Question:
Hi,
Please help, I'm stuck. I created a new variant transaction zmm02 which calls mm02 with a screen variant that only allows changes to specific views. A role is modified so that S_TCODE has ZMM02 and not mm02. At the end of executing ZMM02 however, an auth check is done on mm02 stcode. Can anyone advise how to stop system auth check on mm02?
Thanks much.
Jess
Answer:
check in SE93 if for T_CODE ZMM02 the S_TCODE check on MM02 is activated change that to ZMM02 and it will probably solve the issue
Answer:
Hi Auke,
Thank you very much for the reply. I checked in SE93 and the authorization check screen is blank. So no S_TCODE is being check at all.
I suspect it's calling mm02 t-code from the screen variant I created for the variant transaction ZMM02 but I don't know how to find out which screen is calling MM02. I ran trace(ST01) and it seems like is checking MM02 S_TCODE at the end of ZMM02 transaction. Do you know why this is happening?
Any idea would be greatly appreciated.
Again, thank you very much for the help
Jess
Answer:
In that case check the ABAP for the AUTORITY_CHECK statement and see if it is hard coded somewhere.
Answer:
Hi Auke,
I run this in debug mode and it turned out that its not the authority-check in the abap program. It's the statement "LEAVE TO TRANSACTION sy-tcode" at the end of abap program for mm02 that's causing the system to check for mm02. So we can't really do anything about.
Thanks,
Jesscca
Answer:
Jesscca
The only solution letf is to create a custom copy of the program and star out the line with that check.
Answer:
Auke,
Thanks for the reply but this would become a big task to customize mm02. It does not make sense.
Thanks for your help anyway.
Jess
Answer:
You should be able to do what you want with a specific role to access MM02 but only the views you want to allow. We did this restricting M_MATE_STA to just the storage view for users who could only change bin locations, and it's secure.
_________________
Regards.
ib
_________________________________
SAPFans help those who help themselves !
Answer:
Hi ib,
Thanks for the reply. Yes, I already controlled the view access using M_MATE_STA in a role so the user can only access 2 views but within the 2 views we need to restrict further at what fields user can change, therefore I created screen variant for the t-code and created a t-code zmm02 to run mm02 with the screen variant. Somehow the system does a authority check on S_TCODE MM02 after executing ZMM02. If we grant S_TCODE MM02 then user can call MM02 without the screen variant and that will defeat the purpose of ZMM02.
Thanks,
jess
Answer:
try locking MM02 then users can ONLY use your variants
Answer:
That is an excellent idea. However there are many other groups of users still need access to the regular MM02 t-code.
Thanks
jess
Answer:
create an other variant (being nothing else than the standard MM02 and assign that to the other roles) now you can lock mm02
Answer:
hi,
Demonstrate that, you only assign zmm02 to user and revoke mm02 ,because transaction verient by pass authorization check. User only run zmm02 not mm02.
rayyan