Authorization issue in HR for TCode HRCLM0001

Dear All,
Need some quick info on this, related to Authorizations in HR.
Users currently have access to HR TCode HRCLM0001.
This Transaction will lead to Program RPUCLM00.
Upon execution, at the toolbar (path Goto > Entitlements and Claims Details), the user will be brought to another program (RPLCLM_BAL_CLMS) but it has the same TCode.
I need to only allow certain users to access that second program (RPLCLM_BAL_CLMS).
Any ideas on what Authorization Object i could use?

Hi,
you could give the user authorizations only for transaction code HRCLM0015. This calls direct the program RPLCLM_BAL_CLMS.
Regards
Bernd

Similar Messages

  • Authorization issue while executing F110 tcode

    Dear All,
    User is facing the proble while executing the tcode F110, user wants to change some payments, but does'nt have change option(pencil mark button is not appearing).
    according to su53 screen shot analysis, fdkuser tcode is missing. this fdkuser is asssociated with all critical obects.
    Kindly do the neeful.
    Thanks & Regards,
    Ganesh.

    >
    Jurjen Heeck wrote:
    > > Recommendation is to do it in dev as it slows down the system performance.
    >
    > If you have production data in your DEV system, which is hardly ever the case, you can do that. I'd do it either in an up to date testsytem or in production. Running a trace on one user and only for authorization checks will not be too big a performance issue as long as you remember to stop the trace after the analysis is finished.
    I agree.  If a trace causes perceptible system performance degradation then it is undersized and likely to come to a standstill during financial closing etc.

  • How does IDM takecare of Authorization issues

    Hi All,
    I am pretty new to IDM product. I am aware that using IDM we can automate user creation and role assignment, also with 7.2 we have password self service available.
    However i will like know whether IDM can also be used for regular authorization issues i.e., let say a user is facing an authorization issue in a particular tcode, in order to solve this issue we need to assign additional field values in one of his roles. will such issues where user id is already present and roles also assigned to that id but some changes to his roles is required be taken care by IDM.
    I couldn't get this info from Master and solution operation guide of IDM  7.2, so thats why i am posting it here.
    Regards,
    Siva.

    Hello - No IDM only manages the abap roles ie provisioning and deprovisioning. If the user requires additional authiorization and a role exists to solve this then this role can be assigned from IDM. However if you need to add extra values to a role this still needs to be done using PFCG.
    Hope this answers the question.
    Chris

  • To restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.

    Hi,
    We have  a requirement where we need to restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.
    Presently we can restrict authorization at Purchasing organization level but not at Plant level.
    Any pointer please!
    Regards,
    Chetan

    First of all, this is not the right forum to post such a question.  Coming to the requirement, this can be achieved by creating a role in PFCG where you can restrict plant and assign this role to each user id.  Your basis team can do this.
    thanks
    G. Lakshmipathi

  • Authorization Issue for Inventory in warehouse report

    `Hi All
    I face a issue in giving authorization for a single report to a user in the Inventory reports. The report is Inventory in warehouse report.
    Can u please tell what are the preliminary authorizations to be set for the user to execute the report. The thing is he should not be able to see the item cost and Last purchase prices.
    Thanks... Marikannan

    Hi,
    I am not sure if the authorization for such report is available. I just suggest you to check if form settings icon is able to access or not. if you can open the form settings, I think you can set authorization to be no authorization to access the form setting for certain users.
    Rgds,

  • Create authorization for storage Loction for tcode ME21N

    Hi All,
         My requirement is to create authorization for storage Loction for tcode ME21N and ME51N.
         There are standard authorizations for Plant, Document type Group and Org for ME21N
         M_BANF_WRK, BSA,EKG, and EKO which i checked in TCODE SU24.
        But there is no std authorization check for storage location.
        If this is possible then please help me with the procedure and steps.
        Please guide me with all the steps that i need to take care abt..
       Thanks in Advance.
    Regards
    Sujeer

    Hi
    This is the authorization objects for PO and PR
    For PO : M_BEST_LGO  for palnt/Storage location
    For PR : M_BANF_LGO for palnt/Storage location

  • PGI for STO - Mvmt :351 - Authorization issue

    Hi,
    I have an authorization issue while posting GI. In my scenario, user does GI by movement type 351 for Plant A to Plant B or Plant A to Plant C. To execute this transaction, he needs authorization for Plant A, Plant B and Plant C. Restricting the authorization to only Plant A does not allow him to post GI, But if he is authorized for Plant A , B and C then he can do GI for B to C or B to A as well. Please suggest if there is any authorization object to sort it out.
    Yuvnish

    I am also experiencing this issue with movement type 351 in my Project.
    The Project authorisation design has restricted roles to particular movement types and users to particular plants.
    We are seeing that movement type 351 is requiring authorisation access to both the issuing and receiving plant (presumably becuare the movement puts the stock into 'stock in transit' stock of the receiving plant, so needs access to this plant).
    However, giving the user access to multiple plants means the user can transact other movement types in these other plants - because the authorisation has been opened up for multiple plants and the authorisation check on plant seems a higher level than movement type.
    In our design users should be restricted to just their own plant and in the case of the 351 movement be able to transact the movement 351-GI out of their plant successfully without needing the access to the 'receiving plant' as well.  Is there a solution?
    I note that movement type 303 does not require this open plant authorisation, and that movement puts the stock in 'transfer', whereas 351 movement puts the stock 'in transit', so I'm wondering what is the difference from an authorisation check perspective between these 2 movements?  We will use 303 movement for the time being until a solution is sought for 351.  We want to use Stock Transport Orders (with movement 351) from an MRP perspective (movement 303 doesn't work with planning).
    Many thanks

  • PGI for STO - 351 - Authorization issue

    Hi,
    I have an authorization issue while posting GI. In my scenario, user does GI by movement type 351 for Plant A to Plant B or Plant A to Plant C. To execute this transaction, he needs authorization for Plant A, Plant B and Plant C. Restricting the authorization to only Plant A does not allow him to post GI, But if he is authorized for Plant A , B and C then he can do GI for B  to C or B to A as well. Please suggest if there is any authorization object to sort it out.
    Yuvnish

    Sorry..
    Posted in wrong Forum.. Posting Again!!

  • VL09 Authorization issue for Inbound Delivery

    Dear Experts,,
    When we reverse the goods movement in VL09, authorization check is made for Goods receiving/Shipping Point.
    This is fine for outbound delivery because we always have a shipping point defined.
    However, most of the Inbound Deliveries have no Goods Receiving/Shipping Point. 
    So, if we give the authorization for u201CBlanku201D receiving point = "  ", the user can reverse goods movement for any inbound delivery.
    How can we restrict this? 
    Please suggest your valuable inputs
    Regards,
    Shahsidhar

    Hi,
    most of the Inbound Deliveries have no Goods Receiving/Shipping Point.
    If you doing inbound delivery by VL10B, then you should specify shipping point.
    Define shipping point for inbound delivery and maintain authorization
    kapil

