HR Authorization related

Similar Messages

• Authorization related with warehouses

  Hi experts,
  I want to make authorization related with warehouses. Only particular users can do material transfer (by MIGO - movement type 311) in a paticular warehouse. How can I do?

  You'd have to use the authorization object M_MSEG_LGO.
  You'd have to make the following ACTVT=XX;WERKS=PLNT; LGORT=SLOC; BWART=311;
  PLNT is your plant
  SLOC is the storage location.
  XX = 03 (display only) or
  Use SU21 to view the object (use find button) and double click to display documenation (or) ask your BASIS administrator.
  Before you can implement the authorization object you need to activate authorization check at storage location level in transaction S_ALR_87000261 else M_MSEG_LGO won't work. You also need to understand the consequence of this is that it will hog the system performance which is why authorization check is inactive by default.
  Edited by: Jeevan Sagar on Jan 18, 2012 12:53 PM

• Structual Authorization related to Appraisal PD module

  Hi,
  I have created appraisal templates properly but i am facing following issue.
  If a person is having roles as well as Structural Authroization for related PA then in Infotype he can see details in"Appraisal where Appraiser or Appraisee" column only if Appraiser and Appraisee belongs to PA for which he can see details.
  If Appraiser belongs to different PA then in Infotype 25 , details r not coming.
  My requirement is that in infotype user can see all the details for user if appraisers belongs to different PA.
  Can you please help me ?
  Thanks and Best Regards
  Puneet

  Hi Rag,
  Thanks for the response.
  My requirement is like following.
  Suppose there are 3 users A, B and C. I m logging through user ID A into SAP system. User A is having some roles in the system and he can see the employees data of PA for which he has authorization.  We have given Structural Auth to user A for that PA (enterprise) also. We have given Struct auth for Appraisal templates also.
  Now if he is checking data for employee B. and C has given feedback for user B. If A, B and C belongs to same PA then A can see the Appraial template in IT0025 but if C belongs to different PA for which user A is not having auth to see data then A user can't see appraisal document in IT 0025.
  When i delete all the structural auth for user A then it's working properly. But we have to give sturctural auth to user A.
  I hope you understood my requirement now. Kindly let me now if u have any doubt.
  Thanks
  Puneet

• Problem for Giving Authorization Related to Notification

  Hi
  We are using QM02 to check the quality notification type q1. For some users we have to give authorizations to change the document attached to notification. Already they have been given authorization for T code QM02. but users are unable to change the document.
  Charuhas

  Check the authorization for transaction CV02N.
  Regards
  Luke

• Transaction Code authorization related query --- Not maintain tcode in Role

  Dear All,
  First of all, I have not found any specific area where I can post my problem.Then I found that the OS level expert should also have expertise in SAP basis administration.My query is as follow;
  I have found a scenario where i have seen that a tcode for ex. VA03 is present in an user from SUIM. But when I tried to find out in which Role and profile it is maintained not found.
  I have checked each and every Role & Profile but no where it is maintained although the user can run this tcode.
  Please note that the tcode VA01 is given as example I actually found this thing for a customized tcode called ZCOA,ZINTROT,ZPROINV etc.
  Please help me by giving some idea that how can they maintain this kind of authorization.
  Please note that this is a USA company running SAP from 2001 & current SAP version is 4.7.
  Thanks,
  Suman

  Hi,
  Please note that the tcode VA01 is given as example I actually found this thing for a customized tcode called ZCOA,ZINTROT,ZPROINV etc.
  Firstly what have you created roles or profiles to accomodate Z-tcodes. If its profile or if its roles select relevant option in tcode SUIM. Viz List transactions in roles / profiles.
  Hope this helps.
  Regards,
  Deepak Kori

• Authorization related to queries

  Hi,
    Here just wanted to know what would be the required authorization for queries.
  Thanks,
  Chandan Kumar

  Hi,
  Info Objects with Authorization Relevant check is the key for User Restrictions at Query Level in BI
  some of the transaction : if you are in 3.x then T.Code RSSM
  if you are in BI7  T.Code RSCEADMIN
  some links
  Business Intelligence Old Forum (Read Only Archive)
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea
  Regards
  Hari

