cancel
Showing results for 
Search instead for 
Did you mean: 

SCM Authorization Issue

former_member188806
Participant
0 Kudos

Hi,

We are facing a serious

authorization problem in our SCM system.

We want to provide a bifurcation at

the Production Planner "APO_PL_PPS"

level.This is possible for

authorization object "C_APO_PPL"

(PP/DS, Production Planner),

however "C_APO_PROD" (Master Data,

Products) consists of only 3 fields.

Since the Product Id's ("APO_PROD")

do not follow any specific

nomenclature in our landscape, we

cannot provide any limitation here.

The problem is that when Product Id is "*"; irrespective of other

objects (eg. APO_PL_PPS); all the Product's can be viewed by all users.

Is there some way in which we can allow users belonging to a particular

Production Planner to view only their respective Product Id's..

Please help, since it's real important that only users belonging to a

particular Production Planner view their respective Product Id's.

Thanks a lot,

Saba.

Accepted Solutions (1)

Accepted Solutions (1)

srinivas_krishnamoorthy
Active Contributor
0 Kudos

I am surprised there is no authorization that you are able to find based on Production Planner defined for each Location Product. Even if the Product ID does not follow a sequence it should be possible to assign the product in the administrator tab to a Production planner. If you can go to transaction PFCG and see how some SAP delivered authorizations are defined for PPDS planner, it might give some clues.

Also try out using parameter ID /SAPAPO/CMDS_PLANNER

former_member188806
Participant
0 Kudos

Hi,

Thanks for the reply...even when I asisgn the parameter to a particular user, he's able to view Products belonging to a different Production Planner.

I'm not sure what you mean by Administrator tab, however; since there is a new product every few days, manually updating roles would not be feasible..the Product Master(table /SAPAPO/V_LOCMAT) is where every product is mapped to its porduction planner....

Pls. help..

Thanks,

Saba.

srinivas_krishnamoorthy
Active Contributor
0 Kudos

In C_APO_PPL authorization object as you said it is possible to put in Production planner as a criterion. You can create multiple authorizations based on Production Planner values. The production planner is part of Location Product master. There are authorization acitivites like Display and Change that should enable one production planner set not to view something under the purview of other production planner. There could be production planner IDs that are like logical groupings. Eg. Assume there are two business units U1 and U2. Then, 1U1 or 2U1 are IDs for two production planners under unit 1. similarly 2U2 or 3U2 for production planners under unit 2. Unit 1 and 2s could be logical set of location products. Given this you can then use patterns such as *U1 or *U2 for authorization roles. From what I see in your notes it looks when you create a role for production planner *U1, the *U2 production planners are able to display and change data for *U1

If this is not working, I would recommend you to raise OSS message.

former_member188806
Participant
0 Kudos

Hello,

Thanks for your reply...the problem is that the t-code (eg. /SAPAPO/MAT1), does not check for C_APO_PPL...even aftr setting the check/maintain in SU22/24...If the product id is * in C_APO_PROD, irrespective of C_APO_PPL (even if this object is "Inactive"); all the Products can be viewed.

We've been unable to find a user exit also...

Production Planners are only 2 (MRL & AX1).

Please help...

Thanks a ton,

Saba.

Answers (1)

Answers (1)

Former Member
0 Kudos

Cross-reference: