Authorization Object for 0TCTBISBOBJ - restriction field too short in PFCG

Dear all,
I created an authorization object (TA: RSSM) with the InfoObject 0TCTBISBOBJ and 1KYFNM. When I restrict my authorization object in TA: PFCG, I can only type in 11 letters for InfoObject 0TCTBISBOBJ but I need 12 because of a bad naming convention. Working with more than one asterisk (*) in this field is not working!
Does anyone know how to manage this problem?
Thanks in advance
F. L.

Martin,
It is not possible to restrict this in CRM.  The person, organization, and group influences the type of address for the business partner.  There are no user exits available in CRM 4.0 that are at the point to perform an authorization check on this value.
I had to unfortuantely debug and read much of BUPA_DIALOG_JOEL before reaching this conclusion.  The only way to achieve this would be to write a custom front-end to the BP transaction or PCUI screens for business partners.
Hope this answers your question,
Stephen

Similar Messages

  • Authorization Object for Account Assignment field

    HI all,
    We wanted to restrict the users from creation of PO (in ME21N) against the specific Internal Orders (Account assignment KNTTP='F'). So that user can use Internal orders assigned to his Business Area only.
    Which authorization object i can use to restrict the user to use specific Internal order during PO creation and change. ??? I tried to check authorization object listed under t code ME21n but none of them restrict Internal order.
    Is there any std. object available, if not then what I need to do while creation of customized authorization object (in SU21), how system will call this authorization object in ME21N while using Acc. Assignment u201CFu201D. more detailed answers will be more useful.
    Thanks...

    Hi frnd...
    i think you want to allow all users to use acct. ***. "F",
    but you want to stop the user from using ir-relevant internal orders.
    For this, i think you can create a "Z" table having fields:
    1)User ID - (key field)
    2)Internal Orders - (key field)
    3)Access.
    Make the entries of the users against the internal orders. (if you  want any user to access all the internal orders, then make entry (*) in the field access. 
    While creating GRN check these entries, if the entry exist, let user use that internal order, if not give the error as you are not authorized.
    To do all these, you have to use user - exit. which one i dont  know...
    kindly let me know, if you use any.
    njoy SAP...
    njoy Lyf...
    Regards,
    Amit P Hiran

  • Authorization object  for PLANNING PLANT

    Hi all,
    My client has different Planning plant & Production plant.
    If I need to give access to GR for order (MB31), how do I know the authorization object for the Planning plant.
    User should be given access to MB31 to the Planning plant & NOT to the Production plannt.
    Any idea where we could find the authoriz. objects for a particular field?
    Pls advise.

    Goods Receipt for Production Order: Movement Type            M_MSEG_BWF
    Goods Receipt for Production Order: Plant                    M_MSEG_WWF
    these are the authorisation objects with activities as  ACTVT and WERKS
    Maintaine the values for ACTVT  as
    01 Create or generate,
    02  Change
    03 Display
    04 Print, edit messages
    and maintaine the values WERKS   (ur plants 4 which u want to give authorisations)
    and BWAR ( movement types 4 which u want to give authorisations)

  • Authorization object for field, EBAN-ESTKZ (creation indicator)

    Dear All,
    Does anyone know if there is an authorization object for field, EBAN-ESTKZ?
    I need to control the PR's authorization at creation indicator level. i.e. we need to remove the ability for all users to change Purchase Requisitions created by MRP.
    Thanks,
    Arun.

    Hi Jay,
    Thanks for your response.
    I didnt find it there. You have any Z options?
    Thanks,
    Arun.

  • Authorization Objects for Multiple Fields on a Screen

    Hi,
    I have a requirement to create authorization object on a screen with 20 fields and there are 3 users, each user for eg: User-A has rights to Display and modify a few fields and User-B has rights to diplay and modify a few fields and same is the case for the 3rd user, and there are some fields which all can modify.
    what i can do is create 2 authorization objects for each user one with all fields that he can modify & Display and other with all fields which he can display only. In this way i will have to create 6 authorization objects for 3 users, is there a way to reduce to 3, one for each user or even bring it down to 1 for all.
    Thanks,
    Thirumal

