Thank you.I am not an ABAP person, so please can you help with following clarifications:
1. For badi method BBP_WF_LIST (Change Output List Purchasing Documents), do I need to add code in here as i want to restrict end user to see srm local PO order docs for their own Purchasing Group only
2. For the code for method, can this refer to the org plan attribute PM_PUR_GRP or to purchasing grp that the user belongs to and visible in the org plan function tab, e.g. ID 50000001 (purch grp Stationary)
Hi. Yes, you will need to insert code in the BADI to achieve what you want. You will have to get an ABAP person to do this.
PM_PUR_GRP is actually used for plant maintenance, but you could use it if you want, you could add the attribute and read it, as long as you don't want to really use it for plant mainatenance it would be no problem to use it.
Alternatively you could read table HRP1001 to find the org unit for the user then check against tables HRP5500 and HRT5000 to see which purchase organisation they are in.
If all the users are directly below the purchasing group org unit then the second method will work fine, if some users are a few org units below it might get tricky reading up to find the purchase org.
Kindest thanks for your response. I am looking at Help documentations in IMG and found some informational text for function module BBP_PDSEC_AUTHORITY_CHECK, see cut and paste of help text below.
Please clarify if this fm also achieves this also and can also be cosidered and used as an alternative solution?
Thanks you.
Vijay
-
Further Authorization Check for SRM Documents
Use
As of SRM Release 4.0, a check is made for each document (PO, confirmation, and so on) to determine whether the user logged on can display, change and/or delete the document. The system checks against the parameters purchasing organization, purchasing group, business transaction type, and activity.
You can view more detailed documentation on this in the function module BBP_PDSEC_AUTHORITY_CHECK and in Release Note Changes to the Authorization Check.
If these checks are not sufficient, you can use this BAdI to read the data of the document with module BBP_PROCDOC_GETDETAIL and perform additional authorization checks.
Note
These checks can only be implemented as additional checks. The checks defined in the standard SAP version cannot be deactivated by them.
This means that the BAdI can only be called if the standard checks have previously returned SY-SUBRC=0 (authorization exists).
Caution
Bear in mind that the authorization checks also occur when lists are created (for example, when EBP documents are listed as the results of a document search). Here, the system checks each individual list entry, so this BAdI is also called for each entry (upon implementation).
This can sometime lead to performance problems.
Activities
To run an extended authorization check of EBP documents, implement method
AUTHORITY_CHECK_PRODOC
To run an extended authorization check of access to EBP by vendors, implement method
Hi. It sounds very similar to the other BADI really.
If you look at the bit that says "Bear in mind that the authorization checks also occur when lists are created (for example, when EBP documents are listed as the results of a document search). " that means that it will restrict the list of documents that the user can see based on extra auth checks.
BBP_WF_LIST also restricts the list of documents that the user can see based on any critera you want.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.