About Authorisation checks?

Similar Messages

• Info, detail about package check ?

  Hi,
  Does anybody have any documentation about package checks?
  I would like to perform cross package checks, already went though <a href="http://help.sap.com/saphelp_47x200/helpdata/en/37/72b3392f65f530e10000000a114084/frameset.htm">Package Builder Online help</a> and found OSS Note Number: 648898 - Switching on the package check, however this area seems to have lack of documentation.
  Found some info about table PAKPARAM in the mentioned OSS note, however I couldn't find any info about PAKCHEKTYP and all of the PAK* tables.
  It seems checks are performed via PA_SLIN_PACKAGE_CHECK.
  Any info or detail is appreciated.
  Thanks in advance,
  Peter

  Hi Fabrizio,
  1. This is a normal
     'authorisation not there'
    issue.
  2. Contact your basis team
     and they will help out
     by assigning the values
     for the particular auth object
     for the required profile
     for the particular user !
  regards,
  amit m.

• Excessive HR authorisation check (53,500) on one transaction

  Hi experts,
  We have a situation where one of our HR administrators runs PA20, for example, and this takes an excessive time to load. There is a timer message in the bottom of the screen (which i have never seen before) stating Authorisation Check 5% and carries on up to 100%
  We turned on the PERNR authorisation check about 5 weeks ago, which should check object P_PERNR in your authorisations. However, for this one user, the only check being carruied out is P_ORGIN.
  This user had 53,500 checks in the trace file from just executing PA20, not even entering a personnel number at this point!
  The other user just had 30 checks - which would be regular enough.
  Start of trace file for excessive user (no P_PERNR check)
  21:39:32      P_ORGIN     RC= 0 INFTY=0000;SUBTY= ;AUTHC=R;PERSA= ;PERSG= ;PERSK= ;VDSK1= ;
  21:39:37      P_ORGIN     RC= 4 INFTY=0000;SUBTY=' ';AUTHC=R;PERSA=*;PERSG=*;PERSK=*;VDSK1=*;
  21:39:37     P_ORGIN     RC= 0 INFTY=0000;SUBTY=' ';AUTHC=R;PERSA= ;PERSG= ;PERSK= ;VDSK1= ;
  21:39:37     P_ORGIN     RC= 0     INFTY=0000;SUBTY=' ';AUTHC=R;PERSA=AT02;PERSG=1;PERSK=AB;VDSK1=AT02;
  Start of trace file for normal user (P_PERNR check)
  21:48:54     P_PERNR     RC=          0     AUTHC=W;PSIGN=*;INFTY=0001;SUBTY=' ';
  21:48:54     P_ORGIN     RC=          0     INFTY=0001;SUBTY=' ';AUTHC=W;PERSA=*;PERSG=*;PERSK=*;VDSK1=*;
  21:48:54     P_PERNR     RC=          0     AUTHC=W;PSIGN=*;INFTY=0003;SUBTY=' ';
  21:48:54     P_ORGIN     RC=          0     INFTY=0003;SUBTY=' ';AUTHC=W;PERSA=*;PERSG=*;PERSK=*;VDSK1=*;
  21:48:54     P_PERNR     RC=          0     AUTHC=W;PSIGN=*;INFTY=0002;SUBTY=' ';
  Can anyone help? Surely 53,500 authorisation checks is a little too extreme! It is not happening to other HR users so it is very strange why just this one!
  Thanks,
  Bernard.

  I have noticed now in our Quality client that there is a P_PERNR check taking place 1st as is expected.
  15:34:02:946 AUTH    - - -   S_TCODE    RC=0  TCD=PA20;                      
  15:34:02:985 AUTH    - - -   P_PERNR    RC=0  AUTHC=R;PSIGN=*;INFTY= ;SUBTY= ;
  where as in our production client there is a P_ORGIN check taking place 1st
  21:39:31:991 AUTH    - - -   S_TCODE    RC=0  TCD=PA20;                                              
  21:39:32:15  AUTH    - - -   P_ORGIN    RC=0  INFTY= ;SUBTY= ;AUTHC=R;PERSA= ;PERSG= ;PERSK= ;VDSK1= ;
  Or configuration of the PERNR check in table T77S0 is the same in both clients.
  Are there any settings in PA20 or user defaults that would cause this. From my analysis, the trace file is showing up with one particular personnel area for the majority of the 53,500 checks!
  Any help appreciated!

