Authorization object for field, EBAN-ESTKZ (creation indicator)

Similar Messages

• Authorization object for Sales Area Data creation ...

  Hi Gurus,
      Please suggest on this:
                  "when an CRM Sales employee creating a BP , employee wants the sales Area for the BP from the sales area of employee in the Input selection option of Sales Area for BP".  Any authorization object will help?
  Thanks in advance.,

  Hi Joern,
  will this ST01 also work for the PCUI or BSP application for finding the authorization objects.
  Actually our requirement is that we need to restrict a user searching documents belonging to him and reporting to him.
  without any authorizations given we are able to search the documents of all users in activty management under activtiy monitor. we would like to block users to view only documents done by him in his sales area.
  can you provide me the details of the authorization object, please.
  thanks
  Srini

• Authorization Objects for Multiple Fields on a Screen

  Hi,
  I have a requirement to create authorization object on a screen with 20 fields and there are 3 users, each user for eg: User-A has rights to Display and modify a few fields and User-B has rights to diplay and modify a few fields and same is the case for the 3rd user, and there are some fields which all can modify.
  what i can do is create 2 authorization objects for each user one with all fields that he can modify & Display and other with all fields which he can display only. In this way i will have to create 6 authorization objects for 3 users, is there a way to reduce to 3, one for each user or even bring it down to 1 for all.
  Thanks,
  Thirumal

  Hi again,
  1. Thanks for the transparent example.
  2. Taking the same,
      it would be like this, in the program.
  ( u must agree that
  if there are six different cases,
  then there will be six different IF ENDIF
  in your program, for edit/display combination of fields)
  (you may also use GROUP1, GROUP2..GROUP4
  concept along with authorisation concept
  to group related fields )
  2. suppose user2 or user 1 has logged in.
  3. in the program,
     before displaying the fields,
    a) use authority-check
     with 1, 2 and check sy-subrc to know
     which VALUE (1,2) is there for rights.
     b)then, logic would be like this
        (for display/edit of all fields)
      IF value =  1.
      field1-visible = true
      field1-editable = true
      field2-visible = true
      field2-editable = true
       field3-visible = true
      field3-editable = true
     endif.
     if value = 2.
      field1-visible = true
      field1-editable = <b>false</b>
      field2-visible = true
      field2-editable = <b>false</b>
     endif.
  regards,
  amit m.

• Add new authorization object for production order creation/change/display

  As mentioned. I definded new authorization object using "Production scheduler" (Field Name : FEVOR) by SU20. then use SU21/SU24 to add authorization object for some transaction code such as COOIS. use PFCG maintain new role and assign a  fixed production scheduler value and assgin transaction code COOIS to this role. create new user ID and assign to that role.
  logon system with new ID, run COOIS. but system don't check new authorization object(production scheduler). who can tell me why it is and how i can add new new authorization object for standard transaction code?
  Thanks.
  Kevin.WU

  Hi,
  there is an icon of generation.  just click there in PFCG and also in su21.
  then add this object in new role.
  Assign this role to user id
  while assigning the role also there is a generation.
  Please take a help of BASIS consultant also as this is entire a BASIS process.
  Regards
  Amit parkhi

• Authorization object for plant on selection-screen

  Hi All,
  I need to cehck the authorization object for plant on sleection screen..the palnt is select-options.
  I have written the code
  Declaration of local constants.
    CONSTANTS : lc_i(1)  TYPE c VALUE 'I',
                lc_eq(2) TYPE c VALUE 'EQ'.
    REFRESH : r_werks.
    LOOP AT s_werks.
      IF s_werks-low IS NOT INITIAL.
        AUTHORITY-CHECK OBJECT 'M_MATE_WRK'                "Check if the user has autorization for the plant.
                             ID 'ACTVT' FIELD '03'
                             ID 'WERKS' FIELD s_werks-low.
        IF sy-subrc NE 0.
          r_werks-sign   = lc_i.
          r_werks-option = lc_eq.
          r_werks-low    = s_werks-low.
          APPEND r_werks.
        ENDIF.
      ENDIF.
    ENDLOOP.
    LOOP AT s_werks.
      IF s_werks-high IS NOT INITIAL.
        AUTHORITY-CHECK OBJECT 'M_MATE_WRK'                "Check if the user has autorization for the plant.
                             ID 'ACTVT' FIELD '03'
                             ID 'WERKS' FIELD s_werks-high.
        IF sy-subrc NE 0.
          r_werks-sign   = lc_i.
          r_werks-option = lc_eq.
          r_werks-low    = s_werks-high.
          APPEND r_werks.
        ENDIF.
      ENDIF.
    ENDLOOP.
  My doubt is will the authorization will check the plants in between 1001 and 2001..suppose i have pplants 1001,1002,1003,1004,2001..Now will the above code will check for all the plants or only 1001 and 2001 if i specify in the select-options.
  Regards,
  raj

