How to Use new Authorization Objects

Hi guys i need to implement the new schema of authorizations and i have created an authrization and add the 0comp_code characteristic (previously i set i it up as authorization relevant) and i need to add the restrictions for infoprovider but i need to add the new infoobjects 0TCAIPROV, 0TCAACTVT, 0TCAVALID, but this infoobjects i ve activated are not authorization relevant and i am not using them in any infocube, thats the reason why i cant use them in an authorization.....
Do i need to add them in my infocube or theres another configuration in order to use them?
Regards

Hello Oscar,
You do not have to add the 0TCA* characteristics to your InfoCube. Instead you have to set these characteristics to authorization relevant. Then everything should work as intended.
General information on how to use the new analysis authorizations can be found here: https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144
Kind regards,
Stefan

Similar Messages

  • How to use CRM authorization object.

    Hi All,
    I have a specific requirement to restrict user while he/she tries to save a record. It appears that if that restrictions are implemented the save logic for an entity has to be changed because there are some validation regarding relationship management in SAP system. SO I need to bypass that validation to allow some users of specific(Marketting) role to save the entity record bypassing that validation. here I am planning to use the CRM authorization objects. But dont know how to use these and which authorization object to refer.
    Please let me know if you guys have any idea.
    Regards,
    Bikramjit.

    Hi Bikramjit.,
    You might need to create a Custom authorization object and then use it. Else you can create one Z table and maintain the User ID of all users. The mainatin one field with flag and set it to X for the user that are aloowed to save the transaction.
    Also once you maintain the table, generate the table maintenance so that it becomes easier for future use.
    Hope this helps

  • How to use Standard Authorization Object 'M_MATE_WRK'  in SE38?

    Hi all,
    We have developed one program which calculates the commercial price of the material   
      and update the same in the material master.
    Now we want to implement authorization checks at Plant Level.
    For this purpose I am Using 'M_MATE_WRK' which is standard authorization object.
    But in my Program when I am checking for it, its giving the sy-subrc value as 0.
    This indicates that either it is successful or the object is not active for this particular  program. In my case I know that its the second case only.
    So now somewhere i need to 'Check' this object for this particular Program.
    I have checked SU22 , SU24 but couldn't figure out where should i do the respective  setting.
    I am working on ECC 6.0
    Please help me on this.
    Bare with me if i am asking a silly question.

    Hello All,
    The Problem is resolved now.
    Actually it was the first case only.
    When i created the new user id and checked i realized that its working fine and there was
    some mistake while checking previously.
    Anyways thanks for ur reply.

  • Addition of New Authorization Objects in DMS

    Dear All,
    How to add new authorization objects in DMS?
    For ex: I have defined Projects in additional data through class/characterstics, now i want to bring that field in to authorization control and want control document creation with respect to characterstics values(Projects).
    Looking for documents or step by step procedures
    Kindly help me.
    Thanks in advance
    [email protected]

    Hi
    Im not so sure but you can create an Auth Key using BS52
    You can add it to Auth obj of Class/ characteristic
    You can get a list of auth obj in SUIM
    Niranjan
    Let me know if it helps...!!!

  • New Authorization Objects for latest releases

    Dear Colleagues,
    Do you happen to know how to find out the objects that should be added when using a role from a previous SAP version in a new one. That is, we have imported a role from a previous SAP version into our system and would like to update it with the latest objects. How should I find out which are the new objects?.
    Thanks in advance for your help.
    Best regards,
    CMPT

    Charles,
    If you role has transactions in the menu the new authorization objects will be pulled in when you go to change the authorizations (select read old and merge with new under expert mode).
    If the transactions are not in the menu you will need to do a compare of the usobt_c and usobx_c between the old and the new system.
    During new auth objects analysis is performed via transaction SU25.
    Cheers,
    Ben

  • Add new authorization object for production order creation/change/display

    As mentioned. I definded new authorization object using "Production scheduler" (Field Name : FEVOR) by SU20. then use SU21/SU24 to add authorization object for some transaction code such as COOIS. use PFCG maintain new role and assign a  fixed production scheduler value and assgin transaction code COOIS to this role. create new user ID and assign to that role.
    logon system with new ID, run COOIS. but system don't check new authorization object(production scheduler). who can tell me why it is and how i can add new new authorization object for standard transaction code?
    Thanks.
    Kevin.WU

    Hi,
    there is an icon of generation.  just click there in PFCG and also in su21.
    then add this object in new role.
    Assign this role to user id
    while assigning the role also there is a generation.
    Please take a help of BASIS consultant also as this is entire a BASIS process.
    Regards
    Amit parkhi

