Skip to Content
author's profile photo Former Member
Former Member

Specification type authorizations

Hi EHS experts,

I am trying to create PFCG roles that are restricted to specification types. I have performed the needed config. change to allow the usage of the new authorization objects (to allow the usage of the SUBCAT) field.

SPRO > Basis Data and Tools > Specify Environment Parameters

  • Change value of SP_AUTH_CHECKS_WITH_SUBCAT to X

The role that I am testing should allow the user to only display the specification type that I have restricted (i.e. ALLERGEN). However, when I perform the test I am prompted with an 'Authorization error'. The system trace indicates that I am missing ACTVT 03 for other specification types which I am not authorized to display (which is correct, as I do not want the user to see any other spec. type except ALLERGEN).

Any idea as to why the specification type restriction is not working as expected? Am I missing something here?

Any help would be greatly appreciated.



Message was edited by: Ingo Sigmund

Add comment
10|10000 characters needed characters exceeded

2 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Oct 04, 2013 at 10:40 AM

    HI Jerry,

    From what I suspect from your issue is - there maybe an instance where to display the required specification type it may pass through another spec. type.

    It's same like, calling an internal transaction if you execute one.

    I suggest you to test first - by giving the traced authorization and then negative test the spec. types which you don't wish to see.

    Reward if useful.



    Add comment
    10|10000 characters needed characters exceeded

  • Posted on Oct 05, 2013 at 07:52 AM

    Hi Jerry,

    Maybe Mr C.B is correct, Add manually C_SHES_TV2 and C_SHES_TVH Authorization Object in role.

    As Mr C.B told you can control display and changes rights  through Activity.

    An authorization group assigns authorizations to a user for working with specifications. Example ,user can only work with specifications if an authorization group has been entered in them authorization profile

    Each specification type must be assigned to at least one specification category that categorizes the specifications into major groups (substances, agents, packagings, and so on).

    If a special check function is defined for the specification type in Customizing, the system checks whether the specification key entered by the user for this specification type is syntactically correct.

    you can possible to customize as per your requirement for authorization profile.

    see the above mention example, Now the user can possible assess only Real-Substance specification data .You can use SU53 T-code to find out missing authorization Object and field name.

    Use SU53 T-code it is more useful for identify the role related issues.


    pastedImage_3.png (26.8 kB)
    pastedImage_4.png (24.5 kB)
    Add comment
    10|10000 characters needed characters exceeded