  Hi Raj
  First no need to LOOP AT s_werks and check s_werks-high as it will always be present only once in the table s_werks.
  Do this
  SELECT werks FROM t001w INTO li_werks
  WHERE werks IN s_werks.
  LOOP AT li_werks.
  *check your authority thing here and fill the range
  ENDLOOP.
  Pushpraj

• Authorization object  for PLANNING PLANT

  Hi all,
  My client has different Planning plant & Production plant.
  If I need to give access to GR for order (MB31), how do I know the authorization object for the Planning plant.
  User should be given access to MB31 to the Planning plant & NOT to the Production plannt.
  Any idea where we could find the authoriz. objects for a particular field?
  Pls advise.

  Goods Receipt for Production Order: Movement Type            M_MSEG_BWF
  Goods Receipt for Production Order: Plant                    M_MSEG_WWF
  these are the authorisation objects with activities as  ACTVT and WERKS
  Maintaine the values for ACTVT  as
  01 Create or generate,
  02  Change
  03 Display
  04 Print, edit messages
  and maintaine the values WERKS   (ur plants 4 which u want to give authorisations)
  and BWAR ( movement types 4 which u want to give authorisations)

• Authorization object for delivery block

  Hi ,
  How do I check the authorization object for any field? I specifically need one for delivery block.
  Please help.
  Thanks,
  Shailaja

  Hi,
  If your looking to put a delivery level block or its removal then i guess you explore it through userexit mv45afzz
  Regards,
  Saurabh

• Authorization objects for  transaction, one to view, and one to maintain

  Hi all,
  My requrement is to create two authorization objects for  transaction, one to view, and one to maintain.
  I know how to create objetcs vai sm21, but i donot know how to crate objects with activity codes.
  Please suggest how to create object where i can asign activity codes.
  regards
  manish

  The Authorization Concept
  R/3 uses authorization objects to assign authorizations to users. An authorization object is a template for an authorization. For example, authorization object F_SKA1_BUK - G/L Account: Authorization for company codes requires the specification of two field values: Company Code and Activity. To allow a General Ledger supervisor to create a general ledger master record, he/she must be assigned an authorization to create (Activity 1) accounts for a specific company code (eg. Company Code 2000). Such an authorization is created using the object F_SKA1_BUK by assigning these field values and naming the authorization following an appropriate convention (eg. Z_SCC20001).
  Authorizations may be classified as general authorizations, organizational authorizations or functional authorizations. General authorizations specify the functions a user may perform. Authorization object F_SKA1_BUK has been assigned to the function for creating general ledger master records. The system checks for the useru2019s authorization to create general ledger accounts (Activity 1) in at least one company code. The system then checks whether the user is permitted to create accounts for the specified organizational unit (company code) and has the required functional authorizations. Authorizations in this case may restrict the user to certain Charts of Accounts. In addition, an authorization group may be defined in certain authorization objects to protect individual master records.
  Profiles relating to an organizational role (eg. General Ledger Supervisor) are defined consisting of a list of authorizations and other profiles. Such profiles are then assigned to users with that role and stored in their user master record along with other data (eg. password).
  Do check this link as well.
  http://articles.techrepublic.com.com/5100-10878_11-5110893.html

• Custom Authorization Object for HR

  Hi,
  As per our Company's internal needs I have created a Custom Authorization Object for HR named ZP_ORGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction & do a trace on it, the object ZP_ORGIN is never checked (for a user having this object in his/her User Master). Only P_ORGIN object is checked instead.
  I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell  which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked.
  Your help will be appreciated.
  Thanks,
  Mandeep Virk

  Hi,
  I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction  the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
  We've ran the report RPUACG00 also which is mentioned in this thread.
  We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
  I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked
  but still it is taking the P_ORGIN object.

• HR Authorization : Custom Authorization Object  for P_ORGIN

  Hi,
  I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
  We've ran the report RPUACG00 also which is mentioned in this thread.
  We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
  but still it is taking the P_ORGIN object

  Online Help
  <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/d9/64141c0774194593da29f3cb813f1b/frameset.htm">P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context)</a>

• Adding authorization object for "Function Group"s ?

  Is it possible to add any authorization object for any function group ?
  We have an issue i.e. whenever user "XYZ" is getting some Windows Excel related error whenever trying call an excel report from BW server. System log related to "XYZ" user shows that -> User "XYZ" has no RFC authorization for the function group "ABCD". The RFC authorization object is S_RFC.
  Function Group you can check through SE37->GoTO->Display Function Group
  Now is it possible to add authorization for any "Function Group" ?

