In PFCG I have created a single role to manage the services order by plant. In the transaction IW32 I would like to restrict the sales document assignment by sales area. Which authorization object can do that? Can I define my single role without a user exit?
You can determine what objects are checked when you perform a transaction by turning on the authorization trace with transaction ST01. You then perform the action and turn off and analyze the trace. If there is an object that checks for sales area you can employ that object in your role in PFCG. If there is no such object you may look for a user exit that may allow a developer to add the authorization check.
Dig Deeper on SAP security
A SearchSAP.com reader wants to know how to grant a user access to cost centers, as well as access to one cost element across all cost centers.
Learn how to stop SAP users from displaying HR table contents in an SAP table without restricting access to an SE16N transaction.
A SearchSAP.com reader who stores user email addresses within the SAP SU01 transaction code and wants to know where to locate the data.