MF70-Plant authorization control object -reg
Hi,
While giving MF70 authorization to user we need to control based on Plant
Once i give MF70 t code authorization its authorizing the user all plants by default
is there any object to control plant (WERKS) in MF70 ?
regards,
madhu kiran
HI
Check the Profile attached to the used id and also whicle creating or changing the roles attached to the used in PFCg check for MF70 check for REM Backflush >plant > aganist it give the plant for which you want to assign
I hope it will work
Check and revert
Regards
Anupam Sharma
Similar Messages
-
MD61 -Authorization control for Version , requirements type -reg
Hi,
We have an issue in providing MD61 -Create Planned Independent Requirements to the users
By standard authorization objects available , Plant level authorization control only is there
if we have to give authorization for many users in the same plant based on teh VERSION , REQUIREMENTS TYPE etc... is it not possible ?
can the authorizations objects be created manually for these and assign to teh concerned user's roles ?
please provide your thoughts
regards,
madhukiran.Dear Madhu,
Authorization objects can be added for an individual T Code also in SU24.
Check with your Basis consultant,Also i think its possible to give the authorization for versions as well
as requirement type also.
Regards
Mangalraj.S -
BOM authorization controls -reg
Friends ,
we use only BOM with usage 1 -production BOM , we dont want to maintain many BOMs like engineering bom ,design bom ,production bom like that seperately.
in this context we require some authorization control to control the users for BOM changes for
BOM during new product developmental stage
BOM once mass production kicks
we want certain people only authorised to create or change BOM at new product development stage (precisely at R&D personnel )
once it goes to mass production we dont want the R&D personnel control on it we would like to authorize operations personnel to take owership of it
is this can be done ? which object i have to use to differentiate between BOM at new product stage and mass production stage
once it changes from new product stage to mass production stage some where we have to maintain this object and contro, through this
please help at the earliest
thanks
madhu kiranHi Madhu,
The authorization objects checked for BOM, Inform your basis personnel to use them to authorize as per your business need.
C_STUE_BER CS BOM Authorizations
C_STUE_NOH CS Authorization to process BOMs without a change number
C_STUE_WRK CS BOM Plant (Plant Assignments)
C_AENR_BGR CC Change Master - Authorization Group
C_AENR_ERW CC Eng. Chg. Mgmt. Enhanced Authorization
C_AENR_RV1 CC Engineering change mgmt - revision level for materials
C_DRAD_OBJ Create/Change/Display/Delete Object Link
C_TCLA_BKA Authorization for Class Types
Hope the above answers your query.
Regards,
Vivek -
Plant level authorization control for Internal Order
Dear Sir,
We create Internal Order using tcode KO01 and being a multi plant scenario , we want to have an authorization control on Internal Order creation/change so that plant or profit-center level authorization rights can be given to the users .
We request you to Kindly guide us about the steps to be followed for addressing such requirement .
With thanks and Regards
Sonia AgarwalaSonia-
It can be done. You have two options.
1. SAP security - when your security person can limit a user by plant, profit center etc using authorization objects.
2. Validations - Here you can create a validation where you define you logic. In your logic you can restrict set of users who can access a set of fields (profit center, plant etc). If he deviates, the system can issue error messages which is maintained in validations. Use transaction GGB0 to create validations.
Hope this helps.
Shail -
Authorization control on material reservation creation and change (MB21 & M
Hi Friends
Please help me to find a solution on Authorization control on material reservation creation and change (MB21 & MB23).
Client looking for a control over end user on those T.Code s but not at T.Code level;
Client looking for control either based on "Storage location" and/or u201CProduct hierarchyu201D.
More specifically, user A and B both can Create/Change MR but user A only can do it for the MR which related to storage location say YY while B authorized for storage location ZZ
Thanks in advance.Hello Partha,
Only available Standard SAP Authorization Objects, related to Reservations, are M_MRES_BWA (Reservations: Movement Type) & M_MRES_WWA (Reservations: Plant) where you can maintain authorizations based on Movement Type & Plant respectively and hence seggested enhancement.
You can use Tcode-SUIM to search for Basis authorization details i.e. Roles defined for specific transaction/authorization object / profiles.
Revert if any further info required.
Regards,
Anup -
Authorization control for batch master
Hello Experts,
I have a special requirement from client on authorization control on batch master. The requirement is user should not be allowed to change the batch header details but allow to change selected characteristic values. For e.g If I have a batch A, the header values such as prod date, country of orgin etc should not be allowed to change. In classification view few characteristics only should be editable, rest all should only be displayed.
Is there any option to do this. Either through authorization control or exits. We dont want to create a custom transaction to achieve this.
