SAP 屏幕权限检查

Note Language: English Version: 15 Validity: Valid from 12.02.2004 Summary
Symptom
Up to now you cannot exclude certain condition types and subtotal lines
from being processed or displayed in the condition screen by restricting
the authorizations.
More Terms
VH609
Cause and Prerequisites
This was not programmed.
Solution
A solution is only possible by means of a modification. Concerning the maintenance responsibility, refer to Note 170183 and 381348. The following text describes a solution option based on a modification. Inquiries and problem messages concerning this subject are not covered by support but
only by Remote Consulting subject to costs.
By creating two additional authorization fields and a new authorization object and by using user exits
o USEREXIT_FIELD_MODIFICATION,
o USEREXIT_FIELD_MODIFIC_LEER,
o USEREXIT_FIELD_MODIFIC_KZWI, and
o USEREXIT_FIELD_MODIFIC_KOPF
to display and manually change conditions and user exit
o USEREXIT_PRICING_CHECK
to create new conditions, a solution is available which only allows
creation, manual change and display of those condition lines of a pricing procedure for which the user has an authorization. For conditions and subtotal lines for which the user has no authorization, only the condition key and the description are dsplayed, all other fields are hidden. Restrictions
1.This consulting note contains an example of how the SAP authorization
concept can be used in pricing and which important points you have to take into account. Everything that differs from this example belongs
to the consulting area.
2.You then have to assign access authorizations for every user for all
pricing procedures used and the level numbers used in these pricing
procedures. If you do not do this, the system no longer displays the
condition lines or no longer displays them in the same scope as you
need them for your work.
3.In the change mode (for example VA02), the deletion of conditions or
the starting of a new pricing within this solution cannot be prevented (the user exits required for this are missing).
4.If the creation of a condition is not allowed due to a missing
authorization, the system displays an error message which prevents
further processing. This line can only be eliminated by deletion.
5.On the empty condition lines, only the field for the condition key is
ready for input. The condition rate can be entered only after you
pressed ENTER and after a successful authorization check.
Procedure in detail
1.Maintenance of authorization fields
a)If table ZAUTHCUST does not yet exist in your system, start
transaction SE11 as of Release 4.6A to create it.
In releases up to and including 4.5B, you can call Transaction SU20
as a direct access (then you must choose 'Customer' on the initial
screen), and the system generates the table becomes automatically
if it does not yet exist.
Then proceed as follows:
o Choose 'Create'
o Enter the following values:
-Short text: 'Authorization fields'
-Delivery class 'C' (Customizing table, maintenance only by customer, no SAP import)
-Development class: Use a user-defined development class (in the following referred to as ZAUT).
o Enter the following variables:
-ZKALSM with data element KALSM (or KALSM_D as of Release 4.0A)
-ZSTUNR with data element STUNR
-Select ZKALSM as a key field.
o Make the following entries under 'Technical settings':
-Data class USER (customer data class)
-Size category '0' (expected data records: 0 to 68,000)
Finally check, save and activate table ZAUTHCUST.
b)If table ZAUTHCUST has been created in the system via Transaction
SE11 in releases as of 4.6A, you must create the two new
authorization fields ZKALSM and ZSTUNR in Transaction SU20. To do
this, use data elements KALSM (or KALSM_D) and STUNR as for table
ZAUTHCUST. Enter table name ZAUTHCUST.
In releases up to and including 4.5B, you directly reach the 'Add
authorization field' input mask in Transaction SU20 in this case,
you only have to enter the corresponding field names and data
elements here.
2.Create authorization object Z_KONH_KLS (Transaction SU21):
a)Choose 'SD' (Sales & Distribution)
b)Choose 'Create'
c)Enter the following values:
o Object: Z_KONH_KLS
o Text: 'Condition: Authorization pricing procedure and level no.' o Class: SD (Sales and distribution)
o Include the following authorization fields in the authorization object:
-ZKALSM
-ZSTUNR
-ACTVT.
3.In Transaction SE91, create message 609 in message class VH with the
following text: "No authorization to create the condition".
4.In Transaction SE38, create the new Includes ZZAUTH01 and ZZAUTH02 in
the customer name range as described below. Select the following
attributes:
o Type = 'I' (Include program)
o Status = 'K' (Customer production program)
o Application = 'V' (Sales)
o Development class: Choose a suitable development class in the customer namespace.
Choose the following titles
o for ZZAUTH01: 'Authorization check for the condition screen',
o for ZZAUTH02: 'Authorization check for the creation of conditions' 5.Change user exits
o USEREXIT_FIELD_MODIFICATION,
o USEREXIT_PRICING_CHECK
o USEREXIT_FIELD_MODIFIC_LEER,
o USEREXIT_FIELD_MODIFIC_KZWI
o USEREXIT_FIELD_MODIFIC_KOPF
as described below (Transaction SE38); check, save and generate.
