Regulating user authorizations for Goods Receipting transactions |
 |
EXPERT RESPONSE FROM: Steven Fullbright
|
|
|
| > |
QUESTION POSED ON: 15 April 2003
In our SAP R/3 4.6C implementation, we have added functionality via a BAPI to Goods Receipting (transaction MIGO) that allows users to update certain fields (e.g. inventory no.) in the relevant asset master records.
However, to do this we have had to add certain authorizations (e.g. A_S_ANLKL etc.) to the Goods Receipting role. This in itself is not an issue but when a user has other asset-related roles the additive effect of autorizations presents a security problem.
In attempting to overcome this we have created a new authorization object ZA_S_ANLKL that is effectively a copy of A_S_ANLKL. This authorization object has been assigned to transaction AS02 via SE93. This allows me to add an extra check for activity=02 but it does not allow me to put the relevant classes and company codes in a role. Is there a better approach?
|
|
| > |
EXPERT RESPONSE
I would use a customer exit in the ABAP behind MIGO to check for the
specified values in your custom authorization object. Additionally, you
should determine if there is a similar exit to comment out the A_S_ANLKL
check that is undesired.
|
|
|
|
|
|
|
|
Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and
answer pairs from more than 250 TechTarget industry experts.
|
|
|
|
|
|
|
|
|
|
|
|