  • How to Use Transient View Objects to Store Session-level Global Variables

    hi
    Please consider section "40.8.5 How to Use Transient View Objects to Store Session-level Global Variables"
    at http://download.oracle.com/docs/cd/E14571_01/web.1111/b31974/bcstatemgmt.htm#ADFFD19610
    Based on this documentation I created the example application
    at http://www.consideringred.com/files/oracle/2010/ProgrammaticalViewObjectAndRollbackApp-v0.01.zip
    It behaves as show in the screencast at http://screencast.com/t/qDvSQCgpvYdd
    Its Application Module has a Transient View Object instance "MyEmployeesContextVOVI", as master for the child View Object instance "EmpInCtxJobVI".
    On rollback the Transient View Object instance keeps its row and attribute values.
    Also when passivation and activation is forced (using jbo.ampool.doampooling=false ) the Transient View Object instance seems to keep its row and attribute values.
    questions:
    - (q1) Why does the expression #{bindings.MyEmployeesContextVOVIIterator.dataControl.transactionDirty} evaluate as true when a Transient View Object instance attribute value is changed (as shown in screencast at http://screencast.com/t/qDvSQCgpvYdd )?
    - (q2) What would be a robust approach to make a Transient View Object instance more self-contained, and manage itself to have only one single row (per instance) at all times (and as such removing the dependency on the Application Module prepareSession() as documented in "5. Create an empty row in the view object when a new user begins using the application module.")?
    many thanks
    Jan Vervecken

    Thanks for your reply Frank.
    q1) Does sample 90 help ? http://blogs.oracle.com/smuenchadf/examples/
    Yes, the sample from Steve Muench does help, "90. Avoiding Dirtying the ADF Model Transaction When Transient Attributes are Set [10.1.3] "
    at http://blogs.oracle.com/smuenchadf/examples/#90
    It does point out a difference in marking transactions dirty by different layers of the framework, "... When any attribute's value is changed through an ADFM binding, the ADFM-layer transaction is marked as dirty. ...".
    This can be illustrate with a small change in the example application
    at http://www.consideringred.com/files/oracle/2010/ProgrammaticalViewObjectAndRollbackApp-v0.02.zip
    It now shows the result of both these expressions on the page ...
    #{bindings.MyEmployeesContextVOVIIterator.dataControl.transactionDirty}
    #{bindings.MyEmployeesContextVOVIIterator.dataControl.dataProvider.transaction.dirty}... where one can be true and the other false respectively.
    See also the screencast at http://screencast.com/t/k8vgNqdKgD
    Similar to the sample from Steve Muench, another modification to the example application introduces MyCustomADFBCDataControl
    at http://www.consideringred.com/files/oracle/2010/ProgrammaticalViewObjectAndRollbackApp-v0.03.zip
    public class MyCustomADFBCDataControl
      extends JUApplication
      @Override
      public void setTransactionModified()
        ApplicationModule vApplicationModule = (ApplicationModule)getDataProvider();
        Transaction vTransaction = vApplicationModule.getTransaction();
        if (vTransaction.isDirty())
          super.setTransactionModified();
    }Resulting in what seems to be more consistent/expected transaction (dirty) information,
    see also the screencast at http://screencast.com/t/756yCs1L1
    Any feedback on why the ADF Model layer is so eager to mark a transaction dirty is always welcome.
    Currently, question (q2) remains.
    regards
    Jan

  • USE Standard Authorization object in Z Program

    Hi Experts,
    I have already checked other threads regarding this but could not resolve my problem.
    I have created a Z program to update Material Master. I need to use the Authorization object  M_MATE_STA in my program for performing authorization check. Please help me how can I do that?
    Thanks

    hI,
       below is a similar code...
    CONSTANTS:  lc_authobj  TYPE char15 VALUE 'F_BKPF_BUK',
    AUTHORITY-CHECK OBJECT lc_authobj
               ID lc_id_bukrs FIELD v_bukrs
               ID lc_id_actvt FIELD lc_activity.
      IF sy-subrc NE 0.
      ENDIF.
    Amol

  • Query on new Authorization Objects after Upgrade&SAP_NEW profile

    Dear Experts,
    We have upgraded our system from 4.5 to 7.0 version,  i  was checking what are the new authorization Objects  introduced after upgrade comparing older system ojects.  I got few objects which are new in upgraded system,
    But when i check SAP_NEW profile,   and in the latest profile SAP_NEW_7000 profile i can not see all those new Ojects which are new.
    generally SAP_NEW should contain all new objects which come after upgrade?  i can see those in SAP_ALL  but not in SAP_NEW
    is there any issue  in system?  how should I know and where should i check what are the new Objects come in upgrade,
    Please advise.
    Thanks#Regards,
    Vijay

