Skip to Content
avatar image
Former Member

Problem with security access by plant for results recording

We are having a problem with security on results recording in QM. I am trying to set up security for the following scenario:

I want to allow a user to display inspection results in all plants in a company. I also want to allow that same user the ability to record and edit inspection results in their own plant, but not in the other plants. For example: I have a user u2018Joe.u2019 Joe works at plant u20180001.u2019 I want to give Joe the following access:

Plant: 0001

Access: Record, Edit and Display inspection results (QE51N, QE01, QE02, QE03, etc.)

Plant: 0002

Access: Display inspection results only (QE03)

Plant: 0003

Access: Display inspection results only (QE03)

We have a security role that includes the display transactions (QE03, etc.) for all plants. We also have a results recording role with QE51n, QE01, QE02, etc. for the useru2019s plant (0001). The problem comes that when we grant both roles to Joe, he can now perform results recording in ALL plants, not just his own. It appears from a security trace that it is checking the Q_MATERIAL and Q_INSPTYPE authorization objects. Is there any way to set up these authorization objects so that a user can view results in all plants but only record/edit results in the useru2019s own plant? Thank you for any help you can provide.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Nov 19, 2009 at 04:22 AM

    Hello

    Can you check with this object Q_CHAR_PRC. This object is for Recording Authorization for Insp. Results in an Operation

    Here you can maintain the plant for which you are allowing the result recording to be done

    Regards

    Gajesh

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      >

      > Thank you everyone for your responses. I really appreciate it. Unfortunately, we have tried using the authorization objects you mention but we still have the same problem.

      >

      > I believe Mylene may be right about it adding the assigned values up. Because even when we assign the objects mentioned by plant, if the user has 'edit results' in one plant and 'display results' in a different plant, they now have edit for both plants.

      >

      > Mylene, do you by chance have the specific thread in the security forum that talks about this? I tried to find it but could not.

      >

      > Does anyone else know of any work arounds to the problem? It just seems very odd that SAP wouldn't have a way to display results in all plants yet edit results only in the home plant of the specific user.

      i am a bit in a hurry this morning, so i cannot come up with the one thread i really sought, but this one might suffice:

      company-code-restrictions

      sadly enough, you will have to format the answer in order to make it readable. generally, go over there again and search with keywords 'FB03' and 'Company' ... you should be able to find one or more wanting to make differentiation in visibility per company code ...

  • avatar image
    Former Member
    Nov 18, 2009 at 02:37 PM

    hi

    please check

    SAP_QM_IM_RES_REC authorization.

    Check the relevant objects of Display 0r change or create.

    Also create SAP_QM_IM_RES_REC plant wise like SAP_QM_IM_RES_REC_0001

    Regards

    Sujit

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 18, 2009 at 03:23 PM

    >

    > We are having a problem with security on results recording in QM. I am trying to set up security for the following scenario:

    >

    > I want to allow a user to display inspection results in all plants in a company. I also want to allow that same user the ability to record and edit inspection results in their own plant, but not in the other plants. For example: I have a user u2018Joe.u2019 Joe works at plant u20180001.u2019 I want to give Joe the following access:

    >

    > Plant: 0001

    > Access: Record, Edit and Display inspection results (QE51N, QE01, QE02, QE03, etc.)

    >

    > Plant: 0002

    > Access: Display inspection results only (QE03)

    >

    > Plant: 0003

    > Access: Display inspection results only (QE03)

    >

    >

    > We have a security role that includes the display transactions (QE03, etc.) for all plants. We also have a results recording role with QE51n, QE01, QE02, etc. for the useru2019s plant (0001). The problem comes that when we grant both roles to Joe, he can now perform results recording in ALL plants, not just his own. It appears from a security trace that it is checking the Q_MATERIAL and Q_INSPTYPE authorization objects. Is there any way to set up these authorization objects so that a user can view results in all plants but only record/edit results in the useru2019s own plant? Thank you for any help you can provide.

    no, there isn't. all the assigned values for the objects you mentioned (and all other objects ...) add up. they are all together in a memory area that is called 'user buffer' and that is that. if you do not have different document types or such a criterium per plant, you are lost then.

    please have a read in the Security forum ... it has been explained there in detail.

    Add comment
    10|10000 characters needed characters exceeded