How to restrict Create Authorization in Appraisals to Users?

Similar Messages

• My boyfriend and I have our own iPhones but share an iPad. How do we create two different profiles or user accounts, etc?

  My boyfriend and I have our own iPhones but share an iPad. How do we create two different profiles or user accounts, etc?

  Unfortunately, at the moment you cannot create two user profiles on one iOS device.

• How to restrict multiple log-ins by same user in SAP BO 4.0

  Hi ,
  Facing licence issue Due to subjected  error  .
  How to restrict multiple log-ins by same user in SAP BO 4.0
  Thanks in advance .

  Then I would say it is not possible:  Restrict multiple login in SAP Business Objects 4.0 SP6 for single user
  multiple login disable in BO | SCN

• How to restrict the authorization to change backgroud configuration

  hello , I copy some users from my admin user which contain the sap_all profile. so these uses can change background configuration.     now,  I want to restrict the authorization that they can only view the background configuration but can not change it .        how can I set this authorization?     Can I change the sap_all profile? how to set it?
  thanks.

  Hi,
  You can copy the SAP_ALL profile to a new name say Z_SAP_ALL and provide display access to all the authorization object and make sure you remove all the critical tcodes in the Z_SAP_ALL profile.
  Once you are done with testing the role assign it to the user.
  Also search the threads in the forum...
  Rakesh

• How to restrict data in reports for different users...

  i created a monthly_sales report on XYZ_SALES_FACT table
  i have to give restriction on reports based on the users.
  i.e. user_1 will access only NORTH region sales info on monthly_sales report
  user_2 will access only SOUTH region sales info on monthly_sales report etc.
  Note: my client is not agreeing to create multiple reports based on the user/region.
  how i have to give user restriction on report based on the users?

  Hi,
  You can create a VPD policy and then create a login trigger and pass SSO client_indentifier or database session_user (use if/then/else to protect both)
  You can check here for the VPD/login trigger.
  Disco Config Guide
  http://download.oracle.com/docs/html/B13918_03/security2.htm#sthref1002
  OTN articles
  http://www.oracle.com/technology/obe/10gr2_db_vmware/security/vpd/vpd.htm
  http://www.oracle.com/technology/oramag/oracle/04-mar/o24tech_security.html
  You can also use secure views, mandatory conditions in the EUL, etc.
  Some other related forums entries:
  Re: Using VPD with Oracle Discoverer without SSO
  Re: Restrict Data for a user without VPD
  May want to search, likely many others on the subject.
  Should give you a good place to start.
  Regards,
  Steve.

• SHD0 transaction-how to restrict the variant transaction to specified users

  I have created a variant transaction for MM02 wherein am disabling a field .I want this field to be disabled only for certain users.The variant transaction which I created affects all users.So,for everyone the field is grayed out.How to restrict this for specified users???

  Hello,
  Try to look an exit for that transaction, either user exit or badi, then try to disable the field doing a LOOP AT SCREEN, but first you should have the restricted users in a Z table, or by cheking the profiles for each user..
  Another way to do it is trying to do it the profiles customization, maybe you can do it that way.
  Cheers!!
  Dont forget to reward.
  Gabriel P.

• How can I create a portal server authentication user with a batch

  hi,
  I am trying to import users into the portal server emulating the create user procedure as plumtree. What I cannot understand at the moment is which classes are involved in the sequence of creating a user.
  the problem starts from the fact that I have used a synch WS and it works but, being the table a dummy one and the users to be authenticated by the portal server, I couldn't use that synch as a definitive.
  I tryed using plumtree.server.CIPTUser class with no success. could not understand how to actually create the user after setting the parameters to the object.
  Is there any documentation explaining how to create the portal server emulation of create user. this could be usefull for all those cases when there is no central repository of user and passwords.
  thanks
  Mario

  This should get you started.
  IPTUser=IPTSession.GetUsers.Create(iAdminFolderID)
  IPTServerContext=IPTUser.GetInterFaces("IPTServerContext")
  IPTServercontext.Store
  This is a high level implementation. It should get you very close.
  thanks,
  Craig

• In oracle forms how to restrict creating new record

  I have a multi record block, I dont want to create new record. If I use the down key after the last record control is moving to next record. I dont want this to happen. I want to scroll between first and last record.
  Can anyone tell me ?

  Look up the Forms Help for 'system.last_record'.
  I'd code the KEY-DOWN trigger on the block as...
  IF :System.Last_Record = 'TRUE' THEN
  Bell;
  Message('You are on the last row');
  ELSE
  down;
  END IF;
  This avoids any processing or validation work being done on leaving the current record or creating the new record.

