Access at account record level

I have account data for subsidiaries in 11 different countries and need to setup some access rights for all the users.
Each user will be allowed to access all accounts in his own country. However he should not be able to view accounts of another country. For example, a user from France can only view French accounts and he will not have access to accounts from Italy.
Some special users are allowed to access certain accounts from a different country. For example, a group manager from France will have access to all French accounts and certain Italian accounts.
Is there any way we can apply access rights at a record level? If not, how best can I achieve something close to this?

Hi Venky,
Thanks for your response. However, these accounts are uploaded via webservices on a daily basis. I'm not sure how we're going to achieve this as the issue of workflow comes up.
Are you aware of any other option where security can be set at the record level by a certain user or even using webservices?

Similar Messages

Any option to restrict SE16 record level access based on company code?

Hi All,
I have a requirement to restrict record level access in SE16 based on company code.
Our SAP system has two company codes. The requirement is that users of one company code should not be able to see records of other company code in SE16.
Is it possible through some exits/badis/other methods?
Thanks in advance.
Regards,
Arun Mohan

You could write a small front end that accepts the company code, applies custom authorization code for each value and retains or removes, then calls the transaction and enters the selections the user requested and that your authorization check resulting in "passing".... Of course, you'd have to block those users from "pure" SE16... I once worked in situation similar, users in one country couldn't see USA data, etc. I think someone wrote an entire new program, called by ZSE16, for that.

Page and Record level Authentication / Access control.

Hi,
I hope some of you might have come across this kind of issues. I am trying to setup page level authentication and record level access control. Please see below for the detailed description.
1. Does APEX have any functionality where I can implement my page level authentication schemes.
Say there are 5 pages/tabs and 10 users, and I want to restrict access as follows.
All users can read the data in all the pages.
User 1 thru 8 can read all the pages and edit page 1 and 2
User 9 and 10 can read and delete the records inside the page.
2. Is there any mechanism, that supports record level access control.
Example : There is a page, it shows a product information of all the products. Is there a mecanism inside APEX wherein this page shows only the products created by it's creater (any end user)
Is there a way in APEX, we can implement this functionality without having user information stored in the DB. ?
Thanx in advannce.
Vijay.

Vijay,
When a user creates the product why not store the user who created it in a column in the same table. That way you can write something like this: 
CREATE TABLE products_tab
productid NUMBER PRIMARY KEY,
product_name VARCHAR2(200),
user_created VARCHAR2(30)
); 
SELECT
productid,
product_name,
( CASE
 WHEN user_created = :F_USER THEN
 --link to edit page goes here
 ELSE '<nbsp>'
 END ) edit_link,
( CASE
 WHEN user_created = :F_USER THEN
 --link to delete page goes here
 ELSE '<nbsp>'
 END ) delete_link
FROM products_tab 
I don't believe you can use an authorization scheme on a button the way you desired. It either displays the column or it doesn't. 
Hope this helps. 
chet

Restricting GL master change at account group level

Hi Experts,
Requirement
To control GL MAster field layout per company code or per account group and per activity.
To restrict GL master change, for certain fields, at account group level.
Let us say, I have activated "Post Auto" in a GL Account during GL creation.
Now while changing the GL, the system should not allow me to change this particular field.
Analysis
This is possible through transaction OB26 (Define Screen Layout for Each Transaction).
However the limitation of the above transaction is that it is applicable for all the account groups for a particular activity (Create/Change/Display).
I do not want to use any development to make this happen.
Please help me in solving this through standard SAP.
Cheers,
Nitish

Hi,
You can make the account group specific field status setting in OBD4.
And you can make the activity specific setting in OB26.
Then SAP will take the field status out of the two above based on highest priority. The priorities are (starting with the highest):
- Hide
- Display
- Required entry
- Optional entry
Fields which are accessed with the transaction master record display are always either displayed or hidden, since you cannot make an entry in a "display" transaction.
If you do not want to use the transaction-specific control, set the field status for all fields to optional. Since this field status has the lowest priority, the account group-specific control is always used.
Regards,
Gaurav