    Hi again,
    1. Thanks for the transparent example.
    2. Taking the same,
        it would be like this, in the program.
    ( u must agree that
    if there are six different cases,
    then there will be six different IF ENDIF
    in your program, for edit/display combination of fields)
    (you may also use GROUP1, GROUP2..GROUP4
    concept along with authorisation concept
    to group related fields )
    2. suppose user2 or user 1 has logged in.
    3. in the program,
       before displaying the fields,
      a) use authority-check
       with 1, 2 and check sy-subrc to know
       which VALUE (1,2) is there for rights.
       b)then, logic would be like this
          (for display/edit of all fields)
        IF value =  1.
        field1-visible = true
        field1-editable = true
        field2-visible = true
        field2-editable = true
         field3-visible = true
        field3-editable = true
       endif.
       if value = 2.
        field1-visible = true
        field1-editable = <b>false</b>
        field2-visible = true
        field2-editable = <b>false</b>
       endif.
    regards,
    amit m.

  • Authorization objects for  transaction, one to view, and one to maintain

    Hi all,
    My requrement is to create two authorization objects for  transaction, one to view, and one to maintain.
    I know how to create objetcs vai sm21, but i donot know how to crate objects with activity codes.
    Please suggest how to create object where i can asign activity codes.
    regards
    manish

    The Authorization Concept
    R/3 uses authorization objects to assign authorizations to users. An authorization object is a template for an authorization. For example, authorization object F_SKA1_BUK - G/L Account: Authorization for company codes requires the specification of two field values: Company Code and Activity. To allow a General Ledger supervisor to create a general ledger master record, he/she must be assigned an authorization to create (Activity 1) accounts for a specific company code (eg. Company Code 2000). Such an authorization is created using the object F_SKA1_BUK by assigning these field values and naming the authorization following an appropriate convention (eg. Z_SCC20001).
    Authorizations may be classified as general authorizations, organizational authorizations or functional authorizations. General authorizations specify the functions a user may perform. Authorization object F_SKA1_BUK has been assigned to the function for creating general ledger master records. The system checks for the useru2019s authorization to create general ledger accounts (Activity 1) in at least one company code. The system then checks whether the user is permitted to create accounts for the specified organizational unit (company code) and has the required functional authorizations. Authorizations in this case may restrict the user to certain Charts of Accounts. In addition, an authorization group may be defined in certain authorization objects to protect individual master records.
    Profiles relating to an organizational role (eg. General Ledger Supervisor) are defined consisting of a list of authorizations and other profiles. Such profiles are then assigned to users with that role and stored in their user master record along with other data (eg. password).
    Do check this link as well.
    http://articles.techrepublic.com.com/5100-10878_11-5110893.html

  • Authorization Object for using Object Services

    Can you tell me how to limit a users authorization to create or delete attachements using the object services functionality?  We'd like to control the addition and deletion of the attachments.  Is there a specific authorization object for this functionality?
    Thank you, Julie

    Hi julie;
    I hope that following are the solution for you problem. Check wheather this is helpful to you or not.
    Authorization Object C_DRAW_BGR (Authorization Group)
    The following table shows authorization object C_DRAW_BGR. This authorization object allows you to limit access to individual documents.
    Fields      Possible Values      Description
    BEGRU (Authorization group)      0000 - ZZZZ      Used to restrict the authorizations for document maintenance further.
    Authorization object C_DRAW_BGR can be used to restrict access to individual documents. It works like a simple on/off switch. If the check of object C_DRAW_BGR is fine, the user's authorization can be further restricted by checking C_DRAW_TCD (check only based on the document type) or C_DRAW_TCS (check of the
    combination of document type and status). At the fifth level there is a BADI called DOCUMENT_AUTH01, which you can use to design your own authority check.
    Authorization Object C_DRAW_DOK (Document Access)
    The following table shows authorization object C_DRAW_DOK. This authorization object controls which original data of a specific document type there are access authorizations for.
    Fields      Possible Values      Description
    ACTVT (Activity)      52 53 54 55 56 57      Change application start Display application start Display archive application Change archive application Display archive Store archive
    DOKAR (Document type)            Here you enter the document type that access to original data is allowed for.
    Authorization Object C_DRAD_OBJ (Object Link)
    The following table shows authorization object C_DRAD_OBJ. This object controls which users can process which document info records, based on a combination of activity, object, and status.
    Fields      Possible Values      Description
    ACTVT (Activity)      01 02 03 06      Create Change Display Delete
    DOKOB (Object)            You must enter the data base table for the objects here (for example, MARA for material record).
    STATUS (Document status)
    if useful rewards points.           
    Regards,
    nitin
    Edited by: nitin bhagat on Feb 18, 2008 6:23 AM

