Cross Pollination between the roles

Former Member · ‎10-02-2007

Hi All

Can someone explain how to restrict the users from the Cross Pollination between the roles. In the current security structure access to movement type is restricted by Movement type roles using auth object <b>M_MSEG_BWA</b> and access to all the plants is maintained in plant level roles. But as per the business the user should be restricted to only certain plants for certain movement types.

Can someone throw some light on how to restricting the users to certain movement type for certain plants

Thanks for your help in advance

KV

Former Member · ‎10-02-2007

Hi,

Look in the results of transactie su56. There you have all the objects and where they come from(profiles/roles). Your authorizations is the sum of all you have got, so if you allow at one point, you cannot restrict at the other point.

Have fun.

Jan van Roest

Former Member · ‎10-06-2007

Hi Vamsi,

If i have understood your prob correctly pl proceed as under:

Suppose we have 101, 122, 161, 201, 301, 303, 305, 321 movement types and we require that a particular role should the user to have create authorisation for movement types 101 and 122 and display authorisation for the rest to do this we use the Auth Obj M_MSEG_BWA. We insert the same auth object twice manually. In the first M_MSEG_BWA object in the Activity field we put Create and in the Movement Type field we put 101 and 102. In the second M_MSEG_BWA object in the Activity field we put Display and in the Movement Type field we put 101, 122, 161, 201, 301, 303, 305, 321 .

Similarly to restrict the plants in Goods Movement we insert the Auth object M_MSEG_WWA twice. In the first M_MSEG_WWA object we put say Activity= Create and Plants say X and in the next M_MSEG_WWA we put Activity = Display and Plant say Yand Z so tht the user can create for plant X but can display for plant Y and Z.

Try to manipulate these .

Hope this helps.

Pl award suitable points if resolved.

Regards