Any option to restrict SE16 record level access based on company code?

Similar Messages

• Access restriction in IM52 based on company code and investment reason

  Hi,
  How can we have access restriction in IM52 based on company code and investment reason?
  thanks
  Randeep

  hi
  please check the authorization object for the transaction
  company code you can

• How to restrict the user id to a specific company code?

  Hi,
  I want to restrict a user id to access a specific company code only for both customizing and application data creation. This means that the user id can do customizing and create application data for that company code only and not for any other company codes.
  how can i do this?

  Hello Raja,
  You requirement of restricting users for application data can solved by adding the company code in the organization level button and the user will be restricted to mainatin application (transaction) data for the org element for which he is authorized for, if the transaction has objects which check company code.
  Customizing data authorization can be very tricky, as most of the customizing transactions are for maintaining customizing tables will not necessarily have an authorization check for org elements. In this case you may to manually insert a object called S_TABU_LIN alongwith S_TABU_DIS it will perform the job of restricting authorizations.
  In cases where the end user is accessing tables directly with SE16 S_TABU_DIS is the object that is check and maintained in PFCG.But,Such a restriction cannot be made with S_TABU_DIS alone. Fortunately SAP provides us with another authorization object S_TABU_LIN (Authorization for Organizational Unit), which can be used in conjunction with S_TABU_DIS to enforce such a restriction.
  This authorization object works only with Maintenance Views and Customizing tables. Also note that an Organization Criterion is a prerequisite for implementing the same
  A detailed step by step procedure to be followed is given below:
  1. The first step in implementation of line authorization is defining an Organization Criterion. For this we need to access the u201CSAP Reference IMGu201D customization page from SPRO transaction.
  2. From the IMG display screen select SAP Web Application Server -> System Administration -> Users and Authorizations -> Line Oriented Authorizations. Select the execute ( ) button for the u201CDefine Organization Criteriau201D.
  3. The resulting table display show all available Org Criteria values existing in the system. For our purposes we will create a new Org Criteria to suit our needs. Select the tab u201CNew Entriesu201D as shown below.
  4. Give an appropriate name starting with Y or Z for the new value. Note that a name starting with another letter will not be accepted by the SAP system. Click on u2018Saveu2019 button to save the newly created Org Criteria. This opens a new window asking for a Workbench Transport Request. This would be required so as to transport the new Line authorization restrictions further to the test and production systems.
  5. Now select the new Org Criterion u201CY_TESTu201D and double-click the u201CAttributesu201D tab as below to define the various Org Attributes.
  6. Provide the new Attribute name and Description for the same. Also fill the Authorization field value from the provided dropdown (1st Org Criterion Attribute u2026. 8th Org Criterion Attribute). The search help field is an optional field which can be filled if a search criterion exists or has been created earlier for the specific purpose. This field enables the u201CF4u201D when filling entries in the authorization object
  7. We already have a search help (C_T001) available, which provides as an F4 help the list of all available Company Codes in the system.
  Note that we can create up to 8 Org Attributes as per our requirements (by selecting u201CNew Entriesu201D tab), each corresponding to a column in the target table.
  8. Selecting the attributes link again will show us a list of all defined attributes and the authorization Field it will appear in. Now that we have defined the Attribute Field that we require, we need to associate each attribute to the corresponding Table Field in the target table.
  Select one of the attributes as below and double-click on the u201CTable Fieldsu201D button to define the field associations.
  9. Select the u201CNew Entriesu201D tab to create a new table field association.
  10. The View/table field must be filled with the target table which we need to control.
  11. The u201CField Nameu201D will require the field name of the target table which be linked with the specific Org Attribute. Performing an F4 on this field will display the list of all possible fields available in the View/table provided earlier. Here we will select the field name BUKRS (Company Code). Save the entries in the same workbench request created earlier.
  12. The next step would be to activate this new Org Criterion so that SAP now checks the authorization for S_TABU_LIN for every user
  13. In the u2018IMG displayu2019 go to SAP Web Application Server -> System Administration -> Users and Authorizations -> Line Oriented Authorizations. Select execute ( ) button for the u201CActivate Organization Criteriau201D.
  14. From the resulting customization screen tick the check-box for the Org Criterion that we have created. On saving the settings the system then asks for a Customizing Transport Request for further transport into test and development systems.
  15. Any user without this authorization will not be allowed in to the SM30 display/change screen for this table.
  16. In the role for which the S_TABU_DIS provides maintenance access for the table , we will now also need to maintain the object S_TABU_LIN.
  17. On selecting change button besides any authorization field you will need to select the Organization criterion which needs to be maintained here. Note that only one Org Criterion can be maintained in one instance of S_TABU_LIN object.

