Storage Location Authorization Object

Similar Messages

• Material Type Movement type and Storage location Authorization Object

  Dear All,
  My client wants that  certain type of material i.e. SFG should not be GR Mvt. type 101 at the FG storage location, they want to restrict to some  user ID .
  Is there any authorization object or the enhancement to control all three parameter to restrict to particular USER ID?
  Thanks in advance.
  regards
  ALOK Shrivastava

  Hi,
          Please check as follows.
          IMG > Material Management > Inv. management and Physical Inventory  > Authorization Management
                 > Authorization Check for Storage Locations (Indicator on)
  Regards,
      Gaito

• Storage Location Authorizations

  Dear Gurus
  We have recently implemented SAP in our Organization and have activated Storage Locations' authorizations. Our requirement is to limit the authorization to issue and receive material from individual storage locations but at the same time the users should be allowed to dispatch material for other storage locations (through 2 step transfer posting by posting "Remove from Storage" transactions). The problem is that at present the users are not able to select Destination Storage locations (in 2 step transfer posting - remove from storage) which are not authorized to them. On the contrary authorizing them for those Storage locations will authorize them to issue / receive material in other's storage locations.
  I will appreciate if any of you may guide how to resolve this problem.
  Regards
  Muhammad Asif Nakhuda
  Edited by: Asif Nakhuda on Jul 31, 2010 10:34 PM

  Hello Ahsan,
  Addition in SU22 in not for introducing authorization checks. It is misconception. All it does is the following:
  For example you add auth object X for as transaction Y in Su22/SU24 . Now if you add transaction Y to a role in PFCG then authorization object X will be added by default in the role. For standard transactions SAP has maintained Su22/SU24 customizing on basis of ABAP code so that whenever you add a transaction to a role its correspnding authorization checks are added automatically to a role and you dont to take pains of finding them out. In case of custom built transactions also you can follow the approach used by SAP. SU22/SU24 is for easing role adminsitration ands not introducing authority checks !!
  Regards.
  Ruchit.

• Storage Location Authorization

  Hello,
  I want to authorize user A to make material movements in     Plant 1001  Storage 1000, 1001, 1002...9000
                                                                                  Plant 1002   Storage 9000
                                                                                  Plant 1003   Storage 9000  etc.
  So,  first I followed path SPRO - MM - Inventory Management and Physical Inventory - Authorization Management - Authorization check for storage management   and enabled storage authorization.
  Then In PFCG under Goods Movement: Storage Location I selected related storage locations and plants as above but it still allowed user A to make movements to storage 1001, 1002 of plant 1002 and 1003.
  In our system every plant has storage locations called 1000,1001,1002...9000. Does the system recognize the storage locations selected in PFCG according to the plants selected. To be more precise, ıf I select, 1001, 1002 and 1003 for plants, and
  (plant-storage loc) (1001-1000, 1001-1001, 1001-1002, 1002-9000) does the system recognize it as if I want to be authorized for 1002-1000, 1002-1001,1002-1002  ?

  Hi
  You can do it additive, for instance.
  Only can create movement 101 and 102, others only view them:
  ACTVT = 01,02
  BWART = 101, 102
  LGORT =  *
  WERKS = *
  and add newly the object M_MSEG_LGO with other parameters.
  ACTVT = 03
  BWART = *
  LGORT = *
  WERKS = *
  Of course, you have other auth.objects (eg: M_MSEG_BWF, M_MSEG_WMB,...). If other object avoid that the user can do it, run tcode SU53, it will tell you what object avoid that user can do it.
  I hope this helps you
  Regards
  Eduardo

• Storage Location check during 101

  Hi folks,
  I am facing a problem and need ur help...
  Though this is a security related issues but it requires Functional help...
  A user who does not have authorization for Storage Location ABC (M_MSEG_LGO) is executing MIGO and is being able to do GR(101) against STPO for ABC...
  The system trace shows that only 2 objects are getting checked viz M_MSEG_BWE (Goods Receipt for Purchase Order: Movement Type) and M_MSEG_WWE (Goods Receipt for Purchase Order: Plant). There is no check for Storage Location in Purchase Order...
  The S Loc is defined in the PO and during MIGO it is getting picked from there..
  How can i restrict this guy from posting 101 for ABC??...
  Pls help before i am thrown out...
  PS: The Storage Location authorization (M_MSEG_LGO) is available to the user BUT for a different location. Also the storage location ABC is authorization relevant in SPRO...
  thankx in advance
  Sachin

  hi sachin,
  pls check the user roles defined. From what you have written, it seems that the object M_MSEG_LGO is getting bypassed for some reason. Pls check all the other roles that this particular user is assigned to. And pls don't worry. There's no way you are going to be thrown out with so many experts around to help you out with a solution. I'm sure everyone will echo my view. Be patient and check out the roles. Revert back.
  - Rahul

• User Authorisation - storage location

  Hi,
  we have three storeage location under one plant, can we restrict user to access only on UM1 storage location not to access balance two storage location.
  Plant :    X70
  Storage Location  :  UM1
                                  UN1
                                  UN2
  Is it possibile to create a role only on storage location, please advice.
  Regards,
  Muthu