• Bw related security and authorizations

  Hi,
  Can anyone please explain in details about BW security and authorizations related?What are tools used for Bw security?
  Sridhar

  Hi,
  Take a look at the links below also search in SDN then you can find many threads , materials related BW security.
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/bi/authorizationinSAPNWBI
  http://www.*********************/bw_security/bw_security.htm
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/39f29890-0201-0010-1197-f0ed3a0d279f
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/fda2a990-0201-0010-5497-b81b1556df24
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/adeac294-0501-0010-5a97-9ac5d562b1be
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144
  Regards.

• Authorization error while configuring  TREX for HR - talent search

  Hi All
  HR team is performing  talent search configuration and they are using Tcode ESH_Cockpit. Here while creating, they  get this error "Error while preparing".
  For one of the failed connectors (eg: HRTMC AES Documents), job log is as given below:
  24.10.2011 08:34:16 Job started
  24.10.2011 08:34:16 Step 001 started (program ESH_SE_CONNECTOR_MOD_BGD, variant &0000000000027, user ID T710752)
  24.10.2011 08:34:50 Authorization check CP_USER_ALL:
  24.10.2011 08:34:50 Path-based authorization check CP_USER_ALL has wrong data
  24.10.2011 08:34:50 Authorization check CP_USER_ALL:
  24.10.2011 08:34:50 Path-based authorization check CP_USER_ALL has wrong data
  24.10.2011 08:34:50 Authorization check CP_USER_ALL:
  24.10.2011 08:34:50 Path-based authorization check CP_USER_ALL has wrong data
  24.10.2011 08:34:50 Authorization check TB_PLOG, auth. obj. field assignments:
  24.10.2011 08:34:50 Not all authorization fields are mapped to node fields or constants
  24.10.2011 08:34:50 Authorization check TB_PLOG, auth. obj. field assignments:
  24.10.2011 08:34:50 Not all authorization fields are mapped to node fields or constants
  24.10.2011 08:34:50 Authorization check TB_PLOG, auth. obj. field assignments:
  Here they have SAP_ALL assigned and even then they are getting above authorization related error . 
  Your advise will be really helpful. Thanks in advance for your help.
  Regards,
  Aditya

  TREX also uses gateway programs.
  Check with your basis folks or tcode SMGW (go to --> expert functions --> external security) to see whether it is restricted.
  There are also some SAP notes about this...
  Cheers,
  Julius

• Authorization issue when using MB1B

  Hello to all,
  Please help me identify why the user is having authorization issue on MB1B...there's an error message that displays
  "no authorization for delivery from shipping pont 1234"
  Please advise on how to proceed with this error.  What are the checks needed?
  Thanks.

  Dear Patvin
  BASIS consultant is the one who helps in your project for authorization
  related,transporting related.
  See the problem which you are facing is due to authorization ,so a BASIS
  consultant can solve this issue,or just convey the same to your Team Leader.
  The problem is for that T code you can not deliver from Shipping point 1234,you
  can try for some other option.
  Regards
  Mangal

• Please guide me for user authentication and authorization in WebDynPro App

  Hi,
      I just study the WebDynPro to develop the SAP Portal. I've ever developed the Web-based App using J2EE. So when i developed the Web-based App i have to develop the control of the user authentication and authorization on each page for example ,checking the session of the user whether they can access this page or whether session is expired or not,. So i have no idea with the WebDynPro and the SAP Portal because i never had experience for both WebDynPro and Portal.
  I need to ask you some question to clarify my doubt :
  1. SAP Portal  is web page that include every enterprise application with in one page and user log-in to them just on time, isn't it?
  2. If i integrate WebDynPro with SAP Portal, which one will do the authentication and authorization?. I mean that, Do i have to develop the code to check authentication and authorization in the WebDynPro App or Let the SAP Portal manage them?
  3.Could you please suggest the best practice for authentication and authorization in webDynPro.
  Many Thanks
  Noppong J

  in most case you don't have to write code to deal with session, authentication and authorization.
  1. yes,
  2. no, no code needed. you just set an attribute to your application, which make the the authentication required. when user access this page, portal will display the logon page
  3 you can put some authorization related code in web dynpro for specific requirement, search this doc "Protecting Access to the Web Dynpro Car Rental Application Using UME Permissions"