  You give authorisation for all function groups by giving auth object S_RFC a * value in field RFC_NAME
  However I do not recommend this as giving wide access to RFC's can bypass a lot of the security you have implemented for the users.
  In this case, add only the function group that the user requires in this instance into S_RFC

• Authorization object for Command Button

  Hi all,
  How can I create the Authorization object for command button which is on application server.
  if you do not have auth when you click on that command button, it should be say 'you dont have auth'.
  please help me in this.
  regards,
  Ajay reddy

  Hi,
  Tcode for Authorization Objects are,
  su20----> for defineing authorization field ,
  su21-----> for authorization class,
  su22------> for assignement authorization object
  To create an authorization object:
  1) Execute transaction SU21
  2) Double-click an Object Class to select a class that should contain
  your new auth object
  3) Click on CREATE (F5)
  4) (If creating custom field) - Click the 'Field Maintenance' button -->
  Click on CREATE (Shift+F1)
  5) Enter the Name for the New Authorization field and the corresponding
  Data Element and SAVE
  6) Confirm the Change Request data for the new Authorization Field
  7) Go back two screens (F3-->F3)
  8) Enter the Authorization field name and document the object:
  9) SAVE and ACTIVATE the documentation
  10) Save the new Authorization Object
  11) Confirm the change request data for the Authorization Object and
  EXIT SU21
  12) Finally, the SAP_ALL profile must be re-generated
  Regards,
  hema.

• Authorization Object for using Object Services

  Can you tell me how to limit a users authorization to create or delete attachements using the object services functionality?  We'd like to control the addition and deletion of the attachments.  Is there a specific authorization object for this functionality?
  Thank you, Julie

  Hi julie;
  I hope that following are the solution for you problem. Check wheather this is helpful to you or not.
  Authorization Object C_DRAW_BGR (Authorization Group)
  The following table shows authorization object C_DRAW_BGR. This authorization object allows you to limit access to individual documents.
  Fields      Possible Values      Description
  BEGRU (Authorization group)      0000 - ZZZZ      Used to restrict the authorizations for document maintenance further.
  Authorization object C_DRAW_BGR can be used to restrict access to individual documents. It works like a simple on/off switch. If the check of object C_DRAW_BGR is fine, the user's authorization can be further restricted by checking C_DRAW_TCD (check only based on the document type) or C_DRAW_TCS (check of the
  combination of document type and status). At the fifth level there is a BADI called DOCUMENT_AUTH01, which you can use to design your own authority check.
  Authorization Object C_DRAW_DOK (Document Access)
  The following table shows authorization object C_DRAW_DOK. This authorization object controls which original data of a specific document type there are access authorizations for.
  Fields      Possible Values      Description
  ACTVT (Activity)      52 53 54 55 56 57      Change application start Display application start Display archive application Change archive application Display archive Store archive
  DOKAR (Document type)            Here you enter the document type that access to original data is allowed for.
  Authorization Object C_DRAD_OBJ (Object Link)
  The following table shows authorization object C_DRAD_OBJ. This object controls which users can process which document info records, based on a combination of activity, object, and status.
  Fields      Possible Values      Description
  ACTVT (Activity)      01 02 03 06      Create Change Display Delete
  DOKOB (Object)            You must enter the data base table for the objects here (for example, MARA for material record).
  STATUS (Document status)
  if useful rewards points.           
  Regards,
  nitin
  Edited by: nitin bhagat on Feb 18, 2008 6:23 AM

• How to find out Authorization Object for Plant

  Hi,
  I have to implement an Authorization check for Plant in My Report Program.
  Is there any transaction which can help me to find out Authorization Object for any field like Material and plant?
  Thanks,
  Mamta

  Using SU21 u can create Authorisation Object.
  The ABAP command AUTHORITY-CHECK is used for performing authorizaton checks in programs.
  check f1 help on AUTHORITY-CHECK for the syntax.
  check these links
  link:[http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c;jsessionid=(J2EE3417500)ID1605942050DB11298929682009193279End]

• Authorization object for Object services

  Hello together,
  I want to know if there is an authorization object for Generic object services functionilty especially the WF options like WF overview, start WF, Archieve WF..............................
  My understanding is any user who has access to a particular Business object, can user GOS to view WF stuff..................Is my understanding correct or should we have extra functions.....................
  Regards

  Check authorization objects S_OC_ROLE and, for recent releases, S_GOS_ATT.
  Regards,
  Raymond