• How  to Restrict G/L Accounts for One  User

  Hi All,
  I have to restrict the G/L Account when doing FI Postings  for  some particular Users ...
  Ex 100000 Is G/L to be Posted In  XXXX Plant.
       100001 Is G/L to be Posted in  YYYY  Plant 
  I have to give an Authorization  to User in XXXX Plant  to Post only  in 100000 G/L .
  Plz Suggest me at which level I can restrict the Postings ..
  Regards,
  Sriram.

  How about flagging the accounts as "Automatically posted only" and then let customizing take care of the ability to post to the accounts (automatic account determination)?
  That is, if that works for these specific accounts.
  Cheers,
  Julius

• How to restrict instance in swimlane to initiating User only?

  Hi,
  In my process, using BPM 11.1.1.6, there are two swimlanes. The first swimlane (SUBMITTER) allows a user to instantiate an instance, and after some service tasks, the user moves to the next human task, in the same lane. On submission, the instance moves to the second (APPROVER) swimlane. However, if the submitter has not yet submitted the second human task (say he just saves it) then ALL other SUBMITTERS in the same SUBMIITER lane, can see his data! Apparently, this is because the instance is given the SUBMITTER Role, and not assigned to the instantiating person.
  How can we restrict the instance to be assigned or restricted ONLY to the instantiating user (during its life in the SUBMITTER Lane), so that other submitters cannot see his instance?
  Any help is appreciated.
  Thanks!
  ps: We are instantiating the task via APIs, so we have flexibility to make an API call if we can know which API call will fix this. Thx.

  One thing you'd want to double check before continuing is to see how the predefined variable "creator" is set coming into the human task is set (not sure what this is set to when the API is used).
  Assuming the "creator" (or some other string variable) is set to your initiator's userid, here are the steps to assign this person to the task in a subsequent human task.
  1. Open the human task.
  2. Click the "Assignment" tab.
  3. Click the icon with the person in it -> click the "Edit" icon.
  4. In the dropdown, select "Names and Expressions" -> make sure that the "Value-based" radio button is selected -> click the + icon on the right -> under "Identification Type" select "User" -> under "Data Type" select "By Expression" -> under "Value" click the "..." button.
  5. Expand the "task" -> scroll down and select "task:creator" (or whatever string variable you have set to the userid of the person who created it in the API) -> click "Insert Into Expression" -> click "OK" -> "OK"
  Hope this helps,
  Dan

• How to restrict the attribute values for the user in query designer

  Hi All,
  I have a requirment where certain user would see certain vailes in the query desiner of the attribute.
  The requirment is we have planing material which is attribute of material
  When X user want to restrict the  values for planning material ,where he is able to see all the planning material.But who is not authorized for all the value.
  Ex: X user has authorization for see planning material 100,101,102. of material But when he try to restrict the planning material in query designer where is getting all values of planing material.
  Or
  is there way to blank the restriction help.so that he can't able to see values while restricting
  Please some one can advise me on it..

  Hi,
  Let me sum up:
  you have an object ZPLNMAT for the planning material
  you have the object 0MATERIAL for material and this object has ZPLNMAT as attribute.
  If you can restrict in the query designer, I suppose this attribute is then as navigationnal and also added in the multi-provider.
  The object ZPLNMAT is checked as relevant for authorization, and you set up a role with the attached values of ZPLNMAT this user should have access to.
  Are you sure the users are restricting on the ZPLNMAT object and not 0MATERIAL, because you should have everything now
  PY

• How to grant create table privilege for a user on a specific table

  Hi:
  I created a user, for a test scenario. I granted this user create any table, and I made the default tablespace as example.
  When I connect as the user and try to create a table, I get this:
  SQL> create table T1 (NAME varchar2 (500), AGE number(2));
  create table T1 (NAME varchar2 (500), AGE number(2))
  ERROR at line 1:
  ORA-01950: no privileges on tablespace 'EXAMPLE'
  How can I grant the necessary privilege to have user create/delete tables on tablespace example?
  Thanks.
  DA

  create user ADAM identified by radge default tablespace EXAMPLE
  quota 10M on EXAMPLE;
  for example 10Mbytes given to Example tablespace.... or you can write:
  .....quota unlimited on EXAMPLE
  and
  grant connect to ADAM
  grant create table to ADAM .....
  or
  grant connect , resource to ADAM .... although grant resource is not recommended...
  ....and something else....
  you should define temporary tablespace in create user command... otherwise the system would be used...
  Greetings...
  Sim
  Message was edited by:
  sgalaxy

• How do I create *separate* calendars for *one* user?

