Skip to Content
avatar image
Former Member

How to add authorization field to a standard authorization object

Hi All,

I'm trying to limit user to can only create & change X type of order type in PM module. This can be fullfill by creating suer with assigned role with only allow X type of order type.

But when I assigned a display role which has authorization to display all order type (maintained as authorization object), now my user can create and change all order type.

How to limit user to can only create & change X order type and only display the rest of order type?

I assume by adding authorization field: AUFART(order type) in authorization object: I_TCODE will solve the problem, is it right? and is it possible to do that?



Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

2 Answers

  • Best Answer
    Sep 22, 2010 at 06:37 AM


    your assumption is incorrect. First of all, adding a new field to standard authorization object is a bad idea. You would have to modify all checks for that object. For standard SAP object it means that you would have to modify many SAP programs.

    The authorization object I_TCODE is checked in PM transactions. It gives you authorization to run that transactions. That object can't be used to limit what you do in that transaction or what order type you can process. You are looking for some other authorization object(s). You need to go to SU24 which gives you what authorization objects are checked in particular transaction. It does not have to cover all objects but it's a good starting point.


    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 22, 2010 at 06:45 AM

    After exploring possibilities, it's impossible to do this in standard SAP authorization setting.

    Adding new check in the user exit will be the possible solution

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Andre,

      We dont realy know what you are trying to achieve so it is difficult to judge if changing the user exit is the correct way to go

      with a combination of I_TCODE and a host of other objects you can control what documents can be changed/created and displayed....maybe you would want to search about the object I_AUART a SAP standard object