Record level restriction in Main Table

Hi Forum,
I have a scenario where in we are maintaining master records related to multiple regions.
We have created users of a particular role to mainitain master records for each region.
Now what I want is when a regional user accesses the master records, I want the user to access records to his region.
I tried using Masks, but this can be set at role level. In my scenario all the regional users are with the same role.
All your suggestions and ideas are highly appreciated.
Regards
Madan

Hi Madan,
In console, for every user/role there is tables and fields options.
Select the region as restriction value.
This will solve the problem.
If you have problem in doing this as I dont have console access now, I will try to send you the screenshots tomorrow.
Hope it will solve,
+ An
Pls close your questions if answered

How to get the Contact person name of Account site level contact person

Hi All,
I have contact person defined at account level and other at account site level.
I am trying to print the site leve contact name in my AR Invoice report.
What i used is bill_to_site_use_id a input in the below query
select hp2.party_name
from
HZ_CUST_SITE_USES_ALL hcs,
HZ_CUST_ACCT_SITES_ALL has,
hz_party_sites hps,
hz_parties hp,hz_parties hp2,
hz_relationships hr
--HZ_ORG_CONTACTS HO
where hcs.CUST_ACCT_SITE_ID=has.CUST_ACCT_SITE_ID
and hps.PARTY_SITE_ID=has.PARTY_SITE_ID
and hp.party_id=hps.PARTY_ID
and hr.subject_id=hp.party_id
and hr.RELATIONSHIP_TYPE = 'CONTACT'
and hp2.party_id=hr.OBJECT_ID
and hr.OBJECT_TYPE ='PERSON'
--and ho.PARTY_RELATIONSHIP_ID=hr.relationship_id
and hcs.SITE_use_ID=3398 -- from (ra_customer_trx_all)
But I get two records. So how can I differentitate the account contact and site contact.
Am I missing any table or join. Or is the input provieded is not fine.
Please help
Thanks

Hi -
Please use the below code to get the Contacts at the Account level.
where Sold to Org id is the Customer Account Id.
SELECT hp2.person_last_name||', '||hp2.person_first_name
FROM apps.hz_parties hp,
apps.hz_parties hp2,
apps.hz_relationships hr,
apps.hz_cust_accounts hca
WHERE 1 = 1
AND hca.party_id = hp.party_id
AND hca.cust_account_id = :sold_to_org_id
AND hr.subject_id = hp.party_id
AND hr.relationship_type = 'CONTACT'
AND hp2.party_id = hr.object_id
AND hr.object_type = 'PERSON'
AND hp.party_id = hr.subject_id
Thanks
Vyaghresh
Edited by: user11990386 on Jun 20, 2011 2:33 PM

Accounting record not sent (Aironet 1131AG)

