MF70-Plant authorization control object -reg

Similar Messages

• MD61 -Authorization control for Version , requirements type -reg

  Hi,
  We have an issue in providing MD61 -Create Planned Independent Requirements to the users
  By standard authorization objects available , Plant level authorization control only is there
  if we have to give authorization for many users in the same plant based on teh VERSION , REQUIREMENTS TYPE  etc... is it not possible ?
  can the authorizations objects be created manually for these and assign to teh concerned user's roles ?
  please provide your thoughts
  regards,
  madhukiran.

  Dear Madhu,
  Authorization objects can be added for an individual T Code also in SU24.
  Check with your Basis consultant,Also i think its possible to give the authorization for versions as well
  as requirement type also.
  Regards
  Mangalraj.S

• BOM authorization controls -reg

  Friends ,
  we use only BOM with usage 1 -production BOM , we dont want to maintain many BOMs like engineering bom ,design bom ,production bom like that seperately.
  in this context we require some authorization control to control the users for BOM changes for
  BOM during new product developmental stage
  BOM once mass production kicks
  we want certain people only authorised to create or change BOM at new product development stage (precisely at R&D personnel )
  once it goes to mass production we dont want the R&D personnel control on it we would like to authorize operations personnel to take owership of it 
  is this can be done ? which object i have to use to differentiate between BOM at new product stage and mass production stage
  once it changes from new product stage to mass production stage some where we have to maintain this object and contro, through this
  please help at the earliest
  thanks
  madhu kiran

  Hi Madhu,
  The authorization objects checked for BOM, Inform your basis personnel to use them to authorize as per your business need.
  C_STUE_BER     CS BOM Authorizations     
  C_STUE_NOH     CS Authorization to process BOMs without a change number     
  C_STUE_WRK     CS BOM Plant (Plant Assignments)
  C_AENR_BGR          CC Change Master - Authorization Group
  C_AENR_ERW     CC Eng. Chg. Mgmt. Enhanced Authorization
  C_AENR_RV1     CC Engineering change mgmt - revision level for materials
  C_DRAD_OBJ     Create/Change/Display/Delete Object Link     
  C_TCLA_BKA     Authorization for Class Types
  Hope the above answers your query.
  Regards,
  Vivek

• Plant level authorization control for Internal Order

  Dear Sir,
  We create Internal Order using tcode KO01 and  being a multi plant scenario , we want to have an authorization control on Internal Order creation/change so that plant or profit-center level authorization rights can be given to the users .
  We request you to Kindly guide us about the steps to be followed for addressing such requirement .
  With thanks and Regards
  Sonia Agarwala

  Sonia-
  It can be done. You have two options.
  1. SAP security - when your security person can limit a user by plant, profit center etc using authorization objects.
  2. Validations - Here you can create a validation where you define you logic. In your logic you can restrict set of users who can access a set of fields (profit center, plant etc). If he deviates, the system can issue error messages which is maintained in validations. Use transaction GGB0 to create validations.
  Hope this helps.
  Shail

• Authorization control on material reservation creation and change (MB21 & M

  Hi Friends
  Please help me to find a solution on Authorization control on material reservation creation and change (MB21 & MB23).
  Client looking for a control over end user on those T.Code s but not at T.Code level;
  Client looking for control either based on "Storage location" and/or u201CProduct hierarchyu201D.
  More specifically, user A and B both can Create/Change MR but user A only can do it for the MR which related to storage location say YY while B authorized for storage location ZZ
  Thanks in advance.

  Hello Partha,
  Only available Standard SAP Authorization Objects, related to Reservations, are M_MRES_BWA (Reservations: Movement Type) & M_MRES_WWA (Reservations: Plant) where you can maintain authorizations based on Movement Type & Plant respectively and hence seggested enhancement.
  You can use Tcode-SUIM to search for Basis authorization details i.e. Roles defined for specific transaction/authorization object / profiles.
  Revert if any further info required.
  Regards,
  Anup

• Authorization control for batch master

  Hello Experts,
  I have a special requirement from client on authorization control on batch master. The requirement is user should not be allowed to change the batch header details but allow to change selected characteristic values. For e.g If I have a batch A, the header values such as prod date, country of orgin etc should not be allowed to change. In classification view few characteristics only should be editable, rest all should only be displayed.
  Is there any option to do this. Either through authorization control or exits. We dont want to create a custom transaction to achieve this.
  Thanks in advance
  Prathib

