Application Development Blog Posts
Learn and share on deeper, cross technology development topics such as integration and connectivity, automation, cloud extensibility, developing at scale, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 
Former Member

Solution overview: 


A new authorization group will be added with standard SAP functionality. This Authorization Group will be assigned and linked to the appropriate business user’s security roles. 

The Authorization Group will be set up so that when the user signs into MM02, SAP will check the screen at the time of entering to verify if the user has a security role by doing an authorization check.It will then set the attributes of the field to either changeable or not (Change/Display). Implement an enhancement point in MM02 to flip the attribute on or off.

By doing this, the functionality of the field in MM01 will not be affected. The person who is creating the material will be allowed to set the field value as usual.

Assumption:


The field here is ‘Procurement type.’ Authorization Rules are created and assigned to User profiles.

Steps :


The following steps help us understand how the above functionality can be achieved:

  1. BADI_MAT_F_SPEC_SEL is used to achieve this. A new implementation ZC_BADI_MAT_F_SPEC_SEL and a class ZC_BADI_MAT_F_SPEC_SEL will be created.

       

        

2. Create an authorization class.

    Below are the steps to create an authorization class:

     2.1 Go to transaction SU21.

     2.2 Press the ‘Create’ button to create an object class.

          

     2.3 Give the Object Class name and description. Press ‘Save’.

            

3. Create an authorization object.

     3.1 Go to transaction SU21.

     3.2 Press the ‘Create’ button and select ‘Authorization Object’.

    

     3.3 Enter the Authorization Object and description. Give the Authorization class that you created.


     3.4 Maintain authorization fields, here we will be using a standard one “ACTVT”.

          

     3.5 Click on ‘Permitted Activities’ button, shown in the above screen.

     3.6 A pop-up will appear, click OK.

        

     3.7 Select the permitted activity and SAVE.

           Here, we are selecting “Change” to ensure that only users with authorization are allowed to CHANGE the procurement type field.

        



Psuedo Code :


The method FIELD_SELECTION in the class will be coded to check for user authorization and then the field MARC-BESKZ (Procurement type) on MM02 will be shown in “Change” mode only for the authorized users. In the method IF_EX_BADI_MAT_F_SPEC_SEL~FIELD_SELECTION of the class ZC_BADI_MAT_F_SPEC_SEL:

IF t130m-tcode = 'MM02'.                                                                                                               “Check for the transaction code

    CASE fauswtab-fname.                                                                                                                            
              WHEN 'MARC-BESKZ'.                                                                                                    “Check for field – Procurement Type
                         AUTHORITY CHECK OBJECT ‘Z_MM02_PRT’ ID ‘ACTVT’ FIELD ‘02’.                       “Check if User is authorized to Change

                           IF sy-subrc EQ 0.
                               fauswtab-kzinp = 1.                                                                                “Field in CHANGE mode only

                           ELSE.

                               fauswtab-kzinp = 0.                                                                                “Field in DISPLAY mode only
                           ENDIF.

    ENDCASE.

ENDIF.

Expected Output :

  • (1) User has no authorization – Procurement Type field is in DISPLAY mode

        

  • (2) User has authorization - Procurement Type field is in CHANGE mode

       


5 Comments
Labels in this area