Question:
We have a need to have restrictions on mm01 / mm02 transactions for follwoing data:
We have 3 level hierarchy of organizations which own the products, example:
level 1 : (financial, manufacturing,...)
level 2 : (banking, insurance, ...)
level 3 : (retail banking, corporate banking, ...)
Each product should have an attribute which specifies the value of level 3 reference field. Users should have restrictions to display, change or create the products only for the organization they belong to.
We considered following options:
1. Find a suitable user exit in mm01 and mm02 transaction and put the authorization check there to restrict the user's access. As I understand, there is no user exit in mm01 and mm02 transactions which are invoked before loading of data which I could use. Option rejected.
2. There is field BEGRU in MARA table which was unused till now. We put the reference of level 3 organization in that field and we can have the authorization check automatically by auth object M_MATE_MAT. Problem with this approach is BEGRU field in char(4), which is insufficient to hold the code of level 3 organization (it is char-6). If we plan to use this, it would mean we use some new coding conventions. Option under consideration.
I am sure the need which I have, will be there from many organizations. Could there be more options which we can try. Looking forward to have more views.
TIA,
Nishant
Answer:
Option 2 is very widely used. Changing the L3 naming convention should be less effort and impact than user exits/customisation etc.