  • Authorization object for plant on selection-screen

    Hi All,
    I need to cehck the authorization object for plant on sleection screen..the palnt is select-options.
    I have written the code
    Declaration of local constants.
      CONSTANTS : lc_i(1)  TYPE c VALUE 'I',
                  lc_eq(2) TYPE c VALUE 'EQ'.
      REFRESH : r_werks.
      LOOP AT s_werks.
        IF s_werks-low IS NOT INITIAL.
          AUTHORITY-CHECK OBJECT 'M_MATE_WRK'                "Check if the user has autorization for the plant.
                               ID 'ACTVT' FIELD '03'
                               ID 'WERKS' FIELD s_werks-low.
          IF sy-subrc NE 0.
            r_werks-sign   = lc_i.
            r_werks-option = lc_eq.
            r_werks-low    = s_werks-low.
            APPEND r_werks.
          ENDIF.
        ENDIF.
      ENDLOOP.
      LOOP AT s_werks.
        IF s_werks-high IS NOT INITIAL.
          AUTHORITY-CHECK OBJECT 'M_MATE_WRK'                "Check if the user has autorization for the plant.
                               ID 'ACTVT' FIELD '03'
                               ID 'WERKS' FIELD s_werks-high.
          IF sy-subrc NE 0.
            r_werks-sign   = lc_i.
            r_werks-option = lc_eq.
            r_werks-low    = s_werks-high.
            APPEND r_werks.
          ENDIF.
        ENDIF.
      ENDLOOP.
    My doubt is will the authorization will check the plants in between 1001 and 2001..suppose i have pplants 1001,1002,1003,1004,2001..Now will the above code will check for all the plants or only 1001 and 2001 if i specify in the select-options.
    Regards,
    raj

    Hi Raj
    First no need to LOOP AT s_werks and check s_werks-high as it will always be present only once in the table s_werks.
    Do this
    SELECT werks FROM t001w INTO li_werks
    WHERE werks IN s_werks.
    LOOP AT li_werks.
    *check your authority thing here and fill the range
    ENDLOOP.
    Pushpraj

  • Authorization Object for Marketing Attributes

    Hi Experts,
    We are working with CRM 2007 and use in BP Marketing Attributes. Does someone know if there are any authorization objects for Marketing Attributes? We would like to restrict some of users to see some Attribute sets!
    Thank you in advance,
    Roula

    Hi Roula,
    Thank you so much for awarding points.
    Please note that in Transaction PFCG you have to assign the appropriate three digit attribute set key under the authorization group BGKRL to the authorization object C_KLAH_BKL for assigning attribute sets and to the authorization object C_KLAH_BKP for editing attribute sets.
    Please have a look at the Note in the bottom of the page at the following link for further information.
    http://help.sap.com/saphelp_crm60/helpdata/en/46/3517cc86e01421e10000000a1553f6/frameset.htm
    Regards,
    Deepak

  • Authorization object for delivery block

    Hi ,
    How do I check the authorization object for any field? I specifically need one for delivery block.
    Please help.
    Thanks,
    Shailaja

    Hi,
    If your looking to put a delivery level block or its removal then i guess you explore it through userexit mv45afzz
    Regards,
    Saurabh

  • Custom Authorization Object for HR

    Hi,
    As per our Company's internal needs I have created a Custom Authorization Object for HR named ZP_ORGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORGIN) and made it Check/Maintain for transaction PA30 in SU24.
    I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
    Everything looks fine, but when I execute the transaction & do a trace on it, the object ZP_ORGIN is never checked (for a user having this object in his/her User Master). Only P_ORGIN object is checked instead.
    I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell  which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked.
    Your help will be appreciated.
    Thanks,
    Mandeep Virk

    Hi,
    I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
    I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
    Everything looks fine, but when I execute the transaction  the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
    We've ran the report RPUACG00 also which is mentioned in this thread.
    We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
    I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked
    but still it is taking the P_ORGIN object.

