Skip to Content

Solution overview: 


A new authorization group will be added with standard SAP functionality. This Authorization Group will be assigned and linked to the appropriate business user’s security roles. 

The Authorization Group will be set up so that when the user signs into MM02, SAP will check the screen at the time of entering to verify if the user has a security role by doing an authorization check.It will then set the attributes of the field to either changeable or not (Change/Display). Implement an enhancement point in MM02 to flip the attribute on or off.

By doing this, the functionality of the field in MM01 will not be affected. The person who is creating the material will be allowed to set the field value as usual.

Assumption:


The field here is ‘Procurement type.’ Authorization Rules are created and assigned to User profiles.

Steps :


The following steps help us understand how the above functionality can be achieved:

  1. BADI_MAT_F_SPEC_SEL is used to achieve this. A new implementation ZC_BADI_MAT_F_SPEC_SEL and a class ZC_BADI_MAT_F_SPEC_SEL will be created.

        /wp-content/uploads/2013/03/1_194486.png

         /wp-content/uploads/2013/03/2_194487.png

2. Create an authorization class.

    Below are the steps to create an authorization class:

     2.1 Go to transaction SU21.

     2.2 Press the ‘Create’ button to create an object class.

           /wp-content/uploads/2013/03/3_194488.png

     2.3 Give the Object Class name and description. Press ‘Save’.

             /wp-content/uploads/2013/03/4_194489.png

3. Create an authorization object.

     3.1 Go to transaction SU21.

     3.2 Press the ‘Create’ button and select ‘Authorization Object’.

     /wp-content/uploads/2013/03/5_194490.png

     3.3 Enter the Authorization Object and description. Give the Authorization class that you created.


     3.4 Maintain authorization fields, here we will be using a standard one “ACTVT”.

           /wp-content/uploads/2013/03/6_194491.png

     3.5 Click on ‘Permitted Activities’ button, shown in the above screen.

     3.6 A pop-up will appear, click OK.

         /wp-content/uploads/2013/03/7_194492.png

     3.7 Select the permitted activity and SAVE.

           Here, we are selecting “Change” to ensure that only users with authorization are allowed to CHANGE the procurement type field.

         /wp-content/uploads/2013/03/8_194493.png



Psuedo Code :


The method FIELD_SELECTION in the class will be coded to check for user authorization and then the field MARC-BESKZ (Procurement type) on MM02 will be shown in “Change” mode only for the authorized users. In the method IF_EX_BADI_MAT_F_SPEC_SEL~FIELD_SELECTION of the class ZC_BADI_MAT_F_SPEC_SEL:

IF t130m-tcode = ‘MM02’.                                                                                                               “Check for the transaction code

    CASE fauswtab-fname.                                                                                                                            
              WHEN ‘MARC-BESKZ’.                                                                                                    “Check for field – Procurement Type
                         AUTHORITY CHECK OBJECT ‘Z_MM02_PRT’ ID ‘ACTVT’ FIELD ‘02’.                       “Check if User is authorized to Change

                           IF sy-subrc EQ 0.
                               fauswtab-kzinp = 1.                                                                                “Field in CHANGE mode only

                           ELSE.

                               fauswtab-kzinp = 0.                                                                                “Field in DISPLAY mode only
                           ENDIF.

    ENDCASE.

ENDIF.

Expected Output :

  • (1) User has no authorization – Procurement Type field is in DISPLAY mode

         /wp-content/uploads/2013/03/9_194494.png

  • (2) User has authorization Procurement Type field is in CHANGE mode

        /wp-content/uploads/2013/03/10_194495.png


To report this post you need to login first.

5 Comments

You must be Logged on to comment or reply to a post.

  1. Matthew Partington

    HI Sri, I have implemented something similar to this and recommend checking the individual field is actually changeable (in place of checking the transaction code) before calling the authority check to ensure the standard field control is kept consistent.

    Regards, Matt

    (0) 
    1. Srilakshmi S Post author

      Hi Matthew,

      The intent here is to check for User Authorization on a given field when using MM02. If the user enters MM01 for creating material data, then we do not even want to look for the field i.e., the user should be able to enter data without any restriction.This is why the transaction code has been verified in the first place.

      Regards,

      Sri.

      (0) 
      1. Matthew Partington

        Hi Sri,

        my point was more that using just the transaction code to do this is not good logic.  Yes MM02 is one thing you could check but what about transactions MM17 or MASS or BAPI calls.

        I believe the correct way to do this is to use the activity field (t130m-aktyp) as that says if you are in create, change or display mode and before setting fauswtab-kzinp to 0 you must check it is set to 1. 

        If it is set to 0 already your authority check result must not set it to 1 as you may bypass all the SAP standard authority checks on views etc..

        For a complete and accurate check more than what is detailed in this is example is needed but this is a good starting point to highlight the functionailty.  🙂

        Regards, Matt

        (0) 

Leave a Reply