Showing results for 
Search instead for 
Did you mean: 

authorization in sap APO

0 Kudos

Dear SAP,

My expectation is:  We have 15 Locations in our model. I want to create 3 administrators for each 5 Locations.  Each admin of each group of Locaotions(5 Locations) can only create Role for users who belongs to 5 Locations that he is responsible for.

For instant:

                  User                                                               Location 

              1. HUNGTH  (Administrator)                                   0110

              2. DUYENNX                         Belongs to                0110                  

              3.GIANGLT                                                           0110

              4.HOANGPT                                                         0210

- Role of HUNGTH can only create and maintain Roles for DUYENNX and GIANGLT.

Please help us to create role for HUNGTH.

thanks so much

Accepted Solutions (0)

Answers (1)

Answers (1)

Active Contributor
0 Kudos

Hi Hungth,

In DP, the standard system does not allow to set authorization checks based on CVC values and users/planners. You need to implement BAdI method 'SELECTION_CHECK' (BAdI '/SAPAPO/SDP_SELECTOR') to enable the required authorization checks programmatically.

Please check the following SAP note for details on different possible authorizations available in DP.


Former Member
0 Kudos

Dear Mr. Rajesh and other experts, don't you mind if I ask you a some question?

I use object C_APO_LOC for LOCATION characteristic's authorization

I use object C_APO_PROD for PRODUCT characteristic's authorization

Could I create another authorization object for characteristics which I create by myself?

Fox example:

I create Z_APO_TYPE for ZTYPE characteristic which I have created before.

Once more, could I authorize variant in SAP APO?

Active Contributor
0 Kudos

Hi Thai Hoang Pham,

The SAP authorization check is restricted only to version, product, and location combination in standard DP (SAP note 400434). You can assume as only 3 parameters are eligible for authorization check.

You may try BI type authorization on characteristic InfoObject. However, make sure you set BI authorization for all the characteristics associated with your master planning object structure(MPOS).

Authorization based on program variant - By default, if you give access to a program or t.code, all the associated variants are open. Without customization, it is not possible to control the variants authorization. Only option available to you is to setup custom and variants for the same program and assign authorization on custom t.code. So, only authorized users can access the program with assigned variant.