• Restriction of Tcode SQ01 based on Company code

  We are running one customized query using Tcode SQ01.  We need to restrict Tcode SQ01 in company code level.  We have checked about authorization object in st01. But there is no check of authorization object. Can anybody help to restrict SQ01 based on company code level?
  Regards
  Auroshikha

  Hi Auroshikha,
  Itu2019s very easy to maintain authorization in your Infoset Query report. I got and implemented similar requirement i.e. restriction /authorization as per company code.
  You need to use authority check for authorization object  P_ORGIN in your infoset.
  Please follow the bellow steps:
  -->Go to SQ02, Enter your Infoset name and click on Change button.
  -->Click on 'Code' (Shift+F8) icon dispalyed on application toolbar, you will be moved to Code Section of Infoset that lists different events.
  -->Choose Record Processing event from code section.
  -->Write the following code in 'Record processing' event of your Infoset.
  AUTHORITY-CHECK OBJECT 'P_ORGIN'
  *ID 'INFTY' FIELD '*'
  *ID 'SUBTY' FIELD '*'
  ID 'AUTHC' FIELD 'R' "read
  ID 'PERSA' FIELD P0001-WERKS
  *ID 'PERSG' FIELD DUMMY
  *ID 'PERSK' FIELD DUMMY
  *ID 'VDSK1' FIELD DUMMY.
  CHECK Sy-SUBRC EQ 0.
  Note: PERSA field used in this Authorization object plays an importan role , if you are in different module other that HR , then pass here table_name-companycode_field
  -->Genetare Infoset
  -->Go to SQ01 (in a new session) , Click on exeute or 'Test button' to check authorization is working for report
  Let me know if you need any more details.
  Thank you.
  Regards,
  Dinesh Tiwari

• 0HR_PY_PP_1 restricting based on Company Code

  Hi ,
  I am trying to use extractor  HR_PY_PP_1. The extractor pulls all the CC data as it do not allow selection based on Company Code.
  When we try to change in extractor in source system it does now show field for selection. So I changed the values in ROOSFIELD table .
  Now I see CC for selection but still after making the company code selection , it do not select  the data based on that particular company code.
  Any idea in this direction will be much appreciated.

  Vamsi,
  I think you do not want to allow to see the some FI user these Tcodes data for specific companies.
  I think you have assigned more then one role to user and mentined 3 Tcodes are coming from multiple roles and the user buffer is having multiple entry for the . If this is the case please keep these Tcodes in one role only and restrict the user only in F_BKPF_BUK BUKRS.
  If only one role is assigned to you then assigned the required company codes at Orgranisation Level only and it will populated at Authorisation Object F_BKPF_BUK BUKRS for company codes.
  I would advise you not to modify the SAP standard object in SU24 because it can distrub the Standard Auth. Object.
  Hope this will help.
  Lokendra

• Restrict PR/PO/GR for a particular company code from particular date

  Hi Experts
  How we can restrict PR/PO/GR for a particular company code from a particular date?
  I know PR is not directly linked with company code
  PO can be restricted by deactivating the assignment between company code & plant
  GR- we can use posting period option.?
  Suggest me the best solution for the above requirment.
  Thanks/karthik

  hi
  Obvoiyusly , you can stop the company code posting by not activating the month end closing of periods (MMPV) in MM and similarly in FI ( OB52).
  By removing the assignment you can stop PO creation for the company code but you need to ensure that all the old, un-finished PO/SA and other related activities are taken care off before that.
  Regards

• F.01 restriction based on Company Code

  Hi Team,
  We wants to restrict the use of F.01 tcode based on the company code but i don't see any object where i can restrict this.
  Please provide any solution for this
  Regards
  Narinder

