About Authorizations

Hi all ,
How to set Up Authorization Check for G/L Accounts in scheduling agreement .
Also want to know conceptually the authorization in SAP, and whether it is done by functional or techinical consultant.In which stage of ASAP we define various authorizations and how we define those?

hi,
assigning and withdrawing the authorization is part of BASIS, but functional conultant has to guid the technical in giving the authorization pertaing to respective sap modules.
omrp is the transaction code through which u can control the GL for sheduling agreemnet
before go live or after training development & realization authorization & role management will be taken place.
Edited by: manipal on Dec 28, 2007 12:01 PM

Similar Messages

  • A question about authorization of "me29n".

    I have a question about authorization of "me29n".
    In the screen of me29n, after I choose "cancel release" option,  there are several button I can use, such as "delete","lock","unlock" and so on.    now I want the "delete" button become unavailable after I choose "cancel release".    how can I archive ?   Is there any authorization object to use?   thanks a lot.

    Hello Victor,
    It is possible through Transaction code "SHDS".
    try to create new variant for it.Also you need to take
    ABAP'rs help in this .Try it.All the Best.
    Regards,
    Manjula.

  • 2 questions about authorization filter...

    Hi guys,
    i need your help to solve my question..
    i'm developing a jsf application and i've created an authorization
    filter...
    My filter must checking for each page access if a registered user is
    stored in the session,if not redirect to login page. I've a bit
    experience on servlet and filter and i've solved this question with
    this filter.
    import java.io.IOException;
    import javax.servlet.*;
    import javax.servlet.http.*;
    public class AuthorizationFilter implements Filter {
             * @uml.property name="config"
             * @uml.associationEnd
            FilterConfig config = null;
             * @uml.property name="servletContext"
             * @uml.associationEnd
            ServletContext servletContext = null;
            public AuthorizationFilter() {
            public void init(FilterConfig filterConfig) throws ServletException {
                    config = filterConfig;
                    servletContext = config.getServletContext();
            public void doFilter(ServletRequest request, ServletResponse response,
                            FilterChain chain) throws IOException, ServletException {
                    Utils.log(servletContext, "Inside the filter");
                    HttpServletRequest httpRequest = (HttpServletRequest) request;
                    HttpServletResponse httpResponse = (HttpServletResponse) response;
                    HttpSession session = httpRequest.getSession();
                    String requestPath = httpRequest.getPathInfo();
                    Visit visit = (Visit) session.getAttribute("visit");
                    if (visit == null) {
                            System.out.println("Visit Nullo");
                            session.setAttribute("originalTreeId", httpRequest
                                            .getPathInfo());
                            Utils.log(servletContext, "redirecting to "
                                            + httpRequest.getContextPath() + "/faces/Login.jsp");
                            httpResponse.sendRedirect(httpRequest.getContextPath()
                                            + "/index.jsp");
                    else {
                            chain.doFilter(request, response);
                    Utils.log(servletContext, "Exiting the filter");
            public void destroy() {
    } in my authentication bean,after user has logged in i've
    loggedIn=true;
    User newUser = new User(loginName, password,teamName, role);
    Visit visit = new Visit();
    visit.setUser(newUser);
    visit.setAuthenticationBean(this);
    visit.setLoggedIn(loggedIn);
    setVisit(visit);
    getApplication().createValueBinding("#{sessionScope.visit}").setValue(faces�Context,visit); to store values into visit object.
    and this is my logout function
    FacesContext facesContext = getFacesContext();
                    Utils.log(facesContext, "Executing AuthenticationBean.logout()");
                    HttpSession session = (HttpSession) facesContext.getExternalContext()
                                    .getSession(false);
                    session.removeAttribute("sessionScope.visit");
                    if (session != null) {
                            session.invalidate();
                    } My 2 questions are:
    1) how can i redirect to login page a user that tries to log in with
    the same data of a user stored in the session?
    2) how can i handling browser closing?I need a listener?
    Please help me,i'm trying to learn about it and i need your help.
    Thanks

    hi,
    1. use the copy - paste functions in the drop down menu.
    2. same menu, save setting as........
    DR9.

