cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization Object

Go to solution
Former Member

on ‎03-09-2009 7:56 AM

0 Kudos

Hi Sap Experts,

Is there a way to separate the access of authorization object in its tcode?. The scenario is both tcodes FV60 and F-44 uses the same authorization object "F_BKPF_KOA" .

here is the requirements:

FV60 - disable write/generate

F-44 - enable write/generate

Both tcode are included in one role in PFCG. If I run one FV60 user can still access the create because of authorization given to F-44 which is write (VICE VERSA)

Thank you in advance.

Regards,

Joel

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-09-2009 8:13 AM
0 Kudos

hi

joel. how are you. check the authorization object for both the transaction.

Show replies
Show replies
Former Member
‎03-09-2009 8:19 AM
0 Kudos

Hi AP,

Already did, both tcodes uses F_BKPF_KOA. My issue is that the other tcode should restrict the write activity. If am going to separate the tcode it works but if I include the other if fails. The role in PFCG should have the both tcodes. What should I do?

Thank you.

Regards,

Joel

Former Member
‎03-09-2009 9:35 AM
0 Kudos

Hi,

Please create one more Authorization object and you can assign T-code one object and another T-code to another authorization object.

Regards

Sreedhar Reddy

Former Member
‎03-09-2009 10:11 AM
0 Kudos

Hi Sreedhar Reddy,

Done adding another authorization object. How can i assign tcode for this?

Thank you in advance.

Regards,

Joel

Answers (5)

Answers (5)

Former Member
‎03-12-2009 7:10 AM
0 Kudos

Hi,

we have experienced with the same prblem as yours. Here is our solution (maybe suits to you) :

- copy FV60 into ZFV60 (ask your ABAP)

- copy F-44 into ZF-44 (ask your ABAP)

- inactivate F_BKPF_KOA in ZFV60 and ZF-44

- create authorization object ZF_BKPF_1 (have the same authorization field with F_BKPF_KOA), and assign that authorization object to ZFV60 (ask your ABAP to set that object embedded to ZFV60)

- create authorization object ZF_BKPF_2 (have the same authorization field with F_BKPF_KOA), and assign that authorization object to ZF-44 (ask your ABAP to set that object embedded to ZF-44)

- maintain necessary value for each authorization field for ZF_BKPF_1 in ZFV60 and ZF_BKPF_2 in ZF-44

a lot of work to do, but safe enough than modifying original t.code from SAP (FV60 or F-44)

we have done this with MB51 and MB5B

hope it help you.

rgds,

Alfonsus Guritno

Show replies
Show replies
Former Member
‎03-11-2009 10:02 AM
0 Kudos

Hallo Joel,

if you use the SAP standard you can't make a difference between FV60 and F-40 and their activities. Both transactions use a lot of simular authorization object (s. transaction su24).

Perhaps you have to create an own authorization object for one of the transaction above and include this new object in SAP standard programm for the transaction.

Regards

Sven W.

Show replies
Show replies
Former Member
‎03-12-2009 1:13 AM
0 Kudos

Hi Sven,

from your qoute "Perhaps you have to create an own authorization object for one of the transaction above and include this new object in SAP standard programm for the transaction."

Kindly give me procedure on how to do this.

Thank you in advance.

regards,

Joel

Former Member
‎03-12-2009 7:24 AM
0 Kudos

Hallo Joel,

Alfonsus explains how to. Perhaps an abap developer should help you. It is a lot of work, but this is the only way to make a difference during the authority check of transactions using the same authorization objects and values.

Regards

Sven W.

Former Member
‎03-10-2009 8:45 AM
0 Kudos

Hi Joel,

For your understandiing: First create a test role with above 2 Tcodes.

Then go to change authorization data>>>>search the particular auth object.

on left side top of the auth obj you can find the mountain tab(which is commonly called Display sublist)

There you can find the common values coming for tcodes.

First auth obj will effects first TCODE, second obj will effects second Tcode. Here you can change them accordingly.

Regards

Nick Loy

Show replies
Show replies
Former Member
‎03-10-2009 4:58 AM
0 Kudos

Hi,

Pls create new role for this user.

Anil

Show replies
Show replies
former_member184114
Active Contributor
‎03-10-2009 5:31 AM
0 Kudos

Joel,

Please check if there is any user exit available for the tcodes you are working with. However, creating another authorization object looks a suitable solution.

Please update us on the same.

Regards,

Faisal

Former Member
‎03-10-2009 6:31 AM
0 Kudos

Hi Anil Satya,

I cant create new role for this because all users for this role uses both tcodes.

Any other suggestions?

Hi Faisal Khan,

Ok I will ask our ABAP'er for the user exits.

I will give you feedback once done.

By the way I how can I assign authorization object for tcodes? I cant find the mountain tab. please read top thread.

Thank you all.

Former Member
‎03-09-2009 11:06 AM
0 Kudos

Hi Joel,

Just add one more object, then click on mountain tab.

It will shows you which object is effecting first t code and which is for second one. second one, then you can change the objects accordingly.

EX:If you want to let in display mode for first t code, then you have to change first object with display auth.

Regards

Nick Loy

Show replies
Show replies
Ask a Question