Solved: can I use object S_USER_GRP other than I_IWERK to ...

former_member588416 · ‎02-21-2019

In my company, we only have PLM system, MM module is not implemented.

I am working on authorization now, considering to put plant code value in ' user group' filed through SU01, insert S_USER_GRP in roles to differential plant authorization.

I know it will work for sure. However SAP Security gurus, I will need your opinion. Is there any risk behind?

Thank you!

alessandr0 · ‎03-14-2019

Hi Iola,

just keep in mind that authorizing S_USER_GRP might open up acess in the user master transactions like SU01, etc. if users get access to it. I am not an PLM expert, but you might instead consider a custom authoriztion object.

Regards, Alessandro

can I use object S_USER_GRP other than I_IWERK to segregate plant users' authorization

Re: Message no. FINS_ACDOC_CUST298 - Crcy type 30 ...

Re: ACH/ WIRE RETURN Process in S/4 Hana

Re: ACH/ WIRE RETURN Process in S/4 Hana

Ageing report and balance sheet mismatch

Re: Interest Posting is generated on the same date...