  • TS1389 it keep on prompting me about authorize my computer and then it does not continue to sync

    my computer keep on asking me about authorizing and then when i did authorize it dos not sync

    iTunes repeatedly prompts to authorize computer to play iTunes Store purchases

  • Question about authorizations in SRM + cFolders

    Dear colleagues,
    We are working in a SAP SRM 7.0 prototype.
    Right now we are trying to configure cFolders (installed in the same server as SRM and with RFC working) but we've reached a point where we don't certainlly know what can be going wrong.
    After several tries with different user authorizations we've always had the same result, it's impossible to create or assign a collaboration to a bid when creating it due to an error which just says "Error creating collaboration; check user authorization"
    We have tried with different roles configurations (SAP_CFX_SUPER_USER_ADMIN, all CFX roles, just CFX_*_CREATOR roles...) just nearly everything you can think about, but always get the same error.
    The funny thing about it is that when accessing cFolders through BSP application CFX_RFC_UI this user can create folders and other short of objects, as all works fine.
    Thank you very much for your help.
    Miguel

    Hey Miguel,
    Did you ever find a solution for this issue?  I am having the exact same problem.
    My user has all the roles assigned and is able to create collaborations directly in CFolders, but when I try to create it from SRM RFx, I get the message:  "error creating collaboration; check user authorisation".
    If anybody else has come across the same problem, please help!!
    Thanks and happy new year!
    Monica

  • Questions about authorizations of tables/change requests/badis/locks/lang

    Hi ,
    Few questions I have not been able to find out .
    1) HOw can we ensure that every time we do any change in a table including adding/changing content a change request is generated .Basically to ensure any changes being done are being stored in  a change request .
    2)How to give authorizations to/for a database table ?
    3)can/how we add water marks in scripts and smartforms ?
    4) Can we create and place our own BADIs in SAP standard code?
    5)different LOCK types/categories with clear difference (not the standard SAP help please..)
    6) tips on handling two table controls on one screen.
    7) WHat are the things required if we want to use objects(scripts,texts,smartforms) in different languages ?
    8)multilingual scripts ?
    9) how to have a search help in module pool without using Process on value request ?
    Moderator message - Please - one question per thread and please ask a specific question - post locked
    Edited by: Rob Burbank on Dec 3, 2009 4:29 PM

    FSKB     G/L Account Posting
    this transaction is not working

  • About authorization object

    Hi basis guys........
    i am not able to give print request.its showing authorization error
    "no authorization for LOCAL PRINTER" and "output could not be issued"
    i checked su53 screen. and i assigned that activity in authorization object.
    even then its showing authorization problem.
    Is there any object to add to get printing ?
    and what is "s_gui" object ? is that works?
    Please tell me your suggestions
    Regards........nagendra.

    Hi
    Check whether for the user a printer is assigned or not. Only the printer which is assigned to the user in SU01 can be used by the user.
    What u can try is assign the Local Printer in default printer for that particular user.
    Also if you have assigned the authorization object that was missing then there should not be a problem.
    Regards
    Sumit Jain
    [reward with points if the answer is useful]

  • Bit confused about authorization issues

    I have searched the forum on this but I can't really see the wood for the trees.
    As I understand it I can authorize up to 5 computers with my iTunes account. However, how does this relate to portable devices. My household has 3 iPhone and 3 iPads. Can I download an app that I have bought with my itunes account to all 6 of these portable devices ?

    When connecting your mobile devices one after the other you can simply define sync preferences individually for each device - i.e. on iPhone #1 select playlists A, B, C to sync while on iPhone #2 select playlists B, E, H to sync.
    It's really easy to set up sync preferences for each device independently.

  • Anyone using/know about Authorizations in ASL/Supplier Scheduling?

    I am trying to make use of the Authorization feature that can be set up in the ASL. I have set up a supplier with Authorizations and without Authorizations and I can see zero difference when I create any sort of Type/SubType forecast in Supplier Scheduling.
    Based on what you have to set up combined with some business experience I was guessing that this would somehow at least print some messages on the forecast, telling the supplier what you are committing to and/or not committing to, in order to manage your liability. Something like that has to be the expected behavior, but I am not seeing it.
    I have raised a TAR to ask what is the designed functionality but 5-6 weeks later the TAR is still 'work in progress', apparently no one there knows what its supposed to do either.
    If anyone is using this, or knows how its supposed to work, or has any good docu (User Guide is of no use), I sure would appreciate hearing from you.
    Right now I have no idea if what i am looking at is a bug or what was designed.
    thanks - Gregg

