J2I5 Authorization on Plant
Dear Sir,
We have multiple Plant configured in our SAP system . For Tcode J2I5 , we need to have authorization control on Plant also . But in the default Authorization Control Object available for J2I5 , we find that control is available only on ACTIVITY & EXCISE GROUP objects .
Kindly guide us , as how can we have control on PLANT also .
With thanks and Rgds
Sonia
Generally For all the plants at a single location ,a single Excise group should be assigned, which is the concept behind providing the authorisation object J_1IREGEXT -based on excise groups & actvt only.
There should not be a need to seperately extract a single excise group's Register based on different plant selection, as the register is for the whole Excise location.
However even if the situation demands you can talk to your basis team for a new master derive roll creation where in Master roll you can check Plant & in derive roll the same object can work.
I hope it'll be helpfull.
Regards,
ak
Similar Messages
-
Missing authorization for plant ' '
User is missing authorization for plant ' '
User trace gives the following missing authorization
Object:
M_IS_WERKS RC=4 MCINF=S039;WERKS=' '
Can anybody help me out to find the meaning of space( ' ' ) in plant or any field?
thank you in advace* Prüfung, ob Berechtigung für die Werke existiert
SELECT * FROM T001W INTO TABLE AW_HLP_T001W
WHERE WERKS IN AW_WERKS.
DESCRIBE TABLE AW_WERKS LINES SY-TFILL.
IF SY-TFILL > 0.
FLG_SELECT = 'X'.
ENDIF.
<b> clear aw_hlp_t001w-werks. " note 124769, ver.04
collect aw_hlp_t001w. " note 124769, ver.04</b>
LOOP AT AW_HLP_T001W.
AUTHORITY-CHECK OBJECT 'M_IS_WERKS'
ID 'MCINF' FIELD AW_MCINF
ID 'WERKS' FIELD AW_HLP_T001W-WERKS.
There must be a reason to add an empty line, which causes the silly authority check. As far as I understand Note 124769 you have got to add plant ' '. See Note 408003: ."Create an authorization for the authorization object M_IS_WERKS which contains the value WERK = . Refer to Note 124769." -
QM: Authorization for plant, insp type and transaction
Hi,
I haven't found a way to solve this problem. Maybe you know better.
I would like to create an authorization profile that allows a user to view inspection lots and results in plant A and B for certain inspection types. Furthermore, the user should be able to edit these lots and record results to these lots in plant A, but in plant B he should only be able to view them.
Any idea?
Thanks, Marcus.Hi ,
Please activate inspection type 08 stock transfer ..
If this inspection type is active then during stock transfer lot gets generated.
Also check QM active for this perticular movement in custamizing setting.
Regards
SANIL -
User Authorizations for Plant & Material Type
The requirement says
Get all the users having authorizations to transactions - QA11, QA12, MSC1N, MSC2N & MSC4N.
Then filter out the users to those who have access to Plant & material Type which are entered on the selction- screen.
now how to get those users who have access to Plant and/or Material Type entered on the selection-screen.
Plz reply
Thanks in advanceHi suresh,
check the following standard program ,probably would be useful to you.
<b>RSUSR010 Transactions that can be executed by users, with Profile or Authorization</b>
If you want the table for "user profile change history ", below tables can help you:
<b>USH10
USH02
USH03
USH12
</b> Also check the following Tables would be useful,
<b>UST12</b>
Authorizations and Tcodes per Profile
<b>UST04</b>
Assignment of users to Profiles
<b>AGR_USERS</b>
Assignment of roles to users
<b>USOBT_C</b>
Authorizations associated with a transaction
<b>USR02</b>
Last logon date, locked IDs
<b>AGR_TCODES</b>
Assignment of roles to Tcodes (4.6 tcodes)
<b>USH02</b>
Change history for users (e.g. who last changed users via SU01)
<b>USH04</b>
Display history of who made changes to which User Ids
<b>
USR40</b>
Non-permitted passwords
<b>USR41</b>
Users with logon information (multiple logons)
I have given u all possible tables,and the standard program select the according to your need.
should solve ur problem.
