Restrict users based on Customers

Similar Messages

• FD32 restrict users based on a schedule of authority

  All,
  I have a requirement within FD32 to restrict users based on a schedule of authority.  For example, only allowing credit limits to be changed in a user's authorized dollar range.  I was able to restrict the Credit Limit field (change/display) by using field groups, but I have an extension of the requirement for a schedule of authority.  Can someone please  help?

  You could use F_KNA1_BED, I guess - but that would mean excessive maintenance of both: BEGRU and customers, if I understood your scenario correctly and you really, really want to break that down to single customers.
  It would be even more excessive to utilize F_KNA1_GRP. Can be done, though.
  Both solutions are completely un-elegant and I am not happy proposing them. But I am curious as a cat: what exactly is the business process expecting you to restrict access to customer data down to a single customer?
  Edited by: Mylène Dorias on Mar 24, 2010 8:39 AM

• Restricting Users based on GL Authorization Group

  Gurus,
  I have got requiremnt from our finance consultant/team for restricting users from accesing particular GL accounts in a company code. There are some GL which users are not supposed to view.
  We have created authorization group in FS00 -Control data , but we cannot see that group in object F_BKPF_BES(Account authorization for GL accounts).
  Please help.
  Regards

  Hi,
  Step1: Create Tolerance Groups
  Step2: Assign Users to Tolerance Groups
  Step3: Remove/Add T Codes in Users Master Data (T Code: SU01)
  Thanks
  Chandra

• Restricting user based on Delivery Block in VA02

  Hi ,
       As per my bussiness team I am suppose to restrict the user  depening on delivery block in transaction VA02 .There are no SAP pre-defined feilds to restrict at delivery block level from PFCG .Please kindly help .Thanks in advance .

  Hi,
  Can you please assist, with the Issue below?
  1)     Tcode : VA02
  2)     I have created authorization Object for field level authorizations for
  Delivery Block   --- LIFSK
  Billing Block  -
    FAKSK
                             Maintained Field Level SD Authorizations                                ZV_FIELD
  Maintained Field Level SD Authorizations                                T-ED49128000
                      Activity                       02, 03                                                                      ACTVT
                      Billing block in SD document   Z3                                                                          FAKSK
                      Delivery block ( document heade ZH                                                                          LIFSK
  3)     Now I want to restrict to a particular Delivery Block and  a Billing Block, but I am able to change to other  Delivery Block and Billing Blocks even though I have restricted to Z3 and ZH ( this case)

• Is it possible to restrict user based on personal information workset ?

  Hi Experts,
  I have a requirement in which I need to allow other worksets in ESS to be accessed only if one workset "Personal Information" is completed.
  In this workset "Personal Information", there is an iView "Certify Own Data". In this ivew there are couple of checkboxes which need to be ticked and saved. this checkboxes will automatically be checked when the user enters required data in other related ivews such as "Address", "Family Details", "communications" etc.
  All I want to achieve is to allow the user only if he fills all his personal information and certify's his own data. After clicking on SAVE button only he would be able to access other worksets such as "Attendence".
  Please someone suggest me how to achive this functionality. Do i need to develop new application or i can achieve this functionality by just maintaining some kind of iview validation.
  Earlier response would be much appreciated.
  Thanks
  Uday

  you can do a badi validation
  BADI HRPAD00INFTYBL and HRPAD00INFTYDB for new framework of  infotype.
  Please refer the SAP Note 864910 BADI HRPAD00INFTYBL and HRPAD00INFTYDB
  But to control the workset would be difficult in standard, probably you can do a modification
  you can control services using proxy classes though

• How to Restrict users to change password

  Hi All,
   I would like to restrict user to change password only defined number of times in a day, Is it possible to do it through group policies.
  Please note i am already aware of "Minimum Password age" feature, however i do not want to use it as the minimum value that i can set here is 1 day. I would like to restrict users based on password reset threshold e.g. User can reset his password
  in a day only twice or thrice.
  Thanx & Regards,
  Wasim Parkar

  If you want to limit the user to have his/her password changed for a specific number of time every day, I have to say
  NO thats not possible. PSO's as other mentioned,can be used to have different password policies. Maybe you can set the msDS-MinimumPasswordAge
  to 00:04:00:00 which is equal to 4 hours. It means every 4 hours a user will be able to change his/her password. So in each day a user can change the password 6 times, since a day is 24 hours.
  Do not forget a day start from 00:00 AM up to 11:59 PM. So in a 9 to 5 job, a user may change the password 2-3 times.
  Hope it helps.
  Mahdi Tehrani Loves Powershell
  Please kindly click on Propose As Answer or to mark this post as
  and helpfull to other poeple.