    hi Rock,
    this is an example for Provide,
    in ldb it is used to  populate the data;
    syn: provide * from itab(which event populates)
             between pn-begda and pn-endda.
            endprovide.
    ex: Provide *  from p0001
                        from p0002
          between pn-begda and pn-endda.
    and this is an example for Payroll getting wagetype of a pernr.
    for getting the wage type for particular wage type i am providing a example where you can modify according to your requirements:
    Ex:
    REPORT Zrock.
    TABLES: PCL1,PCL2. (NOT MANDATORY)
    INCLUDE RPC2RX09
    INCLUDE RPC2RDD0
    INCLUDE RPPXD00
    INCLUDE RPPXD10
    INCLUDE RPPXM00
    Parameters: p_pernr like p000-pernr
    p_per like pc261 like pc261-fpper
    Data: i_rgdir like pc261 occurs 0 with header line
    start-of-selection. here call the FM
    Call function cu_read_rgdir
    export params --- pernr = p_pernr
    tables
    in_rgdir = I_rgdir
    if sy-subrc = 0.
    loop at i_rgdir where fpper = p_per
    and inper = p_per
    here we r populating the RD Cluster key
    rx-key-pernr = p_per
    rx-key-seqnr = i_rgdir-seqnr
    *Importing the RD cluster data.
    RP-imp-c2-rd.
    if rp-imp--rd-subrc = 0.
    then processing the RT table for the required results (wagetype).
    Read table RT with key LGART = /'101'(here give ur wagetypes).
    if sy-subrc = 0.
    write: / p_pernr,
    I_rgdir-fpper,
    I_rgdir-inper,
    rt-lgart,
    rt-betrg.-----this is amount if you needed.
    endif.
    endif.
    endloop.
    endif.
    wait for sometime i wll also provide reports on OM, just remind me after 2 days. good luck
    Reward  if helpful.
    Thanks & Regards,
    Abdul.

  • Details about authorization Object

    Please help ,i had two fields ex sales org & distribution chanel and i have to write a code for authorization , is the authorization object which i wrote is right or not.
    I know that we can use at max of 10 fields , but say vkorg / vtweg is used 5 times  with different variable name in same prog how to make sure that this code will work for authorization check on VKORG/ VTWEG can anybody please explain me in step's
    AUTHORITY-CHECK
              OBJECT 'Z_zzlau'
              ID  'VKORG' FIELD  'S_VKORG'
              ID  'VTWEG' FIELD  'S_VTWEG'
              ID  'ACTVT' FIELD '02'
              ID  'ACTVT' FIELD '03'
              ID  'ACTVT' FIELD '70'.
    Thanks