  • Authorization Issue while Data Preview from HANA View

    Hi Experts,
    We are using BW on HANA. We have created DSOs (info provider) in BW and generated HANA views from there. We have also created analysis authorizations in BW for authorization relevant characteristics. In HANA, we are able to go to the generated analytic view and preview the data from it successfully.
    Now I have created a test user and assigned a custom role with below authorizations to this user in HANA:
    - bw2hana/../REPORTING role (this role is automatically created by activation of DSO in BW).
    - Roles MODELING, MONITORING, CONTENT_ADMIN, USER.
    - Multiple system privileges although not needed, like REPO.EXPORT, REPO.IMPORT, etc.
    - Analytic Privilege  _SYS_BI_CP_ALL
    - Package Privilege: REPO.READ for all required packages (tried with ROOT package also).
    In BW system also, the test user has analysis authorizations providing access to the relevant info objects.
    But when I am trying to preview data for HANA view, I am getting attached error (also listed below):
    "Cannot get the data provider outline
    SAP DBTech JDBC: [2048]: Column store error: Search table error: [2950] user is not authorized"
    I tried to trace the situation is HANA and got below details in 2 trace files:
    indexserver_alert_saphana.trc:
    [6433]{416977}[66/-1] 2014-10-14 00:59:27.541187 e CalcEngine       ceAuthorizationCheck.cpp(02365) : AuthorizationCheckHandler::addAPsToSearchObject: Error during converting SqlAPs to Query entries
    indexserver_saphana.31003.075.trc
    [6433]{416977}[66/-1] 2014-10-14 00:59:27.541197 i TraceContext     TraceContext.cpp(00702) : UserName=TEST_SSO, ApplicationUserName=<<computer name >>, ApplicationName=HDBStudio, ApplicationSource=csns.modeler.datapreview.providers.ResultSetDelegationDataProvider.<init>(ResultSetDelegationDataProvider.java:118);csns.modeler.actions.DataPreviewDelegationAction.getDataProvider(DataPreviewDelegationAction.java:278);csns.modeler.actions.DataPreviewDelegationAction.run(DataPreviewDelegationAction.java:242);csns.modeler.actions.DataPreviewDelegationAction.run(DataPreviewDelegationAction.java:127);csns.modeler.command.handlers.DataPreviewHandler.execute(DataPreviewHandler.java:53);org.eclipse.core.commands
    [6433]{416977}[66/-1] 2014-10-14 00:59:27.541187 e CalcEngine       ceAuthorizationCheck.cpp(02365) : AuthorizationCheckHandler::addAPsToSearchObject: Error during converting SqlAPs to Query entries
    Do you know what this "Error during converting SqlAPs to Query entries" actually means"? How can we resolve this issue? The authorization is working properly for our user ids. But we need to provide restricted access for business users so trying to create test user and custom role.
    Thanks
    Nitesh Gupta

    Hi Pinaki and Prabhith,
    Yes, my issue was resolved. Sorry, missed to updated here.
    I was just a beginer for BW on HANA Security at that time and didn't know many small things. The solution was pretty simple.
    Whenever you assign analysis authorizations to a user in BW, you also need to generate corresponding HANA authorization. This is done through tcode RS2HANA_CHECK tcode. This tcode converts  BW analysis authorizations into HANA analysis authorizations and assign to the HANA user. You can see generated HANA authorization table RS2HANA_AUTH_STR in both BW and HANA.
    Once the HANA authorizations are successfully generated for a user, he should be able to see data from Views.
    Let me know if this solves issues. Then I will close this thread.
    Thanks

  • Authorization issue - help request

    Hi guys,
    One of the consultants is having an authorization issue ( He is not abele to run a t-code)
    I ask him to run a su53 report and i am not sure how to proceed with this.
    Please help.
    Here are the details from the SU53 report.
    DISPLAY AUTHORIZATION DATA FOR USER VYXXXX
    User : VYXXX                       profile parameter authorization buffering    4
    Authorization Object: F_KNA1_GRP
    Description
    Authorization check failed:
          + Authorization object F_KNA1_GRP Customer Account Group Authorization
                Activity                                08
                Customer Account Group     ZM01
    Users Authorization Data :
          +  Authorization object F_KNA1_GRP Customer Account Group Authorization
                   Authorization  T-PD19002300
                  Authorization  T-UG39000900
                  Authorization  T-UG39001000
    Please help me guys what need to  be performed.
    Regards,
    Vamsi.