Thanks & regards,
Pawan P. Khilari -
How to authorize another plant
Hi all,
I would like to use another plant for my STO.
But sys issues msg like " dont 've authorization for this plant".
What t-code used to get authorisation?
Thanks in advanceHi,
Go to SU01, here enter User ID and click "Display" button
Now go to "Roles" tab, here double click on the role assigned
A new session will get generated, here click on "Authorizations" Tab, here click on "Display Authorization Data" button
Here Use Authorization Object "M_BEST_WRK" for Plant under "MM_E" (Materials Management: Purchasing)
Take help of BASIS Guy -
Availability Check authorization per plant
Hi
How can we set in VA01/VA02, such that user is only allowed to have availability check on certain plants.. and not allowed to check other plants..One option is through Object assignment in PFCG, this can be achieved. The other method is dont maintain that storage location in MMSC. In fact, you can also consider sale order user exit.
But of these options, I would prefer creating separate roles in PFCG where I assign only those plants for which availability check should happen and assign this role to that user id. The object for this is C_AFKO_AWK
thanks
G. Lakshmipathi -
Hello all,
I am one question on OMD0 transaction. I want to secure the access per plant to this transaction. The authority check is only in the object S_TABU_DIS for today.
Does everyone can help me ?
Thanks !Nobody can help me ?
-
Authorization for Plant in component overview in CO02
HI
I would like to know how I can restrict access to the plant of a component in CO02 ?
thanks
martineHi
The user exit PPCO0008 ( Enhancement in the adding and changing of components) can help you restrict any changes of the component in CO02, please go to the SMOD to read its documentations. This is called befor saving the production order then you can check if any changes happened in the component, if yes, you can reject the changes through your own shource code there.
Regards.
Leon. -
Creating Authorization for multiple plants
Hi,
I have one requirement that, Creating Authorization for multiple plants
SELECT-OPTIONS: s_werks FOR mseg-werks.
AUTHORITY-CHECK OBJECT 'M_MSEG_WMB'
ID 'ACTVT' FIELD '03'
ID 'WERKS' FIELD s_werks.
1. If have no of plants in s_werks then how to authorize the plants?
2.if i dont enter any plant in my selection screen how to authorize that?
3. if i have 5 plant only then how i can authorize those perticular plants only?
Thanks in advance,
Thanks,
DP.S_WERKS is not a field; it's a set of fields. Use simple ABAP to select your plants and loop at the selection(s) to check...
-
Cross-Plant Authorization in VF03
Hi Experts,
One user has authorization to Plant - X which is not assigned to user in VF03 TCode.
When we checked VF03 TCode is not calling Plant Org. Level itself.
There is any way to restrict this?
How can a user have authorization to work on cross-plant which is not required by VF03 Tcode ?Whether it can be possible by any other Org. levels?
Note : User is having VF03 Tcode in Role 1.Plant - X is present in Role 2 which is assigned to him.So the user can able to post in Plant - X?
Kindly help me to solve the problem.
Regards,
KarthikaHI,
Please check whether VF03 is looking for Plant (WERKS) or Sales Org (VKORG). I think it should look for the latter i.e. VKORG. If its looks for VKORG then restrict using that. It is wont suffice if it is controlled via Plant or WERKS. Please check first via Trace what the transaction is looking for. It should be Sale Org and control with that.
Regards
Aveek. -
Error while selecting plant in SC
I am getting an strange error : No authorization for plant
I have checked in pposa_bbp the user has the plant assigned in " Extended attributes " in location
the location is replicated in BBP_locmap, If I use any other location than default it gives me this error .
For any other plants other than the default I get the error if I use default it gives me no error .. Please suggest on what is to be done ..Hi Vinita,
I would recommend one thing, It looks like the error message is ECC specific. Can you please try to create PO with company code / Plant Combination in ECC directly to see if the error is coming?
Thank you
Ritesh -
How to determine role authorization of user in MAM?
