Showing results for 
Search instead for 
Did you mean: 

Authorization to access an order

Former Member
0 Kudos

Dear All,

for some users I would like to display an purchase order (Transaction ME23N)only if it is from a specific vendor. For example the user should only have access to this order if it is from vendor XYZ. If it is not from this vendor then the user has no rights to look at this order.

Any suggestions how I can realize this?

Thanks a lot.

Message was edited by: Matthias Friedel

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos


The best approach would be, identify a user exit that is triggered when ever you try to display a Purchase order. Incorporate an Authorization check(Z-authorization object) in it to check if the user is authorized to display and raise appropriate error based on that.

You have to first create a Z-Auth. object with PO number and Vendor number and include this in the user profile of the users. Give values of the vendors whose POs the user is authorized to display.

This should work.


Active Contributor
0 Kudos

Hi Matthias!

Because a vendor is no organizational data, any standard solution seems out of scope.

Create a new Z-authorization object including the vendor. Make an own transaction (or report), where you ask for a vendor, check the authorization, search for matching purchase orders. When found, start per call transaction ME23N in a transaction variant, where the 'other document'-button (Shift+F5) is deactivated. The user should not have the transaction ME23N in his authorizations (and CT is not checking this part).

But if you can change the requirement a little bit, than a standard solution is possible. There is a authorization object M_BEST_EKG (purchasing group in orders). If you assign one (or several, but disjunct) purchasing group to each vendor, then no other purchaser can have a look at the other orders, because the purchasing group is not matching. Sounds much better, but depends on the usage of purchasing group (EKGRP).