    Hi Jurjen Heeck ,
    see my previous post
    I did 'nt get this.
    SAP_NEW is your friend here
    does the SAP_NEW profile contains all the new authorization Objects.
    Regards,
    Anthony

  • When to create new authorization objects

    Hi Experts,
    I am learning SAP Security.
    I have one question , what is the necessity of creating new authroization field and object , when SAP gives a huge list of objects /fields.
    Is there any reason behind like, whenever a customised transaction is created, a new authorization object or filed has to be created?
    Regards,
    Rekharaj

    Trick is to find not only a standard authorization object with the same field you are looking for, but an object already assigned to the users with those roles with the same semantic for all it's fields - so that you can simply reuse the existing concept which is also assigned to the sets of users.
    Often you will find "base" function modules and classes you can use to do all that work for you. Just call them at the correct location in the code and dont forget to check the return code and react to it.
    If you use BAPI APIs to access or process data, then many of them make these same semantically correct checks "out of the box".
    Cheers,
    Julius

  • What is the use for lock object and how to use the lock objects

    Hi Guru's,
    I am new to ABAP .Can you please clarify the that what is the use of lock object and how to use the loct object .what is use of the Deque & Enque  function modules .

    hi ,
    below are some minfo about lock objects :
      Lock Objects
    These types of objects are used for locking the access to database records in table. This mechanism is used to enforce data integrity that is two users cannot update the same data at the same time. With lock objects you can lock table-field or whole table.
    In a system where many users can access the same data, it becomes necessary to control the access to the data. In R/3 system this access control is built-in on database tables. Developers can also lock objects over table records.
    To lock an object you need to call standard functions, which are automatically generated while defining the lock object in ABAP/4 dictionary. This locking system is independent of the locking mechanism used by the R/3 system. This mechanism also defines LUW i.e. Logical Unit of Work. Whenever an object is locked, either by in built locking mechanism or by function modules, it creates corresponding entry in global system table i.e. table is locked. The system automatically releases the lock at the end of transaction. The LUW starts when a lock entry is created in the system table and ends when the lock is released.
    Creating Lock Objects
    Lock object is an aggregated dictionary object and can be defined by using the following steps:
    o From initial data dictionary screen, enter the name for the object, Click Lock object radiobutton and then click on Create. The system displays a dialog box for Maintain Lock Objects screen
    o Enter short text as usual and the name for primary table.
    -Save
    -Select Tables option
    From this screen you can:
    Select secondary tables, if any, linked by foreign key relationship.
    Fields for the lock objects. This option allows you to select fields for objects (R/3 system allows locking up to record level). Lock object argument are not selected by user but are imposed by the system and includes all the primary keys for the table.
    1) Exclusive lock: The locked data can only be displayed or edited by a single user. A request for another exclusive lock or for a shared lock is rejected.
    2) Shared lock: More than one user can access the locked data at the same time in display mode. A request for another shared lock is accepted, even if it comes from another user. An exclusive lock is rejected.
    3) Exclusive but not cumulative: Exclusive locks can be requested several times from the same transaction and are processed successively. In contrast, exclusive but not cumulative locks can be called only once from the same transaction. All other lock requests are rejected.
    Also, last but not the least, locking the object is logical (locking with any enqueue ) .so, you have to use the lock object while trying to access from second program .
    reward if helpful ,
    Regards,
    Ranjita

  • New Authorization Object within Role

    hi everybody,
    does anyone know how can i get New Authorization Objects for any Role for the new release that did not exist in the same Role from former release?
    tables AGR_1250 and AGR_1251 do not show if object is new for this role. they only show if object is new itself.
    thanks a lot,
    javier rubio

    pandu,
    se54 is not related with this topic.
    thank you very much for your answer, very hepful

