Authorization for MM

Our business scenario demands that a particular user should be able to access the T.code"Me23n(Display P.O)" but shouldn't be able to view condition tab in the "item detail",how to set up the authorization for this, please mention the detailed steps.

Hi Shashi,
I would recommend you to look under M_BEST_BSA authorization object in the role.If you are not able to restrict the user from viewing the Conditions tab with this approach then it is something to do with MM Configuration.
Hope this helps.
Regards,
Kiran.

Similar Messages

  • Problem with Authorization for Planning folder

    Hi an having a problem with providing authorization for a planning folder
    i am getting the following error when i test it with test user
    Error while calling up RFC
    Message no. UPC202
    Diagnosis
    You have selected a function, to execute this the system must set up an RFC connection to another SAP System. However, setting up this connection was not successful. The following internal error message was generated:
    "You do not have authorization for InfoCube ZT_MR_T "
    Procedure
    Inform the system administrator.
    we are not pulling the data from any other server, all the data is on the sif any one has faced the same issue let me know.
    Regards,
    Abraham

    Calling Thru Trans code: BPS0 in ECC 6
    getting this error:
    Error while calling up RFC
    Message No. UPC202
    Diagnosis
    You have selected a function, to execute this the system must set up an RFC connection to another SAP System. However, setting up this connection was not successful. The following internal error message was generated:
    "An error occurred during the receipt of a complex parameter."
    after i check in bw trans code:st22
    Following this error message:
    Category                   Internal Kernel Error
    Runtime Errors         PARAMETER_CONVERSION_ERROR
    Application Component  BC-MID-RFC
    Short text
        An error occurred during the receipt of a complex parameter.
    What happened?
        During a remote function call, an error occurred while converting
        a complex parameter.
    What can you do?
        Note which actions and input led to the error.
        For further help in handling the problem, contact your SAP administrator
        You can use the ABAP dump analysis transaction ST22 to view and manage
        termination messages, in particular for long term reference.
    Error analysis
        An error occurred during the conversion of a complex parameter.

  • Problem with Authorization for BW BPS planning Folder

    Hi an having a problem with providing authorization for a planning folder
    i am getting the following error when i test it with test user
    Error while calling up RFC
    Message no. UPC202
    Diagnosis
    You have selected a function, to execute this the system must set up an RFC connection to another SAP System. However, setting up this connection was not successful. The following internal error message was generated:
    "You do not have authorization for InfoCube ZT_MR_T "
    Procedure
    Inform the system administrator.
    if any one has faced the same issue let me know.
    Regards,
    Abraham

    HI ,
    I Checked it out we dont have that cube in our system.
    Regards,
    Abraham

  • Authorization for opening & Closing posting periods - OB52

    Hi,
    Is there any way to set authorization for opening & closing of posting periods in OB52?
    My scenario:
    I have 2 company codes - A & B assigned to 2 different posting period variant - say PPA & PPB.
    The user belonging to CoCd A should not be able to open/close posting period of CoCd B and vice versa.
    Is this possible through any authorization settings?
    Request your help on this.
    Regards,
    Sridevi

    Hi Sridevi
    Please go through the following:
    You can assign authorization groups for permitted posting periods. This means that, for example, some posting periods can only be opened for particular users within monthly or annual closing. You can only assign the authorization group at document header level and it only affects period 1. The authorization object is called F_BKPF_BUP (Accounting document: Authorizations for posting periods). Read the corresponding chapter on "User maintenance" in the "Assigning authorizations" topic.
    "User maintenance"
    Due to the modular authorization concept of the system, you can define authorization profiles which are tailored to the workplace of your employees. You can, for example, assign authorization to a workplace in the Accounts Receivable, Accounts Payable or General Ledger Accounting areas.
    By assigning authorizations you define which business-related objects your employees are allowed to process and which editing functions are allowed.
    In the following activities for authorization management, you must carry out the following for employees who are to work with the system:
    Assign authorizations
    The authorizations are assigned by specifying permitted values for the pre-defined objects.
    Define profiles
    In the SAP system, authorizations are grouped together in workplace profiles. Therefore one or more profiles must be allocated to the individual employee in the master record.
    I hope this helps.
    Regards
    Kavitha

  • Authorizations for materials and material groups

    Hello experts,
    Is it possible to limit the authorization to make purchase requerisiton of some materials or material groups depending on the user?
    I heard that it is possible be able to update some materials using the authorization M_MATE_MAT and including them in the material master, material group and user. But this also works for the creation of purchasing documents (PR,PO,RFQ,...)? Do I have to include this authorization for all the materials? If they do not have I understand that works for every people.
    Thanks in advance for your help
    Best regards,

