topic Re: Authorization Objects field values in Application Development and Automation Discussions

Authorization Objects field values

Former Member — Wed, 16 Sep 2009 18:36:55 GMT

Hi Guys,

Can anyone tell me what filed value can be entered in the following authorization Object since these authorization object s are not belong to any functional folks. I was wondering if the functional folks know the value that needs to be entered in the following fields.

I assigned MM01, MM02 MM03 in this end user role and received these authorization objects.

Standard Authorization for Classification C_KLAH_BKL

Activity 01, 03 ACTVT

Classification authorization g ? BGRKL

Standard Authorization for Characteristics of Org. Area C_TCLS_MNT

Activity 23 ACTVT

Class Type 001 KLART

Organizational Area Indicator ? SICHT

Also same thing for this module PP (Production Planning), should I ask my FI/CO or MM functional team to tell me what values should be going into the following authorization Objects

Please let me know if anyone knows what values should be entered in the following authorization objects or Should I talk to my MM functional team to tell me what values should be there because PP is not there expertise thatu2019s what I concern

Standard CC Change Master - Authorization Group C_AENR_BGR

Activity 22 ACTVT

Authorization Group ? BEGRU

Standard CC Eng. Chg. Mgmt. Enhanced Authorization Check C_AENR_ERW

Activity 22 ACTVT\

AEFUN ?

AENST ?

BEGRU ?

RLKEY ?

Thanks in Advance

Faisal

Edited by: Faisal on Sep 16, 2009 10:03 PM

Re: Authorization Objects field values

Former Member — Wed, 16 Sep 2009 20:12:30 GMT

It depend on what you want to achieve when using those transactions.

Your functional expert should have worked that out and should give you the values.

It is your job to consider whether it achieves that which the funkie wants, or whether the choice of transaction is the problem in the first place and conflicting with the role build concept you have given them (or negotiated with them, while explaining the pro's and con's).

If you always just "make it work" and insert manually to achieve that then you are defeating the purpose.

Also, think about those who will need to maintain or upgrade these roles in future when the business process, or organization or system technology changes.

It is very easy to dog your own hole by taking a shortcut (or poping a * into a field).

My advise: Give them some feedback. Tell them you want proper information to work with. Have them test it (and do a few negative tests in your free time, also learn the business processes).

My 2 cents,

Julius

Re: Authorization Objects field values

sdipanjan — Wed, 16 Sep 2009 20:12:42 GMT

First you try to check the documentation of those Objects in SU21 and also in table TOBJ (TOBJT).

For fields and their respective tables, please check them in the table AUTHX.

For probable values of the Objects, please check USOBT_C entries. Also you may review the entries in USOTT and in SU22.

Let me know how much of you quires are left now.

regards,

Dipanjan

Re: Authorization Objects field values

Former Member — Wed, 16 Sep 2009 21:09:05 GMT

Hi Dipanjan,

> First you try to check the documentation of those Objects in SU21 and also in table TOBJ (TOBJT).

In a win :win situation the Security admin would know the objects already and their dependencies.

In a loose : loose situation the Functional consultant doesn't know the objects and the customizing dependencies either.

If all else fails SU24 will help you a part of the way, but it is not caste in stone and you still need to maintain fields which you don't possibly understand, without the help of a good funkie.

Cheers,

Julius

Re: Authorization Objects field values

Former Member — Fri, 18 Sep 2009 12:41:59 GMT

Hi,

You can assign those roles to test user in which these objects are.Then ask user to run that test user who needs that t-code.Just on system trace. They will provide some value and you will come to know which value they require.