I have problem with accounting on my Cisco Aironets 1131AG configured into WDS domain. There arent sent any START-STOP radius records. Why???
Cisco Aironet, Software Version 12.4(10b)JA3
---------------- debug msg -------------------
May 7 18:58:34: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 0012.f004.1d4e Associated KEY_MGMT[WPAv2]
May 7 16:58:34.111: AAA/ACCT/NET(00000014): Pick method list 'acct_methods'
May 7 16:58:34.112: AAA/ACCT/SETMLIST(00000014): Handle B6000004, mlist 010F5EE8, Name acct_methods
May 7 16:58:34.112: AAA/MLIST Ref count of of mlist 0x10F5EE8 raised to 2
May 7 16:58:34.112: AAA/ACCT(00000014): Type NET: Periodic timer initialized
May 7 16:58:34.112: dot11_aaa_start_accounting: Starting accounting for user: mbe
May 7 16:58:34.112: AAA/ACCT/EVENT/(00000014): NET UP
May 7 16:59:08.995: dot11_aaa_stop_accounting: Stopping accounting for user: 0012.f004.1d4e
May 7 16:59:08.996: AAA/ACCT/EVENT/(00000014): NET DOWN
May 7 16:59:08.996: dot11_aaa_upd_accounting: Updating attributes for user: 0012.f004.1d4e
May 7 16:59:08.997: AAA/ACCT/HC(00000014): DOT11/00C07260 [sess] (rx/tx) base 0/0 pre 496/858 call 1593/1956
May 7 16:59:08.997: AAA/ACCT/HC(00000014): DOT11/00C07260 [sess] (rx/tx) adjusted, pre 496/858 call 1097/1098
May 7 16:59:08.997: AAA/ACCT/NET(00000014): Accounting record not sent
---------------- config snip -------------------
aaa group server radius t-radius
server 172.16.1.5 auth-port 2812 acct-port 2813
aaa group server radius t-radius-acc
server 172.16.1.5 auth-port 2812 acct-port 2813
aaa authentication login default local
aaa authentication login eap_methods group t-radius
aaa authentication login WLCCP group t-radius
aaa authorization network WLCCP group t-radius
aaa accounting delay-start
aaa accounting update periodic 5
aaa accounting network acct_methods start-stop group t-radius-acc
aaa accounting connection acct_methods start-stop group t-radius-acc
dot11 ssid bigspace
vlan 67
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
accounting acct_methods
mbssid guest-mode
wlccp ap username AP1 password XXXXXXXXXXXXXXXXX
wlccp authentication-server infrastructure WLCCP
wlccp authentication-server client any WLCCP
ssid bigspace
wlccp wds priority 200 interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server attribute 32 include-in-accounting-req format %h
no radius-server attribute nas-port
radius-server host 172.16.1.5 auth-port 2812 acct-port 2813 key XXXXXXXXXXXXX
radius-server retransmit 2
radius-server timeout 10
radius-server deadtime 3
radius-server vsa disallow unknown
radius-server vsa send accounting
radius-server vsa send authentication

I know this is late, but I think it can be helpful to those trying to send RADIUS accounting information.
I tried this out, and the reason this seems not to be sending the accounting information is because of the delay-start.
The delay-start does not seem to work with 802.11 connection accounting.

Unable to access iTunes account

For the past few weeks (and potentially much longer, as I have only recently checked), I have not been able to access my iTunes account. I have checked and double checked everything i could think of - my password is correct, it is not my internet connection (as i have attempted viewing my account while at different friends' houses), and i have tried at different times of the day (thinking it might have been site traffic), as well as signing out and back in - nothing has helped.
Every time i try, the same message pops up: "Could not complete the iTunes store request. The store may be busy. Check your internet connection or try again later."
This is especially frustrating because it means that i can't normally report any purchase issues, nor manage my reviews (or change my nickname, which is what i was originally trying to do!).
I am at a loss for what else to try. Any help would be really appreciated!

I organised an allowance for my son and then set up an account for him. He received the email verification email. We responded to that, successfully according to the message we saw. Now I cannot we cannot access the account we set up. The debit for $20 has gone through my account, but there is no record of it in my "account" section when I am signed it. I also cannot see that there is a purchase history in the account section. Apple, you have my money, my son wants to be able to download music and apps NOW. Why can we not access the account we set up for him?

In an SAP Table is to possible to perfrom lock at the record level?

Hi All,
In an SAP Table/Ztable is to possible to perfrom lock at the record level?
Is it possible to increease the size of the sap table or z-table to insert more records.
For example I want to insert 50000 records into a z-table and the size category I have given as 0 means which can hold some 15thousand records.
then what abt the remaining recors?
how can I inser tthem?
do I need to increase the manually or it will be done automatically?
Could any one please explain this?
Thanks in Advance.
Regards.
Abhilash.