• Retrieving ALL values from a single restricted user property

  How can I retrieve ALL values of a single restricted user property from within
  a .jpf file?
  I want to display a dropdown list within a form in a JSP which should contain
  all the locations listed in the property 'locations'. I ever get just the default
  value when I access the property via
  ProfileWrapper pw = userprofile.getProfileForUser(user);
  Object prop = pw.getProperty("ClockSetup", "Locations");

  Well, the code you've got will retrieve the single value of the property
  for the current user. You're getting the default value because the
  current user doesn't have Locations property set, so the ProfileWrapper
  returns the default value from the property set.
  I assume you want to get the list of available values that you entered
  into the .usr file in Workshop. If so, I've attached a
  SetColorController.jpf, index.jsp, and GeneralInfo.usr (put in
  META-INF/data/userprofiles) I wrote for an example that does just this.
  It uses the PropertySetManagerControl to retrieve the restricted values
  for a property, and the jsp uses data-binding to create a list from that
  pageflow method.
  For a just-jsps solution, you can also use the
  <ps:getRestrictedPropertyValues/> tag. I've attached a setcolor-tags.jsp
  that does the same thing.
  Greg
  Dirk wrote:
  How can I retrieve ALL values of a single restricted user property from within
  a .jpf file?
  I want to display a dropdown list within a form in a JSP which should contain
  all the locations listed in the property 'locations'. I ever get just the default
  value when I access the property via
  ProfileWrapper pw = userprofile.getProfileForUser(user);
  Object prop = pw.getProperty("ClockSetup", "Locations");
  [att1.html]
  package users.setcolor;
  import com.bea.p13n.controls.exceptions.P13nControlException;
  import com.bea.p13n.property.PropertyDefinition;
  import com.bea.p13n.property.PropertySet;
  import com.bea.p13n.usermgmt.profile.ProfileWrapper;
  import com.bea.wlw.netui.pageflow.FormData;
  import com.bea.wlw.netui.pageflow.Forward;
  import com.bea.wlw.netui.pageflow.PageFlowController;
  import java.util.Collection;
  import java.util.Iterator;
  * @jpf:controller
  * @jpf:view-properties view-properties::
  * <!-- This data is auto-generated. Hand-editing this section is not recommended. -->
  * <view-properties>
  * <pageflow-object id="pageflow:/users/setcolor/SetColorController.jpf"/>
  * <pageflow-object id="action:begin.do">
  * <property value="80" name="x"/>
  * <property value="100" name="y"/>
  * </pageflow-object>
  * <pageflow-object id="action:setColor.do#users.setcolor.SetColorController.ColorFormBean">
  * <property value="240" name="x"/>
  * <property value="220" name="y"/>
  * </pageflow-object>
  * <pageflow-object id="action-call:@page:index.jsp@#@action:setColor.do#users.setcolor.SetColorController.ColorFormBean@">
  * <property value="240,240,240,240" name="elbowsX"/>
  * <property value="144,160,160,176" name="elbowsY"/>
  * <property value="South_1" name="fromPort"/>
  * <property value="North_1" name="toPort"/>
  * </pageflow-object>
  * <pageflow-object id="page:index.jsp">
  * <property value="240" name="x"/>
  * <property value="100" name="y"/>
  * </pageflow-object>
  * <pageflow-object id="forward:path#success#index.jsp#@action:begin.do@">
  * <property value="116,160,160,204" name="elbowsX"/>
  * <property value="92,92,92,92" name="elbowsY"/>
  * <property value="East_1" name="fromPort"/>
  * <property value="West_1" name="toPort"/>
  * <property value="success" name="label"/>
  * </pageflow-object>
  * <pageflow-object id="forward:path#success#begin.do#@action:setColor.do#users.setcolor.SetColorController.ColorFormBean@">
  * <property value="204,160,160,116" name="elbowsX"/>
  * <property value="201,201,103,103" name="elbowsY"/>
  * <property value="West_0" name="fromPort"/>
  * <property value="East_2" name="toPort"/>
  * <property value="success" name="label"/>
  * </pageflow-object>
  * <pageflow-object id="control:com.bea.p13n.controls.ejb.property.PropertySetManager#propSetMgr">
  * <property value="31" name="x"/>
  * <property value="34" name="y"/>
  * </pageflow-object>
  * <pageflow-object id="control:com.bea.p13n.controls.profile.UserProfileControl#profileControl">
  * <property value="37" name="x"/>
  * <property value="34" name="y"/>
  * </pageflow-object>
  * <pageflow-object id="formbeanprop:users.setcolor.SetColorController.ColorFormBean#color#java.lang.String"/>
  * <pageflow-object id="formbean:users.setcolor.SetColorController.ColorFormBean"/>
  * </view-properties>
  public class SetColorController extends PageFlowController
  * @common:control
  private com.bea.p13n.controls.ejb.property.PropertySetManager propSetMgr;
  * @common:control
  private com.bea.p13n.controls.profile.UserProfileControl profileControl;
  /** Cached possible colors from the User Profile Property Set definition.
  private String[] possibleColors = null;
  /** Get the possible colors, based upon the User Profile Property Set.
  public String[] getPossibleColors()
  if (possibleColors != null)
  return possibleColors;
  try
  PropertySet ps = propSetMgr.getPropertySet("USER", "GeneralInfo");
  PropertyDefinition pd = ps.getPropertyDefinition("FavoriteColor");
  Collection l = pd.getRestrictedValues();
  String[] s = new String[l.size()];
  Iterator it = l.iterator();
  for (int i = 0; it.hasNext(); i++)
  s[i] = it.next().toString();
  possibleColors = s;
  catch (P13nControlException ex)
  ex.printStackTrace();
  possibleColors = new String[0];
  return possibleColors;
  /** Get the user's favorite color from their profile.
  public String getUsersColor()
  try
  ProfileWrapper profile = profileControl.getProfileFromRequest(getRequest());
  return profileControl.getProperty(profile, "GeneralInfo", "FavoriteColor").toString();
  catch (P13nControlException ex)
  ex.printStackTrace();
  return null;
  // Uncomment this declaration to access Global.app.
  // protected global.Global globalApp;
  // For an example of page flow exception handling see the example "catch" and "exception-handler"
  // annotations in {project}/WEB-INF/src/global/Global.app
  * This method represents the point of entry into the pageflow
  * @jpf:action
  * @jpf:forward name="success" path="index.jsp"
  protected Forward begin()
  return new Forward("success");
  * @jpf:action
  * @jpf:forward name="success" path="begin.do"
  protected Forward setColor(ColorFormBean form)
  // set the color in the user's profile
  try
  ProfileWrapper profile = profileControl.getProfileFromRequest(getRequest());
  profileControl.setProperty(profile, "GeneralInfo", "FavoriteColor", form.getColor());
  catch (P13nControlException ex)
  ex.printStackTrace();
  return new Forward("success");
  * FormData get and set methods may be overwritten by the Form Bean editor.
  public static class ColorFormBean extends FormData
  private String color;
  public void setColor(String color)
  this.color = color;
  public String getColor()
  return this.color;
  [GeneralInfo.usr]
  [att1.html]

