About hr authorization
hi i want to assign authorization to the whole hr team , so that users under that team can directly have the access,
can any body help me out,
and can any body help me to get the pdf of SAP security book,
i wish to prepare for the SAP certification of sap security,
regards
akshat
Answers one by one:
1 create a role based upon all end users display roles. Never assign any non display roles to a group as there is no task everybody in the group should be doing, remember to check for SoD before assigning such roles.
2 NO, it is for Sale with amazon, we had to pay so you will have to pay also!
3 follow the courses in a SAP class training is the ONLY right way to prepare yourself!!!
Similar Messages
-
HT1918 About the authorization hold on credit card, what if mine is a debit card?
About the authorization hold on credit card, but mine is a debit card and the bank informed me that they have already charged my bank account.
What should I do? Will I receive the money back?Authorization holds should work the same with a debit card. If the hold doesn't get released in a few days and the money refunded by your bank, you'll need to contact your bank and get them to sort it out.
Regards. -
keep getting dumb message about computer authorization for my IPAD, it worked well past 8 months until recently, won't work even if authorize it after deacativating it again, over & over, keep same message to
Hi Boris Bagel,
Thank you for using Apple Support Communities.
If you are being repeatedly prompted by iTunes to authorize your computer with your Apple ID, then please follow the troubleshooting in the article below.
iTunes repeatedly prompts to authorize computer to play iTunes Store purchases
Take care,
Alex H. -
Question about Ipad authorizations
I am having trouble with my Ipad on a new hard drive, and am trying to troubleshoot it. My question is this: Suppose I have 4 authorizations on my Ipad already (I know the limit is 5 and then I have to wipe them all out). If I deauthorize 1 of those 4, does the count go down to 3, or does it stay at 4?
The reason I ask is, I still have one working computer that will sync my Ipad. I am thinking of deauthorizing this new computer, uninstalling ITunes, and trying again, to fix my problem.
BTW my problem has been asked in another thread, and has not been solved in that thread or similar threads. It's the "grayed out apps" problem, and I see a lot of people get in this situation.The 5 authorisation limit is for your iTunes account on computer(s) (not the iPad) - if you de-authorise your computer then it will go down to 3, and you can then re-authorise it. (Also the 'de-authorise all' can only be done once every 12 months.)
If your apps are greyed out on the Apps tab, then on the iPad is Settings > General > Restrictions > Installing Apps set 'off' -
hi,
in real time wt is the authorization object we have used in the abap-hr?Hi,
What do you want on authorizations exatcly tell us.
Revathi. -
Doubts about object authorization.
Hi friends,
I need to restrict user to access only one document type and only document of his Service Organization, so I did as follow.
I set up the objects authorization:
CRM_ORD_PR: PR_TYPE 'Z021',ACTVT '*'
CRM_ORD_LP: CHECK_LEV 'B',PR_TYPE 'Z021',ACTVT '*'
These set up doesnu2019t work properly, because user still can access document type Z021 of all Service Organization, instead of only his Service Organization.
My two questions are:
Must I set up objects authorization CRM_ORD_OE together CRM_ORD_PR and CRM_ORD_LP?
Is there a way to debug this authorization check? Which FM/BADI Must I set break point?
By the way, Iu2019m working with CRM 2007 Interaction Center.
Thanks a lot for any help.
LalasI set up this auth. object and everything works properly.
CRM_ORD_PR: PR_TYPE 'Z021',ACTVT '*'
CRM_ORD_LP: CHECK_LEV 'B',PR_TYPE 'Z021',ACTVT '*'
CRM_ACT: ACTVT u2018*u2019
CRM_ORD_OE: SERVICE_OR u2018O 50012632u2019, DIS_CHANNE u2018u2019, SALES_OFFI u2018u2019, SALES_GROU u2018u2019, ACTVT = u2018u2019
Dont forget to set the field, e.g. PR_TYPE and SERVICE_OR, s with your own values
Regards. -
Q about transaction authorization expiration.
What happens once a transaction authorization expires? Can the vendor resubmit a claim for funds? My case is this: Vendor is being relatively unresponsive,(no response via email, stretching the truth when contacted by telephone), and as we have not recieved the product ordered, we'd like this to be the end of it. Or do I have to dispute this transaction even though it has expired.
Authorization concept is changed in BI 7.0.
Check RSECADMIN transaction for your authorization related.
Check this blog :
SAP NetWeaver 2004s BI Authorizations for Reporting
Hope this helps.
Edited by: Praveen G on Oct 22, 2008 9:41 AM -
Regarding about sap authorization
Hi all,
I have some doubts about security in sap.