  Hello
  The following document explains how to check which authorization objects are called on each transaction:
  How to analyze authorization issues in debug
  BR
  Caetano

• Goods issue against STO (plant authorization)

  Dear All
  I have an authorization issue when doing goods issue from Plant 1, against an STO raised for Plant 2.
  User has MIGO authorization for 351mvt with authorization object M_MSEG_BWA;
  Also he has authorization for all storage locations of Plant 1 and 351mvt with object M_MSEG_LGO; And plant authorization of migo is given for Plant 1 with authorization object M_MSEG_WWA
  To issue goods from plant 1 to Plant 2 against the STO raised at Plant 2, what authorization does he require? At the same time he should not able to do GR for POs of plant 2 etc.
  Thanks in advance

  Hi
  I was also in same impression but the SU53 screenshot is showing authorization problem with object M_MSEG_WWA for Plant 2.
  User has been given the same for plant 1 (own plant)

• Plant Authorization

  Hi,
    I was trying to restrict the user to get data for spefic plant . Is their a std approach to do this. I would like to have this restriction to custom programs/reports only.
  Awaiting a reply

  Hi,
  Yes, it is possible with the authority check object. Here the basis/ function people will creat the Object and assigns the valid plants to it. we need to add the following code in the custome program to restict the execution to the specific plant.
           Authority check for Plant
        AUTHORITY-CHECK OBJECT 'Z_WERKS'(Authority check object)
                     ID 'ACTVT' FIELD  '03'
                     ID 'WERKS' FIELD  P_WERKS(Selection parameter)
        IF sy-subrc NE 0.
          MESSAGE e000 WITH
                      'No authorization to Division:'(054)
                      i_spart.
        ENDIF.
  Hope this will help you.
  Regards,
  Satya

• Authorization Control for Quick Viewer

  Hi,
  I have create a quick viewer using table join and I notice that the authorization when I execute the program is only at table authorization level.
  Question: Is quick viewer authorization be down to the field level. For example, if I join MKPF and MSEG and RESB to view stock movement with reservation information. Can quick viewer check the plant authorization object (M_MSEG_WMB) to make sure that the person execute the report is only able to view his/her own data?
  Regards,
  Norman

  It's not an ABAP question. You might want to ask your Basis/Security consultant or move the question to the corresponding forum.

• Authorization control for Z fields

  Hi all,
  We have appended a structure to VBAP; our requirement is to update these Z fields based on authorization control.
  Other than creating Z auth objects and checking them in our exit before updating Z fields, is there any other standard option to control updating of these Z fields.
  Regards,
  Krishna.
  SAP SD Techno Functional.

  Hi all,
  We have appended a structure to VBAP; our requirement is to update these Z fields based on authorization control.
  Other than creating Z auth objects and checking them in our exit before updating Z fields, is there any other standard option to control updating of these Z fields.
  Regards,
  Krishna.
  SAP SD Techno Functional.

• Authorization control- WBS specific

  Hi Experts
  My client handles major projects.
  Each WBS is owned by a management personnel like:
  DGM Mehanical: Mechanical activities
  DGM Electrical: Electrical engg activities
  DGM Civil: Civil engg activities
  Like wise various other responsible teams handle each work package (WBS).
  In this context, can we ensure authorization control WBS wise?
  It means, the WBS owned by Mech DGM should be editble to him only, and rest users should not be allowed for editing the sub objects of Mech WBS?
  Or, if this can be managed using user status, please suggest how the required functionality can be achieved.
  warm regards
  ramSiva

  Hi,
  You can use Person Resposible field in the WBS master data for the purpose.
  In T-code OPS6 you enter Person Responbile , Name , Office User.
  Create Three roles , DGM Civil (12), DGM Elec (13) , DGM Mech (14).
  For Authorization object C_PRPS_VNR enter for field PS_VERNR = 12 and PS_ACTVT = 01,02 & 03 for DGM Civil Role.
  Similarly for other roles.
  Key in 12 in person responsible field of the WBS belongs to DGM Civil.
  Assign DGM Civil role to DGM Civil user.
  Then he can only edit and ret can only view.
  Option 2 :
  You can also use Project Type.
  Object = C_PRPS_ART
  Create three project types Civil, Elec, Mec . In respective WBS select the project type as desired and assign that project type to the concerned role.
  You can take help of Basis consultant for clear understanding.
  Thanks
  Saikishore.Ganga