• User Based Security in Power BI (Power Pivot / Power View)

  I am looking for a way to implement User based security (based on user access needs to restrict data) for my Power BI reports. Is there any way implement this kind of security. We have this support in traditional OLAP cube by creating roles and manage them
  at different dimensional data.
  Any help would be highly appreciated.

  Hello,
  You want to implement this functionality using the Power BI Preview or using the Power BI reports integrated in an application?
  Hugs!
  Bruno Destro
  Dicas de programação em .net, C# e SQL - http://smcode.com.br/blog.aspx

• Restrict qty based on customer

  Hi,
  I need to restrict qty of materials based on customers.
  So how to proceed.
  regards,
  sathya

  Dear Satya,
  One way is Product Allocation:
  Product allocations are created in the logistics controlling area in the planning hierarchy
  Logistics --> Logistics Controlling --> Flexible planning --> Planning create/change --> Planning type: COMMIT for SAP standard planning type
  [Proct Allocation Functionality|http://www.sap-img.com/sap-sd/implement-the-product-allocation-functionality.htm]
  [SAP Help - Product Allocation|http://help.sap.com/saphelp_47x200/helpdata/en/93/744d12546011d1a7020000e829fd11/content.htm]
  [PAL - Customer|http://apolemia.blogspot.com/2008/09/modeling-limits-and-reservations-with.html]
  Best Regards,
  Amit

• User based authorization to create Purchase Orders out of Purchase Req.?

