10-24-2007 8:04 PM
Hi,
We in CPS Energy are implementing VIrsa SOD conflicts on the roles that are in place in current SAP 4.6C version. The authorization object M_MATE_MAR is used by MM01(Creation of Material Master) transaction code & used at mutiple roles. We have restricted this authorization object by Material Type Authorization Group (BEGRU)as WMS1 & given activity a 01, 02 & 03 in a role. The same authorization object is used in Common roles also for displaying that is using transaction code MM03 (Display Material) but the activity & authorization group are ''. This '' is taking precedence over the the authorization object given in the other role.
Please let us know how to put a control on this authorization object which is used widely by large number of users.
Maintained Material Master: Material Types T-D119010802
Activity 01, 02, 03 ACTVT
Authorization group WMS1 BEGRU
Any help is really appreciated
Thanks
Sree
10-24-2007 8:17 PM
Hi Sree, your role with MM03 in it should not have * for actvt if it is only a display role.
As it is a display role actvt 03 would be more suitable. That way you could have display for all auth groups, but create and change/MM01&2 would be restricted to WMS1 (and any other materials with a blank auth group)
10-24-2007 8:42 PM
In addition to Alex's response, whenever there is a restriction across the board, all roles must be evaluated for the specific authorization object and modified; obviously, if another role has the object with open access, that will supersede the restricted object if that role is assigned to the user as well.