Assign authorization objects to newly created transaction

Similar Messages

• Assigning authorization through assigning authorization objects

  hi all,
  can anybody tell me the whole procedure for assigning authorizations by assigning authorization objects from the scratch along with the example with guide for assigned authorizaon using this method.b'coz this is the requirement of our organization.
  I mean to say assign authorization manually without assigning trnsaction codes.
  suggestion are always accepted.
  if you want to send me the documents then my email id is [email protected]
  thanks in advance,
  waiting for reply............
  hardik patel.

  hi kumar,
          thanks for your help.
          ok i got it and i agree that i can find the authorization object by your suggested way.
      now my point is that i find that this perticulat object is corresponding to this particular trnsaction code. now if i want to aloow only four transaction code out of all transaction codes belongs to that authorization objects. so, for this how can i maintain authorization for this authorization objects.
  It means on " Change authorization tab" it shows fields of that added authorization objects. so what values should i give to those fields so that i can allow only particular transaction codes which i want. so, how can i determine these values for allowing particular transaction codes, not all transaction codes. can you guide me regarding this?
  Please help me regarding this?
  thanks for your support,
  waiting for your reply...............
  Regards,
  Hardik Patel.

• Assign Authorization Object dynamically

  Hi,
  I just want to know through coding is it possible to assign authorization object to user based on some condition dynamically.
  Its related to BP and in CRM 6.0
  Pls provide some approach if its possible.
  Thanks a lot.
  Regards,
  Shobhit

  Shobhit,
  Displaying authorization details would not be much of a problem. We can add a flag in the customer master and fetch the customers with the flag in the search result. I believe there is BADI to do that.
  Once the customers are retrieved navigating to the account details should be standard procedure. It should make use of standard events to go to the BPHeadOverview screen.
  But, the concern is whether or not there is authorization failure when we are trying to save the activity created using these flagged customers.
  Regards
  Prasenjit

• Assigning authorization objects to transaction

  Hi All,
  While creating a new role using transaction PFCG, If i enter transaction SE38, i will get lot of authorization objects, fields where i can decide whether i should allow only display or change or create etc. But if i create my own transaction, then i will not get these authorization objects. Where should i assign there objects for my transactions.
  I tried to assign this in transaction se93, but that did not work.
  Thanks in advance.
  Best Regards,
  Surendra<b></b><b></b>

  TRY with SE97.
  and check the check box change mode and try running there you can change the authorizations..
  vijay

• Assign authorization object to standard transaction (VA02)

  I've success to create an authorization object and assigned to va02. I also use su24 to check indicator for my customize object. There are reported that it is Check. I think it is activated. Then i access va02, but it still can access, I suppose i no have right to access the va02. What's wrong for my setting. Acutally, I no much ideas for the authorization object. Can you give me some advise. Thanks a lot.

  Hi Giri,
  You could (and probably should) specify the check in SU24, but this won't make the check happen.  The values in SU24 are used in transaction PFCG when a role is created that includes this transaction.
  To make the authorisation check at runtime you'll need to code a user exit or similar to check your new authorisation object.
  Regards,
  Nick

• Programmatically assigning Authorization Objects to roles

  Hi there,
  I have created an authorisation object with eight fields. The fields control which parts of my application are accessible to the user. (Each field is one category, each category has several subcategories).
  What I want to do is the following:
  There shall be a custom authorization dialog, wherein the system administrator can configure the access of the application for a specific user.
  In plain text: I want to develop an interface which makes it possible to assign authorisation objects with specific values to a user or to an already existing role.
  Is there any functionality, that allows me to perform this assignment and regenerate the users profile?
  I already discovered, that the table UST12 contains the connection between the authorization profile of a role and an authorization object, as well as the assigned values. Anyhow, just to write new values to that table has no affect to the authorization when calling "authority-check object" in an ABAP report.
  Does anyone know, whether there are standard functions in the ERP System, that support the changing of authorization objects and the regeneration of roles?
  Thank you very much,
  Gregor
  Edited by: Gregor Bender on Mar 11, 2008 8:41 AM

  >
  Gregor Bender wrote:
  > I already discovered, that the table UST12 contains the connection between the authorization profile of a role and an authorization object, as well as the assigned values.
  Nope, sorry, it's not the connection but only one of the many.... Roles and profiles are stored in quite a lot of different tables so manipulating one table directly will hardly ever get you the desired situation. It may even lead to problems due to inconsistencies.
  For mass regenerating profiles there's transaction SUPC.
  For manipulating the contents of roles/profiles have a look at scripting with SECATT or LSMW in combination with PFCG.
  If you want to write code to add objects to roles you have to look at least in tables AGR_1250, AG_1251 and AGR_1252. The UST* tables are updated when generating profiles and/or comparing users.