hi,
u can insert no of records into table based on ur size category.
check these.
0                0   to         1,200
1            1,200 to         4,900
2            4,900 to        19,000
3           19,000 to        78,000
4           78,000 to       310,000
5          310,000 to       620,000
6          620,000 to    25,000,000
to lock records check this data.
Lock mode
Defines how to synchronize table record access by several users.
The following modes exist:
Exclusive lock
The locked data can be read or processed by one user only. A request for another exclusive lock or for a shared lock is rejected.
Shared lock
Several users can read the same data at the same time, but as soon as a user edits the data, a second user can no longer access this data. Requests for further shared locks are accepted, even if they are issued by different users, but exclusive locks are rejected.
Exclusive but not cumulative lock
Exclusive locks can be requested by the same transaction more than once and handled successively, but an exclusive but not cumulative lock can only be requested once by a given transaction. All other lock requests are rejected.
reward points if hlpful.

Recording level isn't adjustable ?????????

Hello,
It seems like many people have tried to answer this question but for me there is no luck of sorting out my problem.
(I will be inserting pictures as I'm not very good at explaining)
I got a Mustang I/II amp (by Fender) for Christmas (I sing on YouTube and need to get this sorted quick). I am using Garageband 09 on my macbook pro and have for many years (I have never had a problem till now). I have recorded one song with the USB port and it was great but the next time I tried the recording level was greyed out.
I have tried changing the setting through Audio MIDI setup but it was greyed out. I'm not very good with laptops and computers but I need this sorted quickly due to my YouTube career.
Please help
Thank you

The Recording Level slider is NOT a GarageBand setting. Think of it as a "remote" control that directly accesses the select audio device (through its driver).
That means, if the selected audio device lets you change its input level through this software control, then the Record Level slider is active. This slider is "linked" to the other input slider on the Audio MIDI Setup app and the System Preferences Sound tab. If you have those windows open, then you'll see them moving at the same time. That's what I mean with linked, basically they are all the same control, controlling the audio device (if allowed).
Hope that helps
Edgar Rothermich
http://DingDingMusic.com/Manuals/ 'I may receive some form of compensation, financial or otherwise, from my recommendation or link.'

I can't access my account! Password tokens are not...

Hi there,
I can't access my account.
I've tried to reset my password but I get an error that the reset tokens are not valid. Once you do this three times you get an error that you must wait 24 hours to get another password reset token.
Since I can't login I can't get chat support.
I have a premium account and have created this free account so that I can post on the forum.
PLEASE HELP! I have no idea what to do.
Thanks!!!

you can also send an email to [email protected]
IF YOU FOUND OUR POST USEFUL THEN PLEASE GIVE "KUDOS". IF IT HELPED TO FIX YOUR ISSUE PLEASE MARK IT AS A "SOLUTION" TO HELP OTHERS. THANKS!
ALTERNATIVE SKYPE DOWNLOAD LINKS | HOW TO RECORD SKYPE VIDEO CALLS | HOW TO HANDLE SUSPICIOS CALLS AND MESSAGES
SEE MORE TIPS, TRICKS, TUTORIALS AND UPDATES in
| skypefordummies.blogspot.com |

Book of Business and access to Accounts, Contacts, and Opportunities

We have a question about access and Books of Business...
We have an account with a book of business. The account has 20 contacts and each contact has 2 opportunities associated with it. If a user has access and can see the account, will they be able to see the details of 20 contacts and 40 opportunities associated with the account without adding the books of business to those contacts / opportunities, or for a user to access all the records, all records need to have a book of business associated?

Thanks for the clarification. The user still cannot actually open the contact or opportunity that is tied to an account even though the account record has a book of business. I played with the related information section for the Account Record type and the still received errors when they click on a contact or opportunity.
I then update the contact and opportunity with the book of business and they were able to click and see the details.
I guess this is telling us that a book of business is required on accounts, contact, and opportunities if other users would like to see the details for contacts and opportunities related to an account.