  • How to add custom authorization object to a SAP standard transaction

    Hi All,
    I have a standard tcode IW22 (change PM Notification) and I would lock changing when some users modify the field Functional Location (field TPLNR).
    Since this field does not have an authorization object associated, I've tried to solve this problem with the following steps:
    - tcode SU20 - creation of new authorization field TPLNR with data element TPLNR
    - tcode SU21 - creation of  a new auth object in transaction SU21 with name ZPM and field (TPLNR, ACTVT and TCOD)
    - tcode SU24 - insert of new authorization field e check indicator (green)
    - tcode SU22 - check indicator - check (green)
    After this we have created a new role with PFCG and add transaction IW22; the new auth.ZPM was added manually.
    We have try to analyze log (ST01 trace) but it seems no check was made in the trace file.
    It seems new authorization object was not checked.
    My question is: "Is it possible to add a custom authorization object into standard transaction and implementing authorization check without writing abap code in exit or badi ?"
    Thanks
    Maurizio

    > My question is: "Is it possible to add a custom authorization object into standard transaction and implementing authorization check without writing abap code in exit or badi ?"
    >
    No .. not possible. The list of Auth. objects SAP proposed in SU24 for each Stnd. SAP TCodes are basically documentation of the Authority-Checks in the program for that TCode. The extra advantage of SU24 is to set the object status (means the proposal for availability in PFCG) among any of the four check indicators. So that we can provide our own value (customer specific values which are basically defined and separate from sap provided values) and reinforce the authorization concept of the organization.
    So you need to provide a Authority-Check for ZPM in the program of IW22 to make sure that the fields you want to be checked are really being checked during execution of the tcode.
    Regards,
    Dipanjan

  • Adding new authorization objects to transactions

    Hi experts,
    i would like to add new authorization objects to specific transactions, for example the object K_CCA for checking the cost element in the transaction KB15N.
    What do we have to maintain, except the transaction code with (SU22). What do we have to do with the program behind the transaction?
    Is it "just" adding two line of code into the auth object check in the program, similar or like described for client specific ABAP-programs???
    Any experiences on that?
    Regards
    Florian

    Hi,
    First add the objects in DSO then in Info Cube.
    Map the same with transformation.
    Move the objects to production then DSO.
    Load the DSO first. then delete the data from cube in production.
    Now move the modified cube and transformation to production.
    Now load the Cube from DSO.
    No need to change any thing in existing query.
    I hope this will help.
    Thanks,
    S

  • How to create new authorisation object for Transactions?

    Hi,
    How to create new authorisaton object and how to assign that object on a transaction code?
    Case ->
    The transaction code VL01N have the object called V_LIKP_VST under Class "LE_V" that have two auth. fields. one is 'Activity' and other one is "Shipping Point/Receiving Point".
    Here I want to add "Storage location" also. I have created one object called "Z_LIKP_VST" under same calass "LE_V". and added "Activity", "Shipping Poing/Receiving Poing" and "Storage Location". After that I added that object ("Z_LIKP_VST") for particular transaction through "SU24". I maintained the "Display check indicator" for VL01N.
    I created one new role and assigend the particular transacation for a user. but still SAP taking  V_LIKP_VST insted of Z_LIKP_VST.
    How can I change my Z_LIKP_VST on profile.
    Please help
    Thanks in Advance
    Lal

    Hi Kariyath,
    I suppose its not about interest but a MUST.. sorry but.. unless u include the Logic in the program how can SAP pick these custom Z objects ?
    after u create them and assign to a Tcode in SU24 there is no logic to check these objects. Frankly i see no other chance.... unless SAP comes to us with a great easy way to input these Custom objects
    Keep looking and please Update me if u have any Inputs....on this front..
    All the Best
    Br,
    Sri
    Award points for helpful answers

Maybe you are looking for

  • Unable to combine opened PDF files to create onr merged file...

    Hi: Using acrobat 8 under Vista. In version 7 of Acrobat Pro, I was able to merge all of my opened PDFs documents to create a single PDF. I do not see that option in Acrobat 8, is it gone? Now I have to insert every page in another one to merge the f

  • Windows 7 Downgrade from 64-bit to 32-bit

    I recently bought a Lenovo Y550. My Y550 has 4GB RAM and I was recommended to get Windows 7 64 bit by Lenovo. So, I did. Turns out, many of the softwares, utilities I use aren't working well and some don't even install. Without going into alternative

  • Removal of contacts from iPad

    how can I remove my contacts that somehow ended up on a family  iPad without having to do them one by one?

  • Zen Touch 40GB and Windows Vista

    Hi- Apologies for opening a new thread,I can see there have been others on the same subject but cannot make head nor tail of them from the search function. I have a 40GB Zen touch thats nearly full,I love it,its the best device I've ever had or ever

  • DEKSTOP 6 CRASHES CONSTANTLY: WHERE CAN I RE-DOWNLOAD v5 ??

    ENUFF SAID ABOVE !!!!!!!!!!!!!!!!!!!!!!!