• Assign authorization objects

  HI ,
  1. When i create new set of WS do i need to create to them authorization object ?
  2. if i create new set of users from scratch in the system and i want to provide to them one role that
  I create and contain for instance all the report and transaction that i want to provide,
  do i need to add to them another authorization objects ?
  3. if i create authorization object in the system how i add it to certain role ,i don't see these
  option in PFCG.
  Best Regards
  Michael

  HII,
  Yes u can aad  other authorization object to the existing role if the role needs it because user is unable to perform any task releated to it because of missing authorization object after seeing it in su53 because sometimes tcode assigned but corresponding authorization is not added by system automatically this creates prob for the user to perform task as far as adding up an authorization object u can added it  throught su24 or pfcg in pfcg u need to click on manuaally option u can added upto 8 authroziation objects and if u want to added it through su24 u click on add authorization object feild
  but never forget to save and generate the profile after adding authorization object and also do user comparsion and complete comparsion so this object gets added to the role
  byeeeeeeeeeeee
  takecare

• Authorization object to view & create EWA

  Hi Patrons,
  I need to create a role which will provide access to view and create EWA sessions for all solutions in my solman 7.1 system.
  I have managed get access to solman_workcenter transaction (System Monitoring tab) > Reports > SAP Early Watch Alert & SAP Early Watch Alert for Solution by using authorization objects S_TCODE (txn solman_workcenter), SM_WC_VIEW (for workcenter "WDC_WBA_SYSTEM_MONITORING"). But I am unable to view the systems in my landscape.
  Kindly let me know which authorization object I should be using to achieve my requirement.
  Thanks in Advance,
  Vivek.

  Hi Vivek,
  Please check the security guide in below path for EWA roles
  Installation and configuration guides at http://service.sap.com/instguides -> SAP Components -> Solution Manager.
  Here you also find the 'Security Guide for Solution Manager'.
  Also check the Note 1257308 - FAQ: Using EarlyWatch Alert note setup2. for more information.
  Rg,
  Karthik

• Authorization objects generated by a transaction

  Hola buenas tardes, tengo un problema con unos roles. Actualmente existe una transaccion llamada FDTA la cual me muestra unos TXT para tranferencias Bancarias tanto de HR como de FI, resulta que el personal de HR puede ver los TXT de FI y los de FI tambien puede ver los de HR, como puedo saber que objetos genero esa transaccion, o como puedo determinar que campo es el que limita esta opcion? 
  Gracias por su atencion,

  Hola Juan Carlos,
  Deberías poder ver desde la PFCG, agregando la transacción desde el menú, todos los objetos de autorización pertenecientes a dicha transacción. Para saber en que objetos le está fallando al usuario, dile que ejecute cuando le da el error la transacción SU53, esta pantalla te dará el objeto de autorización en cuestión.
  Hi Juan Carlos,
  You should be able to see all authorization objects for a transaction, by adding it first on the transaction menu from PFCG. Furthermore, if you want to troubleshoot specific auhtorization objects, instruct the user to execute transaction SU53. This screen will show you specific authorization object that failed at that moment.

