Problem solve Get help with specific problems with your technologies, process and projects.

Regulating user authorizations for Goods Receipting transactions

In our SAP R/3 4.6C implementation, we have added functionality via a BAPI to Goods Receipting (transaction MIGO) that allows users to update certain fields (e.g. inventory no.) in the relevant asset master records.

However, to do this we have had to add certain authorizations (e.g. A_S_ANLKL etc.) to the Goods Receipting role. This in itself is not an issue but when a user has other asset-related roles the additive effect of autorizations presents a security problem.

In attempting to overcome this we have created a new authorization object ZA_S_ANLKL that is effectively a copy of A_S_ANLKL. This authorization object has been assigned to transaction AS02 via SE93. This allows me to add an extra check for activity=02 but it does not allow me to put the relevant classes and company codes in a role. Is there a better approach?
I would use a customer exit in the ABAP behind MIGO to check for the specified values in your custom authorization object. Additionally, you should determine if there is a similar exit to comment out the A_S_ANLKL check that is undesired.

Dig Deeper on SAP security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.