  I used to use Now Up-to-Date (NUD), but it's passé now, and I've switched to iCal. But with NUD you could have as many calendars as you wanted. A "calendar" was just a document, so you could open whichever one you wanted at any given time and even designate one as the "master" calendar to be opened whenever you launched NUD. Then double-clicking another calendar would open that one. Simple and straightforward....
  But how do I do this in iCal? It seems to force you to use only one calendar! If this limitation is real, this is incredibly short-sighted on Apple's part.
  I realize iCal has categories, but I need completely separate calendars, so my assistant can work with his calendar independently of mine. But he needs to be able to view and edit mine, as well. With NUD, we had the two calendar documents in the dock, so with one click, he could switch between the two. But iCal seems to work differently.
  Categories aren't adequate, because I don't want a bunch of extra categories in my category list that only pertain to his activities. Also, using categories, he'd constantly have to switch off his 3 or 4 categories and switch on my 10 categories (and vice-versa), just to go back and forth between viewing our respective tasks and appointments. Multiply that by 20 or 30 times a day, and that's way too cumbersome.
  So how do we get around this in iCal?? Please tell me there's a way to do this!
  Thanks.
  17" PowerBook   Mac OS X (10.4.8)  

  Selecting New Calendar from the File menu creates a new calendar. Those aren't categories, they are calendars.
  What they are not is shareable and editable by others. What you are looking for will ship in several months with Mac OS X 10.5: iCal, Teams and iCal Server will provide the multi-user calendaring functionality you are looking for.
  You can publish one or more of your iCal 2 calendars are read-only objects—and, so can your assistant—but they are not editable.

• How to restrict access to views for some users in the app?

  Hi SDN!
  I have an WD application wich embedded in the portal. Appication has 2 iViews (and 2  pages respectively). These iViews consist several views connected with each other (e.g. one view provide list data, second view is add/edit form for this data). I need to restrict access for some users for view with add/edit form. I can't make separate page for this view.
  What I've done:
  1) create yet another UIContainer for this view in main window and embed view to this container. It was be done for create separate iView for form.
  2) in the portal I create iView for this form but don't embedd in any page.
  When I try to call my form from list data (that is one iView from another) I get exception:
  <b>com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: duplicate usage of view .MyCarRentalAddCity</b>
  Is there a way to get needed functional?
  Thanks,
  Lev

  Hi,
  do you need to remove the IView from the portal menu or do you just want to make a View container in your WD application invisible if the user doesn't have the rights to see it.
  If so, you could create your own roles on the app server:
  You need to create a new class that extends NamePermission like:
  import com.sap.security.api.permissions.NamePermission;
  public class ApplicationAccessPermission extends NamePermission {
             * @param name
            public ApplicationAccessPermission(String name) {
                 super(name);
             * @param name
             * @param action
            public ApplicationAccessPermission(String name, String action) {
                 super(name, action);
  Also, you have to create an Action.XML file that looks like this:
  <BUSINESSSERVICE
       NAME="com.vendor.administration">
       <DESCRIPTION
            LOCALE="en"
            VALUE="actions view usage"/>
       <ACTION
            NAME="View Permission">
            <DESCRIPTION
                 LOCALE="en"
                 VALUE="Show view"
                 />
            <PERMISSION
                 CLASS="com.vendor.utilities.ApplicationAccessPermission"
                 NAME="ShowView"
                 />
       </ACTION>
  </BUSINESSSERVICE>
  If you have created these to files in your packages, you can access this function like:
  IUser user ;
  try {
            user = WDClientUser.getCurrentUser().getSAPUser();
            if(user.hasPermission(new ApplicationAccessPermission("Show view"))){
                 wdContext.currentV_UIElement().setViewVisibility(WDVisibility.VISIBLE);
            }else{
                 wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
       }catch (WDUMException e1) {
            wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
                  e1.printStacktrace();
  You have to bind the ViewVisibility attribute of the context to the View Container you want to hide.
  The applicationAccessPermission you defined in the XML File will be visible in the UME Manager of you J2EE engine. With this action you can create a new role and group that you can map to the users that should see you view.
  But, the exception you get is because you have embedded one view twice, which is not possible.
  Hope this helps.
  Regards,
  Dennis

• How to see the authorization data of a user in Web Dynpro ABAP

  Hi all,
  if I have authorization problems in a normal SAP transaction I can use transaction SU53 to see the missing authorization objects.
  How can I get the missing authorization objects for a Web Dynpro ABAP application?
  regards

  What about using SU53 again - just log into ABAP system and use the F5 - "other use"r option to select the user having the issues.
  There is unfortunately no way to see this as standard from the WDA application.
  Sorry,
  Chris