  You will need to activate " Authorization Check for Storage Locations "
  Storage location authorization means that a user has to have authorization for authorization object M_MSEG_LGO in order to enter a goods movement in the storage location, using a particular movement type. In the list of material documents, only the document items for which the user has a display authorization are displayed
  Go to  SPRO->Materials management ->Inventory management ->Authorisation management->Authorisation check for storage locations,

• Movement type authorisation for different storage locations

  Hi sdners
  can we make the movement type restricted to any storage location
  Ex: i have 2 storage locations 1110 and 1114 in plant 1100
  and i have two end user mst1 mst2
  if so i want to make sure that mst1 is responsible only for issue goods from 111o
  and he should not able to issue goods from 1114 vice versa to mst2
  is there any possible configuration please let me know.
  With regards
  S.K.chaitanya

  Hi
  u can achive this through authorization
  First
  You need to activate the storage location authorization check for goods movements in config
  SPRO->Materials Management->Inventory Management and Physical Inventory->Authorization Management->Authoization check for storage locations.
  Then required  control is achieved via authorization object M_MSEG_LGO.
  Get in touch with Basis and ask him to remove required storage location from user ID so that that user will not able to pass any movement to that storage location
  Vishal...

• Authorization Control for Transfer Posting's Storage Location

  Dear Gurus,
  Hi ! May I know is that SAP has any Authorization Object to control Transfer Posting (SAP R3 4.0B) ?
  Let say in MB1B I only allow certain user to do transfer posting with P230 storage location, how should I control it ? With Authorization Profile?
  I had tried remove all storage location P230 authorization M_MSEG_LGO from those user who are not allow to use, but sad to say that most of the user who allow to use transaction MB1B also able to do good receipt or transfer posting with storage location P230.
  I had check those user's profile, actually in their authorization, there could not get P230 in their M_MSEG_LGO authorization  object.
  Thank you!
  Warm regards

  Hi,
  I did not tried OLMB before, but I couldn't get  the option you ask me to click.
  Please refer to the screen, is it the Basis Administration is what you mention lately?
  [http://www.pikipimp.com/pp/pimped_photo/s/image/40/552/543/OLMB-compiled.JPG?ts=1232093107390]
  I had assign the storage location P230 to the authorize users, but the problem now was those unauthorized users also can use the storage location P230 to do Transfer Posting (MB1B) although I did not assign to them in PFCG.
  Thank you.
  Warm regards.

• Authorization Object for Storage Type

  Hi Experts,
  We want to restrict the goods movement based on storage type. Does anybody know what authorization object we can use to implement that?
  Any help is greatly appreciated.
  Thanks,
  Khan

  Hi,
  At PFCG, go to authorization profile you want to restrict, look for M_MSEG_LGO Authorization Object, at the storage location field assign it. If you only want to restrict it for few user use, remove those from unauthorized user profile.
  Hope it might help.

• Purchase Requisition Authorization based on Storage Location

  Hi MM Gurus,
  Our client has got a specific requirement to control the security of purchase requsition creation, change and release based on the storage locations. We have found the authorization object M_BANF_LGO which is to restrict the access of PR based on storage location in purchase requsitions.
  The issue is the purchase requsition BAPI does not check this authorization object as per standard SAP.
  Does anyone know how to handle the security of purchase requsition based on storage location?
  FYI - Our PR release strategy is at item level and not at document level.
  Thanks,
  Shekhar

  Thank you for the reply. In case of purchase requsition for cost center, you can still enter the value of storage location. The storage location comes into picture when the goods receipts are posted against this purchase. However, the storage location value can be entered at PR level.
  We have storage location field as "Required" field in all purchase requsitions as there is only one plant and each storage location represents the division.

• Authorization Check for Storage Location

  Hi Experts,
  I have the following requirement :-
  I have Plant : P081 created under Company Code : P110.
  I have got various Storage Locations under this Plant for example
  KT01 - Main Stores
  KT24 - Remote Store.
  The KT24 store is basically a remote location store. I have activated the Authorization for the Storage Location KT24 in the SPRO Settings
  Material Management --> Inventory Management and Physical Inventory --> Authorization Management --> Authorization check for storage location.
  I have maintain the following authorizations for the Object M_MSEG_LGO as follows :-
  1. OBJECT : M_MSEG_LGO.
  >> 2. USER ID : 081Store
  >> 3. PLANT : P081
  >> 4. STORAGE LOCATION : Kt24
  >> 5. ACTIVITY : 01-03
  >> 6. MOVEMENT : 101, 102, 201, 221, 261
  and authorization for T_code MIGO_GR and MIGO_GI . I want to restrict the user for transaction only for this storage location but the system is allowing the user to post GR document for KT01 stores also.
  Can any one suggest a solution or settings that need to be done for the user to be restricted to prepared GR for Storage Location KT24 only.
  Thanks in advance.
  AJ

  Hi,
  You set the authorizations to users with tcode PFCG. To know the reason of deny some access run tcode SU53 after SAP denies the access to some documents / objects.
  Regards,
  Eduardo

