Field Level Security

paul_gloede · ‎04-21-2008

Hello,

Can anyone tell me if SAP has the capability of restricting authorizations at the field level? For example, if a user enters a Standard Sales Order via VA02, the subsequent Overview screen lists the Item, Material, Quantity, Billing block, Required Delivery Date, etc. We would like to restrict some users from setting a billing block and changing the Required delivery date, however they should still be able to change quantity and add or change material. For other users, we would allow them to change the Required Delivery date, but not change the quantity or material.

I've always thought this was an all-or-nothing proposition, but am wondering if SAP has changed this authorization function. If not, are there any plans by SAP to implement such security?

Best regards,

Paul

Former Member · ‎04-21-2008

Hi Paul,

Some transactions allow field level security - Vendor management (XK01, FK01 etc) is one which provide the facility to do this via auth object F_LFA1_AEN for example.

With VA02 you can control access to the billing block by V_VBAK_AAT activity 43, but I'm pretty sure you can't restrict the rest.

One option is to use transaction variants assigned to custom transactions. This way you can have different permutations of the screen fields hidden or made display only.

There are other forms of control available too - reviewing changes to key fields for example can give you a good idea of who is doing what and re-educating them.

As for the future - I'm not sure what SAP will do. While more field level restriction would be nice, I can imagine that at the ABAP level it would require a whole load of rework and there may be the opportunity to tweak things at the Netweaver level for example