Question:
Hi SAP fans,
I'm trying to limit authorisation, so that if it's for a particular transaction code, then only a particular location is allowed.
e.g. t-code LI20 is only allowed for storage type 99S,
but for very other transaction code this restriction does not apply.
how do I create a role for a combination of t-code and object values ?
pls advise.
thanks, MayNee
Answer:
Storage location checks need to be activated via customizing.
Mat Management - Inv Management - Auth Management - Auth check for storeage locations.
Here is what the note against the branch says....
Authorization check for storage locations
In this step, you activate storage location authorization for individual storage locations.
Storage location authorization means that a user has to have authorization for authorization object M_MSEG_LGO in order to enter a goods movement in the storage location, using a particular movement type. In the list of material documents, only the document items for which the user has a display authorization are displayed.
Example
Storage location authorization is useful, for example, if you want to protect the goods stored in a particular storage location.
Standard settings
In the SAP Standard configuration, storage location authorization is not active.
Recommendation
Note: Using storage location authorization means that more work is involved in configuring user authorizations. SAP recommends that you only use plant authorization as far as possible. Storage location authorization could have negative effects on performance.
If you only want to store a material in one storage location with authorization check, it is a good idea to prevent storage location data from being created automatically, so that the material cannot be stored in another storage location without protection.
Activities
Only make these settings if you want to use storage location authorization.
1. Activate storage location authorization in the required storage locations.
2. Create an authorization for the object M_MSEG_LGO and assign the new authorization to the authorization profiles.
Answer:
SAP Security is OBJECT oriented ( auhtorization OBJECT) and therefore you give access to an OBJECT system wide. You cannot restrict an object to a specific tcode if the object is used widely. so if you give access to a storage location then SAP does not care how you get there or what tcode you use.
Answer:
Has it occured to anyone that the question was about Storage TYPES not Storage location?
Answer:
Hi SAP fans,
I'm trying to limit authorisation, so that if it's for a particular transaction code, then only a particular location is allowed.
Has it occured to anyone that the question was about Storage TYPES not Storage location?
No, because the original post said location , that's why I gave some more info on the auth checking.
If it is type - then John's reply is still valid.