02-11-2019 9:27 AM
Hi there,
We use MATMAS (MATMAS05) for creating and changing materials and off course MM02. The IDOC may only change materials of a certain material type.
I know that authorization object M_MATE_MAR can be used for that when using transction MM02, however this object is not checked with MATMAS which also changes a material (checked via a trace). Most probably MATMAS does not call trasaction MM02. Anyhow I would expect that MATMAS will hit the same authorization checks, in this case it looks like a backdoor.
Does somebody know this problem and has a cure for that?
By the way: I am not a authorization consultant.
Regards Kees
02-11-2019 10:09 AM
The IDOC should be processed by BAPI, so behavior may (and will) be different from transaction, read a note such as 2030357 - Switchable authorization checks for RFC in Material Version
Nevertheless, there are BTE (e.g. mgv00200) or BAdI (e.g. BADI_MATMAS_ALE_IN) where you could add your own authority check, replicating standard check performed by transactions.
02-11-2019 1:12 PM
Hi Raymond,
Thanks for the reply. I already asked the developer to trigger the check in user exit FM EXIT_SAPLMGMU_001 which is already in use. This user exit is triggered when saving the material. I will keep people posted.
Regards Kees