Enterprise Resource Planning Blogs by Members
Gain new perspectives and knowledge about enterprise resource planning in blog posts from community members. Share your own comments and ERP insights today!
Showing results for 
Search instead for 
Did you mean: 

It is often required by clients to hide the cost pricing condition VPRS in PRD environment so that end users are not aware of cost price of the material being sold. This can be achieved by implementing the note 105621—Authorization Check for Condition Screen. This is a consulting level note and must be implemented by Basis, ABAP and SD Consultant coordination.



  1. This consulting note contains an example of how the SAP authorization concept can be used in pricing and which important points you must consider. In particular, everything that differs from this example belongs to the consulting area.

  2. You then must assign access authorizations for every user for all of the pricing procedures used and the level numbers used in these pricing procedures. If you do not do this, the system no longer displays the condition lines or no longer displays them in the same scope as you require for your work.

  3. In the change mode (for example, VA02), you cannot prevent that conditions are created or that a new pricing is started within this solution (the user exits required for this are missing).

  4. If, due to a missing authorization, you cannot create a condition, the system displays an error message which prevents further processing. This line can only be eliminated by deletion.

  5. On the empty condition lines, only the field for the condition key is ready for input. You can enter the condition rate only after you press ENTER and after a successful authorization check.


  1. Maintaining Authorization Fields:

Use transaction SU20 to create the two new authorization fields 'ZKALSM' and 'ZSTUNR'. To do this, use the data elements 'KALSM' (or 'KALSM_D') and 'STUNR'.




2. Create the authorization object ‘Z_KONH_KLS’ Tcode su21.




3. TCODE SE 91: create message 609 in message class VH with TEXT: No Authorization to create condition.



4.Create include: ZZAUTH01 and ZZAUTH02 through tcode se38.

5. Apply correction instruction of the note using SNOTE:

6. Create (in accordance with the previous standard) at least one authorization that enables access to all of the pricing procedures and condition lines (transaction SU03):


Double-click "Sales and Distribution" Among other things, the system displays the authorization object 'Condition: Authorization pricing procedure and level number' which was created in the above steps.


Double-click this authorization object: The system displays a list of the authorizations that have already been created for this authorization object.


Choose "Create": Authorization COND_ALL, text 'Authorization for all conditions'


One after the other, position the cursor on 'Action', 'Procedure' and 'Level number' and, by choosing 'Maintain values', enter the  value '*' (that is, authorization for all actions, pricing procedures and level numbers).


Finally choose 'Activate'.


7.Use transaction SU02 to create at least one single profile:


Choose 'Generate work area':  The system displays a list of all existing profiles.


Choose 'Create' and enter in the dialog box:


    • Profile:      'ZCOND_ALL'

    • Text:        "Authorization for all conditions"

    • Profile type:   "Single profiles"

    • Select the authorization object Z_KONH_KLS created in the above steps (Condition: Authorization pricing procedure and level no.).

    • After this, enter the previously created authorization COND_ALL.

    • Save and activate your changes

8. Assign the profile ZCOND_ALL to the users that should have unrestricted authorization to work in the condition screen. This ensures that these users can continue working as before despite the implementation of an authorization check (however, the changed authorizations do not become effective until the next logon of the user).


Application example

User 0815 should only be allowed to work with the standard pricing procedure RVAA01.  The user should be allowed to see and edit only all price and discount conditions, but not the costs and profit margin information.
In the pricing procedure RVAA01

  • the actual costs are on level number 8 (na),

  • prices with surcharges and discounts are on level number 11 (PR00) to 908 (net value 3) (a),

  • prices for intercompany billing are on level number 909 and 910 (na),

  • cash discount, tax and other various information are on level number 914 to 935 (a),

  • costs and profit margin are on level number 940 to 950 (na),

  • expected customer prices (EDI1 and EDI2) are entered on level number 970 and 971 (a).

(a) means 'User is authorized' and (na) means 'User is not authorized' to display and change the relevant information.

  1. Use transaction SU03 to create an authorization with the following values:  Double-click 'Sales & Distribution'.                                                       Double-click to select the authorization object 'Condition:  Authorization pricing procedure and level no.'.  Create the new authorization COND_STD with the text 'Standard authorization for conditions'.  Maintain the following values:

  2. a) Activity = '*'

  3. b) Procedure = 'RVAA01'

  4. c) Level numbers:

    • '011' to '908'

    • '914' to '935'

    • '970' to '971'.

Note that you must enter three-digit level numbers because three-digit strings are transferred during the parameter transfer to the authorization object (if you do not enter a three-digit level number, the authorization check always fails).

  1. d) Save and activate this new authorization.

  2. Use transaction SU02 to create at least one single profile:

  3. a) Generate work area

  4. b) Create profile: 'ZCOND_STD', text: 'Standard authorization for conditions', single profile

  5. c) As described above, select the authorization object Z_KONH_KLS and assign the authorization COND_STD to it. Save and activate your changes.

  6. In transaction SU01, assign the single profile ZCOND_STD to your user 0815 and save this. The new authorization becomes effective when the user 0815 next logs on.