Authorization in material master related with material types
This document consists of authorization problem in MM01/02/03 (Material master) for material types.
I add material authorization group (BEGRU field) to T134 table so you can implement authorization for different material types in material masters.
I hope that it can be helpful…
Related Oss Notes :
545380 – FAQ: Authorizations material master
303483 – Authorization check enhancement
Related Authorization Objects :
M_MATE_MAR , M_MATE_MAN , M_MATE_MAT , M_MATE_STA , M_MATE_WGR
For example , i implement authorization for HAWA material type creation.
–> Go to SE54 tcode and create authorization group
–> Assign authorization group —> determine work area —> Table name T134 , Authorization group HAWA
–> New entries .
–> Go to HAWA material type configurations and define authorization group…
–> You can see T134 details with SE16 , BEGRU-HAWA
**Solution — SU01 – Roles/ Authorizations / Add – M_MATE_MAR – Authorization Group HAWA and generate.
**Result: You can manage your authorizations in MM01/02/03 with material types.
I hope that it can be beneficial for someone.
Regards.
M.Ozgur Unal
Dear Mehmet Ozgur Unal,
Really Nice Document. But I have faced some errors while implementing it
1. In SU01 i didn't find -Roles/ Authorizations / Add - M_MATE_MAR - Authorization Group HAWA and generate
And also please guide me from this step-SU01
Please let me know the solution.
Regards,
Manjunath
If you are a functional consultant then you can ask your basis consultant to add this role in SU01 and generate.
Regards,
Gautham.
Hi all ;
I hope that you can add authorization object to your user. Please try.
1- Go to role --> PFCG tcode or SU01 roles.
2- Add like belowed.
However , SU24 tcode can be helpful for this.
Regards.
M.Ozgur Unal.
Hi Gautham Vangaveti ;
What you think about document ? Do you want to add something ?
Regards.
M.Ozgur Unal
Hi Mehmet Ozgur Unal,
Yes, this document is really good and will be defnitely helpful.
Another way of doing it is, create an implicit enhancment in the first screen of MM01 and check your authorization object there based on material type or industry sector.
Thanks & Regards,
Gautham Vangaveti.
Hi Gautham Vangaveti ;
This way can be implementable , i will try it and update you.
Regards.
M.Ozgur Unal
Thanks for sharing document and thanks for the efforts, it will be helpful to restrict users from creating material under unwanted material material types.
Hi Amit Anasane ;
I hope that it can be helpful someone.
Regards.
M.Ozgur Unal
Dear Mehmet:
Thanks for sharing
One question, if I setup the authorization group only will apply for material creation in MM01 or could affect in materials movements.
Regards
Jose Antonio
Hi Jose Antonio Martinez ;
If you setup the authorization group only will apply for material creation in material masters.
If you want to affect material movements , i do not have any idea. But , i tried for you. Go to migo and debug it with /H. After that , breakpoints-->breakpoint at --> statement -->AUTHORITY-CHECK.
Continue with F8 , you will see standard program authority objects like belowed.
Also , authorization objects are mentioned in the program with "AUTHORITY-CHECK" statement. So, the authorization checks for a particular object is only possible for a TCode if and only if the Object is encoded by a AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_CTS_ADMI'
ID 'CTS_ADMFCT'
FIELD IV_ADMINFUNCTION.
SU24 is storage for authorization objects of TCODES. I added but it is not checked in MIGO. It can be related my sap_all 🙂 , another way can be abap. You can check material types when you record material movements...
Regards.
M.Ozgur Unal
Also , this document can be helpful for us.
MM Related Authorization Objects - How to Find out & Assign
Regards.
M.Ozgur Unal
Thanks Mehmet Ozgur Unal
I am trying to implemenet it, but our BASIS was refused because he think it will affect materiales movements related to material type, but with your clarification I will wait until I get a new test user and test in DEV system.
Regards
Jose Antonio
Hi Jose Antonio Martinez ;
It doesn't affect material movements related with to material type so M_MATE_MAR for material master. We use this implemantation in our company , there is not a problem like your said.
Also , you can create a discussion in MM side to get more respond. However , you said that you can test it in your dev system.
Regards.
M.Ozgur Unal
Hi M. Ozgur Unal,
The SE54 step is not required. The authorization group in SE54 is not the same as authorization groups used for materials, material types, and material groups. Authorization group in SE54 is an auth group for extended table maintenance.
Only two steps are required for an auth group on material type:
(1) Trx OMS2, open the material type you want to restrict, add any auth group; e.g., ZMM1
(2) For the role that has authorization object M_MATE_MAR, update BEGRU to be ZMM1
It works perfect.
Example... I gave a user M_MATE_MAR, BEGRU = ZMM2. That user then tried to display a material via MM03 that belonged to the material type that had been assigned auth group ZMM1. They immediately received an error... "No authorization to material type Finished product." SU53 shows that M_MATE_MAR is missing authority to ZMM1.
I then update the user's access to include ZMM1 and ZMM2. They can now get into the material master with no issues.
Respectfully,
Brian
Hi Brian ;
You are right , it works perfect ...
If you look at document , you can see OMS2 details , this ( SE54 part -> T134 ) part for only give technical detail , you can manage it customizing finally you will add record to customizing table T134.
For example , i would expect a respond related with expand document like an belowed example.
Can you see authority groups with F4 in SU01 ?
Please check your system.
If you do not use F4 to select a authority group from all of them , update table TMBG table , this info can be beneficial all related threads ..
Regards.
M.Ozgur Unal
Dear, Mehmet Ozgur Unal
SE54 part is really confusing, as the goal and the benefit is not clear even after your explanation
The next comment from Brian Atkinson makes a good point.
Hello Konstantin Dudura ,
Which one is clear for you, please prefer it ! I only tried the logic. The others are implementation steps.
BR
M.Ozgur Unal
Hi M.Ozgur Unal,
Thank you for the response. I want to make sure that readers are clear on what you show above...
Standard SAP for authorization objects M_MATE_MAR, M_MATE_MAT, and M_MATE_WGR, uses authorization field BEGRU (just as you have shown). However, authorization field BEGRU (using data element BEGRU, and domain BEGRU) has no search help, and does not point to a value table like domain BEGRM does (it uses TMBG). (You can see all of this via trx SU20.)
If you are seeing values on BEGRU from table TMBG, then I suspect that someone has changed the BEGRU authorization field or made some other change. Do you see something other than the standard SAP setup below?
SU20 for auth field BEGRU
Hello Mehmert,
We have a problem and I do not see a way to solve it, we are in an environment with 5 different companies and different Services master data (ASMD-ASTYP) one for each, I can not find a way to restrict that users can only use data of your company, in the requisitions purchases and orders I want the user can use the type of service registered in his profile but can not find any object
The difficulty is precisely because there is no verification in the service master of an organizational data, such as a company or a plant.
Thanks any help,
Gilberto
Thanks for sharing, very helpful!