Solved: can I use object S_USER_GRP other than I_IWERK to ...

former_member588416 · ‎02-21-2019

In my company, we only have PLM system, MM module is not implemented.

I am working on authorization now, considering to put plant code value in ' user group' filed through SU01, insert S_USER_GRP in roles to differential plant authorization.

I know it will work for sure. However SAP Security gurus, I will need your opinion. Is there any risk behind?

Thank you!

alessandr0 · ‎03-14-2019

Hi Iola,

just keep in mind that authorizing S_USER_GRP might open up acess in the user master transactions like SU01, etc. if users get access to it. I am not an PLM expert, but you might instead consider a custom authoriztion object.

Regards, Alessandro

former_member588416 · ‎04-05-2019

Hi Alessandro,

Thank you very much for the reply. I think you are right. Did a test, S_USER_GRP is only for user master maintenance. Need a custom authorization object... yes...

Thanks,

Iola

can I use object S_USER_GRP other than I_IWERK to segregate plant users' authorization

Accepted Solutions (1)

Accepted Solutions (1)

Answers (1)

Answers (1)

Re: How to transfer stock from one customer stock ...

Error while specifying intervals and posting rules...

Re: How to transfer stock from one customer stock ...

crystal report for special term on customers & ven...

Re: Group valuation in intercompany scenario