Skip to Content

Authorization in material master related with material types

This document consists of authorization problem in MM01/02/03 (Material master) for material types.

I add material authorization group (BEGRU field) to T134 table  so you can implement authorization for different material types in material masters.

I hope that it can be helpful…

Related Oss Notes :

545380 – FAQ: Authorizations material master

303483 – Authorization check enhancement

Related Authorization Objects :


For example , i implement authorization for HAWA material type creation.



  –>  Go to SE54 tcode and create authorization group


  –>  Assign authorization group —> determine work area  —> Table name T134 , Authorization group HAWA


–> New entries .


–> Go to HAWA material type configurations and define authorization group…


–>  You can see T134 details with SE16 , BEGRU-HAWA


**Solution — SU01 – Roles/ Authorizations / Add – M_MATE_MAR – Authorization Group HAWA and generate.


**Result: You can manage your authorizations in MM01/02/03 with material types.


     I hope that it can be beneficial for someone.


     M.Ozgur Unal

You must be Logged on to comment or reply to a post.
  • Dear Mehmet Ozgur Unal,

    Really Nice Document. But I have faced some errors while implementing it

    1. In SU01 i didn't find -Roles/ Authorizations / Add - M_MATE_MAR - Authorization Group HAWA and generate

    And also please guide me from this step-SU01

    Please let me know the solution.



  • Thanks for sharing document and thanks for the efforts, it will be helpful to restrict users from creating material under unwanted material material types. 

  • Dear Mehmet:

    Thanks for sharing

    One question, if I setup the authorization group only will apply for material creation in MM01 or could affect in materials movements.


    Jose Antonio

    • Hi Jose Antonio Martinez ;

      If you setup the authorization group only will apply for material creation in material masters.

      If you want to affect material movements , i do not have any idea. But , i tried for you. Go to migo and debug it with /H. After that , breakpoints-->breakpoint at --> statement -->AUTHORITY-CHECK.

      Continue with F8 , you will see standard program authority objects like belowed.


      Also , authorization objects are mentioned in the program with "AUTHORITY-CHECK" statement. So, the authorization checks for a particular object is only possible for a TCode if and only if the Object is encoded by a AUTHORITY-CHECK.


                            ID     'CTS_ADMFCT'

                            FIELD  IV_ADMINFUNCTION.

      SU24 is storage for authorization objects of TCODES. I added but it is not checked in MIGO. It can be related my sap_all 🙂 , another way can be abap. You can check material types when you record material movements...


      M.Ozgur Unal

  • Hi M. Ozgur Unal,

    The SE54 step is not required. The authorization group in SE54 is not the same as authorization groups used for materials, material types, and material groups. Authorization group in SE54 is an auth group for extended table maintenance.

    Only two steps are required for an auth group on material type:

    (1) Trx OMS2, open the material type you want to restrict, add any auth group; e.g., ZMM1

    (2) For the role that has authorization object M_MATE_MAR, update BEGRU to be ZMM1

    It works perfect.

    Example... I gave a user M_MATE_MAR, BEGRU = ZMM2. That user then tried to display a material via MM03 that belonged to the material type that had been assigned auth group ZMM1. They immediately received an error... "No authorization to material type Finished product." SU53 shows that M_MATE_MAR is missing authority to ZMM1.

    I then update the user's access to include ZMM1 and ZMM2. They can now get into the material master with no issues.



    • Hi Brian ;

      You are right  , it works perfect ...

      If you look at document , you can see OMS2 details , this ( SE54 part -> T134 ) part for only give technical detail , you can manage it customizing finally you will add record to customizing table T134.

      For example , i would expect a respond related with expand document like an belowed example.

      Can you see authority groups with F4 in SU01 ?


         Please check your system.

         If you do not use F4 to select a authority group from all of them , update table TMBG     table , this info can be beneficial all related threads ..


         M.Ozgur Unal

  • Hi M.Ozgur Unal,

    Thank you for the response. I want to make sure that readers are clear on what you show above...

    Standard SAP for authorization objects M_MATE_MAR, M_MATE_MAT, and M_MATE_WGR, uses authorization field BEGRU (just as you have shown). However, authorization field BEGRU (using data element BEGRU, and domain BEGRU) has no search help, and does not point to a value table like domain BEGRM does (it uses TMBG). (You can see all of this via trx SU20.)

    If you are seeing values on BEGRU from table TMBG, then I suspect that someone has changed the BEGRU authorization field or made some other change. Do you see something other than the standard SAP setup below?

    SU20 for auth field BEGRU


  • Hello Mehmert,

    We have a problem and I do not see a way to solve it, we are in an environment with 5 different companies and different Services master data (ASMD-ASTYP) one for each, I can not find a way to restrict that users can only use data of your company, in the requisitions purchases and orders I want the user can use the type of service registered in his profile but can not find any object

    The difficulty is precisely because there is no verification in the service master of an organizational data, such as a company or a plant.
    Thanks any help,