• Authorization control based on responsible persons

  Hi Experts
  My project structure is operated by several users.
  To have a control on each WBS (based on responsible person) i have set up authorization control for auth object C_PRPS_VNR.
  I have acheived control on WBS elements.
  However, the activities and network are still editable.
  Please suggest the auth control for the wbs and resp NWAs based on resp person.
  warm regards
  ramSiva

  Hi Ram Siva,
  If you are using individual Network header for different WBS element,you can use MRP controller field in the assignment tab page of Network heade for this authorisation.You can create the equal number of Person responsible as MRP controller and control the authorisation.

• Authorization control for "Revoke  Status Closed"

  Dear Experts,
  We are trying to restrict the authorization of business transaction u201CClosedu201D & u201CRevoke status closedu201D through authorization control for transaction COR2.
  For that I have included authorization objects- K_ORDER, K_VRGNG, I_VORG_ORD in the user profile.
  I have also added these objects in SU24 with check indicator u201CChecku201D & proposal u201CYESu201D
  Through authorization object- K_ORDER I succeeded to restrict business transaction u201CCloseu201D.
  But I am unable to restrict u201CRevoke Status Closedu201D.
  I have also tried for this with user status but through user status also I am unable to restrict u201CRevoke Status Closedu201D.
  Can anybody help me for this.
  Regards
  Vivek

  Dear ,
  You can do it through two option :
  1.Apply Screen variant -SHD0 at user level in which you can switch off menu path of TECO/REVOKE etc.
  Refer : http://wiki.sdn.sap.com/wiki/display/Snippets/TransactionVariant-AStepbyStepGuidefor+Creation
  2.You can try User Status at Production Order level .Refer : authorization for TECO
  You can also check by User Exit : PPCO0007 (Exit when saving Production Order)
  Regards
  JH

• Authorization control in MIGO on basis of Pur. Group & Pur. Org.

  Hi Experts,
  As per requirement, we needed Authorization control in MIGO on basis of Purchasing group and Pur. Organisation
  In MIGO user should allow to do GRN with Movement type 101 & 102 on the basis of Pur. Group & Pur. Org. mentioned in PO.
  I wanted to know can we restrict user to do GRN on the basis of above autho. If yes, please tell me in detail.
  Thx in advance..

  Hi,
  I allready checked the Tr. code SU24 but it needs to checked Autho Object M_BEST_EKO & M_BEST_EKG. but still it is not restricting on basis of Pur. Group & Pur. Organisation.
  I want to know how people restricting user for T code MIGO for Pur. goup & Pur organ.
  any suggestions will realy help me.
  thx..

• Analysis authorization - which objects are relevant

  Hi
  We use Analysis Authorization.
  Multicube XXX contains authorization relevant objects A B C.
  Is it possible that some of these objects arent used for analysis authorization. Where can I check it?
  Thanks

  Hi there,
  I don't quite get your question...
  If you go to transaction RSECADMIN and create a new authorization object give it a name and a description, if you click on the Infocube button and select the MultiProvider XXX, the system will open a window with all the InfoObjects that exist on that MultiProvider XXX and are marked as authorizationRelevant on the transaction RSD1, tab Business Explorer.
  If you don't want some of those objects to be checked with the authorizations, you have two ways:
  1. Either you uncheck the option of authorizationRelevant for those InfoObjects in transaction RSD1 tab Business Explorer, but this will afect not only the MultiProvider XXX, but all the InfoProviders were that particular InfoObject is used, will never be checked for authorization purposes.
  2. Create a new authorization object in RSECADMIN and click on the InfoCube button, select the MultiProvider XXX and choose only the InfoObjects you want to bypass the authorization for that MultiProvider. Grant * values for all those InfoObjects and click on the butto of special characteristics (button at the left of the button Infocube) and for the entry 0TCAIPROV restrict it to I EQ XXX (so that only the MultiProvider XXX will be afected by that authorization object). This will grant * all authorization values for those InfoObjects only for the MultiProvider XXX, so these InfoObjects will never need authorization values whenever you're using a query(ies) over that MultiProvider.
  Hope this helps,
  Regards,
  Diogo.