Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to add authorization field to a standard authorization object

Go to solution
Former Member

‎09-22-2010 2:52 AM

0 Kudos

Hi All,

I'm trying to limit user to can only create & change X type of order type in PM module. This can be fullfill by creating suer with assigned role with only allow X type of order type.

But when I assigned a display role which has authorization to display all order type (maintained as authorization object), now my user can create and change all order type.

How to limit user to can only create & change X order type and only display the rest of order type?

I assume by adding authorization field: AUFART(order type) in authorization object: I_TCODE will solve the problem, is it right? and is it possible to do that?

regards,

Andre

1 ACCEPTED SOLUTION

Go to solution
martin_voros
Active Contributor

‎09-22-2010 7:37 AM

0 Kudos

Hi,

your assumption is incorrect. First of all, adding a new field to standard authorization object is a bad idea. You would have to modify all checks for that object. For standard SAP object it means that you would have to modify many SAP programs.

The authorization object I_TCODE is checked in PM transactions. It gives you authorization to run that transactions. That object can't be used to limit what you do in that transaction or what order type you can process. You are looking for some other authorization object(s). You need to go to SU24 which gives you what authorization objects are checked in particular transaction. It does not have to cover all objects but it's a good starting point.

Cheers

4 REPLIES 4

Go to solution
martin_voros
Active Contributor

‎09-22-2010 7:37 AM

0 Kudos

Hi,

your assumption is incorrect. First of all, adding a new field to standard authorization object is a bad idea. You would have to modify all checks for that object. For standard SAP object it means that you would have to modify many SAP programs.

The authorization object I_TCODE is checked in PM transactions. It gives you authorization to run that transactions. That object can't be used to limit what you do in that transaction or what order type you can process. You are looking for some other authorization object(s). You need to go to SU24 which gives you what authorization objects are checked in particular transaction. It does not have to cover all objects but it's a good starting point.

Cheers

Go to solution
Former Member

‎09-22-2010 7:45 AM

0 Kudos

After exploring possibilities, it's impossible to do this in standard SAP authorization setting.

Adding new check in the user exit will be the possible solution

Go to solution
Former Member
In response to Former Member

‎09-22-2010 9:22 AM

0 Kudos

Hi Andre,

We dont realy know what you are trying to achieve so it is difficult to judge if changing the user exit is the correct way to go

with a combination of I_TCODE and a host of other objects you can control what documents can be changed/created and displayed....maybe you would want to search about the object I_AUART a SAP standard object

Go to solution
former_member797454
Explorer

‎04-01-2022 9:13 PM

0 Kudos

Existe a Nota SAP 412591, Ele discute uma opção de aprimoramento do cliente para o objeto I_AUART que adiciona um campo de atividade ao objeto. Isso deve permitir a segurança entre 01-Criar, 02-Alterar e 03-Exibir o acesso nas transações IW*.