    Hi Vamsi,
    SU53 shows us the last failed authorization for a user. However, it might not only be the failed authorization object failed.
    Hence, "just to learn" , you can use transaction ST01 to enable and run a trace for particular users. Be sure to use in a test environment first, and with proper filters. (for a particular user only).
    Then check-> which auth object is failing.
    RC=4 means a object value is failing.
    RC=12 means an object is missing!
    Check, which tcode is calling that object and this tcode is present in which role. Then.........proceed.
    You can check the SAP documentation on running traces on the help portal of SAP.  I think you will find the answer yourself by troubleshooting more and may be massaging some test roles here and there!
    Likewise, if you are new to security, I would encourage you to start by reading some books on SAP security. Authorizations made easy is a good book to start with.
    Let me know if you have any questions
    EOD for me :P . take care
    Abhishek

  • Authorization issue with VA02 radio buttons

    Hello All,
    We are stuck at one authorization issue. The user navigates using tcode VA02.
    1)     Execute Tcode -VA02=>
    2)     2) puts order number # 100001 =>
    3)     press enter =>
    4)     press enter =>
    5)     Screen: Change (Company Name) Return 100001: Overview =>
    6)     Option: Display doc. Header details (looks like a magnifying glass beside PO_date) =>
    7)     This bring us to Change (Company Name) Return 100001: header Data =>
    8)     select status tab =>
    9)     on Status tab lower end there is a button u201CObject Statusu201D =>
    10)     Press it => 
    11)     Come to Change Status :
    12)     On this screen There is Status with status no. on the right side with 7 options
    e.g:
    u2022     1 BLK Approval Required for,
    u2022     2 BL1 Approval for Credit,
    u2022     3 BL2 Approval for material Replacer
    We need to restrict the radio button access for user for which we are unable to find the authorization object.
    Could any one help.
    Thanks & Regards
    gab

    Hi,
    Use ST01 to trace the user activities and check which objects its hitting when you click on those buttons, then you can restrict radio buttons using those objects.
    I have'nt run the tcode myself and performed the steps you mentioned, but if you think its calling other transaction from those buttons you can manage tht in SE97, or add the t-code VA02 in the S_tcode auth object in PFCG.
    Hope this should get you going
    Thanks,
    Vijay

  • Authorization Issue in SM50

    Hi All,
    One of our user is facing authorization issue in SM50. He goes to SM50 and tries to open a work process. This is where he gets message "You are not authorized to use function Work Process List".
    When I check the trace, I see only missing access for SM04. I checked trace for my own id (with no error) and found that SM04 is not even checked for my id and rest all authorization checked are same for both ids.
    I assigned a BASIS role to this user and that resolved the issue. But strange thing is still that user's trace shows SM04 missing. (SM04 is not there in that Basis role).
    Now I don't understand what exactly is the missing authorization for this user. Definitely SM04 is not the one and I can't assign this basis role to him. Could any one guide with this issue? Below is the trace for the user in both cases (without Basis role assigned and with this role assigned).

    Hi Julius,
    I created a test id with same rights as the user. My id has SAP_ALL assigned. Now I am doing exactly same activity (double click on same work process). But I don't see SM04 access being checked for my id.
    Even if I assume that I am doing something different than the user. The thing which is strange to me is: when I assigned a basis role which doesn't have SM04 access, to the test user, I still see the same trace results but  this time there is no authorization error. I don't think there are authorization checkes which are not recorded in ST01 trace.
    There could be one tiny possibility that SM50 is throwing an error message (authorization error) but its not triggered through failed authorization check, instead based on some other condition. For that I would need to bedug the tcode. But that doesn't seem likely as this is a standard and widely used tcode.
    Thanks

  • Sap bi authorizations issue with query designer..

    i am using bw 3.x and bi 7 query designer with different kind of probs?...
    i am able to see the info provider  in query desinger 3.x. but i can see only cubes .i am not able to find dso or infosets or multiprovider.. can anyone suggest is there any authorizations issues..please suggest.
    and with BI 7 query designer i am not able to see info providers in info areas folder to design a query..
    please suggest if any authorizations should be added or not

    hi suman chakravar,
    thanks for replying,
    can u be little bit clear about the steps.
    i went to tcode su01 and entered profile 0bi_all..it doesnt work.
    and executed tcode su56.there i can find list of BI related authorization profiles
    i added s_rs_all profile to my user. even then i face the same problem.
    i can see only queries in query designer of bi 7 format and i can not view info providers.
    i can view only cube and infosets and i can not view dso and multiproviders in bw 3.x type query designer
    Edited by: satishchow on Dec 14, 2011 3:23 PM

