cancel
Showing results for 
Search instead for 
Did you mean: 

APO SNP TLB: how to control TLB usage via authorization in SDP94 ?

thomas_schulze2
Active Participant
0 Kudos

Hello experts,

we use SCM APO Rel7 EHP3 and we have an issue to steer the authorization for TLB usage in the Interactive planning in /SAPAPO/SDP94 where the SNP planning books are used and the "TLB View" button is available. There is the C_APO_FUN auth obj avaible with values

  • C_TLB (TLB)
  • S_TLB (Display TLB)

Both do not allow to switch on / off the TLB View usage in /SAPAPO/SDP94. An authorization trace does also not show these values to be used. I have not seen any good documentation from SAP on this or any other auth object - does anyone know how to set this up correctly ? Goal is that some user should not execute the TLB funtion in SDP94 and others should be allowed to use it.

Regards

Thomas

0 Kudos

Dear Thomas, I have no real answer to your question - but maybe the following procedure might add some value to identify which authorization object is checked and what activities are required: (1) open TLB in change mode (2) activate debugging mode via "/h" (3) execute the activity in TLB you would like to allow/prohibit in TLB like TLB button (4) in debugger set break point for statement "AUTHORITY-CHECK" and continue. Now the debugger will stop at all authorization checks and you can see how/if C_APO_FUN / C_TLB and S_TLB are checked and which authorization values are required. In the worst case that there is no specific check for TLB or the check is not what you need then you can use user exit /SAPAPO/SAPLMCPR_015 for your specific logic.

Good luck, Nico

Accepted Solutions (1)

Accepted Solutions (1)

thomas_schulze2
Active Participant
0 Kudos

Dear Nico,

thanks for the hint. I assume this is the only way to find it out (thru debugging) and then probably make use of a custom auth control via the UE.

Meanwhile I had to discuss this with SAP too bcos of the production impact we have (840094 / 2022). My impression got confirmed - either the user profile has everything on "Display" mode in SDP94 - otherwise the TLB button is executable without further auth control capabilities.

Regards

Thomas

Answers (0)