Problem solve Get help with specific problems with your technologies, process and projects.

How to restrict users by plant in transaction code IW32

We are trying to restrict users by plant in transaction code IW32 and have this in the organization level. It is not working. I have looked at all the objects using SU24 and reviewing the access, but no luck. Where else can I look?
You should certainly use SAP's very robust authorization trace function in transaction ST01 to help you understand whether plant level security is available. My own rudimentary analysis suggests that if the maintenance plant is provided in the location tab in transaction IW32 then object I_SWERK, which includes maintenance plant, will be checked. This may require that you configure the transaction so that maintenance plant is a required field. If the authorization check is not invoked in a part of the process that is meaningful for your security objectives then consider using user exits. Look at the exits starting with CONF* in transaction SMOD and work with a developer and a functional PM expert to determine whether any of these are called in a way that will satisfy your security requirements.

Dig Deeper on SAP security