1.If I assign a tcode to a role ,will it take immedeate effect to the user or he need to logon again?
2.when will user logon to the system again ?
Regards,
naniHi,
There is no need for the user to log off..
He or even Basis can just refresh and to get the new authorisation assigned
Hope this helps
Cheers
Senthil -
Movies can't be played on apple monitor - error about HDCP authorization
I have a MacPro 2.66GHz dual Intel with a 24" apple display screen.
All of a sudden I can't play any iTunes purchased movies on my display. I get the message "movie cannot be played because a display that is not authorized to play protected movies is connected...not HDCP authorized".
It must have happened after a software update. This are MY LEGALLY PURCHASED MOVIES from iTunes. I have an apple TV and can watch them fine from there or an iPod, just not sitting at my computer. I called apple support and they had no ideas. Ran system check on hard drive, repaired permissions, etc and still no change. Everything else on computer works great. Need help. Why does iTunes think an non authorized display is connected when I'm running a fairly new 24" display (2 years old)?You pretty much have to downgrade Quicktime to 7.5.5. I'm on the phone with Apple Tech Support and will give an update when I get it.
This is the way I downgraded Quicktime:
To make it easier...this is how to downgrade to Quicktime 7.5.5.
Download pacifist here - http://www.charlessoft.com/Pacifist.dmg
Download Quicktime 7.5.5 here (or whatever version you want). - Just do a search for the version you want - http://support.apple.com/downloads/
Instruction for using pacifist here - http://www.digitalrebellion.com/blog/posts/usingpacifist_to_downgradequicktime.html
I know this works because I did it and was able to watch the new HD tv shows. Then, I downloaded Quicktime 7.6 and installed it using the installer. I COULD NOT watch the new HD tv shows. Then, I reverted Quicktime back to 7.5.5 and am now able to watch them again.
I agree, Apple needs to fix this. Until they do, I'll stay with 7.5.5. -
Not able to decide on : Mission Configurable Authorization
Hello,
I post here after begging people to
please understand my problem first.this is what I need to achieve:
It is about dynamic authorization.
My application will have an admin page where the admin will be able to give access rights to users for certain actions on certain pages. these could be any permutation and combination.
I need to be able to authorize them based on this condition.
For example :
If it were a mechanic application.
The admin will be able to authorize MechA to be able to perform "Add, Delete" actions on garage A, but only VIEW rights on garage B.
similarly MechB to be able to only "ADD" in garage A, but ADD,DELETE in garageB.Again, the number of garages can be many. the admin will be able to add a garage and delete a garage.
(ofcourse, based on the current access rights they have, the JSP will display those current access rights)
I have poured over google search and forums and security frameworks to decide on an approach for this.
I initially had thought that I will have a table which will have two cols USER and PERMISSIONS.
where users would be the suers and permissions would be URLs. Ex. :
mechA | garageA/add.jsp
mechA | garageA/delete.jsp
mechA | garageb/view.jsp
However, this premature understanding will not work because of obvious reasons (if I need to update or delete the URL for the user.. I am screwing up everything).
Then, now I am thinking of an XML based authorization now. where the parent node will be the user name and his child nodes will be the URLs he has access to. Though i have not worked on this, I know this will be of no use, because my application will have the capability to switch between a db and LDAP. I have very little knowledge of LDAP though.
No secuirty framework is going to be of help ( i have looked extensively through JAAS and Acegi).
because they function majorly on ROLES. In my case I have no ROLES at all :-(
I have been pulling my hair out trying for a solution for this kind of a configurable scenario, where the user base could be on a DB and on LDAP.
Any ideas/help/pointers towards an approach would be highly appreciated.
thanks in advance for your time.If you don't have roles now, rethink your design.
What if another mechanic comes in as a replacement
for an existing mechanic who left or goes on holiday?
Do you really want to have to assign all permissions
to the new mechanic again? No, you want to be able to
say: this new mechanic has the same role(s) as the
original mechanic and be done with it. Or what if a
mechanic gets promoted? Instead of having to add and
remove all the accompanying permissions, just set or
add the new roles.Well, there will also be Groups, to which the mechanics can be assigned, but it is not a necessity for them to be under a group.
A mechanic can be an individual with individual rights, or can be a part of a group which has certain permissions. In my case, everything needs to be highly configurable. Creating a single user(with specific permissions) or creating the group(with specific permissions) and then assigning mechanics to the group, will really be the admins choice, who will set the users up.