Thanks in advance
PrathibHello
The following document explains how to check which authorization objects are called on each transaction:
How to analyze authorization issues in debug
BR
Caetano -
Goods issue against STO (plant authorization)
Dear All
I have an authorization issue when doing goods issue from Plant 1, against an STO raised for Plant 2.
User has MIGO authorization for 351mvt with authorization object M_MSEG_BWA;
Also he has authorization for all storage locations of Plant 1 and 351mvt with object M_MSEG_LGO; And plant authorization of migo is given for Plant 1 with authorization object M_MSEG_WWA
To issue goods from plant 1 to Plant 2 against the STO raised at Plant 2, what authorization does he require? At the same time he should not able to do GR for POs of plant 2 etc.
Thanks in advanceHi
I was also in same impression but the SU53 screenshot is showing authorization problem with object M_MSEG_WWA for Plant 2.
User has been given the same for plant 1 (own plant) -
Hi,
I was trying to restrict the user to get data for spefic plant . Is their a std approach to do this. I would like to have this restriction to custom programs/reports only.
Awaiting a replyHi,
Yes, it is possible with the authority check object. Here the basis/ function people will creat the Object and assigns the valid plants to it. we need to add the following code in the custome program to restict the execution to the specific plant.
Authority check for Plant
AUTHORITY-CHECK OBJECT 'Z_WERKS'(Authority check object)
ID 'ACTVT' FIELD '03'
ID 'WERKS' FIELD P_WERKS(Selection parameter)
IF sy-subrc NE 0.
MESSAGE e000 WITH
'No authorization to Division:'(054)
i_spart.
ENDIF.
Hope this will help you.
Regards,
Satya -
Authorization Control for Quick Viewer
Hi,
I have create a quick viewer using table join and I notice that the authorization when I execute the program is only at table authorization level.
Question: Is quick viewer authorization be down to the field level. For example, if I join MKPF and MSEG and RESB to view stock movement with reservation information. Can quick viewer check the plant authorization object (M_MSEG_WMB) to make sure that the person execute the report is only able to view his/her own data?
Regards,
NormanIt's not an ABAP question. You might want to ask your Basis/Security consultant or move the question to the corresponding forum.
-
Authorization control for Z fields
Hi all,
We have appended a structure to VBAP; our requirement is to update these Z fields based on authorization control.
Other than creating Z auth objects and checking them in our exit before updating Z fields, is there any other standard option to control updating of these Z fields.
Regards,
Krishna.
SAP SD Techno Functional.Hi all,
We have appended a structure to VBAP; our requirement is to update these Z fields based on authorization control.
Other than creating Z auth objects and checking them in our exit before updating Z fields, is there any other standard option to control updating of these Z fields.
Regards,
Krishna.
SAP SD Techno Functional. -
Authorization control- WBS specific
Hi Experts
My client handles major projects.
Each WBS is owned by a management personnel like:
DGM Mehanical: Mechanical activities
DGM Electrical: Electrical engg activities
DGM Civil: Civil engg activities
Like wise various other responsible teams handle each work package (WBS).
In this context, can we ensure authorization control WBS wise?
It means, the WBS owned by Mech DGM should be editble to him only, and rest users should not be allowed for editing the sub objects of Mech WBS?
Or, if this can be managed using user status, please suggest how the required functionality can be achieved.
warm regards
ramSivaHi,
You can use Person Resposible field in the WBS master data for the purpose.
In T-code OPS6 you enter Person Responbile , Name , Office User.
Create Three roles , DGM Civil (12), DGM Elec (13) , DGM Mech (14).
For Authorization object C_PRPS_VNR enter for field PS_VERNR = 12 and PS_ACTVT = 01,02 & 03 for DGM Civil Role.
Similarly for other roles.
Key in 12 in person responsible field of the WBS belongs to DGM Civil.
Assign DGM Civil role to DGM Civil user.
Then he can only edit and ret can only view.
Option 2 :
You can also use Project Type.
Object = C_PRPS_ART
Create three project types Civil, Elec, Mec . In respective WBS select the project type as desired and assign that project type to the concerned role.
You can take help of Basis consultant for clear understanding.
Thanks
Saikishore.Ganga -
Authorization control based on responsible persons
Hi Experts
My project structure is operated by several users.
To have a control on each WBS (based on responsible person) i have set up authorization control for auth object C_PRPS_VNR.
I have acheived control on WBS elements.
However, the activities and network are still editable.