• How to put Authorisation Check?

  Hi,
  I have built a Module Program. In this there is a Save Button where information in the screen is saved to a Z table.
  I need to put an Authorisation check to this save button. That is only users who have “Save” capability could save.
  Simply there should be an authorisation check before the Save where it will check if the User has the Save option.
  Please guide me on how to do this.
  Thanks,
  Kishan

  Hi Kishan,
  1. AUTHORITY-CHECK
     The above statement is required for authority checking.
      Just see help on it for syntax purpose.
  2. Moreover,
     u will also have to know which authorisation object
     is necessary for your purpose.
     (or else new authorisation object may need tobe created)
  Hope the above helps.
  Regards,
  Amit M.

• Authorisation check in report

  Hi ,
  we have developed a z report which is fetching grade from infotype 8 .All the users here dont have authorisation for infotype 8.Is it possible somehow that the users who don have authorisation for infotype 8 can rum that report.Right now when they are trying to run the report its showing 'No Authorisation for infotype 8'.Or is there some other place from which grade can be retrieved .
  Regards
  Saurabh

  Create an authorisation object (SU21)
  Put an authorisation check for this object in your report (AUTHORITY-CHECK)
  Create a role that contains this object (PFCG)
  Assign this role to all the users who require access to the report (SU01).
  <REMOVED BY MODERATOR>
  Edited by: Alvaro Tejada Galindo on Feb 27, 2008 2:07 PM

• Skipping Authorisation checks in LDB

  Hi All,
  I am working on HR module and I have got to work on a report which is using LDB (Logical DataBase).LDB will do authorisation checks by default.
  1) My requirement is to skip the authorisation checks  and allow all the data to be retrieved.
  Can this be done by calling any standard FM ? If yes , please name it.
  regards,
  PP

  //LDB will do authorisation checks by default.
  in my opinion you are looking for a data retrieval process from report development point of view.
  Ok say you are pulling data from infotype -08 which is sensitive information. now you need a entry for the object of this and then you are allowed to select on this table.
  keep an authority-check on this table pa0008 and if you have the access then you will proceed or else dont pull the records.
  Authority-object / Authority -check from program perspective will do .
  ex:
  AUTHORITY-CHECK OBJECT 'Z_TCODE'
  ID 'ACTVT' FIELD '03' " read access
  ID 'ZTCODE' FIELD p_tcode. " actual value
  IF sy-subrc EQ 0. " check authorization
  * fetch record
  SELECT SINGLE *
  FROM tstc
  INTO wa_tstc
  WHERE tcode EQ p_tcode.
  Br,
  Vijay.

• User authorisation check in ABAP-HR program

  Hi,
  Can anyone please help me on the following query ?
  I need to check user authorisation in an ABAP report at Object level, filter only relevant records based on the user's authorisation and display appropriate messages.
  The above mentioned report is purely developed by us and is not a copy of any standard report. Hence, kindly help me with your suggestions and opinions.
  Thanks and Regards,
  Manas Menon

  Create an authorisation object (SU21)
  Put an authorisation check for this object in your report (AUTHORITY-CHECK)
  Create a role that contains this object (PFCG)
  Assign this role to all the users who require access to the report (SU01).
  <REMOVED BY MODERATOR>
  Edited by: Alvaro Tejada Galindo on Feb 27, 2008 2:07 PM

• About authority-check object 'M_MATE_WGR'

  hi all
        I have a problem about authority-check object 'M_MATE_WGR'. the detail is bleow:
  Read table T023 where the material group is in select option s_matkl. Then loop at the results and check for every found material group. If the user is authorized to use it with the ABAP statement AUTHORITY-CHECK with object M_MATE_WGR with parameters ACTVT = ‘03’ (display) and BEGRU = ‘the material group’. When the user is allowed to use it, store it in an internal table and continue with the remaining materials groups from T023. When the user is not allowed to use it, set the status flag to X and don’t save the current material group in the internal table.
  After all checks have been done, empty the select option s_matkl. Loop over the internal table with the allowed material groups and fill up the select option s_matkl again with these records.
  Thank you in advance .
  Nick

