This document consists of authorization problem in MM01/02/03 (Material master) for material types.

I add material authorization group (BEGRU field) to T134 table  so you can implement authorization for different material types in material masters.

I hope that it can be helpful…

Related Oss Notes :

545380 – FAQ: Authorizations material master

303483 – Authorization check enhancement


Related Authorization Objects :


M_MATE_MAR , M_MATE_MAN , M_MATE_MAT , M_MATE_STA , M_MATE_WGR

For example , i implement authorization for HAWA material type creation.

1.PNG

6.PNG

  –>  Go to SE54 tcode and create authorization group

2.PNG

  –>  Assign authorization group —> determine work area  —> Table name T134 , Authorization group HAWA

3.PNG

–> New entries .

4.PNG

–> Go to HAWA material type configurations and define authorization group…

5.PNG

–>  You can see T134 details with SE16 , BEGRU-HAWA

7.PNG

**Solution — SU01 – Roles/ Authorizations / Add – M_MATE_MAR – Authorization Group HAWA and generate.

8.PNG

**Result: You can manage your authorizations in MM01/02/03 with material types.

9.PNG

     I hope that it can be beneficial for someone.

     Regards.

     M.Ozgur Unal

To report this post you need to login first.

19 Comments

You must be Logged on to comment or reply to a post.

  1. Manjunath B L

    Dear Mehmet Ozgur Unal,

    Really Nice Document. But I have faced some errors while implementing it

    1. In SU01 i didn’t find Roles/ Authorizations / Add – M_MATE_MAR – Authorization Group HAWA and generate

    And also please guide me from this step-SU01

    Please let me know the solution.

    Regards,

    Manjunath

    (0) 
      1. Mehmet Ozgur Unal Post author

        Hi all ;

        I hope that you can add authorization object to your user. Please try.

        1- Go to role –> PFCG tcode or SU01 roles.

        2- Add like belowed.

        1.PNG

             However , SU24 tcode can be helpful for this.

           

             Regards.

             M.Ozgur Unal.

        (0) 
        1. Gautham Vangaveti

          Hi Mehmet Ozgur Unal,

          Yes, this document is really good and will be defnitely helpful.

          Another way of doing it is, create an implicit enhancment in the first screen of MM01 and check your authorization object there based on material type or industry sector.

          Thanks & Regards,

          Gautham Vangaveti.

          (0) 
  2. Amit Anasane

    Thanks for sharing document and thanks for the efforts, it will be helpful to restrict users from creating material under unwanted material material types. 

    (0) 
  3. Jose Antonio Martinez

    Dear Mehmet:

    Thanks for sharing

    One question, if I setup the authorization group only will apply for material creation in MM01 or could affect in materials movements.

    Regards

    Jose Antonio

    (0) 
    1. Mehmet Ozgur Unal Post author

      Hi Jose Antonio Martinez ;

      If you setup the authorization group only will apply for material creation in material masters.

      If you want to affect material movements , i do not have any idea. But , i tried for you. Go to migo and debug it with /H. After that , breakpoints–>breakpoint at –> statement –>AUTHORITY-CHECK.

      Continue with F8 , you will see standard program authority objects like belowed.

      1.JPG

      Also , authorization objects are mentioned in the program with “AUTHORITY-CHECK” statement. So, the authorization checks for a particular object is only possible for a TCode if and only if the Object is encoded by a AUTHORITY-CHECK.

      AUTHORITY-CHECK OBJECT ‘S_CTS_ADMI’

                            ID     ‘CTS_ADMFCT’

                            FIELD  IV_ADMINFUNCTION.

      SU24 is storage for authorization objects of TCODES. I added but it is not checked in MIGO. It can be related my sap_all 🙂 , another way can be abap. You can check material types when you record material movements…

      Regards.

      M.Ozgur Unal

      (0) 
        1. Jose Antonio Martinez

          Thanks Mehmet Ozgur Unal

          I am trying to implemenet it, but our BASIS was refused because he think it will affect materiales movements related to material type, but with your clarification I will wait until I get a new test user and test in DEV system.

          Regards

          Jose Antonio

          (0) 
          1. Mehmet Ozgur Unal Post author

            Hi Jose Antonio Martinez  ;

            It doesn’t affect material movements related with to material type so M_MATE_MAR for material master. We use this implemantation in our company , there is not a problem like your said.

            Also , you can create a discussion in MM side to get more respond. However , you said that you can test it in your dev system.

            Regards.

            M.Ozgur Unal

            (0) 
  4. Brian Atkinson

    Hi M. Ozgur Unal,

    The SE54 step is not required. The authorization group in SE54 is not the same as authorization groups used for materials, material types, and material groups. Authorization group in SE54 is an auth group for extended table maintenance.

    Only two steps are required for an auth group on material type:

    (1) Trx OMS2, open the material type you want to restrict, add any auth group; e.g., ZMM1

    (2) For the role that has authorization object M_MATE_MAR, update BEGRU to be ZMM1

    It works perfect.

    Example… I gave a user M_MATE_MAR, BEGRU = ZMM2. That user then tried to display a material via MM03 that belonged to the material type that had been assigned auth group ZMM1. They immediately received an error… “No authorization to material type Finished product.” SU53 shows that M_MATE_MAR is missing authority to ZMM1.

    I then update the user’s access to include ZMM1 and ZMM2. They can now get into the material master with no issues.

    Respectfully,

    Brian

    (1) 
    1. Mehmet Ozgur Unal Post author

      Hi Brian ;

      You are right  , it works perfect …

      If you look at document , you can see OMS2 details , this ( SE54 part -> T134 ) part for only give technical detail , you can manage it customizing finally you will add record to customizing table T134.

      For example , i would expect a respond related with expand document like an belowed example.

      Can you see authority groups with F4 in SU01 ?

      /wp-content/uploads/2015/10/1_816313.png

         Please check your system.

         If you do not use F4 to select a authority group from all of them , update table TMBG     table , this info can be beneficial all related threads ..

         Regards.

         M.Ozgur Unal

      (0) 
  5. Brian Atkinson

    Hi M.Ozgur Unal,

    Thank you for the response. I want to make sure that readers are clear on what you show above…

    Standard SAP for authorization objects M_MATE_MAR, M_MATE_MAT, and M_MATE_WGR, uses authorization field BEGRU (just as you have shown). However, authorization field BEGRU (using data element BEGRU, and domain BEGRU) has no search help, and does not point to a value table like domain BEGRM does (it uses TMBG). (You can see all of this via trx SU20.)

    If you are seeing values on BEGRU from table TMBG, then I suspect that someone has changed the BEGRU authorization field or made some other change. Do you see something other than the standard SAP setup below?

    SU20 for auth field BEGRU

    BEGRU.jpg

    (1) 
  6. Gilberto Carvalho

    Hello Mehmert,

    We have a problem and I do not see a way to solve it, we are in an environment with 5 different companies and different Services master data (ASMD-ASTYP) one for each, I can not find a way to restrict that users can only use data of your company, in the requisitions purchases and orders I want the user can use the type of service registered in his profile but can not find any object

    The difficulty is precisely because there is no verification in the service master of an organizational data, such as a company or a plant.
    Thanks any help,
    Gilberto

    (0) 

Leave a Reply