6.Create (according to the previous standard) at least one authorization
which allows the access to all pricing procedures and condition lines (Transaction SU03):
o Double-click 'Sales & Distribution': Among other things, the system displays the authorization object 'Condition: Authorization pricing
procedure and level number' which was created in the above steps.
o Double-click this authorization object: the system displays a list of the authorizations that have already been created for this
authorization object.
o'Create' button: authorization COND_ALL, text 'Authorization for all conditions'
o One after the other, position the cursor on 'Action', 'Procedure' and 'Level number' and, by choosing 'Maintain values', enter the
value '*' (that is, authorization for all actions, pricing
procedures andlevel numbers).
o Finally choose 'Activate'.
e Transaction SU02 to create at least one single profile:
o Choose 'Generate work area': the system displays a list of all existing profiles
o Choose 'Create' and enter in the dialog box:
-Profile: ZCOND_ALL
-Text: 'Authorization for all conditions'
-Profile type: 'Single profiles'
-Select authorization object Z_KONH_KLS created in the above steps (Condition: Authorization pricing procedure and level
no.). by double-click.
-Behind this, enter the previously created authorization
COND_ALL.
-Save and activate.
8.Assign profile ZCOND_ALL to those users who should have the
unrestricted authorization for the work in the condition screen. This ensures that these users can continue working as before despite the implementation of an authorization check (however, the changed
authorizations do not become effective until the next logon of the
user).
Application example
User 0815 should only be allowed to work with standard pricing procedure RVAA01. The user should only be allowed to see and edit all price and discount conditions, but not the costs and profit margin information.
In pricing procedure RVAA01,
o the actual costs are on level number 8 (na),
o prices with surcharges and discounts are on level number 11 (PR00) to 908 (net value 3) (a),
o prices for intercompany billing are on level number 909 and 910 (na),
o cash discount, tax and other various information are on level number 914 to 935 (a),
o costs and profit margin are on level number 940 to 950 (na),
o expected customer prices (EDI1 and EDI2) are entered on level number 970 and 971 (a).
(a) means 'User is authorized' and (na) means 'User is not authorized' to display and change the respective information.
e Transaction SU03 to create an authorization with the following
values: Double-click 'Sales & Distribution'. Select authorization
object 'Condition: Authorization pricing procedure and level no.' by double-click. Create the new authorization COND_STD with the text
'Standard authorization for conditions'. Maintain the following
values:
a)Action = '*'
b)Procedure = 'RVAA01'
c)Level numbers:
-'011' to '908'
-'914' to '935'
-'970' to '971'.
You must enter three-digit level numbers because three-digit
strings are transferred during the parameter transfer to the
authorization object (if you do not enter a three-digit level
number, the authorization check always fails).
d)Save and activate this new authorization.
e Transaction SU02 to create at least one single profile:
a)'Generate work area'
b)Create profile: ZCOND_STD; Text: 'Standard authorization for
conditions'; Single profile
c)As described above, select authorization object Z_KONH_KLS and
assign authorization COND_STD to it; save and activate.
3.In Transaction SU01, assign the single profile ZCOND_STD to your user
0815 and save; the new authorization becomes effective with the next logon of user 0815.
Header Data
Release Status:Released for Customer
Released on:02.02.2007 10:07:09
Priority:Recommendations/additional info
Category:Consulting
Main Component SD-BF-PR Pricing
Valid Releases
To Release and Following Software Component Release From
Release
SAP_APPL3030A31H X
SAP_APPL4040A40A
SAP_APPL4545A45A
SAP_APPL4646A46A
SAP_APPL470470470
SAP_APPL500500500
SAP_APPL600600600
Related Notes
Number Short Text
717670Authorization check for change/display of conditions II
381348Using user exit, customer exit, VOFM in SD
313569User exits in the condition screen no longer function
209913Program technical changes in pricing subscreens
170183What to consider when applying modifications
Attributes
Attribute Value Transaction codes CLEAR Transaction codes PR00 Transaction codes SE11 Transaction codes SE38 Transaction codes SE91 Transaction codes SU01 Transaction codes SU02 Transaction codes SU03 Transaction codes SU20 Transaction codes SU21 Transaction codes VA02
Correction Instructions
Correction Instructio ns Valid
from
Valid
to
Software
Component
Typ
e
*)
Reference
Correction
Last
Changed
4579330A30A SAP_APPL C 07.03.1999 04:30:43 4579430B45B SAP_APPL C 15.03.2002 16:42:43 48693446A600SAP_APPL C 02.02.2007 18:00:18 *) C Correction, B Pre-Implementation, A Post-Implementation, M Undetermined。