Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict Access to CL01 and CL02 by Class Types

Former Member

‎06-09-2009 9:44 PM

0 Kudos

I need to restrict tcode CL01 and CL02 depending on the class type.

For example:

--- User01 has access to the material class type

--- User02 has access to the equipment class type

--- User03 has access to both material and equipment class types

--- All these users have display access to all class types

Therefore,

--- User01 should be able to create and change material classes only and not equipment classes.

--- User02 should be able to create and change equipment classes but not material classes.

--- User03, on the other hand, can create and change both material and equipment classes.

Should I get an abaper to check for a userexit to perform the auth check? How can I avail the use of auth object C_KLAH_BKP? Where can I create this auth group and how does it tie to the different classes?

Please advise.

Thanks in advance!

4 REPLIES 4

sdipanjan
Active Contributor

‎06-09-2009 11:07 PM

0 Kudos

use the authorization object:

C_TCLA_BKA Authorization for Class Types

Regards,

Dipanjan

Former Member
In response to sdipanjan

‎06-10-2009 12:15 AM

0 Kudos

Based on my examples, I'm already using auth object C_TCLA_BKA. For User01, auth object C_TCLA_BKA = 001 for materials.

Let me clarify.

Roles:

Role1 = access to CL01 and CL02 for material class

Role2 = access to CL01 and CL02 for equipment class

Role3 = access to CL01 and CL02 for material and equipment class

Role4 = display access to all classes

Assignments

User01 has Role1 and Role4.

User02 has Role2 and Role4.

User03 has Role3 and Role4.

If User01 only has Role1, then everything is fine. But if Role4 is given to User01 then he can also create equipment classes which should not be the case. And it's the same problem if Role2 is combined with Role4. The user can create and change material classes when he should only have access to equipment classes. And therein lies my problem. How can I make sure that User01 with Roles 01 and 04 can only create and change material classes?

sdipanjan
Active Contributor
In response to sdipanjan

‎06-12-2009 7:19 PM

0 Kudos

Hi,

I would like to suggest you to run a ST01 trace to get the details of all checks performed for Class Type objects. Also please have a look on the below Notes:

[Note 322567 - Authorization check class type C_TCLA_BKA|https://service.sap.com/sap/support/notes/322567]

[Note 370220 - Missing authorization check class type C_TCLA_BKA|https://service.sap.com/sap/support/notes/370220]

Let us know the result. Also check the use of following objects containing class type as field in those roles, if in use with other value set.

C_CLMM CLAS Mass Processing of Classifications

C_TCLA_BKA CLAS Authorization for Class Types

C_TCLS_BER CLAS Authorization for Org. Areas in Classification System

C_TCLS_MNT CLAS Authorization for Characteristics of Org. Area

Regards,

Dipanjan

former_member701183
Active Participant

‎06-12-2009 6:25 PM

0 Kudos

Hi,

Create the roles as per Ramos instruction and control it via C_TCLA_BKA authorization object. Please let me know if any issue.

Regards

Aveek.