"connection was reset" when i try to access my account on facebook

Hello,
i've been trying to access my FB account but i keep on getting the msg "connection was reset" on firefox for example . i've tried both of my accounts , but still not working. i am able to access my account from others pcs. what can i do ??!! plz help
note: i tried to disable all the plugs in and cleaned the history(cookies ...etc)

Application Basics
Name
Firefox
Version
3.6.6
Profile Directory
Open Containing Folder
Installed Plugins
about:plugins
Build Configuration
about:buildconfig
Extensions
Name
Version
Enabled
ID
AutoPager
0.6.1.12
false
[email protected]
FoxTab
1.3
true
Hotspot Shield Toolbar
2.5.6.0
false
Java Console
6.0.12
false
Java Console
6.0.13
false
Microsoft .NET Framework Assistant
1.2.1
false
{20a82645-c095-46ed-80e3-08825760534b}
RealPlayer Browser Record Plugin
1.0
false
The Browser Highlighter
1.0.14908
true
[email protected]
Java Console
6.0.17
false
AVG Safe Search
9.0.0.845
false
{3f963a5b-e555-4543-90e2-c3908898db71}
Java Console
6.0.20
false
Modified Preferences
Name
Value
accessibility.typeaheadfind.flashBar
0
browser.history_expire_days.mirror
180
browser.history_expire_days_min
6
browser.places.importBookmarksHTML
false
browser.places.importDefaults
false
browser.places.leftPaneFolderId
-1
browser.places.migratePostDataAnnotations
false
browser.places.smartBookmarksVersion
2
browser.places.updateRecentTagsUri
false
browser.startup.homepage
http://www.google.ae/
browser.startup.homepage_override.mstone
rv:1.9.2.6
dom.max_script_run_time
1800
extensions.lastAppVersion
3.6.6
network.cookie.lifetimePolicy
2
network.cookie.prefsMigrated
true
places.last_vacuum
1279819706
privacy.clearOnShutdown.cache
false
privacy.clearOnShutdown.cookies
false
privacy.clearOnShutdown.downloads
false
privacy.clearOnShutdown.formdata
false
privacy.clearOnShutdown.history
false
privacy.clearOnShutdown.sessions
false
privacy.cpd.downloads
false
privacy.cpd.formdata
false
privacy.cpd.history
false
privacy.cpd.siteSettings
true
privacy.item.cache
false
privacy.item.downloads
false
privacy.item.formdata
false
privacy.item.history
false
privacy.item.sessions
false
privacy.popups.showBrowserMessage
false
privacy.sanitize.migrateFx3Prefs
true
privacy.sanitize.sanitizeOnShutdown
true
privacy.sanitize.timeSpan
0
security.warn_viewing_mixed
false

Hi. I am using a time capsule for few PC s. I have made 5 different account to access time capsule. but in windows when i enter account name and password for one account, i cannot access other accounts, because windows saves username

Hi. I am using a time capsule for few PC s. I have made 5 different account to access time capsule. but in windows when I enter account name and password for one account, i cannot access other accounts, because windows saves username. how can i prevent this from happenning. I really need to access all my accounts and dont want it to save automaticlly.

Why have 5 accounts if you need to access all of them.. just have one account?
Sorry I cannot follow why you would even use the PC to control the Time Capsule. Apple have not kept the Windows version of the utility up to date.. so they keep making it harder and harder to run windows with apple routers.

HT4314 i have 2 game center account with 1 apple id but it will only access one account. it says the other id is used but i cant change . help.

I have a game center account that has 2 accounts in the same apple id. the problem is i can only access one account. when i try to type in for the second account it says already taken. How do i change to the 2nd account with the same apple id? Please help.

that's the issue, you bought the OS online so Donald is right, it is being mailed to you. post the URL where you bought it.
the 'app store' is an application running on OSX itself where you can DL software.
so, you have to wait for mountain lion to arrive.
if you want to get a clean OS on your machine now, do this
reboot holding down command/option/R (hoping your machine supports this)
open disk utility, erase your HD so you have a single mac journaled partition
choose install OSX on this HD
let it run. from what you said, you will be back on lion.

Access at account record level

Similar Messages

Maybe you are looking for