  Hello,
  I have the following requiment for my client:
  User based authorization to create Purchase Orders out of Purchase Req.?
  I am told the same can be achieved using same standard menu path in IMG/Customizing.
  Please advise with the menu path and detials, Usefull answers will be rewarded.
  Thanks

  Using OMET Function Authorization, you can restrict users to create Purchase orders without Purchase Reqn.
  Using OMET trxn code Create one Function Authorixation Called pr and in General Parameters tab Select the Field Selection and in Possible reference Objects Tab Mark the With ref to Prs check box and save.
  Next, you've got to associate via SU01 
  Click Parameters, insert a new parameter id EFB to the authorization code. 
  Type in Parameters value you want e.g. XX 
  You have to assign the control for ALL the SAP buyers via thier SAP users id.
  Logoff and login again. Then try to create a Purchase Order without a reference.
  From Next time whenever you try to create with out referring PR it will not allow you to Save PO.
  Regards,
  Ashok

• Restricting User from creating new records using when-validate-record

  Hi,
  I have a requirement for which I have to restrict he user from creating a record in the Supplier Master form if the suppliier type is 'Affiliate Supplier'.
  I have done the following setups
  Seq 10
  Description Restricting user from creating Affiliate records
  Level Function
  Enabled Yes
  Condition:
  Trigger Event WHEN-VALIDATE-RECORD
  Trigger object VNDR
  Condition "${item.VNDR.VENDOR_TYPE_DISP_MIR.value} is NOT NULL
  and
  ${item.VNDR.VENDOR_TYPE_DISP_MIR.value} LIKE 'Affiliate%'
  Processing Mode BOTH
  Context
  Level User
  Value User Name
  Action Sequence 1
  Type Message
  Action Description Saving Affiliate record
  Language ALL
  Message Type Show
  Message Text You Cannot Create Affiliate records Here
  Action Sequence 2
  Type Builtin
  Action Description Stop Proceesing
  Language ALL
  Action Enabled Yes
  Builtin Type RAISE FORM_TRIGGER_FAILURE;
  This is working good on one instance but when I moved it to another instance
  when I query the form and try to navigate to the bank accounts tab of the form which is based on a differnt block i.e VNDR_USES block, the when-validate-record trigger fires there also and stops the processing.
  Any suggestions on this would be higly appriciated.
  Thanks in Advance.

  Hi Srini,
  Yes, it does work...but in a Form Session if i Create more then one Item, in some cases it fires for the first records and not sleeps for the second.
  Sometimes it doesn't give any response.
  Appreciated if you divert to the link to check the Pacthes for 11.5.10 on Form Personalization.
  Please share any ideas/example if yiou have to achieve the below requirement.
  Requirement:
  Once New record is created , a Custom Procedure should be invoked.
  with out closing Form i am able to create n number of Items, so for every Item it should invoke Custom PLSQL Code on Save.
  Let me know if i can achieve the same in Custom.pll .....as i can use either of Options.(Form Personalization/Custom.pll)
  Thanks & regards,
  Edited by: user632004 on Mar 16, 2010 7:50 PM
  Edited by: user632004 on Mar 16, 2010 8:09 PM

• DUN Bluetooth connection to PocketPC, Vista and restricted user rights

  Hallo,
  I've successfully established a DUN connection to my Pocket WM5-based QTEK 9100 smartphone via Bluetooth and the Toshiba Stack, latest version. My notebook is a X200-21D with Vista Home Premium.
  Everything works well as far as I don't change the Vista user to an user with restricted rights, for the user with Administrator rights the Bluetooth Utility created a new DUN connection and a new modem with a virtual COM port. The user with the restricted rights isn't allowed to setup a new connection but this is necessary to connect to the smartphone with the Bluetooth Utility. On the administrative account the radio button to allow the connection to be dialed from other users is disabled and greyed out, so there is now way to open it for other users.
  How can I setup an Bluetooth DUN connection for a user with restricted rights ?
  Thank you in advance !