Hi everyone,
I'm new to SAP and SAP MI, and I am currently implementing (or "enhancing") a MAM. I have the following question on user authorization:
In terms of role authorizations, does anyone know how I can determine what roles an authenticated user have from SAP? For example, if user A logs into the MI Client, and if this user accesses the MAM, is there a way for the MAM to know what kind of user roles he/she has? Is there a SyncBo that will give me such info? I checked the JavaDocs for the SyncBo's, but they have NO descriptions. The closest thing that I found was in MAM090 (Interface com.sap.mbs.mam.bo.MAM090). There are getter methods for getRoleGen(), getProfileResource(), and getPartnerRole(). Are any of these usable?
Are there any good documents that I can look at to determine what each SyncBo's does?
Many thanks!
JeffreyHi Jeffrey!
Here are the 3 different checks you have to look at"Users & Authorizations" for setting up your MAM Users.
(1) SAP Backend:
(1a) The SAP MAM User who synchronizes with the Backend from the MI Client should have all necessary authorizations for Plant Maintenance Components of the SAP System that are associated with your MAM Scenarios.Pl refer to the following SAP Authorization Objects I_ALM_ME ,I_AUART,I_BEGRP,I_BETRVORG,I_CCM_ACT ,I_CCM_STRC,I_ILOA,I_INGRP,I_IWERK,I_KOSTL ,I_QMEL,I_ROUT ,I_ROUT1,I_SOGEN,I_SWERK,I_TCODE ,I_VORG_MEL,I_VORG_MP ,I_VORG_ORD,I_WPS_MEB ,I_WPS_REV in your Backend System and have it assigned to the User Profile, based on your requirement.
(1b) Service User for setting up the MAM & MI Landscape: This user logon info has to be setup in the RFC Destination that is associated with your MAM25 SyncBOs, to logon to the Backend System and this user should have the basic authorizations required to establish the connection.
(2) MI Middleware: The SAP MAM User who synchronizes with the Backend from the MI Client should have the following Authorization Objects assigned to his/her profile. S_ME_SYNC, S_RFC, S_TCODE.
(3) MI Client: Refer to MI Security Guide.Pl note that the MI Client MAM User is same as the Middleware User and the Backend User.You should be taking care of this already.This is just a FYI.
Let me know, if you are looking for any other additional info.
Thank You
Gisk -
Authorization on sensitive data
Hello Gurus,
In one of the infocubes we have authorization activated by plant. So it allows the users to see data only from their plants.
ie
Plant PurchaseOrder customer Qty Price(Sensitive)
A 111111 C1 10 $100
B 222222 C1 1 $10
Currently a User from Plant A can see the data in the first row and user from Plant B can see the second row. User from Plant A is not allowed to access Data of Plant B and Vice- Versa
The requirement is that the user from Plant A should be able to see Row 1 + Row 2 (except the value in Price info Object).
How to define the Authorization at field level to implement this security ....
ThanksHi,
When we create the custom reporting Authorization object in transaction RSSM, there's a field 1KYFNM.
But it's mentioned in this link that Key Figures cannot be marked as Authorization relevant.
http://help.sap.com/saphelp_nw04/helpdata/en/6b/ebb3ac244f11d5b2e30050da4c74dc/content.htm
May be you can try the following authorization.
Not exactly what you require beacause this'll display the Overall Qty and Price
of Plant B for users from Plant A.
You can define two seperate authorizations for Users from Plant A.
Authorization I
Plant - A.
Purchase Order - *
Customer - *
This Authorization enables users from Plant A to view all the details based on Purchase Orders
and Customers including detailed Qty and Price for Plant A.
Authorization II
Plant - * ( or B depending on your requirement)
Customer - <b>:</b>
Purchase Order - <b>:</b>
When you use <b>:</b> as an authorization value it'll only display the overall Result based on Purchase Order
and Customers for Plant B ( If *, then for all Plants). ie the users will only be able to view the
overall qty for Plant B.
For users from Plant B, you can define the authorization as follows.
This'll display the entire details for Users from Plant B for Plant B.
Plant - B.
Purchase Order - *
Customer - *
Also refer Setting Up Reporting Authorizations.
http://help.sap.com/saphelp_nw04/helpdata/en/a0/48f438f3422f2ce10000000a114084/frameset.htm
Refer this document also.
