07-18-2008 11:11 AM
Hi All
Is there any option in SAP to restrict the plant to be only used by the user who created it? So that no other user has access to use it for maintaining objects.
Regards.
07-18-2008 11:49 AM
I think you would have create one 'maintenance'role per plant/user to achieve that.
07-19-2008 6:31 AM
07-19-2008 8:07 PM
We'll need to know where to start helping you and for that we need a little more info.
What do you already know about SAP's authorization concept and how to set it up?
Besides that, which transactions do you plan to use?
07-21-2008 5:59 AM
Actually I want that the object I created (like plant) can not be used by any other user. Only I can use it in configuring.
Regards.
07-21-2008 6:41 AM
Are you referring to an authorisation object that you want to restrict others from assigning to roles?
If that is the case then you need to make sure that that value is excluded from auth object S_USER_AUT for all other users (usually this value has * in)
07-21-2008 9:42 AM
Hi
I'm referring technical objects like Plant, Fn Loc., etc.
I want that no other user can access/use these objects.
Regards.
07-21-2008 9:54 AM
Can you give me an example with tcodes etc. This will help me understand what you mean by technical object as the term covers a number of different interpretations/uses
07-21-2008 10:10 AM
Like TCode OX10 is for creating plant.
So , I want the plant which I created can't be used by any other user.
Only I can use to create materials etc.
07-21-2008 11:16 AM
Thanks for clarifying, in that case then as Jurjen said, you need to set up your authorisation concept to reflect this.
Basically you need to ensure that all roles assigned to people who should not have this access do not have access to the new plant (or other object).
For plant it is pretty straight forward, the Organisational Level in the role for Plant should not contain the new value. If there is a * in here, then users will be able to use the new plant that you create. You should speak to your security administrator and request that they check all roles to make sure that your new plant is not included in there, or access granted by a * or range values.
Once you are sure that the existing roles do not grant authorisation for the plant then you need to create a role containing the relevant transactions and auth objects populated with the plant value which you have just created.
07-22-2008 4:31 AM