• Restricting Authorization for movement types for Storage Location

  Hi Xperts
  I have a requirement that 313 & 315 material movements should not have any BBD/SLED check.However , 314 & 316 should have BBD/SLED check.
  Suppose there are two storage locations : A(Good Stock) & B(Blocked Stock).
  I want one User-ID should be authorized to perform 313 & 315 from A to B.However the same USER-ID should not be authorized to perform 313 & 315 from B to A.They should be authorized only to perform 314 & 316 from B to A.
  All the above trasnactions will be performed either via MIGO or via MB1B.
  How to achieve this.Pls suggest.
  Regards,
  Soumick

  Hi Soumick,
  You can try by creating 2 roles as given below.
  Role A - Tcode Migo
  BWART - 313 and 315
  for object M_MSEG_LGO field LGORT - give only A
  Role B - Tcode Migo
  BWART - 314 and 316
  for object M_MSEG_LGO field LGORT - give only B
  Try assigning both the roles to user and see... Not 100% sure...but u can try out.... You need to have such scenarios tested very thoroughly.
  With Regards
  Nishad Showkath

• Authorization removal for storage location.

  we want to remove authorization for certain users for accessing specific storage location for transfer posting,let say 0002 is not supposed to access by user AABBCC.
    to control this my basis team member had removed this storage location in master role of this user where storage location is added(Inventory management/physical inventory) even though system is allowing for processing transactions in this 0002 storage location.
  plz suggest the way for restriction of this storage location access to user.

  Please share with us how you resolved this. That may help others in the future.

• Authorization object for additional data of material

  Hi,
  in our Authorization there some user they can use MM01/MM02 only for specific
  Maintenance Statuses - object M_MATE_STA (say L - Storage, X - Plant stocks, Z - Storage location stocks).
  We also want, that this user are not allowed to change some additional data, but i don't know, if there
  is some Authorization object.
  Has anyone an idiea?
  thanks.
  Regards, Dieter

  Have a look at M_MATE_MAN. Help text below:
  Definition
  This object determines whether a user is authorized to maintain material master data at client level.
  Data at client level includes fields that cannot be maintained for each organizational unit (for example, for each plant or sales organization). It includes the following data in particular:
  Material descriptions
  Long texts (except sales texts and the material memo)
  Units of measure
  EANs
  However, it does not include the objects of other applications that you can assign to a material when maintaining the material master record (for example, document assignment or classification) since separate authorizations can be given for objects of this kind.
  Note
  Even if a user does not have the authorization to display data at client level, the following data is still displayed for the material nevertheless:
  Material descriptions and base unit of measure
  Deletion flag on the initial Flag Material for Deletion screen
  Defined fields
  Fields Possible values Meaning
  ACTVT 01 User may create data.
  02 User may change data.
  03 User may display data.
  06 User may change deletion flags.
  Edited by: Nick WW on May 27, 2011 9:27 AM

• How i know Authorization object in system?

  Hi all,
  i create new BAdi with Enhancement Spot: ZWORKORDER_GOODSMVT (copy WORKORDER_GOODSMVT in standard SAP)
  now i have Badi definition: ZWORKORDER_GOODSMVT
  with Interface: ZIF_EX_WORKORDER_GOODSMVT
  all ok.
  now how i can see authorization object in Badi definition: WORKORDER_GOODSMVT (standard)? i already creat Authorization object but now i don't know what field and choose in maintain the authorization (from Badi definition: WORKORDER_GOODSMVT )
  ex: 1. in package BSFC have interface IF_EX_BSFC_POLICY and method GET_POLICY
       2. Authorzation object: B_BSFC (have field name: BSFC_APPL and ACTVT in maintain the authorzation)
  because i get this and solve in my job.
  when i activate the BAdI function called WORKORDER_GOODSMVT and assign to the a.m. authorization object???
  Processing Logic: 
  •     The backflush errors are created after the execution of backflushing transaction in Repetitive Manufacturing (REM) – t-code MF42N or MFBF
  •     If during the backflush execution the components are not available in the respective production storage location then system by default will create backflush errors
  •     Backflush errors will need to be cleared everyday and must be cleared before end month stock take
  •     Backflush errors can be processed using the following t-code:
  o     MF45 – Individual
  o     MF46 – Collective
  o     MF47 – Post processing List
  o     COGI – Post processing Individual Components
  Authorization will be applied only for COGI, while others will not be used in PSECI
  •     Create new authorization object called Z_PP_COGI to be assigned later to the user id
  •     Activate the BAdI function called WORKORDER_GOODSMVT and assign to the a.m. authorization object
  •     For unauthorized users, an errors message will appear if they try to delete the backflush errors in COGI transaction as follows:
  o     You are not authorized to change/ delete the backflush errors! Please contact your superior!
  Thanks so much all, ......

  Hi Nguyen,
  Check the following links:
  http://help.sap.com/saphelp_erp2004/helpdata/en/b8/bdb83b5b831f3be10000000a114084/content.htm
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/6714a9439b11d1896f0000e8322d00/content.htm
  Regards,
  Rajesh K Soman
  <b>Please reward points if found helpful.</b>