<b>Advanced Features of SAP BW Reporting Authorizations</b>
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
Regards
Hari
Message was edited by: Hari Krishnan K
Message was edited by: Hari Krishnan K -
Dear All,
My client having 15 user licenses, each user belong to one particular plant (werks). Example: Coimbatore user belongs to 1000, Chennai user belongs to 1100, and Calcutta user belongs to 1200 u2026etc up to 15 users.
Here I developed one ALV report for territory wise sales report, my client requirement is they need to restrict the report plant viceu2026plant 1000 user want to see plant 1100 user report means it wont allow, Only I have to give authorization to see for 1000 user. I already declared plant in my selection screen .pls give me input to address this issue..
Thanks and regards
MurugeshYou can try by using authorization check on the PLANT(WERKs) field and also you can display an information message for which user has no authorization.
Try by using below code-
AT SELECTION-SCREEN.
IF NOT p_plant IS INITIAL.
REFRESH: it_werks,
it_werks1.
*Fetch data from master table of plant (T001W)
SELECT werks FROM t001w
INTO TABLE it_werks
WHERE werks = p_plant.
IF sy-subrc EQ 0.
LOOP AT it_werks INTO wa_werks.
*check authorization for plant
AUTHORITY-CHECK OBJECT 'M_MATE_WRK'
ID 'ACTVT' FIELD '03' "FOR DISPLAY THE DATA
ID 'WERKS' FIELD wa_werks-werks.
IF sy-subrc EQ 0.
*Plants with authorization
wa_rwerks1-sign = 'I'.
wa_rwerks1-option = 'EQ'.
wa_rwerks1-low = wa_werks-werks .
APPEND wa_rwerks1 TO r_werks1.
ELSE.
*Plants without authorization
APPEND wa_werks TO it_werks1.
ENDIF.
CLEAR wa_werks.
ENDLOOP.
*No plant is authorized
IF r_werks1[] IS INITIAL.
MESSAGE e011 WITH text-039.
*Display all the plant in an information message
*for which user has no authorization
ELSEIF it_werks1 IS NOT INITIAL.
LOOP AT it_werks1 INTO wa_werks1.
CONCATENATE wa_werks1-werks ',' gv_text INTO gv_text.
CLEAR wa_werks1.
ENDLOOP.
MESSAGE i011 WITH text-040 gv_text.
ENDIF.
ENDIF.
ENDIF.
This works for me.
thanks,
Khush -
Authorization issue with Inbound Delievries
Hi,
Can we control authorization of Inbound Delivery creation/Change (VL31N/VL32N) based on receiving point or storage location.
Currently we are only able to control authorization at Plant level which is wide open and client needs restriction at Receiving Point or Storage Location Level.
Let us know the Autho Object to resolve thie security restriction issue.
Regards,Hi,
As i know, we can control the authorization at the Receiving Point level, but i am not sure about the Storage Location level.
You need to check the authorization object with Basis people.
Thanks
Aktar
Maybe you are looking for
-
Erropage.jsp on Tomcat 5.5
Can someone help me. I seems simple but I'm searching for a couple hours. After upgrading to Tomcat 5.5.7 and JDK 1.5.0 cannot catch execeptions in JSP page. Error : HTTP 500 The page cannot be displayed. No errors messages in the Tomcat log files. W
-
I recently updated FF and then spent some time organizing and how the dontents of the folders appear to the right and I want them to go back to the left as they have been for as long as I have been using FF
-
Pointing ItunesU.class to a cgi-bin directory.
Our school is setting up an ITuneU page and we have successfully compiled the ITunesU.class file but for some reason our web server does not have a cgi-bin directory to put these files into. Can we put the Java files into a different directory or is
-
How to extract data using xml datatype
Hi, I tried the following example using xml data type , but not getting the required output. could you please correct the query so as to get the required one CREATE TABLE TEST.EMP_DETAIL EMPNO NUMBER, ENAME VARCHAR2(32 BYTE), EMPDET
-
I thought photos were supposed to be filed in the Mac photo file. Where are the migrated files located?