• How to find which custom program uses authorization checks

  Hi all,
  I have been asked to find out which custom ABAP program in our organization is using Authorizations checks and which is not.
  Since there are thousands of custom programs I will need to automatize this process somehow.  But I am not an ABAP expert and I will need some help.
  Could any of you give me an idea of what would be the best strategy to find out if authorization objects/checks exist in a number of ABAP programs?  (would a simple text search do?).
  Many thanks,
  Aldo

  If you are looking out for Authorization related to Execution of any program, then look for entries in table TRDIR where field SECU (Authorization Group) is not blank.
  Below SAP documentation may help you:
  Authorization Group
  Authorization group to which the program is assigned.
  The assignment of a program to an authorization group plays a role when the system checks whether the user is authorized to:
  Execute a program
  --> Authorization object S_PROGRAM
  Edit a program (-Include) in the ABAP Workbench
  --> Authorization object S_DEVELOP
  Programs that are not assigned to an authorization group are not protected against display and execution.
  Security-related programs should, therefore, always be assigned to an authorization group.
  Report RSCSAUTH can also be used to assign programs to authorization groups. This report is documented in detail.

• Authorizations for Adobe Interactive forms

  Hi,
  During Adobe configuration I encounter serious trouble in determining the needed authorizations. We implement basic Adobe forms initiated by managers.
  Can anyone please instruct which SAP ECC roles are needed for executing Adobe Interactive forms?
  Situation
  We assigned the Adobe roles:
  SAP_BC_CM_USER
  SAP_ASR_MANAGER
  The manager has also assigned authorizations to view PA objects for subordintes.
  With extended authorizations I can start new process. However, when the process is started with same user but with the authorization mentioned above I receive the following error:
  "No Adobe Form Is Assigned to the Scenario"
  com.sap.pcuigp.xssfpm.java.FPMRuntimeException: No Adobe Form Is Assigned to the Scenario
       at com.sap.pcuigp.xssfpm.java.MessageManager.raiseException(MessageManager.java:111)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.raiseExceptions(FcISRProcessEvent.java:1980)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callRFCIsrGetFormUrl(FcISRProcessEvent.java:1042)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.setTemplateSource(FcISRProcessEvent.java:459)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callRFCIsrProcessEvent(FcISRProcessEvent.java:798)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callIsrProcessEvent(FcISRProcessEvent.java:380)
       at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEvent.callIsrProcessEvent(InternalFcISRProcessEvent.java:1234)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEventInterface.callIsrProcessEvent(FcISRProcessEventInterface.java:127)
       at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEventInterface.callIsrProcessEvent(InternalFcISRProcessEventInterface.java:409)
       at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEventInterface$External.callIsrProcessEvent(InternalFcISRProcessEventInterface.java:577)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.VcISRShowForm.onBeforeOutput(VcISRShowForm.java:215)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowForm.onBeforeOutput(InternalVcISRShowForm.java:435)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.VcISRShowFormInterface.onBeforeOutput(VcISRShowFormInterface.java:137)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowFormInterface.onBeforeOutput(InternalVcISRShowFormInterface.java:136)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowFormInterface$External.onBeforeOutput(InternalVcISRShowFormInterface.java:212)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.callOnBeforeOutput(FPMComponent.java:603)
  Help is greatly appreciated and will be rewarded when useful!
  Regards,
  Thomas