  • Secured WebDAV Mounted Volume Authorization Issues

    I use a secure WebDAV mounted volume from myDisk.se and up until the latest Security Update have had zero issues being able to manipulate files and folders as I would on a normal volume. However, since the installation of the Security Update (2009-004 (PowerPC) 1.0) I find weird things happening with this mounted volume:
    1) I am able to mount the secured WebDAV share using my security credentials.
    2) I can create a default "untitled" folder but when I try to change its name, the WebDAV authorization dialog pops up and despite entering the same credentials (why, I am not sure as the volume has already been properly credentialed in order to be mounted), access is denied.
    3) Trying to create a file within a folder on the mounted WebDAV volume I previously created pre-update causes the same authorization issue.
    I have no other WebDAV shares I can try to mount from any other companies so I am not sure if this is a myDisk issue or one borne from the Security Update. I am not a .Mac/MobileMe user and that info is not filled out in System Preferences. The internal hard drive has been meticulously maintained with Disk and Permissions repair being run both before and after each and every software update installed. Likewise, the volume's structure is also checked both before and after and shows no need for repairs.
    Any ideas? Perhaps there is a corrupted file somewhere that's affecting the authorizations needed by this third-party WebDAV volume?
    The machine that has this problem is the last model iBook G4/1.33GHz 12" display, 1.5GB RAM, and a 100GB 5400rpm HD which replaced the stock OEM 40GB 4200rpm drive about one year ago.
    I'm not willing to do an Archive and Install at this point as the loss of the WebDAV access to my online volume is not critical. Inconvenient as heck but not to the point where I'm willing (or able) stop my normal work to spend the hours it will take to get WebDAV access back.
    Thanks in advance for any insights.

    same problem here with webdav, I can't mount my idisk from university network on Mac Pro 10.5.3 (although it mounts fine from home network on both ibook and PMG5 10.5.3). Everything was fine with 10.5.2 and I already re-installed 10.5.3 combo. Other bugs as well with .Mac prefs (keeps crashing, sometimes it shows the available space on idisk but still no mounting, with error -35 or -8086), but .Mac sync is OK
    Jun 11 12:34:21 webdavfs_agent[579]: mounting as authenticated user
    Jun 11 12:34:22 kernel[0]: webdav server: http://idisk.mac.com/[username]/: connection is dead
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 received VQ_DEAD event (32)
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 type 'webdav', mounted on '/Volumes/[username]', from 'http://idisk.mac.com/[username]/', dead
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 found 1 filesystem(s) with problem(s)
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:52: --- last message repeated 1 time ---

Maybe you are looking for

  • Adobe Creative Suite 2 Will not work after deactivation

    First off, I don't get this company. I had to let that out. I had an issue I started out with by not knowing which computer had my Adobe Photoshop on so I ended up Googling an answer over how to deactivate my product. It led me to a chat with a repre

  • Hard Drive Short DST Check: Software Error

    Hard Drive Short DST Check: Software Error appears while performing Hardrive Test in HP ENVY Sleekbook 6-1090ee. Please advice on how to resolve this error

  • Result set already closed

    Hi everyone, I know that there are already several threats on this issue, but none of them seems to sovle my issue. Hence, I'll try it again. JDeveloper: 11.1.1.3.0 Action: Doing a delete of a row in an entity-based view object, doing a commit. Doing

  • Itunes wont install, please help

    I know this issue has been raised several times and I have read most of the posts and still cant fix the issue. I have updated Itunes today and since trying to update it I can now longer load it. I have tried uninstalling everything about 10 times no

  • Navigation issue from 'Recent Discussions' widgets

    Not sure if this is a known issue, but today I noticed that when I click on "more" at the bottom of a Recent Discussions widget, when the specified Community is loaded, no page is selected.  I can't tell where the discussion topics are supposed to st