Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MM01 and MM02

former_member631279
Discoverer

‎03-04-2019 7:49 PM

We are enhancing MM01 and MM02 security. Does anyone has idea how we can restrict Material types for users with user groups.

I checked MM01 SU24 table and many objects are checking during run-time. Would someone tell me which main object we can use.

The scenario is.

1. Some will request the Material (workflow initiated).

2. This will go to Manager bucket and Manage allow to create Material someone else.

3. So creator and changing of Material name would be other person.

2 REPLIES 2

arnoseidl
Explorer

‎03-13-2019 1:00 PM

Hello Sandall

If you really would like to restrict the mentioned transaction codes at user group level, then I suggest creating a custom authorization object that holds the authorization fields Activity, Material type and User Group.

Kind regards
Arno

LukaszL
Participant

‎03-14-2019 9:42 PM

Hello,

If possible I suggest to discuss creating separate role variants for each material type and activity scenario and to assign those role variants to users ideally using your external Identity Management solution depending on the user business role, user group, organizational structure, position or job.

If you really would like to restrict at user group level, I recommend to first check this idea with your internal audit or compliance team, as restricting authorizations at user group level can lead to potential segregation of duties conflicts or additional concerns related to identity management or audit requirements.

Regards