https://community.sap.com/t5/application-development-and-automation-discussions/role-based-authorizations/m-p/3317268#M794610 <HTML><HEAD></HEAD><BODY><P>Jurjens answer is right as the activty is directly related to the purchase ORG values given in this situation</P><P></P><P>and besides that: While SAP calls the TRX Display, there is a change that even giving wider activity codes will not allow the user to create /change. But the ONLY way to be certain: Create a test user with both roles and test for yourselve.</P><P></P><P>Edited by: Auke Visser on Jan 21, 2008 6:44 PM</P><P></P><P>Edited by: Auke Visser on Jan 21, 2008 6:46 PM</P></BODY></HTML> Mon, 21 Jan 2008 17:43:58 GMT Former Member 2008-01-21T17:43:58Z https://community.sap.com/t5/application-development-and-automation-discussions/role-based-authorizations/m-p/3317266#M794608 <HTML><HEAD></HEAD><BODY><P>Hello:</P><P>I have a question related to the role based authorization.</P><P></P><P>I have a ROLE:A, which includes Display PO (ME23N) transaction with activity 03 and Pur. Org (M_BEST_EKO) A.</P><P></P><P>I have another role ROLE:B, which includes Create/Change PO transaction with activity (ACTVT) 01-Create and 02-Change and Pur. Org (M_BEST_EKO). B.</P><P></P><P>If I assign these roles to user, Will he be able to create Purchase order for Pur. Org. A?</P><P></P><P>My situation is I do not want him to be able to create a PO for Pur. Org = A since he does not have access to ME21N transaction in Role A.</P><P></P><P>How Can I achieve this??</P></BODY></HTML> Mon, 21 Jan 2008 16:52:53 GMT https://community.sap.com/t5/application-development-and-automation-discussions/role-based-authorizations/m-p/3317266#M794608 Former Member 2008-01-21T16:52:53Z https://community.sap.com/t5/application-development-and-automation-discussions/role-based-authorizations/m-p/3317267#M794609 <HTML><HEAD></HEAD><BODY><P>&gt; I have a ROLE:A, which includes Display PO (ME23N) transaction with activity 03 and Pur. Org (M_BEST_EKO) A.</P><P>&gt; </P><P>&gt; I have another role ROLE:B, which includes Create/Change PO transaction with activity (ACTVT) 01-Create and 02-Change and Pur. Org (M_BEST_EKO). B.</P><P>&gt; </P><P>&gt; If I assign these roles to user, Will he be able to create Purchase order for Pur. Org. A?</P><P>No</P><P></P><P>As long as activity and org.field are in the same object the authorizations remain separated.</P></BODY></HTML> Mon, 21 Jan 2008 17:42:30 GMT https://community.sap.com/t5/application-development-and-automation-discussions/role-based-authorizations/m-p/3317267#M794609 jurjen_heeck 2008-01-21T17:42:30Z https://community.sap.com/t5/application-development-and-automation-discussions/role-based-authorizations/m-p/3317268#M794610 <HTML><HEAD></HEAD><BODY><P>Jurjens answer is right as the activty is directly related to the purchase ORG values given in this situation</P><P></P><P>and besides that: While SAP calls the TRX Display, there is a change that even giving wider activity codes will not allow the user to create /change. But the ONLY way to be certain: Create a test user with both roles and test for yourselve.</P><P></P><P>Edited by: Auke Visser on Jan 21, 2008 6:44 PM</P><P></P><P>Edited by: Auke Visser on Jan 21, 2008 6:46 PM</P></BODY></HTML> Mon, 21 Jan 2008 17:43:58 GMT https://community.sap.com/t5/application-development-and-automation-discussions/role-based-authorizations/m-p/3317268#M794610 Former Member 2008-01-21T17:43:58Z https://community.sap.com/t5/application-development-and-automation-discussions/role-based-authorizations/m-p/3317269#M794611 <HTML><HEAD></HEAD><BODY><P>Hi Tridev,</P><P></P><P>In ur scenario, user will be not able to create PO for Purch.Org.A as per ur activity and maintenance of ORG levels in Role A.He can only create/change PO for Purch.Org.B.</P><P></P><P>T-codes does only check for relative Objects along with activities only which r maintened in Roles.</P><P></P><P>ur scenario is only possible when user have 2 roles.</P><P>Othercase, if the same user has only one role , then u cannot differenciate Purchasing Organisation.</P><P>Still u can do it, but then u have to insert manually into the Object M_BEST_EKO which is not recommended.</P><P></P><P>Rgds,</P><P>Gadde.</P></BODY></HTML> Tue, 22 Jan 2008 05:53:11 GMT https://community.sap.com/t5/application-development-and-automation-discussions/role-based-authorizations/m-p/3317269#M794611 Former Member 2008-01-22T05:53:11Z https://community.sap.com/t5/application-development-and-automation-discussions/role-based-authorizations/m-p/3317270#M794612 <HTML><HEAD></HEAD><BODY><P>Hi Tridev,</P><P></P><P>Field values in any object are picked using the AND operator i.e. Activity 03 AND Pur Org A. Similarly it will be ACTVT 01/02 AND Pur Org B. So for every set of authorization values the fields will always have AND. So a user can have multiple sets of values for the same object BUT the field values will always be tagged together !</P><P>It will never be a PnC of the authorization values.</P><P></P><P>What you have proposed to do is absolutely correct!</P><P></P><P>Regards</P><P>Sachin</P></BODY></HTML> Tue, 22 Jan 2008 06:43:57 GMT https://community.sap.com/t5/application-development-and-automation-discussions/role-based-authorizations/m-p/3317270#M794612 Former Member 2008-01-22T06:43:57Z https://community.sap.com/t5/application-development-and-automation-discussions/role-based-authorizations/m-p/3317271#M794613 <HTML><HEAD></HEAD><BODY><P>Hi Tridev,</P><P></P><P>since the user has display activity in org.A, he can only display. And since the user has create activity in org B, he can create in B. </P><P></P><P>As the organisations are different, the he cannot have both activities in both organisations.</P></BODY></HTML> Tue, 22 Jan 2008 12:08:24 GMT https://community.sap.com/t5/application-development-and-automation-discussions/role-based-authorizations/m-p/3317271#M794613 Former Member 2008-01-22T12:08:24Z