02-06-2008 12:00 PM
I am looking to see if any one has any ideas about the following scenario.
We currently need to control authorizations for certain transactions but only allow specific fields inside that transaction to be available to certain groups of people.
I currently use a product by Synactive called GUIXT which allows me to use scripts to mark fields as read only. This is done by deploying scripts linked to registry entries then controlling permissions via Active Directory groups.
The transactions we use are MM02 and XD02 as we have segregated the use of tabs within these transactions to multiple departments.
The process described is very complex and when adding the auth to MM02 or XD02 in SAP we have to remember to add the correct AD group to enable GUIXT to work.
The only alternative to this would be create some bespoke dataload programs and remove MM02/XD02 from users and control this with standard SAP auths to the bespoke programs thus doing away with the scripts altogether.
Does anyone else segregate these duties in their business?
I would appreciate any feedback.
Thanks
02-06-2008 1:21 PM
Hi,
for transaction XD02 you can define field groups in customizing. Then you can restrict the user to only display these field groups.
MM02 does not support field groups.
Do you know transaction variants? Transaction variants are maintained in SHD0 and can restrict fields to read only. But I never did this for MM02.
Regards
Rainer
02-06-2008 1:27 PM
>
> Do you know transaction variants? Transaction variants are maintained in SHD0 and can restrict fields to read only. But I never did this for MM02.
Hi Rainer,
I can confirm that they work perfectly well with MM02
02-06-2008 1:30 PM
Thanks but are these customising changes a global setting for all users who view XD02 or MM02?
I need to allow different users to view different fields within the same transaction.
Then also allow full access to others.
02-06-2008 2:01 PM
Hi Kate,
XD02 with field groups:
you have to group the fields accordingly to your needs. May be you have to create a lot of field groups. In the worst case you will have a different field group for each field (so much field groups as fields). Then grant the authorization for the field groups, the user should have access to, to the user. He may be authorized for more than one field group.
If you create a new field group all users will be affected immediately, because they may need authorizations for this field group. The field group is like a padlock. If fields are padlocked, you will need a key (authorization) for the padlock.
MM02 with transaction variants:
You have to create a transaction variant (and a new Z-transaction for each variant) for every different access pattern. In one transaction variant you may hide some fields and set other fields to display only. In another variant the access pattern is different (other fields hidden, other fields displayed only).
This will not affect users with authorization for MM02. Transaction variants are like views to transactions. The original transaction will not be changed.
Hope, this helps.
Regards
Rainer
02-06-2008 3:57 PM
I have never used screen variants but I will look for documentation to see if this is a possible option.
Thanks
08-07-2008 12:28 PM
08-07-2008 9:25 AM
Hi Rainer,
You say that you have managed to get MM02 working correctly with transaction variants.
I also have, but only to a certain extent.
My problem is that when the user saves or exits from MM02, the user is then presented with the standard MM02 transaction, without the variant.
I see in OSS that there are certain fixes for other application areas, to check for a transaction variant when exiting transaction , and to use this if found, but there does not appear to be any for MM02.
For info we are on ECC6
How did you overcome this problem.
Many Thanks
Tony