    Hi Madii,
                 actually Authorization works at the object level, i.s if you have provided the authorization for the user to makePR with certain Material Grp, then if you dont define that grp in the PO role, but still user will get the authorization from the PR role.
    why you want to allow the user to make the PR of certain Mtrl Grp for which he should not be making the PO.
    or let a different Body take care of the other mtrl Grp.
    Hope it helps.
    Regards,
    Yawar Khan

  • Authorization for certain warehouse in stock transfer

    I'm trying to create an authorization for stock transfer when To Warehouse equals a certain value. Is there a way to do it?

    Hi,
    How could I do it with an approval procedure?
    You can create approval stages and template by using query
    Is it with a query?
    Yes
    Will it be similar to a formatted search?
    Yes
    Try this query for row level with only one item.
    Select Distinct 'True' FROM OWTR T0 inner join WTR1 T1 on T0.docentry = T1.docentry
    Where $[$23.5.0] = 'ExScrap'
    Note: Replace Exscrap with your warehouse name.
    Thanks & Regards,
    Nagarajan

  • Cancel a SD invoice error message "no authorization for transaction FB08"

    Hi Gurus,
    I am trying to cancel a SD invoice and am receiving the error message " no authorization for transaction FB08" is coming. Never has this happened in past, i have checked all the security authorizations also and they are in place. Accounting document status is showing as not cleared. Also, as per my understanding cancellation of invoice happens through VF11 which does not calls FB08. Please point out reasons as to why this could be happening and the possible solution thereof.
    regards
    Anmol Pareek

    Hi Anmol
    Once you got the error screen, immediately after that goto T code SU53 and expand all link. Take the screen shot and send it to your BASIS team to provide you proper access.
    Yes you are correct cancellation is done through VF11 but sometime some programs internally calls other T codes.
    take help of your basis team.

  • BW report authorization for restrict cost center

    dear all,
    i have problem on BW report authorization for restrict cost center.....when i execute the query, after selection screen, appear error message 'you cannot change zv_cctr for characteristic 0COSTCENTER during query'.
    note : zv_cctr is variable restriction for costcenter, type processing = customer exit.
    below the customer exit :
    WHEN 'ZV_CCTR'.
        IF i_step = 2.
          DATA : gt_mstuidvscc TYPE TABLE OF  ztbw_mstuidvscc,
                 gs_mstuidvscc TYPE  ztbw_mstuidvscc,
                 wa_final2(10) TYPE c.
          SELECT * FROM ztbw_mstuidvscc INTO CORRESPONDING FIELDS OF TABLE gt_mstuidvscc
            WHERE userid = 'sy-uname'.
          LOOP AT gt_mstuidvscc INTO gs_mstuidvscc.
            wa_final2 = gs_mstuidvscc-kostl.
            l_s_range-opt = 'EQ'.
            l_s_range-high = wa_final2.
            APPEND l_s_range TO e_t_range.
          ENDLOOP.
        ENDIF.
    Regards,
    Tony

    i defined variable as ready for input and mandatory.
    regards,
    Tony

  • How to set authorization for BW Workspace in backend and Portal ?

    Hello Expert,
                         I have developed one BW Workspace in development environment . I have some query regarding BW workspace authorization for access in portal . Some of the queries are as  follows:
    1) How many composite provider we can build up inside of one workspace that we can go by Tcode ---RSWSPW ?
    2) After activating the workspace it shows in RSWSPW ,but this workspace/composite provider will be available in Info Area(in RSA1) or some area else from where we can see this ?
    3) Now our requirement is like that -- we have to provide some workspace for SD power user ,Finace Power user & Marketing Power users, in this situation how can we put authorization in bw workspace like SD power user should not see the FI Power user's & Marketing Power user's Workspace rather than his own workspace ?
    4) In our requirement, we are going to produce some bex query on top of bw worksapce composite provider . For creating this query ,we searched provider by puting provider name directly in serach option , but is there any option to search the bw worksapce related composite provider by putting info area name in query search ?
    5) In another senerio, we gone to create BO AA OLAP report on top of bw workspace composite provider but in source option we cant see the provider ,infact we could not search the composite provider in search option in source selection ----   do i need to navigate any step in compostie provider to make it enable for BO AA OLAP creation on top of composite provider ?
    Expecting and appreciating your guidence and suggestion asap .
    Thanks & Regards,
    Surajit Pal

