By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
However, to do this we have had to add certain authorizations (e.g. A_S_ANLKL etc.) to the Goods Receipting role. This in itself is not an issue but when a user has other asset-related roles the additive effect of autorizations presents a security problem.
In attempting to overcome this we have created a new authorization object ZA_S_ANLKL that is effectively a copy of A_S_ANLKL. This authorization object has been assigned to transaction AS02 via SE93. This allows me to add an extra check for activity=02 but it does not allow me to put the relevant classes and company codes in a role. Is there a better approach?
I would use a customer exit in the ABAP behind MIGO to check for the specified values in your custom authorization object. Additionally, you should determine if there is a similar exit to comment out the A_S_ANLKL check that is undesired.
Dig Deeper on SAP security administration
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.