• How to assign authorization objects to a cube

  Hello,
  My cube includes 0profit_ctr which is marked as authorization relevant. Still in RSSM my cube is not included in the list of infocubes for an authorization object (zprofit) linked to 0profit_ctr. I'm therefore not able to enable that authorization object for my cube. I have a few ODSs which are included in the list. Why is my cube missing? Is there something I must do to include it, or is it a bug?
  When checking the infocube for authorization objects in RSSM this list is empty as well. I don't see any option to add authorization objects in that list.
  I have read the following document:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b849e690-0201-0010-9b88-c00cca40736f
  I'm using BW 3.5.
  Regards,
  Christoffer

  Hi Christoffer,
  In RSSM  you will find a button  "Update Check Status ( Authorization Objects, Info providers) ". After this update you should find your cube in the list.
  Jaya

• PO account assignment authorization object

  Dear Guru's,
  We want to restrict PO creation (ME21n) for certain Account assignment catagories (one for one particular plant and not system wide).
  Is there any Authorization oject for this using which we can restrict the creation?
  Kindly share your idea.
  Thanks and Best Regards,
  Mohan

  No. There isn't.
  We discussed this a couple of times over in the security forum. If you search there, you will find solutions that other boarders have applied (exits, etc.).

• Assigning  ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT authorization objects

  Hi all,
  I need to create new role with Authorization objects as below:
  S_RFC, S_TCODE, S_TABU_CLI, S_TABU_DIS, S_BTCH_JOB, S_RS_ADMWB, ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT. I can assign some objects as S_RFC, S_TCODE, S_TABU_CLI, S_TABU_DIS, S_BTCH_JOB, S_RS_ADMWB. But  ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT objects, I can not assign it! Can you help me assign  ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT  objects for my new role?
  Please advise,
  Thanks
  Duypm

  Hi,
  Then I assume that the Auth. Objects ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT have not been created in your system.
  Normally the Authorization objects will be created by the ABAP team through the transaction SU21. Each authorization object must be assigned to an object class when it is created.
  You can also create authorization objects in the Object Navigator (SE80).
  please go thru this link .
  [http://help.sap.com/saphelp_nw70/helpdata/EN/52/6716a6439b11d1896f0000e8322d00/frameset.htm]
  Regards,

• Authorization object creation for transaction MIGO

  Hi,
  We have created the auth object for acct asignment category with values as activity & acct assignment category.
  But when assigned to respective users, its still allowing to perform the transactions.
  Basically I am using this object for doing Goods Reciept tcode MIGO.
  As in if auth object carries value 'K' in this object i.e. for cost center then other user with value 'P' i.e. project wont be allowed to perform the MIGO for POs with 'K'.
  Kindly tell me the specifications for the auth object, so that it will restrict users from performing the MIGO.
  Regards,
  Krutika

  hi!
  1) identify the infoobject which must have restricted access. I think it is Profit Center in your case or may be PSP element
  2) in infoobject maintainance screen check Whether it is marked as Authorization relevant(RSD1)
  3) goto RSSM and create a new authorization object and add your infoobject to it.
  4) in PFCG role maintainance screen add create a new role Project Management and addt eh users to it. under the authorizations tab go to maintaina authorizatioons and add your authorization object that you create in RSSM. and maintain the correct values with in it.
  with regards
  ashwin

• List of Authorization Object with Transaction Code

  Dear All ,
      Does SAP provide  any report to list all the Authorization Object ? and which object is belong to which transaction code ?
  Thanks .

  hi olrang ,
  STEP BY STEP TO CREATE AUTHORIZATION OBJECT:
  STEP1:  goto  SU21 transaction and create a new Authorization Object
  Object Name:  Z.....
  Text:  ...........
  ClassL  SD (YOUR MODULE)
  AUTHOR:  YOUR ID
  STEP2:  Give authorizatin fields as
  ACTION - Action of the Authorization
  Activity -  Document Destribution.
  STEP3:  Basis will create a role using transaction  PFCG and assign this authorization object to that role.
  STEP4:  Call the AUTHORITY-CHECK Object in your code.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  IF sy-subrc 0.
  MESSAGE e000(zzpp) WITH 'No Authorization'.
  ENDIF.
  and it belongs to  SU24 transaction code
  Saurabh Goel

• Authorization object  assigning to user profile

  Hi all,
    Wht are the steps involved in assigning authorization object S_GUI with activity 60 (S_GUI ACTVT=60) to the users profile.
  Thanks

  you can assign authorization profile to user through Role..
  goto PFCG, either create a new role or change an existing role(which the user has)
  go to authorization tab, change authorization, click manually button,
  add S_GUI and then click on values, select 60.. save the role, generate it..
  if it is new role that you have created, then go to SU01 - roles, add it.. save user..