    Hello Expert,
                     Do you have any idea regarding below questionaries about BW Workspace ?
    1) How many composite provider we can build up inside of one workspace that we can go by Tcode ---RSWSPW ?
    2) After activating the workspace it shows in RSWSPW ,but this workspace/composite provider will be available in Info Area(in RSA1) or some area else from where we can see this ?
    3) Now our requirement is like that -- we have to provide some workspace for SD power user ,Finace Power user & Marketing Power users, in this situation how can we put authorization in bw workspace like SD power user should not see the FI Power user's & Marketing Power user's Workspace rather than his own workspace ?
    4) In our requirement, we are going to produce some bex query on top of bw worksapce composite provider . For creating this query ,we searched provider by puting provider name directly in serach option , but is there any option to search the bw worksapce related composite provider by putting info area name in query search ?
    5) In another senerio, we gone to create BO AA OLAP report on top of bw workspace composite provider but in source option we cant see the provider ,infact we could not search the composite provider in search option in source selection ----   do i need to navigate any step in compostie provider to make it enable for BO AA OLAP creation on top of composite provider .
    Appreciating your early responds and thanks in advance .
    Regards,
    Surajit

  • Report S_ALR_87013105 : no authorization for the report/ table 7KU6_001

    Hi Gurus,
    While executing the program S_ALR_87013105 (Detailed Reports 
    For Sales Order : Plan/Actual Comparison ) system showing the selection log.
    "Have no authorization for the report/table  7KU6_001 and 7KU6_002".
    But for the user the authorization check through SU53 was successful.
    Pl can any one suggest on this issue.
    Thanks in advance,
    Vijay

    Hi,
    Contact your basis consultant to provide the missing authorisation. This is one of the authorisation object.
    Regards,
    Sankar

  • Problem wih analysis authorization for two scenarios on same data provider

    Dear all,
    I am looking for a solution on the following authorization scenario (using the new analysis authorization). Unfortunately everything that I tried did not work out as expected:
    User A is allowed to manually access query 1 (based on cube A) with authorization on all sites A-Z
    The same user A shall get an email distribution automatically (derivation of the filter in the query out of the authorization) for query 2, which is as well based on cube A, but this time the authorization shall be limited only to site A.
    As both queries are based on the same infoobject (0PLANT) and the same infoprovider (0TCAIPROV) I always get the result for all sites A-Z. The 0TCAACTVT is in both cases 03 (display), so I have no chance to distinguish between reporting and email distribution.
    Probably the only chance would be to derive the values for the email distribution scenario not from the authorization directly, but using a customer exit to fill the filter - but I would prefer a "standard" solution...
    Any ideas??
    Thanks,
    Andreas

    Dear Andreas,
    Before give you an alternative for you problem, Iu2019d like to comment the combining authorization concept:
    http://help.sap.com/saphelp_nw70/helpdata/EN/46/98cd87f37d19ace10000000a11466f/frameset.htm
    For this reason I suggest you which combing restriction through authorization and query filter. For query 2 try to use in 0PLANT characteristic the single value u201Csite Au201D, this restriction give you only authorization for see this value.
    Otherwise, you have to use customer exit.
    I hope that alternative help you to find a solution,
    Luis

  • What happends when you give 2 groups with some of the same members different authorizations for a document

    Hello,
    I'm doing my internship at a litte Telekom company. I'm investigating how they can use MS SharePoint as their central place to put projectinformation. Now i've been thinking what happends when i do the following:
    Make one document library
    Add 2 groups to the Active Directory, group "A" with all the employees and group "B" with only four people working on a project. When i add a document to the document library and set the authorizations for the document as
    follows:
    Group B: Read/Write
    Group A: Read
    Does the people from group B still be able to edit the document, because they are also in group A?
    I don't have a test environment to test this myself.
    Why i want to know this? The company want's one place to place all their documents with projectinformation. This information is about different projects. You only wan't that people can change the specific document when they are working on the specific project
    where the document belongs to.  