  You are on the right track. Authorization object M_MATE_WGR checks the Authorization Group (BEGRU) not the Material Group. You read table T023 with the Material Group to get the Authorization Group.
  Step 1: Read table T023 where MATKL = the Material Group you want to check authorization.
  Step 2: Retreive the value in field BEGRU from the record in table T023. Use the value in T023-BEGRU to pass to the AUTHORITY-CHECK object M_MATE_WGR.
  Hope that helps.

• I want to know about ATP check requirement .generally we assigned yes or no while creating sales order

  I want to know about ATP check requirement .generally we assigned yes or no while creating sales order what it means when we give Yes or No. how pegging flows
  Regards
  virender

  Virender,
  Can you be a bit more specific about ".....generally we assigned yes or no while creating sales order....."   Exactly what field(s) did you 'assign'?  Screenshots would be helpful.
  With respect to pegging; in general, ATP has very little to do with pegging.  Pegging is more of a planning concept, and not an 'availability checking' concept.  There are a few exceptions in APO, but they are not commonly implemented.
  Can you elaborate about exactly what you want to know with respect to 'pegging' and ATP?
  Best Regards,
  DB49

• Authorisation check for Object F_BL_BANK using transaction F110

  Hi
  Can you help me with transaction F110. The object F_BL_BANK has been linked on SU24 to transaction F110.  It has also been set for Check/maintain.
  There is no authorisation check for this object using F110.
  How can we resolve the issue.

  Hi
  We are on 4.6
  I linked the object but the program is not doing an authority check The F_BL_BANK object has the following linked to it
  .  .     .  Check          F_BKPF_BUP Accounting Document: Authorization for Posting Periods   
  .  .  .     Check/maintain F_BL_BANK  Authorization for House Banks and Payment Methods        
  .  .     .  Check          F_KNA1_APP Customer: Application Authorization                      
  .  .     .  Check          F_KNA1_BED Customer: Account Authorization                          
  .  .     .  Check          F_KNA1_BUK Customer: Authorization for Company Codes                
  .  .     .  Check          F_KNA1_GEN Customer: Central Data                                   
  .  .     .  Check          F_KNA1_GRP Customer: Account Group Authorization                    
  .  .     .  Check          F_LFA1_APP Vendor: Application Authorization                        
  .  .     .  Check          F_LFA1_BEK Vendor: Account Authorization                            
  .  .     .  Check          F_LFA1_BUK Vendor: Authorization for Company Codes                  
  .  .     .  Check          F_LFA1_GEN Vendor: Central Data                                     
  .  .     .  Check          F_LFA1_GRP Vendor: Account Group Authorization                      
  .  .     .  Check          F_PAYR_BUK Check Management: Action Authorization for Company Codes 
  .  .  .     Check/maintain F_REGU_BUK Automatic Payment: Activity Authorization for Company Code
  .  .  .     Check/maintain F_REGU_KOA Automatic Payment: Activity Authorization for Account Type
  .  .     .  Check          PLOG       Personnel Planning                                       
  .  .     .  Check          P_ABAP     HR: Reporting                                            
  Ther are more objects but these are the key ones The object also has a custom object in that was build by SAP called ZLSCH      Payment method  We want the system to do a check on the payment method

• Mov Type - Authorisation Check

  Hi Everybody
  I want to control my mov types thru the Authorisation check ie Suppose there is a Log in "x" , and I dont want to give hime  the Atuthorisation of mov type 551/552 under mb1a Tcode but rest all Mov types can be used by him .
  Pls advice how to go ahead for the same
  Rgds
  Manoj

  Manoj,
  This can be controlled by std authorisation object check. This will be given by basis in PFCG transaction. The setting in the relevant authorisation object example M_MSEG_BWA has to be provided.
  The movement type will appear as one of the parameters while a specific authorisation for a transaction is given. The movement type could be restricted here.
  Regards
  Ram

• How to add authorisation check to a program?

