Supply Chain Management Blogs by SAP
Expand your SAP SCM knowledge and stay informed about supply chain management technology and solutions with blog posts by SAP. Follow and stay connected.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Instance specific Authority Control in SAP S/4HANA Transportation Management

AtulGokhale
Product and Topic Expert
Product and Topic Expert
‎03-21-2024 8:05 AM

Primary use case is for the customers (Shippers)  using SAP Transportation Management in SAP S/4HANA to procure Transport Services from logistics service providers during their Inbound and Outbound Logistics processes. In most of the cases the customers (Shippers) plan and execute Freight Orders and Freight Bookings in the Transportation Management module. In many cases the Shipper provides system access to those users who are external (example employee of Logistics company with whom the Shipper has business dealings) and Shipper would like to restrict activities of this user.

User Role with Authorization profile is the basis to control the access of such users, but sometimes it is not enough and customers need to influence the access based on very specific logic. In such cases it is required to base the logic on a specific document (being accessed by the user) and the data inside the document to decide if and what the user will be allowed to do or see. This is why it is called "Instance Specific Authority Check"

BADI /SCMTMS/BADI_AC_DEF has a new method ADJUST_AUTH_CONTEXT().  The new method can be used to adjust the authorization check context before the authorization check is executed in Transportation Management for a single instance.

  • IV_AUTHORITY_OBJECT: Brings the Authorization Objects
  • IV_KEYInstance key, for which the authorization check is performed (Example Freight Order Root Key)
  • CS_CTX: Authorization context. Below information can be adjusted:
    • ACTIVITY: Activity, with which the authorization check will be executed.
    • BO_SERVICE: The content of the field BO_SERVICE

Important OSS notes to be considered:

  • 2890717 - TM Authorization Check in SAP S/4HANA
  • 3441660 - No possibility to influence Activity / BO_SERVICE instance specifically

My customer wanted to restrict the view to Charges related information and activities related to Subcontracting in the Freight Order for specific Carrier Business Partners assigned. (controlled vai T_TOR_EXE and T_TOR_PUR authorization objects)

The BADI method gives a good flexibility to achieve similar requirements going forward.