RE: [sap-dev] Authorization for MB1A
Posted by
Admin at
|
Share this post:
|
|
0 Comments
 | Posted by Keith Lewis (Senior SAP Logistics Analyst) on Apr 23 at 3:50 AM |  Mark as helpful |
You cannot set the authorisations for "movement type per transaction" so
having 2 roles will not work. The authorisation is for movement type
only. You are either allowed to make a 551 movement or you are not,
regardless of the transaction you are using. I would suggest that if you
want to restrict the 551 movement being used, then you should stop the
normal users doing it and only allow a supervisor to do it. That way you
control the usage.
It will make no difference if the user is running MB1A directly, or
whether MB1A is called from a custom program. The authorisation checks
will be exactly the same so what you are wanting is impossible to do
without either changing standard SAP code or copying the MB1A code to a
Z program and modifying the movement type authorisation check,
allocating it a Z transaction code, then calling the Z transaction code
from your custom program.
Cheers
Keith
Keith Lewis
Senior SAP Logistics analyst
________________________________
From: YipChan via sap-dev [mailto:sap-dev@Groups.ITtoolbox.com]
Sent: Friday, April 23, 2010 2:38 AM
To: Lewis, Keith
Subject: RE:[sap-dev] Authorization for MB1A
Posted by YipChan (Programmer)
on Apr 22 at 9:44 PM
Mark this reply as helpfulMark as helpful
<http://it.toolbox.com/api/ContentVote/3459354/1/1/>
thanks Jordan You get my problem clearly. I have tried your suggestion
last day, but may be i am new in Authorization setting, so it seems
can't work. Is it ok to set two role 1. Blocking using 551 in MB1A ?
(This one already set it, It's work) 2. Allow using 551 in MB1A through
a custom program ? (This one I am not clear, how to set it)
---------------Original Message---------------
From: scottbj
Sent: Thursday, April 22, 2010 4:53 PM
Subject: Authorization for MB1A
> Neal, I didn't read that he wanted to defeat SAP security, but rather
he > wanted to stop some people from using movement type 551 while
allowing > others access to it. I think YipChan feels he needs a custom
program to > accomplish that; However, he should be able to control
everything with > security. > > > > If I interpreted your needs
correctly Yip, check how your roles are > using auth objects M_MSEG_BMB
& M_MSEG_BWA. Those are the Movement Type > auth objects and you can
control whether those movement types can be > displayed, changed, or
created. You can assign those objects to two > different roles, one for
allowing creation of 551 and the other that > restricts access to that
type. I hope that helps. > > > > If I'm off base on your needs, please
explain your requirements for that > custom program. > > > > Cheers! > >
Scott Bains-Jordan
__.____._ having 2 roles will not work. The authorisation is for movement type
only. You are either allowed to make a 551 movement or you are not,
regardless of the transaction you are using. I would suggest that if you
want to restrict the 551 movement being used, then you should stop the
normal users doing it and only allow a supervisor to do it. That way you
control the usage.
It will make no difference if the user is running MB1A directly, or
whether MB1A is called from a custom program. The authorisation checks
will be exactly the same so what you are wanting is impossible to do
without either changing standard SAP code or copying the MB1A code to a
Z program and modifying the movement type authorisation check,
allocating it a Z transaction code, then calling the Z transaction code
from your custom program.
Cheers
Keith
Keith Lewis
Senior SAP Logistics analyst
________________________________
From: YipChan via sap-dev [mailto:sap-dev@Groups.ITtoolbox.com]
Sent: Friday, April 23, 2010 2:38 AM
To: Lewis, Keith
Subject: RE:[sap-dev] Authorization for MB1A
Posted by YipChan (Programmer)
on Apr 22 at 9:44 PM
Mark this reply as helpfulMark as helpful
<http://it.toolbox.com/api/ContentVote/3459354/1/1/>
thanks Jordan You get my problem clearly. I have tried your suggestion
last day, but may be i am new in Authorization setting, so it seems
can't work. Is it ok to set two role 1. Blocking using 551 in MB1A ?
(This one already set it, It's work) 2. Allow using 551 in MB1A through
a custom program ? (This one I am not clear, how to set it)
---------------Original Message---------------
From: scottbj
Sent: Thursday, April 22, 2010 4:53 PM
Subject: Authorization for MB1A
> Neal, I didn't read that he wanted to defeat SAP security, but rather
he > wanted to stop some people from using movement type 551 while
allowing > others access to it. I think YipChan feels he needs a custom
program to > accomplish that; However, he should be able to control
everything with > security. > > > > If I interpreted your needs
correctly Yip, check how your roles are > using auth objects M_MSEG_BMB
& M_MSEG_BWA. Those are the Movement Type > auth objects and you can
control whether those movement types can be > displayed, changed, or
created. You can assign those objects to two > different roles, one for
allowing creation of 551 and the other that > restricts access to that
type. I hope that helps. > > > > If I'm off base on your needs, please
explain your requirements for that > custom program. > > > > Cheers! > >
Scott Bains-Jordan
Copyright © 2010 Toolbox.com and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Keith LewisSAP Development Enthusiast
Contributed 100 posts in a group to earn a Bronze Achievement
In the Spotlight
Toolbox.com for iPhone: Ask Questions & Get Answers Anywhere Use the New iPhone App
View this thread online
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
_.____.__ 