  Should the Restricted user use the same DUN configuration like the Admin ?
  If so, then you can use "Bluetooth Settings-> Custom Mode". This allows you to
  select the "33600 Standard Modem" from the list which was configured before by
  the Admin. So every DUN which was configured by the Admin can be used by the
  Restricted user with this method. Restricted users can not install hardware, so
  if the Admin has not installed a modem, then also the Restricted user can not use it.
  The Admin can pre-install a modem with the Bluetooth stack installation.
  This is useful if the restricted user should be able to configure a DUN connections
  with advanced modem settings which are not used by the Admin.
  This should be possible if the "as.ini" file has a line "MODEMINST = 1"

• User based authorization

  I have a question about role based authorization. Guess we have 100 transactions and 100 users. I know we have to create a new role for a new combination of transaction list. Ex: 1,2,3,4,14,15 is RoleA and 1,4,25,34 for RoleB and so on. What will it be If we have a really mixed authorization combination. Guess 15 users use A Role and 20 B Role. But we have a three new user. They mustn't use only two transaction in A Role. Now we came subject of my question. I don't want to create a new role for these users. Is it possible to restrict authorization? As if in same role but restricted to use these transactions. (without abap coding) In a clear expression user based transaction authorization, not role based.

  Hi,
  in my opinion that isn't possible without coding.
  Sorry ;-(
  Regards
  Bernd

• Restricting User-Defined Layout in CV04N

  Hi All
  A user having cv04n authorization can change the layout and save as User-Specific Layout. We may be giving various information via CHARS / Values and users add those to layouts and see
  Now a User who do not have Authorization to a Document type , say FIN (for Finance) , can get the details in the CHARS and Values of FIN Document Type using cv04n, by modifying the standard layout.
  Any Authorization to control user not to change layouts in cv04n...?
  I have found one Authorization S_ALV_LAYO which restricts to make Global layout, but it allows to make User Defined layouts..
  Any solutions to restrict User not to modify default layout in cv04n?? Or in way can we restrict User not to add CHAR s into search layouts?
  Regards
  Aby

  Hi Aby,
  We can restrict the user from viewing the documents based on document type and authorization group. This can be achieved by implementing BADI  "DOCUMENT_SEARCH01" and interface "CHANGE_SEARCH_ORDER". Inside this we can do an authority check on each document (DOKAR), using standard authorization object for document type C_DRAW_TCD. And similarly authorization group (BEGRU) can be checked using auth obj C_DRAW_BGR can be checked.
  The authority check can be done in following way,
  LOOP AT EACH DOC.
      AUTHORITY-CHECK OBJECT 'C_DRAW_TCD'
           ID 'DOKAR' FIELD LV_DOKAR                              " LV_DOKAR is doc no.
           ID 'ACTVT' FIELD '03'.                                           " 03 is display mode
  Similarly check for auth grp.
  Hope this will help you. If you need any more inputs let me know.

• Restrict printers based on security groups

  We have set up all of our printers on a server and deployed them via group policy.  I am looking for a way to restrict printing based on which security group the user is in.  We have got it working by setting permissions in the printer security tab
  in the server.  But I would like a more elegant solution, since the printers that the user can't print to are greyed out with an X over the icon.  I would like to have the printer not even show up in the printer list if that user isn't allowed to
  print there.
  Is this possible?
  We are running Windows Server 2008 R2 and our clients are all Windows 7.
  Thank you.

  Hi,
  Based on your description, we can use Security Filtering to apply the printer deployment GPO polices to the specific groups.
  Regarding this point, the following articles can be referred to for more information.
  Security filtering using GPMC
  http://technet.microsoft.com/en-us/library/cc781988(v=WS.10).aspx
  Filter using security groups
  http://technet.microsoft.com/en-us/library/cc779291(v=WS.10).aspx
  Besides, we can choose to deploy printers via GPP and use Item-level Targeting to filter out users who don’t need the printers.
  Regarding this point, the following blog can be referred to for more information.
  Deploying Printers with Group Policy Preferences (Complete Guide)
  http://deployhappiness.com/deploying-printers-with-group-policy-preferences/
  Regarding Item-level Targeting, the following articles can be referred to for more information.
  Preference Item-Level Targeting
  http://technet.microsoft.com/en-us/library/cc733022.aspx
  Security Group Targeting
  http://technet.microsoft.com/en-us/library/cc772471.aspx
  Best regards,
  Frank Shen