    You get the union of permissions, so if one group allows access and the other not, you will get the union of both and therefore access. Of course, you can break security settings per library/folder or document, and specify new settings,
    if you need too.
    Kind regards,
    Margriet Bruggeman
    Lois & Clark IT Services
    web site: http://www.loisandclark.eu
    blog: http://www.sharepointdragons.com

  • I need to deauthorize three computers I no longer own, but keep my computer authorization for my current computer and add a new laptop. Is there a way of doing this without having to unauthorize my current desktop which is my main music storage devic

    I just purchased a new Win 8.1 laptop and want to authorize it for my iTunes library. I operate this library on a Win 7 desktop. I have three other Windows computers that I no longer own which were authorized under my iTunes account, but I can't unauthorized them because they are broken or sold. I want to have Computer Authorization for just my current desktop running Win 7 and my new laptop operating Win 8.1. How can I selectively unauthorize a computer if I no longer have it in my possession, and if I have to unauthorize all of my computers, how do I get my iTunes library of music back onto my current desktop system?

    Deauthorizing the computer will not remove the content from your library. You deauthorize all, then authorize the ones you want. See this support document. Deauthorize your computer using iTunes - Apple Support

  • What's the best way to do authorization for my app?

    The authorization situation is somewhat complicated for my app.
    Each component of the app is authorized based on not only the user, but also the page number, the value of at least one P0_ITEM.
    From what I've seen so far, there are two different options of setting the authorization for the component:
    1. Set its Condition
    2. Set its Security Authorization Scheme
    Here is my understanding for each (from my limited experience with APEX):
    1. Set its Condition
    + Can pass in parameters such as :APP_USER, page numebr, P0_ITEM. So I can just create one function that does all the authorization
    - Have to combine the SQL query with the component's non-authorization display conditions, if any.
    2. Set its Security Authorization Scheme
    + By name, it seems like it should be used for authorization
    - Cannot take in parameters relating to the page, such as the page number --> therefore I will need to create many different schemes, for all the different pages.
    #2 will end up with a long list of schemes (each with its own SQL queries) for different pages, which doesn't seem as efficient as #1 with far fewer SQL queries and just take in parameters.
    Which one should I pick?
    Thanks!

    953006 wrote:
    Thanks fac586 for the detailed response, and also everyone else who replied. You guys are very helpful and respond promptly. And we'd appreciate it if you changed "953006" into a real handle promptly.
    Andre mentioned using conditions:
    The way I work around this is to have two functions, one which is used at the page level as a normal authorization scheme and one which can be passed variables which is called as a Condition and the name of the item is one of the variables, in effect giving it "self awareness".But fac586 said:
    You can't pass "parameters" to authorization schemes. Use application items, APEX collections or application contexts to set current context before the authorization scheme is evaluated, and access these values in the functions.Does this mean, fac586, that we can avoid conditions altogether? No, it means that I prefer to use Authorization Schemes to control access to resources based on user privileges and security, and Conditions to control rendering and processing for functional reasons. Using the approach described above I have found it possible to maintain this separation.
    Say if a page has two buttons, Button_A and Button_B. Button_A has a set of requirements for displaying and Button_B has its own set of requirements (some of which are shared with Button_A). So far, the only way that I can see of using pure authorization is to write 2 different authorization schemes, and set the authorization schemes for the two buttons respectively.What's the problem with that? Consider a more concrete example using a standard APEX report/form pattern for customer maintenance. Page 6 contains the report, and page 7 is the maintenance form with P7_CREATE and P7_SAVE buttons. Only users entitled to create new customers should have access to P7_CREATE, and only users able to edit customers access to P7_SAVE. This would be controlled by the CREATE_CUSTOMER and EDIT_CUSTOMER authorization schemes respectively. Functionally, conditions are used to show P7_CREATE if the P7_CUSTOMER_ID is null, and P7_SAVE if it's not null. We don't mix non-functional security considerations with functional requirements.
    The CREATE_CUSTOMER and EDIT_CUSTOMER authorization schemes are of type PL/SQL Function Returning Boolean. These are implemented using package functions. Exactly how a user has create/edit customer privilege is determined in the package. Determinants that are shared by multiple schemes can be combined at this level. These implementations can be changed as necessary without requiring changes to the application.
    The authorization schemes are reusable across pages and components. On page 6, CREATE_CUSTOMER can be used on the "Create New Customer..." button; EDIT_CUSTOMER on the report column containing the "Edit" links.
    Each component of the app is authorized based on not only the user, but also the page number, the value of at least one P0_ITEM. So I guess this goes back to my original concern with Authorizations:
    [Using purely authorizations] will end up with a long list of schemes (each with its own SQL queries) for different pages [and page items] ....
    Re: VPD policies. Note that in the example above there's no need for the authorization schemes to "know" which pages/items are being evaluated. The P7_SAVE button and the page 6 link column are involved with the EDIT_CUSTOMER operation, so that authorization scheme is applied to them.

