Q

How to restrict users by plant in transaction code IW32

We are trying to restrict users by plant in transaction code IW32 and have this in the organization level. It is not working. I have looked at all the objects using SU24 and reviewing the access, but no luck. Where else can I look?
You should certainly use SAP's very robust authorization trace function in transaction ST01 to help you understand whether plant level security is available. My own rudimentary analysis suggests that if the maintenance plant is provided in the location tab in transaction IW32 then object I_SWERK, which includes maintenance plant, will be checked. This may require that you configure the transaction so that maintenance plant is a required field. If the authorization check is not invoked in a part of the process that is meaningful for your security objectives then consider using user exits. Look at the exits starting with CONF* in transaction SMOD and work with a developer and a functional PM expert to determine whether any of these are called in a way that will satisfy your security requirements.
This was first published in June 2006

Dig deeper on SAP security administration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchManufacturingERP

SearchOracle

SearchDataManagement

SearchAWS

SearchBusinessAnalytics

SearchCRM

SearchContentManagement

SearchFinancialApplications

Close