    Hi,
    ACTVT field is used for checking the create /display / change authorizations.
    after creation of the activity group , add it to the user profiles which need authorizations.
    01-create 02-change 03-display
    AUTHORITY-CHECK
    OBJECT 'Z_zzlau'
    ID 'VKORG' FIELD 'S_VKORG'
    ID 'VTWEG' FIELD 'S_VTWEG'
    ID 'ACTVT' FIELD '02'
    ID 'ACTVT' FIELD '03'
    ID 'ACTVT' FIELD '70'.
    if you are checking authorizations with the selection screen parameters then change your code like below:(if change is required)
    AUTHORITY-CHECK
    OBJECT 'Z_ZZLAU'
    ID 'VKORG' FIELD S_VKORG
    ID 'VTWEG' FIELD S_VTWEG
    ID 'ACTVT' FIELD '02'.
    and also check SAP help on this :
    AUTHORITY-CHECK
    Basic form
    AUTHORITY-CHECK OBJECT object
        ID name1  FIELD f1
        ID name2  FIELD f2
        ID name10 FIELD f10.
    Effect
    Explanation of IDs:
    object
    Field which contains the name of the object for which the authorization is to be checked.
    name1 ...
    Fields which contain the names of the
    name10
    authorization fields defined in the object.
    f1 ...
    Fields which contain the values for which the
    f10
    authorization is to be checked.
    AUTHORITY-CHECK checks for one object whether the user has an authorization that contains all values of f (see SAP authorization concept).
    You must specify all authorizations for an object and a also a value for each ID (or DUMMY).
    The system checks the values for the IDs by AND-ing them together, i.e. all values must be part of an authorization assigned to the user.
    If a user has several authorizations for an object, the values are OR-ed together. This means that if the CHECK finds all the specified values in one authorization, the user can proceed. Only if none of the authorizations for a user contains all the required values is the user rejected.
    If the return code value in SY-SUBRC is 0, the user has the required authorization and may continue.
    The return code value changes according to the different error scenarios. The return code values have the following meaning:
    4
    User has no authorization in the SAP System for such an action. If necessary, change the user master record.
    8
    Too many parameters (fields, values). Maximum allowed is 10.
    12
    Specified object not maintained in the user master record.
    16
    No profile entered in the user master record.
    24
    The field names of the check call do not match those of an authorization. Either the authorization or the call is incorrect.
    28
    Incorrect structure for user master record.
    32
    Incorrect structure for user master record.
    36
    Incorrect structure for user master record.
    If the return code value is 8 or 24, inform the person responsible for the program. If the return code value is 4, 12, 16 or 24, consult your system administrator if you think you should have the relevant authorization. In the case of errors 28 to 36, contact SAP because authorizations have probably been destroyed.
    Individual authorizations are assigned to users in their respective user profiles, i.e. they are grouped together in profiles which are stored in the user master record.
    Note
    Instead of ID name FIELD f, you can also write ID name DUMMY. This means that no check is performed for the field concerned.
    The check can only be performed on CHAR fields. All other field types result in 'unauthorized'.
    Example
    Check whether the user is authorized for a particular plant. In this case, the following authorization object applies:
    Table OBJ: Definition of authorization object
    M_EINF_WRK
       ACTVT
       WERKS
    Here, M_EINF_WRK is the object name, whilst ACTVT and WERKS are authorization fields. For example, a user with the authorizations
    M_EINF_WRK_BERECH1
       ACTVT 01-03
       WERKS 0001-0003 .
    can display and change plants within the Purchasing and Materials Management areas.
    Such a user would thus pass the checks
    AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
        ID 'WERKS' FIELD '0002'
        ID 'ACTVT' FIELD '02'.
    AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
        ID 'WERKS' DUMMY
        ID 'ACTVT' FIELD '01':
    but would fail the check
    AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
        ID 'WERKS' FIELD '0005'
        ID 'ACTVT' FIELD '04'.
    To suppress unnecessary authorization checks or to carry out checks before the user has entered all the values, use DUMMY - as in this example. You can confirm the authorization later with another AUTHORITY-CHECK.
    Regards
    Appana

  • Questions about authorization variable customer user exit

    Dear all,
    To reduce the authorization maintenance effort, I found from the web that we can use authorization variable with customer user exit RSR00001.
    When I use the transaction CMOD to display the maintain the user exit RSR00001, the user exit does not found. I would like to know how can I use thie user-exit?
    My SAP version is R/3 4.7
    The information of authorization variable  from web is as follow:
    http://help.sap.com/saphelp_nw04/helpdata/en/6d/58f438114ee836e10000000a114084/frameset.htm
    Would anyone have some ideas to solve my questions?
    Many thanks
    Sunny
    Edited by: LI Sunny on Aug 3, 2010 12:08 PM

    Dear Bala Duvvuri,
    Firstly, many thanks of your reply.
    Actually, what I want to do is to call some user-exit when performing authorization checking. I want to add some logic to the authorization checking and the user exit can be called automatically when performing authorization checking.
    I mainly use this checking in the FI module.
    Are there any ways I can perform this checking?
    One more findings, I have another machine containing SAP XI, I can search the user exit RSR00001. but it doesn't exit in SAP R/3 4.7. Is it version issue or my SAP R/3 4.7 doesn't contain the BI module?
    Many Thanks again.
    Sunny

  • My itunes authorization has been upgraded 5 times what do i do about the 6th upgrade

    I have used my 5 authorization limit on my itunes.  I want to build a new Win7 PC and need to authorize a 6th computer.  Will that be a problem?