  Hi Tom,
  When you are familiar with authorizations in PFCG trabsaction you are finaliar with S_DEVELOP if not ask the authorization team on your project.
  Basically this authorization object handles the read/write etc authorization related to devlopment objects. If you implement Adobe forms you will probably develop your own forms or at least copy the SAP forms to customer namespace.
  For Adobe you will therefore have 2 custom development objects (1 for the form and 1 for the interface that is automatically generated). The end-user shoulf have at least READ access to these objects. If not the portal will trow an error on this.
  To determine the tech names of the objects find the form and related interface in transaction SFP. These should be inserted in the object S_DEVELOP in the role for the end users.
  You may want to consider to put the value Z* in the object which will give authorization for all the custom developed objects.
  If you can't find the object reply again and i will send a screenshot.
  Finally, make use of the splended transaction ST01!! It will make your life a lot more easy in portal! It traces all the authorizations needed and missing for any user you specify. After activating the trace and running a portal scenario the log will tell you want went OK and what not on an authorization object level.
  Good luck,
  Thomas

• Authorization-problem for standard users when running WDR_TEST_ZCI

  hi
  we've developed a WDA application incorporating several interactive forms. it all runs fine in QA--environment when a user with developer-role are running the application, but when standard users are running it, it fails.
  the same happens with the demo-app WDR_TEST_ZCI.
  i so belive this to be caused by missing authorizations for the users. can anyone shed any light on which these might be?
  the error as reported in the browser:
  The following error text was processed in the system Q97 : Access via 'NULL' object reference not possible.
  The error occurred on the application server xx-x168_Q97_05 and in the work process 0 .
  The termination type was: RABAX_STATE
  The ABAP call stack was:
  Method: PARSE_XML_SCHEMA of program CL_WD_ADOBE_SERVICES==========CP
  Method: GET_SCHEMA_VERSION of program CL_WD_ADOBE_SERVICES==========CP
  Method: CONSTRUCTOR of program CL_WD_ADOBE_SERVICES==========CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/LADOBE==================CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/LADOBE==================CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L7STANDARD==============CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
  any input appreciated.
  cheers
  tom

  Hi Tom,
  When you are familiar with authorizations in PFCG trabsaction you are finaliar with S_DEVELOP if not ask the authorization team on your project.
  Basically this authorization object handles the read/write etc authorization related to devlopment objects. If you implement Adobe forms you will probably develop your own forms or at least copy the SAP forms to customer namespace.
  For Adobe you will therefore have 2 custom development objects (1 for the form and 1 for the interface that is automatically generated). The end-user shoulf have at least READ access to these objects. If not the portal will trow an error on this.
  To determine the tech names of the objects find the form and related interface in transaction SFP. These should be inserted in the object S_DEVELOP in the role for the end users.
  You may want to consider to put the value Z* in the object which will give authorization for all the custom developed objects.
  If you can't find the object reply again and i will send a screenshot.
  Finally, make use of the splended transaction ST01!! It will make your life a lot more easy in portal! It traces all the authorizations needed and missing for any user you specify. After activating the trace and running a portal scenario the log will tell you want went OK and what not on an authorization object level.
  Good luck,
  Thomas
  ps. Thanks for the appreciation you gave in my other thread. Now we have the answers in both threads as well. Take Care.

• HR Authorizations

  Hello All,
                    I want to give my SAP HR associates all authorizations for HR modules.I tried to assign them P_All profile but with that they are unable to work for t-code PM01.Can u pls suggest any role/profile which I can assign them so that they get all HR authorizations.

  Hi,
  You can resolve this in two steps.
  1. Copy the HR module from SAP Menu and create a respective role. (this wil become big role)
  2. Create another role with proper SPRO authorizations related to HR module.
  This will be enough for the consultant access. Again in production you should proovide only display access. That means you can create the display version of the above roles.
  Regards,
  Gowrinadh

• Authorization for FBCJ tcode

  Hi,
  Is it possible to give authorization for tcode FBCJ (its FI/CO related) where one will have only save the data in FBCJ and onother person will have authorization for Post the data.
  If Possible how to make can anybody suggest me ?
  Thanks
  kumar n

  Hi,
  It is possible to do so with the authorization object F_FBCJ. You will need to restrict the activities 10 (Post) and 32 (Save) for this object as required.
  Please post authorization related queries in the 'Security' forum the next time.
  Regards.