using Process
C_AFKO_AWK--> CIM: Plant for order type of order
C_CACL_DSG--> Interface Design
C_DRAW_BGR--> Authorization for authorization groups
C_DRAW_DOK--> Authorization for document access
C_DRAW_TCD--> Authorization for document activities
C_DRAW_TCS--> Status-Dependent Authorizations for Documents
C_KLAH_BKP--> Authorization for Class Maintenance
C_STUE_BER--> CS BOM Authorizations
C_STUE_WRK--> CS BOM Plant (Plant Assignments)
C_TCLA_BKA--> Authorization for Class Types
C_TCLS_BER--> Authorization for Org. Areas in Classification System
C_TCLS_MNT--> Authorization for Characteristics of Org. Area
F_BKPF_BUK--> Accounting Document: Authorization for Company Codes
F_BKPF_BUP--> Accounting Document: Authorization for Posting Periods
F_BKPF_KOA--> Accounting Document: Authorization for Account Types
F_FICA_FOG--> Funds Management: authorization group of fund
F_FICA_FSG--> Funds Management: authorization group for the funds center
F_FICB_FKR--> Cash Budget Management/Funds Management FM Area
F_KNA1_APP--> Customer: Application Authorization
F_LFA1_APP--> Vendor: Application Authorization
F_SKA1_BUK--> G/L Account: Authorization for Company Codes
G_GLTP --> Spec. Purpose Ledger Database (Ledger, Record Type,
Version)
J_1IDEP_SL--> Authorization object for depot sale transaction
J_1IEXC_OT--> Authorization object for Other Excise Invoice Create
J_1IEX_PST--> Autorization object for posting Other Excise invoice
J_1IGRPT1--> Auth. for PART1 at GR
J_1IINEX --> Incoming Excise Invoice
J_1IRG23D--> Authorisation object for Depo Transactions
K_CCA--> CO-CCA: Gen. Authorization Object for Cost Center
Accounting
K_CSKS --> CO-CCA: Cost Center Master
K_CSKS_SET--> CO-CCA: Cost Center Groups
K_PCA--> EC-PCA: Responsibility Area, Profit Center
L_TCODE--> Transaction Codes in the Warehouse Management System
M_ANFR_BSA--> Document Type in RFQ
M_ANFR_EKG--> Purchasing Group in RFQ
M_ANFR_EKO--> Purchasing Organization in RFQ
M_ANFR_WRK--> Plant in RFQ
M_BEST_BSA--> Document Type in Purchase Order
M_BEST_EKG--> Purchasing Group in Purchase Order
M_BEST_EKO--> Purchasing Organization in Purchase Order
M_BEST_WRK--> Plant in Purchase Order
M_MATE_CHG--> Material Master: Batches/Trading Units
M_MATE_STA--> Material Master: Maintenance Statuses
M_MATE_WRK--> Material Master: Plants
M_MRES_BWA--> Reservations: Movement Type
M_MRES_WWA--> Reservations: Plant
M_MSEG_BMB -->Material Documents: Movement Type
M_MSEG_BWA--> Goods Movements: Movement Type
M_MSEG_BWE--> Goods Receipt for Purchase Order: Movement Type
M_MSEG_BWF--> Goods Receipt for Production Order: Movement Type
M_MSEG_LGO--> Goods Movements: Storage Location
M_MSEG_WMB--> Material Documents: Plant
M_MSEG_WWA--> Goods Movements: Plant
M_MSEG_WWE--> Goods Receipt for Purchase Order: Plant
M_MSEG_WWF--> Goods Receipt for Production Order: Plant
M_RAHM_BSA--> Document Type in Outline Agreement
M_RAHM_EKG--> Purchasing Group in Outline Agreement
M_RAHM_EKO--> Purchasing Organization in Outline Agreement
M_RAHM_WRK--> Plant in Outline Agreement
Q_TCODE QM --> Transaction Authorization
S_ADMI_FCD--> System Authorizations
S_ALV_LAYO--> ALV Standard Layout
S_BDS_DS--> BC-SRV-KPR-BDS: Authorizations for Document Set
S_BTCH_ADM--> Background Processing: Background Administrator
S_BTCH_JOB--> Background Processing: Operations on Background Jobs
S_CTS_ADMI--> Administration Functions in Change and Transport System
S_DATASET--> Authorization for file access
S_DEVELOP--> ABAP Workbench
S_DOKU_AUT--> SE61 Documentation Maintenance Authorization
S_GUI--> Authorization for GUI activities
S_OC_DOC--> SAPoffice: Authorization for an Activity with Documents
S_OC_ROLE--> SAPoffice: Office User Attribute
S_OC_SEND--> Authorization Object for Sending
S_PACKSTRU--> Internal SAP Use: Package Structure
S_PRO_AUTH--> IMG: New authorizations for projects
S_RFC--> Authorization Check for RFC Access
S_SCD0 --> Change documents
S_SPO_DEV--> Spool: Device authorizations
S_TABU_DIS--> Table Maintenance (via standard tools such as SM30)
S_TCODE --> Transaction Code Check at Transaction Start
S_TRANSLAT--> Translation environment authorization object
S_TRANSPRT--> Transport Organizer
S_WFAR_OBJ--> ArchiveLink: Authorizations for access to documents
V_LIKP_VST-->Delivery: Authorization for Shipping Points
V_VBAK_AAT-->Sales Document: Authorization for Sales Document Types
V_VBAK_VKO-->Sales Document: Authorization for Sales Areas
09-28-2007 6:30 PM
Hello,
From the above mentioned object list,we couldn't find out the proper object.Could you suggest the appropriate authorisation object/way of finding out the authorisation object/alternative solution for the problem.
Thanks in advance
Syamkrishnan
09-28-2007 7:09 PM
You should only be looking at the check/maintain flag in SU24 to determine which auth objects are being checked for and not the check flag only.
10-01-2007 6:45 AM
Hi,
But I couldn't find any authorisation object pertaining to the use of the above requirement.Could any body tell me if the mentioned requirement is possible from SAP or not?If possible how do I find authorisation object for the purpose.
Thanks in advance
Syamkrishnan
10-01-2007 4:44 PM
Have you executed a trace while a functional user executes the transaction code for the specific parameters? (i.e. document type). The trace will then show which objects are being checked; then look at the object documentation in txn Su21 to determine if there are any ways to restrict on the particular value; in some cases, if the authorization group field is being checked, additional configuration is needed in order to implement the security (Su21 will explain in detail for the particular object).