05-06-2008 2:40 PM
Hi,
New plant in our bussiness so we have to bring this details in to our SAP system,
what is the exact security approach in giving access to this plant to end users ??
05-06-2008 5:17 PM
Hi Lisa,
You can get a description of the plant viz. what country, Sales Org, purchasing Org it is tied to via table T001W.
Next, analyze how the roles are designed. Viz a particular set of roles are restricted to plants, then you need to determine how this will fit in.
If the roles are restricted by plant in a master-derived role concept, then probably you might need to create a new role giving access to that plant. If roles are restricted to other Org levels, giving full access to plants within them, then you do not have to do anything as a '*' for WERKS will cover it all.
You can check the design by going to table AGR_1252 and putting $WERKS in VARBL and by filtering out '*' .
Hope this helps
Thank you
Abhishek
05-06-2008 5:17 PM
Hi Lisa,
You can get a description of the plant viz. what country, Sales Org, purchasing Org it is tied to via table T001W.
Next, analyze how the roles are designed. Viz a particular set of roles are restricted to plants, then you need to determine how this will fit in.
If the roles are restricted by plant in a master-derived role concept, then probably you might need to create a new role giving access to that plant. If roles are restricted to other Org levels, giving full access to plants within them, then you do not have to do anything as a '*' for WERKS will cover it all.
You can check the design by going to table AGR_1252 and putting $WERKS in VARBL and by filtering out '*' .
Hope this helps
Thank you
Abhishek
05-06-2008 6:41 PM
Abhi,
Our roles restricted with company code and profit centers and how this are related to the plant.
05-06-2008 6:55 PM
Hi Lisa,
How are the roles containing plant as ORG value restricted?
If the roles are only restricted on Company code and Profit centers, and all roles have '*' to Plants, then I think.. you need not worry
ELSE,
If Plants are not restricted, however per the company policy, the individual plant values are explicitly mentioned in the roles, then you would have to update all roles containing Plant Org restriction with this new plant value.
Hope this is not too confusing
How does table AGR_1252 for $WERKS having non-'*' look like ?
05-06-2008 7:08 PM
Abhi,
went to SE16 / agr_1252 and then kept $WERKS in VARBL.....notting came up and "no table entries found with this specific key" message came....what do you mean by filtered by *
05-06-2008 7:22 PM
Umm...... Let me put it in another way
My bad, I think I didn't put it in the best way!
Forget the '*' part....
Lets get a list of all roles having Plant as a ORG restriction....
In AGR_1252, just put $WERKS (IN CAPS) and check what roles you get.
Exclude the SAP delivered roles
05-06-2008 7:30 PM
Hi Lisa,
I hope you are on an R3 version.
One more thing, do you see Plant or WERKS / $WERKS in table USORG_DB ?
05-06-2008 8:30 PM
Hi Lisa,
I would start a bit further back than Abhishek for something like this.
You have a few things which you know already....
You have a template design
You have an organisational matrix
You have a new plant which you know & should have mapped against the relevant org data (i.e. it belongs to x company code & is associated with y sales org etc)
You need to identify which roles in the template design are relevant for the new plant and therefore which you need to create with new org data to meet requirements.
Then you are in the position to go through the roles in the way Abhishek recommended and identify which org levels are required for which roles. Use the org data matrix populate these additional roles with what they need. If you don't have your org data set then it's worth your while creating one for this. At this point you can also identify any other restriction controls (doc types etc) which are relevant to this new plant (if any).
Last thing to do is to create users & assign roles. It almost sounds simple when written down like this!