on 03-09-2009 7:56 AM
Hi Sap Experts,
Is there a way to separate the access of authorization object in its tcode?. The scenario is both tcodes FV60 and F-44 uses the same authorization object "F_BKPF_KOA" .
here is the requirements:
FV60 - disable write/generate
F-44 - enable write/generate
Both tcode are included in one role in PFCG. If I run one FV60 user can still access the create because of authorization given to F-44 which is write (VICE VERSA)
Thank you in advance.
Regards,
Joel
hi
joel. how are you. check the authorization object for both the transaction.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
we have experienced with the same prblem as yours. Here is our solution (maybe suits to you) :
- copy FV60 into ZFV60 (ask your ABAP)
- copy F-44 into ZF-44 (ask your ABAP)
- inactivate F_BKPF_KOA in ZFV60 and ZF-44
- create authorization object ZF_BKPF_1 (have the same authorization field with F_BKPF_KOA), and assign that authorization object to ZFV60 (ask your ABAP to set that object embedded to ZFV60)
- create authorization object ZF_BKPF_2 (have the same authorization field with F_BKPF_KOA), and assign that authorization object to ZF-44 (ask your ABAP to set that object embedded to ZF-44)
- maintain necessary value for each authorization field for ZF_BKPF_1 in ZFV60 and ZF_BKPF_2 in ZF-44
a lot of work to do, but safe enough than modifying original t.code from SAP (FV60 or F-44)
we have done this with MB51 and MB5B
hope it help you.
rgds,
Alfonsus Guritno
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hallo Joel,
if you use the SAP standard you can't make a difference between FV60 and F-40 and their activities. Both transactions use a lot of simular authorization object (s. transaction su24).
Perhaps you have to create an own authorization object for one of the transaction above and include this new object in SAP standard programm for the transaction.
Regards
Sven W.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Joel,
For your understandiing: First create a test role with above 2 Tcodes.
Then go to change authorization data>>>>search the particular auth object.
on left side top of the auth obj you can find the mountain tab(which is commonly called Display sublist)
There you can find the common values coming for tcodes.
First auth obj will effects first TCODE, second obj will effects second Tcode. Here you can change them accordingly.
Regards
Nick Loy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Pls create new role for this user.
Anil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Anil Satya,
I cant create new role for this because all users for this role uses both tcodes.
Any other suggestions?
Hi Faisal Khan,
Ok I will ask our ABAP'er for the user exits.
I will give you feedback once done.
By the way I how can I assign authorization object for tcodes? I cant find the mountain tab. please read top thread.
Thank you all.
Hi Joel,
Just add one more object, then click on mountain tab.
It will shows you which object is effecting first t code and which is for second one. second one, then you can change the objects accordingly.
EX:If you want to let in display mode for first t code, then you have to change first object with display auth.
Regards
Nick Loy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
102 | |
12 | |
11 | |
6 | |
5 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.