Product Lifecycle Management
Page tree
Skip to end of metadata
Go to start of metadata 
This Wiki is about using Authorization group.

Scenario:

Because of confidentiality, the client insists on having authorization based on Document level in addition to authorizations at Document Type and Status level.

Solution:

Solution is : Authorization group field (4 Char) in CV01N

Approach:

The field has no values.

  1. The values can be preset as fixed values for all document types
  2. The values can be sorted based on Document type using BADI

Details

  1. This is achieved via maintaining a fixed set of values for Domain BEGRU. To change values you will need Access Key from SAP and you can register the access key with developer Id used during implementation.
  2. Using BADI, you can have document type wise filter for Authorization group. For this maintain a Transperent table instead of fixed value for BEGRU and have your own logic for filtering value based on Document type. 

For enabling F4 for Authorization group when custom values are entered click Here: F4 search- Authorization group 

Dont forget to comment or give feedback

Niranjan

3 Comments

  1. Unknown User (zexg6xk)

    This is very helpful.. Can I modify a standard object?. Can be there any impact in applying the related support package or technical upgrade?

  2. Anonymous

    Hi,

    I have a different view on this.. If we use the standard fucntionality, ie, no pull down list, then without maintianing the details in Configuration we can assign the Authorization Group name in the Role.

    New Authorization groups can be maintained any time without touching the Configuration. The only issue in this is Users have to be advised to use which Authroization group they have access..

    Any suggestions?

    Regards

    Aby

  3. Former Member

    Aby, to explain you more about this, 1st is there is an Auth obj assigned to this group field.  Hence if the users decide to use this as free entry and can be changed as and when needed then in that case for each new entry there is an additional job of creating Roles to cater these auth objects. Which is very cumbersome but very Vital from business point of View.

    Also, what you said is correct but the requierments from Client sometimes are so that the client sometimes want to use these fields for reporting as well. Thus if Some wants to check how doucments are created for Auth group A, B it is possible based on fixed values.