on 04-04-2008 5:40 AM
Hi,
We are facing a serious
authorization problem in our SCM system.
We want to provide a bifurcation at
the Production Planner "APO_PL_PPS"
level.This is possible for
authorization object "C_APO_PPL"
(PP/DS, Production Planner),
however "C_APO_PROD" (Master Data,
Products) consists of only 3 fields.
Since the Product Id's ("APO_PROD")
do not follow any specific
nomenclature in our landscape, we
cannot provide any limitation here.
The problem is that when Product Id is "*"; irrespective of other
objects (eg. APO_PL_PPS); all the Product's can be viewed by all users.
Is there some way in which we can allow users belonging to a particular
Production Planner to view only their respective Product Id's..
Please help, since it's real important that only users belonging to a
particular Production Planner view their respective Product Id's.
Thanks a lot,
Saba.
I am surprised there is no authorization that you are able to find based on Production Planner defined for each Location Product. Even if the Product ID does not follow a sequence it should be possible to assign the product in the administrator tab to a Production planner. If you can go to transaction PFCG and see how some SAP delivered authorizations are defined for PPDS planner, it might give some clues.
Also try out using parameter ID /SAPAPO/CMDS_PLANNER
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Thanks for the reply...even when I asisgn the parameter to a particular user, he's able to view Products belonging to a different Production Planner.
I'm not sure what you mean by Administrator tab, however; since there is a new product every few days, manually updating roles would not be feasible..the Product Master(table /SAPAPO/V_LOCMAT) is where every product is mapped to its porduction planner....
Pls. help..
Thanks,
Saba.
In C_APO_PPL authorization object as you said it is possible to put in Production planner as a criterion. You can create multiple authorizations based on Production Planner values. The production planner is part of Location Product master. There are authorization acitivites like Display and Change that should enable one production planner set not to view something under the purview of other production planner. There could be production planner IDs that are like logical groupings. Eg. Assume there are two business units U1 and U2. Then, 1U1 or 2U1 are IDs for two production planners under unit 1. similarly 2U2 or 3U2 for production planners under unit 2. Unit 1 and 2s could be logical set of location products. Given this you can then use patterns such as *U1 or *U2 for authorization roles. From what I see in your notes it looks when you create a role for production planner *U1, the *U2 production planners are able to display and change data for *U1
If this is not working, I would recommend you to raise OSS message.
Hello,
Thanks for your reply...the problem is that the t-code (eg. /SAPAPO/MAT1), does not check for C_APO_PPL...even aftr setting the check/maintain in SU22/24...If the product id is * in C_APO_PROD, irrespective of C_APO_PPL (even if this object is "Inactive"); all the Products can be viewed.
We've been unable to find a user exit also...
Production Planners are only 2 (MRL & AX1).
Please help...
Thanks a ton,
Saba.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
11 | |
4 | |
3 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.