  • Customization of "No Authorization" for Query in BI!!!

    Hi,
    Have a query on when we get a no authorization for a query in BI. Can we customize the error message or create pop up in analyzer to show the user that he does not have access to a particular value like a Company Code etc.
    Also is it possible to show data to the user for which he is authorized even if he has put in fields to which he has no access.
    Thanks,
    Yogesh

    May be you can try Authorization Fill variable.
    To see what the user ID is Authorized to see use RSECADMIN (Only in BI7.0) and see for Error Logs under Analysis.
    AB

  • Error - No authorization for object while viewing transformations in BI 7.0

    Folks,
    In BI 7.0, In the Data flow diagram, when I had tried to click on the transformation sybmol, system is throwing an error message No authorization for object   (authorization object ) Message no. RS_EXCEPTION250
    Do I need to request for authorization to just view transformations or is this error something different ?
    Thanks

    Did  SU53 and below is theauthorization info. Does quality system usually not have access even to display/read transformations for func people ???
    Authorization check failed
      Object Class RS   Business Information Warehouse
        Authorization Obj. S_RS_DTP   Data Warehousing Workbench - Data Transfer Process
          Authorization Field ACTVT Activity
                                                                                    03
          Authorization Field RSONDTPSRC Source
                                                                                    DTP_46UAQF4V7BE5JR0I3HKLLC6D2
          Authorization Field RSONDTPTGT Target
                                                                                    ZSD_DEL
          Authorization Field RSSTDTPSRC Subtype of the Source
          Authorization Field RSSTDTPTGT Subtype of the Target
          Authorization Field RSTLDTPSRC Type of Source
                                                                                    DTPA
          Authorization Field RSTLDTPTGT Type of Target
                                                                                    ODSO
      User's Authorization Data xxxx
      Object Class RS         Business Information Warehouse
        Authorization Object S_RS_DTP   Data Warehousing Workbench - Data Transfer Process
          Authorizat. Z:GEFUNONC00 Data Warehousing Workbench - Data Transfer Process
            Profl. Z:GEFUNONC   Profile for role Z:GENAPO_FUNC_ONCALL
            Role Z:GENAPO_FUNC_ONCALL Generic APO Fucntional Oncall Role
            Authorization Field ACTVT Activity
                                                                                    03, 16, 23
            Authorization Field RSONDTPSRC Source
            Authorization Field RSONDTPTGT Target
            Authorization Field RSSTDTPSRC Subtype of the Source
                                                                                    ATTR, HIER, TEXT
            Authorization Field RSSTDTPTGT Subtype of the Target
                                                                                    ATTR, HIER, TEXT
            Authorization Field RSTLDTPSRC Type of Source
                                                                                    CUBE, IOBJ, ISET, ODSO, RSDS, TRCS
            Authorization Field RSTLDTPTGT Type of Target

Maybe you are looking for

  • Interactive Report view is empty

    Hi, I'm on CRM 7.0 EHP3. I'm encountering empty report criteria and display when open the Campaign effectiveness and all other interactive report page. Please see the screen shot below. There is no error message on the screen, as well as ST22. I've c

  • How do I move bookmarks, cookies, history and settings from an old Firefox version to my new one

    I have the previous version of my Firefox from an old computer now located on my C drive. I would like to move the bookmarks, cookies, history and settings to my new Firefox (it is an upgraded version on my new computer). When I click on the File dro

  • Derivation of Responsible Cost Center through WBS in FB60

    Hi; I have came across an issue and need any advice from your side. Issue is , whenever i go to FB60 to park/post and invoice, in the line item whenever I select WBS it automatically should fill up the COST Center field (Derived From Responsible Cost

  • ICloud email update notifications despite not selected

    I'm sharing my calendar with my wife via our iCloud accounts.  Two days ago every event I put in my calendar she not only sees in iCal but now gets an email notification. There is an option in iCloud.com->Calendar to "notify me by email if calendar c

  • Problem loading Windows 7 in a MacAir 3.1 after a SSD disk crash.

    I have a MacAir Model 3.1, about 3 months after buying it I change the SSD disk from 128GB to one of 240 GB. The machine has two partitions one for Mac OS X, first Snow Leopard, and after I upgrade to Lion without any trouble, and the other with Wind