Please suggest the auth control for the wbs and resp NWAs based on resp person.
warm regards
ramSivaHi Ram Siva,
If you are using individual Network header for different WBS element,you can use MRP controller field in the assignment tab page of Network heade for this authorisation.You can create the equal number of Person responsible as MRP controller and control the authorisation. -
Authorization control for "Revoke Status Closed"
Dear Experts,
We are trying to restrict the authorization of business transaction u201CClosedu201D & u201CRevoke status closedu201D through authorization control for transaction COR2.
For that I have included authorization objects- K_ORDER, K_VRGNG, I_VORG_ORD in the user profile.
I have also added these objects in SU24 with check indicator u201CChecku201D & proposal u201CYESu201D
Through authorization object- K_ORDER I succeeded to restrict business transaction u201CCloseu201D.
But I am unable to restrict u201CRevoke Status Closedu201D.
I have also tried for this with user status but through user status also I am unable to restrict u201CRevoke Status Closedu201D.
Can anybody help me for this.
Regards
VivekDear ,
You can do it through two option :
1.Apply Screen variant -SHD0 at user level in which you can switch off menu path of TECO/REVOKE etc.
Refer : http://wiki.sdn.sap.com/wiki/display/Snippets/TransactionVariant-AStepbyStepGuidefor+Creation
2.You can try User Status at Production Order level .Refer : authorization for TECO
You can also check by User Exit : PPCO0007 (Exit when saving Production Order)
Regards
JH -
Authorization control in MIGO on basis of Pur. Group & Pur. Org.
Hi Experts,
As per requirement, we needed Authorization control in MIGO on basis of Purchasing group and Pur. Organisation
In MIGO user should allow to do GRN with Movement type 101 & 102 on the basis of Pur. Group & Pur. Org. mentioned in PO.
I wanted to know can we restrict user to do GRN on the basis of above autho. If yes, please tell me in detail.
Thx in advance..Hi,
I allready checked the Tr. code SU24 but it needs to checked Autho Object M_BEST_EKO & M_BEST_EKG. but still it is not restricting on basis of Pur. Group & Pur. Organisation.
I want to know how people restricting user for T code MIGO for Pur. goup & Pur organ.
any suggestions will realy help me.
thx.. -
Analysis authorization - which objects are relevant
Hi
We use Analysis Authorization.
Multicube XXX contains authorization relevant objects A B C.
Is it possible that some of these objects arent used for analysis authorization. Where can I check it?
ThanksHi there,
I don't quite get your question...
If you go to transaction RSECADMIN and create a new authorization object give it a name and a description, if you click on the Infocube button and select the MultiProvider XXX, the system will open a window with all the InfoObjects that exist on that MultiProvider XXX and are marked as authorizationRelevant on the transaction RSD1, tab Business Explorer.
If you don't want some of those objects to be checked with the authorizations, you have two ways:
1. Either you uncheck the option of authorizationRelevant for those InfoObjects in transaction RSD1 tab Business Explorer, but this will afect not only the MultiProvider XXX, but all the InfoProviders were that particular InfoObject is used, will never be checked for authorization purposes.
2. Create a new authorization object in RSECADMIN and click on the InfoCube button, select the MultiProvider XXX and choose only the InfoObjects you want to bypass the authorization for that MultiProvider. Grant * values for all those InfoObjects and click on the butto of special characteristics (button at the left of the button Infocube) and for the entry 0TCAIPROV restrict it to I EQ XXX (so that only the MultiProvider XXX will be afected by that authorization object). This will grant * all authorization values for those InfoObjects only for the MultiProvider XXX, so these InfoObjects will never need authorization values whenever you're using a query(ies) over that MultiProvider.
Hope this helps,
Regards,
Diogo.
Maybe you are looking for
-
Can no longer print from my i phone or i pad
I have a hp photosmart plus e- all in one B210 printer. When I set up my i phone and ipad I was able to print. But I can no longer. My lap top is also set up and is running ok as well as my husbands i phone.
-
I want to get a Dell xps computer. I like vista, but Mac os x leopard is just insane. One of the adds said that I could transfer my files to mac files. This made me happy, but I'm not quite shure what he said. Could anyone give me any details on how
-
Macpro message to restart.
friends, my mac hangs at times without any provocation. this happens even while switching over to windows. techies would u please put some light in to this problem!! I get a message ''You need to restart the computer. Please press the button restart
-
When ever I select this option firefox only shows characters that appear when you do not have foreign fonts installed, except for English. The characters are squares with numbers in them at the bottom of the character.
-
Console Authentication Problem
HI, I have cisco 1841 Router configured for AAA authentication. Everything is fine only problem with console authentication. I dont want to have AAA authentication console. I want to use local console password prompt when somone console the router. B