If you realy, really, really can't think of any roles
that make sense, you can pretend each mechanic
defines his own special role (the role is the same as
the mechanic) and still use those frameworks.hmmm... I have typically assigned URLS with wildcard chars. like /admin/*.* with ROLE_ADMIN thing.
In this case,I will probably have to have many relative URLS mapped with a singular ROLE. However, how I can change/update these URLs based on the admins input, still remains a mystery to me.
Any other suggestions ? -
OAM Authorization POST parameters
Dear all,
I have a question about the authorization rules in OAM, my requirement is that I want on successful authorization to send a POST parameter to a protected application this parameter will include some piece of data of the logged in user (for example his social security number) and I want to make sure that no authenticated user can send the social security number of another user, so I want this parameter to be sent by OAM to ensure that it will sent the number of the logged in user.
In authorization rules (on success action) I can sent an HTTP Header or set a cookie with the number of the logged in user but I couldn't find a way to send a POST parameter.
I thought of another solution to send the parameter through a normal HTML form and make an authorization rule to check in the POST parameter (say: ssn) in the HTTP request is equal to the SSN of the logged in user but I couldn't figure how to receive parameters in the authorization rule.
I don't know it writing custom authorization plugin can be a solution or there is another solution???
Thanks in advanceHi,
As far as I know, OAM does send params to the end user application in 2 ways. 1. Header Var 2. Cookies.
Passing params through Headervar are safer than cookies as cookies can be tampered in the interim.
However, I think Custom Authz plugin or using Reverse Proxy Server might do this job for you. You might need to explore more on that.
For the alternative solution that you are talking about as passing SSN no. from HTML form, its vulnerable and it can easily be tampered with.
-Mahendra. -
OK, this might be a silly question, but I thought I'd give it a shot.
I have iTunes installed on two computers. One doesn't have the internet hooked up and to listen to certain songs, it says I need to authorize them. So is there any way I can authorize these songs without being hooked up to the internet?You don't need to be connected to the internet in order to authorize the computer ( it's not the songs you are authorizing). Just play a few seconds of one of them.
See this.
About computer authorization. -
I Need help authorizing my computer. I am using an address that has never been used but it telling me that I have already used this address. I have not.
You don't need to be connected to the internet in order to authorize the computer ( it's not the songs you are authorizing). Just play a few seconds of one of them.
See this.
About computer authorization. -
Dear all,
I need to know any tcode or report which can tell about the authorization object for one user, i mean List of all authorization objects executable for users. i checked in tcode suim, that can tell me that user authorization for roles, tcodes and other criteria but i am unable to find such.
thanksHi,
SU56 Can tell you the objects for your own profiles.
Maybe you can use that report to build your own report to find out objects for your different user profiles.
Regards,
Siddhesh -
Regarding the Authorization in ABAP-HR
Hi all,
I want to know about the Authorizations in the ABAP-HR. If any body is having any material regarding the can you plz share with me...
thanks in advance,
SureshHi Kutam,
Chk these Links....
Can i have the list of infotypes .
abap hr
http://www.asug.com/client_files/Calendar/Upload/HR_STRUCTURAL_AUTHORIZATIONS.ppt
Reward Points if Useful
All the Best
Gokul
Maybe you are looking for
-
How to set up loopback# as source fro NTP and/or built-in DNS server ?
I have created a loopback# interface which I would like to be used as the router source interface for the NTP client and/or built-in DNS server so everything originating whithin the router has only one and unique IP address (such as: logging source-i
-
Error while saving the MP: MultiProvider ZQM_M01 was not yet locked
Hi, We are getting the below error message while try to save the MultiProvider. <b>MultiProvider ZQM_M01 was not yet locked</b> There are 3 basic cubes in MP. Recently we have upgraded 3.1 to BI 7.0. Thanks in advance Shaliny. M
-
HOW can i rotate the loop as many lines of multi line container in BPM
Hi All I have to send an idoc to 2 Receivers by spliting the message. Based on the occurance of a particular source segments i need to create those many instance of targets. IDOC ---> Rec1 (More than one message instance) ---> Rec2 (More than o
-
Yosemite setup, migration assistants and timemachine restore didn't transfer ANY files to SSD
Hi, I'm at a total loss after 2 days of trying to upgrade my hard disk to an SSD in my Macbook Pro. I have tried Yosemite Setup assistant, the Migration Assistant in Utilities and Restore from Time Machine. All 3 processes run for 5 hours and say the
-
I lost all my apps after I did the update through the PC Companion. The contacts, messages, email and all that was restored through the restoring function in the PC Companion. Can't I get my apps back?