https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320619#M1226375 <HTML><HEAD></HEAD><BODY><P>Please re-read my earlier posts carefully. </P><P></P><P>To put it in simpler words:</P><P><EM>Adding keys to your keyring does not make the corresponding locks appear in your door. For that you'd need a carpenter and/or locksmith.</EM></P><P></P><P>To get extra authority-checks into a program you need an abaper.</P></BODY></HTML> Thu, 12 Mar 2009 12:45:36 GMT jurjen_heeck 2009-03-12T12:45:36Z https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320612#M1226368 <HTML><HEAD></HEAD><BODY><P>Dear </P><P></P><P>I have created a role in which only one tcode(C223 - Production Version) has assigned. In change auth. (pfcg - role authorization) data there is no Material Type object is being availble / asked. However I have to apply second level on material type.</P><P></P><P>Conseuqenly, I have added munally an object of Material Type (M_Mate_Mara) but it doesnt restrict the user to view only anth. material types.</P><P></P><P>Kindly help in this regards;</P><P>AJ</P></BODY></HTML> Thu, 12 Mar 2009 09:49:27 GMT https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320612#M1226368 Former Member 2009-03-12T09:49:27Z https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320613#M1226369 <HTML><HEAD></HEAD><BODY><P>&gt; Conseuqenly, I have added munally an object of Material Type (M_Mate_Mara) but it doesnt restrict the user to view only anth. material types.</P><P></P><P>Just adding objects to a role will never enforce extra restrictions. If you run a trace while executing the tcode you'll see which authority-checks are actually executed, including the ones switched off in SU24.</P></BODY></HTML> Thu, 12 Mar 2009 09:58:34 GMT https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320613#M1226369 jurjen_heeck 2009-03-12T09:58:34Z https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320614#M1226370 <HTML><HEAD></HEAD><BODY><P>thanks Dear;</P><P></P><P>Actually, I am new in Basis, </P><P></P><P>I have called SU24; then called required tcode C223 and added object Material Type Object.</P><P></P><P>After all in role auth. it shows Material Type object (no need to add it munally) but it again not restricting by material type. </P><P></P><P>regads;</P><P>AJ</P></BODY></HTML> Thu, 12 Mar 2009 12:05:00 GMT https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320614#M1226370 Former Member 2009-03-12T12:05:00Z https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320615#M1226371 <HTML><HEAD></HEAD><BODY><P>The basic rule you have to understand here is:</P><P><STRONG>You can not add authority-checks to programs without actually modifying the code</STRONG></P><P>So if you need extra security, best talk to an abaper.</P></BODY></HTML> Thu, 12 Mar 2009 12:10:26 GMT https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320615#M1226371 jurjen_heeck 2009-03-12T12:10:26Z https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320616#M1226372 <HTML><HEAD></HEAD><BODY><P>Please go to SU24 and change status of this object to C/M for C223.</P><P></P><P>Regards,</P><P>Surpreet</P></BODY></HTML> Thu, 12 Mar 2009 12:14:49 GMT https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320616#M1226372 Former Member 2009-03-12T12:14:49Z https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320617#M1226373 <HTML><HEAD></HEAD><BODY><P>&gt; Please go to SU24 and change status of this object to C/M for C223.</P><P></P><P>Does that make it magically appear in the source code? I'm actually trying to dig through that at the moment and the only object I've found so far is C_FVER_WRK with the fields ACTVT ans WERKS so no material type there......</P></BODY></HTML> Thu, 12 Mar 2009 12:26:57 GMT https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320617#M1226373 jurjen_heeck 2009-03-12T12:26:57Z https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320618#M1226374 <HTML><HEAD></HEAD><BODY><P>But I have added M_MATE_MAR from SU24. </P><P>and check / Yes option.</P><P></P><P>after that there are two objects appare C_FVER_WRK and M_MATE_MAR.</P><P></P><P>and in filed BEGRU in have added some material type but invain....</P><P></P><P>AJ</P></BODY></HTML> Thu, 12 Mar 2009 12:37:59 GMT https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320618#M1226374 Former Member 2009-03-12T12:37:59Z https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320619#M1226375 <HTML><HEAD></HEAD><BODY><P>Please re-read my earlier posts carefully. </P><P></P><P>To put it in simpler words:</P><P><EM>Adding keys to your keyring does not make the corresponding locks appear in your door. For that you'd need a carpenter and/or locksmith.</EM></P><P></P><P>To get extra authority-checks into a program you need an abaper.</P></BODY></HTML> Thu, 12 Mar 2009 12:45:36 GMT https://community.sap.com/t5/application-development-and-automation-discussions/second-level-auth/m-p/5320619#M1226375 jurjen_heeck 2009-03-12T12:45:36Z