  • HR Authorization : Custom Authorization Object  for P_ORGIN

    Hi,
    I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
    I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
    Everything looks fine, but when I execute the transaction the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
    We've ran the report RPUACG00 also which is mentioned in this thread.
    We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
    but still it is taking the P_ORGIN object

    Online Help
    <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/d9/64141c0774194593da29f3cb813f1b/frameset.htm">P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context)</a>

  • Authorization Object for data downloading from application server

    Hi friends ,
       My program downloads and uploads data from the application server .
    My requirement is  ,
    Authorization checks should be performed on the Server directories to ensure that the user has access to read and write to the directory. It should check the s_dataset authorisation object for this.. If a user does not have the s_dataset authorisation object no upload or download should be allowed.
    Can you please tell me how to deal with this ? how do we check the above condition ??
    Many thanks ,
    Hemant

    hi,
    This is not a single step process.
    First of all you have to create a field for authorization for server directories from su20 and then create authorization object from su21.then define a role from pfcg with this authorization object and assign this role to user profile from su01 with values defined.
    Then you have to call this authorization object in your program at selection screen.

  • Adding authorization object for "Function Group"s ?

    Is it possible to add any authorization object for any function group ?
    We have an issue i.e. whenever user "XYZ" is getting some Windows Excel related error whenever trying call an excel report from BW server. System log related to "XYZ" user shows that -> User "XYZ" has no RFC authorization for the function group "ABCD". The RFC authorization object is S_RFC.
    Function Group you can check through SE37->GoTO->Display Function Group
    Now is it possible to add authorization for any "Function Group" ?

    You give authorisation for all function groups by giving auth object S_RFC a * value in field RFC_NAME
    However I do not recommend this as giving wide access to RFC's can bypass a lot of the security you have implemented for the users.
    In this case, add only the function group that the user requires in this instance into S_RFC

  • Authorization Object for Material Type

    Hi All,
    Is it possible to restrict the user from creating the material master based on Material Type. If yes then what is the authorization object for the same.
    Regards
    Mahendra

    Dear Mahendra,
    You can definitely restrict a end-user to only particular Material Type thru Authorizations.
    Authorization Object: M_MATE_MAR
    This can be done thru authorization management. Consult your Basis person or follow this:
    SU01 - Enter the user Id & select display button. Now click on the Roles Tab & note down the role assigned to this user Id.
    Go to T-Code - PFCG - enter the Role name & select the change icon.
    Click on the Authorizations tab page. & then Click on Change Authorization Data.
    Now expand the menu tree of Materials Management: Master Data & further expand the menu tree of Material Master: Material Types. Now click on the change icon next to Authorization Group & select the required Material Type that you want to authorize the end-user.
    This is how you can give authorizations only for a particular Material Type. 
    Hope this helps.. .
    Give point if useful...
    Thanks,
    Jignesh Mehta
    Mumbai

Maybe you are looking for

  • BDC for Local FIle as Long Text

    Dear All, Developing a BDC which upload Individual Files as Text for Infotype 1002 Description so please anybody tell me how to add Local File. I have done the Recording but in that how to add Text which is taken from Local Text File. Thanks in advan

  • What's Best Approach for Multitrack Classical Music?

    Can someone suggest the best approach for recording classical musicians onto four tracks? In this scenario, they play until they make a mistake on, say, measure 24, stop, then (take 2) go back to measure 20 and play until the next rough spot, and so

  • All Day Events on Calender versus iPhone

    For some reason when I add an "all day event" on my Calender, it shows up as a "two-day" event on the Iphone. Any ideas?

  • AD password sync connector configuration for OIM Cluster

    Hi I have OIM running on clustered environment in two nodes. I have some AD domain controller. I need to install the AD password sync connector (version 9.1.1) in the AD domain controller. I remember that in the earlier versions we need to install th

  • How to use JComboBox

    I have an array of objects called procedures. These objects have the attribute int code which I'd like for the JComboBox to display. But instead it displays some other information, such as the directory where these objects were imported from. How do