  Hi all :
        Could you please tell me how to add authorisation check to a program?  
        Thanks a lot.

  Hi,
  Check SAP help for authority-check. You can search on SDN on that.
  AUTHORITY-CHECK
  Basic form
  AUTHORITY-CHECK OBJECT object
  ID name1 FIELD f1
  ID name2 FIELD f2
  ID name10 FIELD f10.
  Thanks
  Nidhi

• I've used Project Web App on Sharepoint 2013. After clear job queue about force check-in then I've got this error. This made me can't access some pages in PWA anymore e.g. Project center, Resoure center, PWA setting, etc.

  I've used Project Web App on Sharepoint 2013. After clear job queue about force check-in then I've got this error. This made me can't access some pages in PWA anymore e.g. Project center, Resoure center, PWA setting, etc.  Who have ever found this problem,
  pls. help.
  The pop up error msg. is "Sorry, you don't have access to this page"

  Hi,
  According to your description, after you cleared job queue about force check-in then you can't access some pages in PWA.
  Maybe you need to check in the pages which has been checked out.
  If you have administrative rights, it is possible to override the check-out via the View All Site Content page:
  Site Actions->View All Site Content->Pages->Hover the item you want to check in, and from the context-menu (arrow-down next to the filename), choose "Discard Check Out"
  Besides, to troubleshooting the error “Sorry, you don't have access to this page”, refer to the following articles:
  http://sharepoint.rackspace.com/sharepoint-2013-troubleshooting-an-access-issue-with-a-custom-master-page
  http://technet.microsoft.com/en-us/library/ff758656(v=office.15).aspx
  In addition, as this issue is related to project server, I suggest you create a new thread on project server, more experts will assist you:
  https://social.technet.microsoft.com/Forums/projectserver/en-US/home?category=project
  Best Regards,
  Lisa Chen
  Lisa Chen
  TechNet Community Support

• Authorisation checks in NWBC

  Dear All,
  Is there a way, other than testing and tracing, we can get to know the list of authorization objects which get checked for various NWBC functionalities?
  Or if I move from one Service pack of GRC to another, is some list of new authorization object checks for webdynpro, available?
  Thanks

  Hi Paramjit
  You will not get an exact list of what is needed. You can look at the SAP_GRAC* roles as a base of what is needed and refine the access. You can also look at the GRAC authorisation objects.
  Security does not appear to change much between a support pack unless SAP identified a missing or incorrect authorisation check. Looking at the notes for the SP may help you identify these changes
  Ultimately, trial/error and testing/investigation. SAP standard roles are a starting point but then you will need to determine if you need to restrict access further.
  Regards
  Colleen

• OSA - Authorisation Checks

  Hi all:
  In my client's appraisal form, only the employee can fill in the form. They will also have to specify their manager's name as the appraiser.
  I tried to use "Default Manager" BADI for my appraisal form. However, this is not a complete functionality because the appraisee can simply change the appraiser's name, after system defaults. There is no control on the appraiser chosen. I can even choose my subordinate as my appraiser, which is not correct.
  I know that in "Processing" tab, we can de-select "No Authorisation Check for Appraiser". This feature will check if the user (in my case, the appraisee) has authorisation for the appraiser etc. A few questions I would like to find out:
  1) Will this functionality meet my requirement?
  2) To use this functionality, do I need structural authorisation or just non-structural authorisation?
  3) Should i use BADI "Authority Check" instead, to cater to my requirement?
  Many thanks for your advice in advance.
  Thank you,
  Ash

  What is an authorisation checks?
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  ·        Starting SAP transactions (authorization object S_TCODE)
  ·        Starting reports (authorization object S_PROGRAM)
  ·        Calling RFC function modules (authorization object S_RFC)
  ·        Table maintenance with generic tools (S_TABU_DIS)
  How do we provide a basic authorisation check read for a employee? Could anyone help me with the path?
  Go to transaction PFCG and provide the role based authorization.