  Hi Narinder/V A Joshi
  Can transaction FC10N be used instead?
  Looking at SE93 definitions, F.01 uses program RFBILA00 and FC10N uses program RFBILA00N. It looks like FC10N is the new version (I thought a lot of the F.* transactions were replaced).
  Can you confirm with functional team if the FC10N transaction should be used instead of F.01? You should then be able to restrict on object F_BKPF_BUK.
  Regards
  Colleen

• Automatic restriction of currency based on company code

  Hi,
    I have a requirement where in the layout I need to restrict the header currency based on the company code chosen.  How is this possible?
  Currency is an attribute of company code and both company code and currency are in the header but users dont want to choose currency and only want to select company code from the drop down.
  Now my problem is without limiting the header to a single currency the layout cannot be opened.
  Any help would be appreciated.
  Thanks

  Hi,
  if it is not working with the table as Sunil describes (I never tried this) maybe the solution for your problem is reading the value of the variable for company code with the function module Z_VARIABLE_GET_DETAIL as describes in the howTo-paper "Variables of type exit"
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/how%20to%20variables%20of%20type%20exit.pdf
  It works, in case of troubles, dont use the buffer.
  Greetings,
  Christian

• Restricting few FI T-codes based on company code

  I was able to restrict some FI transactions based on the Company code by giving relevant values for Organization levels.  However I could not restrict the following three T-codes:
  FBV3                       Display
  F.81                       Reverse Accrual/Deferral Document
  S_ALR_87012342     Gaps in Document Number Assignment
  Pls suggest.

  Vamsi,
  I think you do not want to allow to see the some FI user these Tcodes data for specific companies.
  I think you have assigned more then one role to user and mentined 3 Tcodes are coming from multiple roles and the user buffer is having multiple entry for the . If this is the case please keep these Tcodes in one role only and restrict the user only in F_BKPF_BUK BUKRS.
  If only one role is assigned to you then assigned the required company codes at Orgranisation Level only and it will populated at Authorisation Object F_BKPF_BUK BUKRS for company codes.
  I would advise you not to modify the SAP standard object in SU24 because it can distrub the Standard Auth. Object.
  Hope this will help.
  Lokendra

• Page and Record level Authentication / Access control.

  Hi,
  I hope some of you might have come across this kind of issues. I am trying to setup page level authentication and record level access control. Please see below for the detailed description.
  1. Does APEX have any functionality where I can implement my page level authentication schemes.
  Say there are 5 pages/tabs and 10 users, and I want to restrict access as follows.
  All users can read the data in all the pages.
  User 1 thru 8 can read all the pages and edit page 1 and 2
  User 9 and 10 can read and delete the records inside the page.
  2. Is there any mechanism, that supports record level access control.
  Example : There is a page, it shows a product information of all the products. Is there a mecanism inside APEX wherein this page shows only the products created by it's creater (any end user)
  Is there a way in APEX, we can implement this functionality without having user information stored in the DB. ?
  Thanx in advannce.
  Vijay.

  Vijay,
  When a user creates the product why not store the user who created it in a column in the same table. That way you can write something like this:<BR>
  CREATE TABLE products_tab
    productid NUMBER PRIMARY KEY,
    product_name VARCHAR2(200),
    user_created VARCHAR2(30)
  );<br>
  SELECT
    productid,
    product_name,
    ( CASE
        WHEN user_created = :F_USER THEN
          --link to edit page goes here
        ELSE '<nbsp>'
      END ) edit_link,
    ( CASE
       WHEN user_created = :F_USER THEN
         --link to delete page goes here
       ELSE '<nbsp>'
      END ) delete_link
  FROM products_tab<br>
  I don't believe you can use an authorization scheme on a button the way you desired. It either displays the column or it doesn't.<br><br>
  Hope this helps.<br><br>
  chet<br><br>

• Issue with the site level access in the trial ac

  I am following the given video to get an understanding of site level access.
  SAP HANA Cloud Portal Setting Access Levels in the Site - YouTube
  I could not find the option of setting the site level access to either public, restricted or private in my trial ac. in the site settings as per the given video above. Could this be some authorization issue or some settings that needs to be done.