    Again, deauthorize all.  The authorize the active computer.
    Deauthorize all is an option when deauthorizing.
    iTunes Store: About authorization and deauthorization

  • Question about  SAP's predefined authorization roles and responsibilities

    Hi,
    Is  there  a document (like a best practice document) that talks about what are the SAPu2019s predefined roles to be assigned to different responsibilities(like Basis, ABAP Developer, ABAP Developer for HR etc, Functional Configuration etc)?. If anybody have seen this document, please send the URL for that.
    I am seeing SAP AUTHORIZATION SYSTEM and SAP AUTHORIZATION MADE EASY books in the market.
    But these books talk  about authorization concept up to 46C only( I might be wrong).
    Please advise about any latest book on SAP Authorization that talks about NW(ABAP + JAVA)  also.
    Thanks.
    Raj.

    Hi
    The following link help your requirement on documentation.
    http://help.sap.com/saphelp_banking463/helpdata/en/23/07d128f31011d296330000e82de14a/content.htm
    Regards
    Shan

  • Authorization about crm sales Organization --division

    Hi, all
    I have a question about Authorization , In PFCG , I have used the authorization object CRM_ORD_OE,
    It can check the organization(  Distribution Channel, Sales Group, Sales Office,Sales Organization ID)
    but I can not find the object to check sales Organization --division.
    help,  please give me help , thx.
    Andy

    Hi,
    Check the following Authorization Objects For CRM:
    CRM_OPP (authorization object CRM transaction u2013 allowed organizational units) 
    SALES_ORG (sales organization) 
    SERVICE_OR (service organization) 
    DIS_CHANNE (distribution channel) 
    SALES_ORG (sales office) 
    SALES_GROU (sales group) 
    ACTVT

  • Can I authorize 2 apple IDs on one computer?

    I'm new to the communities so please bear with me if I post this inappropriately.
    My husband and I both have iphones.  My two children have itouchs.  My husband has an ipad.  We also have numerous ipods.
    We have two computers in the house.  When my husband first bought an ipod, we had a PC.  All of his devices have always been synced on the PC using his apple id.  When I got my iphone, I synced on our MAC using my apple id.  When the kids got itouches, they synced on the MAC using their apple id.
    We discovered that anything the kids and I purchased on itunes on the MAC is available to all of us.
    We would now like to use home sharing.  To do this, both computers must be authorized to one apple id.  If the PC is deauthorized for my husband's apple id, I understand he will lose his purchases on the PC (or at least they won't be available until he authorizes it again).
    I understand that an apple id may be authorized on up to 5 computers.  But what about multiple apple id on one computer???
    My questions are basically this...
    Can we authorize 2 or more apple id on one computer? 
    Can I authorize my apple id on the PC and have my husband's apple id remain authorized on the PC?
    Can my husband's apple id be authorized on the MAC and my apple id remain authorized? 
    Can the kids apple id be authorized on each of the PC and the MAC?
    Can we have 4 different apple id authorized on a computer at once?
    Will authorizing my apple id on the PC de-authorize my husband's apple id?
    How's that for asking the same question in lots of different ways?  I have seen a lot about a computer using the same id multiple times but nothing about whether I can authorize many different ids on one computer at once.
    Thanks for the help.

    Each person in your home can have their own Apple ID provided it is tied the their own separate email address.
    iTunes permits up to five authorized computers connected to a single Apple ID: iTunes Store- About authorization and deauthorization.
    For this all to work well, however, each user in your household should have a separate user account on the computer they commonly use.

Maybe you are looking for

  • How can I remove Data from the iCloud?

    I want to remove Calendars and some Contacts from the Colud so whenever I turn on the cloud some of the contacts or some calendars won't appear

  • Confused on my I Pod Touch.

    I bought a movie for my i pod touch threw the ITunes store, and i can't put the movie on my I Touch. What should I do?

  • Unexpected Quit with video

    OK I know this has been discussed alot but i have tried a few different things and nothing has helped. I just got a powerbook g4 with tiger and all my sisters got the little mac mini's with ichat av and tiger and my mom got a imac with panther and i

  • Customer Correspondence Telephone Number Mismatch

    Dear All, We have generating Customer Open item list from FBL5N, The one which is generating with correct Telephone number and the one which is going through fax to customer is showing incorrectly. Could you please help me with that. Thanks, Hari.

  • BLock  Storage Location for Material

    Hi experts, Some Unwanted storage location exists for some materials .  I want to to block them for transfer posting .  I tried to do it thru MM06.  It is only giving warning msg but not an  error msg. Please suggest. Regards, ( Rajneesh Gulati )