- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- How to manage authorization technic in case that ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to manage authorization technic in case that user uses other company authorization?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-30-2014 1:57 AM
Dear all,
we have situation like below.
there are 2 kinds of company(we call it intercompany process)
A company is selling oversee office and B company is HQ that is making product.
Oversee user creates P/O to buy product from B comany and then oversee user simulates B company sales order simulation function to get P/O price.
to do so, A company user needs B company authorization related to Sales order creation, change and display.
the thing is oversee user have B company authorization. there is a chance to change B company order.
in this situaion, we want to use dynamic authorization technic. as i know, some people uses specific coding using SAP ID only for working limited.
is there any method?
thanks in advance,
Daniel.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-30-2014 7:33 AM
Hi,
Discuss with your Basis team. There are standard objects which they can use for authorization to users in this scenario
Regards
jobi
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-30-2014 11:39 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-30-2014 12:23 PM
Hi Lakshmipathi as per the situation i undestand user need authorisation of both A & B for PO Create,change and display.If SOD permits we can create a role permiting both the company codes orselse we can go with FF concept.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2015 3:55 AM
Hi Doosan,
There is a concept called Reference user in SAP which provides access temporarily to the user.
For instance user A has access (X+Y) and user B has access to Z.Now in a situation user A needs access Z for temporary period.Then User A has been assigned with Reference user B for that access Z for a particular period,it can be a for a day only.So automatically when the validity expires the extra access also get expires and you need not modify User A Authorizations.
So for your case you can segregate other company access in a different Role and assign it to the Reference user B and assign it to User A for certain period,which helps User A to have extra access dynamically during runtime for that particular transaction for that particular period.
Hope this helps for your scenario.
Regards
Pradeep
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2015 8:48 AM
Dear Pradeep,
I think fire fighter user concept is more logical then reference user as the latter concept is a very old concept.
Regards
Sourav Banerjee
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2015 8:57 AM
Sourav Banerjee wrote:
I think fire fighter user concept is more logical then reference user as the latter concept is a very old concept.
??
Where do you have this information from? Sounds like speculation to me...
Anyway, M_BEST* objects support both org levels and ACTVT in the same object. So via separate authorization instances or separate roles you can separate the access organizationally based on authorized activities. Reference user would be an overkill for a simple requirement.
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2015 9:59 AM
Hi Julius
If it is just for an activity then yes that is the best solution.But I thought Doosan is asking for particular access required for a particular period and not required always so I advised on Reference user concept.
Sourav-Firefighter is mainly used for super access which can't be provided to normal userid.Also Reference user is still prevalent and used in lot of customer system.As they say Old is Gold.
Regards
Pradeep
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2015 10:12 AM
Yep, the reference user concept is very nifty and if effectively a "composite authorization" represented by a user ID which encompasses the additional authorizations. Particularly useful for temporary access or common auths without overloading the user buffer, as you state.
My understanding of the question is that the access should however be permanent - the use of the word dynamic was the expectation to fill the authorization field value at run time. That will not work.
The easiest solution is two roles with different ACTVT for the different sets of org.levels affecting POs. Whether the second role is assigned via reference user or directly does not matter in that case.
Cheers,
Julius
- SAP Managed Tags:
- Security