  Hello,
  The site access level configuration is now under the Access Managment entry in the side panel.
  Please follow the documentation in the link below.
  SAP HANA Cloud Portal Documentation
  Regards,
  Eliel.

• Change the recording level for recording with Thunderbolt-Firewire-Mixer

  Hey,
  I just bought a PHONIC Helix Board 24 Universal for recording some music via Firewire.
  Because my IMac has no Firewire-slot, I am using a Thunderbolt-Firewire-Adapter and a Firewire 400-800 cable.
  If I try to record some music it sounds really horrible.
  It seems that the reason is the recording level which can be changed while using the internal micro but not with firewire-Thunderbolt.
  The recording level is set on max, resulting in overmodulation and noise.
  Is there any way to adujust the recording level?
  Thank you in advance!
  Kay

  Hello Jshen6,
  Have you tried looking at the examples in LabVIEW under Hardware Input and Output>>Synchronization? The Analog Input-Synchronization.vi example shows you how to synchronize AI across multiple devices in various configurations and for various types of hardware. Would you mind listing what hardware you are using? Are all three devices taking the same data (voltage, strain, acceleration, etc)?
  Jonathan L.
  Applications Engineer
  National Instruments

• How to Restrict Intercompany Access By Company Code

  We have multiple territories, of which each is assigned their own company code  We'd like intercompany access to be restricted by company code so users only have intercompany access to only territories they have authorization for.   Currently, we have role X setup and authorized users have access to this role.
  Intercompany TCODES would include FBU2, FBU3, and FBU4. 
  The obvious solution would be to create additional roles via PFCG whereby each role has access to X company codes and assign these users to the appropriate role.  Any other ideas?  Also, with the ECC upgrade, doesn't this impact performance on the cube when trying to restrict roles by company code?
  Thanks in advance!
  Edited by: david kim on Feb 10, 2009 2:13 AM

  Hi david kim,
  Based on my experience, the best way is by maintaining the roles in Txn PFCG as what u did just now. FYI, there's no impact on performance on the cube when trying to restrict roles by company code. (we have faced it before when upgrading 4.6C to ECC6...with flying colors ...).
  Hope this will solve your problem.
  TQ
  Regards,
  Nazrul

• Is there any option in captivate to capture tool tips

  Hello Friends
  I'm using Captivate 4 .is there any option in captivate4 to record the mouse movement so that i can capture the Tool Tips in the software which i am making the Demo.Hope some one will help me..
  Crazdobe

  Hi there,
  My preferred method would be to capture the initial screens using Adobe Captivate 4, use an screen grabbing application such as SnagIt or the built-in Windows Vista / Windows 7 Snipping Tool to grab just the tool tips and then insert these as images in Adobe Captivate. This method gives you full control over the tool tips which can be faded in and out using Adobe Captivate's Transition Effects (see screen shot below).
  Another way would be to capture the tool tips using FMR (Full Motion Recording). To do this you would simply press F9, roll over the object that includes the tool tip and then press F10 to exit FMR mode. However, it is important to stress that FMR is real-time video and may not be the best solution.
  HTH
  Best - Mark

• Restrict access in report based on compnay codes and cost centers

  Hi,
  We are using a standard report, which is  assigend to a Z transaction and assigend to the role.
  The report need to be restricted based on the company code and cost center   ?
  but i could not find any AUTHORITY- CHECK statements in the code ( there is only authority check statement for object G_803J_GJB which has authorization groups and aCTVT field.)
  Please let me know what steps need to be followed to restrict the report based on company codes and cost centers.
  Thanks for your help in advance.

  Thanks all for the quick response.
  Steps to be followed:
  1) incorporatomg AUTHORITY-CHECK  statements for K_KOSTL and F_BKPF_BUK objects in the program.
  2) adding the objects as check yes in SU24 for the Z transaction.
  and restricting in the role.
  The program name is "GP3O4ZGOOF3HA68QMGHF8S7I9ER250".
  Please let me know if any more steps need to be followed.
  Based on this i have to send a estimate to my client.
  Thanks,
  Sanketh.