Authorisation in SPRO

Similar Messages

• Spro access for particular module

  hi guys,
  *SPRO access*  
  z:sap_bc_cus_customiser, z:sd_auth, these two roles assigned to the SD user. but once logs into the system, it is saying that  you are not authorised to spro nodes.
  please suggest me for this problem.
  regards
  Ramesh

  So, what does the output from SU53 look like?
  What objects are touched when you run a trace on a user with sufficient authorizations?
  You'll have to provide more information as authorization problems are mostly complex and do not have a "press button A in transaction WXYZ" solution.
  Seeing your other post: have you generated the profiles for these roles?

• Table for document type Number Range interval

  Hi,
  I want to know the number range interval for document type in the production system but I do not have authorisation for SPRO in the prd system.
  Kindly let me know the table name to check this number range interval for the document type.
  Table T003 stores only the number range and not the interval.
  Thanks
  Suresh

  Hi,
  The table which has document types is T003 but the number ranges are stored in a Structure IRDP. The number ranges are maintained directly in the production system.
  regards,
  radhika
  Edited by: kolipara radhika on Aug 25, 2008 6:01 AM

• Reconciliation account change authorisation.

  Hi all,
  We have the requirement as below.
  The change of reconciliation account in vendor master should be allowed to particular user only. Other users will have authorisation of transaction XK02 but they should not be allowed to change reconciliation account.
  Pl. suggest a solution.
  Shripad

  Hi,
  You can do that using authorization objection F_LFA1_AEN (Authorization for changing certain fields) . Before asking your BASIS guy you will have to creat field group in SPRO..Financial accountin..AP/AR..transactions.. There you will have to define field group which will include reco account field.
  Now consult BASIS guy ,and assign the object f_lfa1_aen with field group you created giving activity 3 display. Now the users who will be assigned this object,group and activity wouldnt be able to change recon account.
  Hope this answers your query.
  REGARDS

• Authorisation control for master data creation on the basis of eq. category

  Hi Experts,
  In one of my business scenerio , I want to control the authorisation of a particular person on the basis of equipment category. I want to create a role for that particular ID and assign that equipment category sothat he can not create the equipments other than that category.
  How can I control this authorisation on object level basis? If any other way , please let me know sothat i can try out for the same.
  With Regards
  VT

  Hi
  You can use SPRO>PM and CS>Tech objects>equipment>Defien field selection for eqmt master record. Chose 2nd activity in list and click 'influencing' and select Equipment catiegory. Through this for a equipment category, you can control fields as input, required, display, hide.  Maintain the field auth group as required for a equipment category you want to control.
  You can create auth group in SPRO same path as above under techincal objects, general data. Check with GRC/basis team to limit auth to Equipment category for this group. If not, you can do this through ABAP for validating the auth group for equipment category. Assign this Auth group to a role
  Regards
  Hemanth

• User Authorisation - storage location

  Hi,
  we have three storeage location under one plant, can we restrict user to access only on UM1 storage location not to access balance two storage location.
  Plant :    X70
  Storage Location  :  UM1
                                  UN1
                                  UN2
  Is it possibile to create a role only on storage location, please advice.
  Regards,
  Muthu

  You will need to activate " Authorization Check for Storage Locations "
  Storage location authorization means that a user has to have authorization for authorization object M_MSEG_LGO in order to enter a goods movement in the storage location, using a particular movement type. In the list of material documents, only the document items for which the user has a display authorization are displayed
  Go to  SPRO->Materials management ->Inventory management ->Authorisation management->Authorisation check for storage locations,

• Restricted Backflush Authorisation Object C_BFLS_L  is NOT working!

  Hi,
  We are using the IS-MILL version of SAP 4.7. We are trying to restrict the authorisation of users for Tcode MFBF only to a few. As suggested in the SPRO help files we tried useing the 'Authorisation Object' [bC_BFLS_L]</b> Restricted Backflush but it is giving an error message <b>"This object is out-of-date and is no longer checked from Release 4.6A".</b>
  KINDLY ADVISE ON WHICH AUTHORISATION OBJECT IS TO BE USED and also HOW TO RESTRICT USAGE OF MFBF ONLY TO A FEW USERS if this does not work!
  <u>With Best Regards,</u>
  <b>V.NAGARAJ,</b>

  Hi Enrico,
  Thanks a ton for your advice. We did check the authorisation object mentioned by you <b>(C_BFLS)</b>. But the following message is displayed -<b> "This object is out of date and is no longer checked from 4.6A"</b>. KINDLY ADVISE, PLEASE!

• Role with SPRO for FICO

  Hello SAP EXperts,
  Can anyone tell me how to create a role with SPRO authorization for FICO transactions and roles only. I need to assign a role with which a FICO consultant can do all the customizing related tasks in the development server. Please give some solution.
  I invite your valuable inputs
  Thanks & Regards
  Vanitha
  Edited by: Vanitha badampudi on Oct 21, 2008 1:33 PM
  Edited by: Vanitha badampudi on Oct 21, 2008 1:36 PM

  Hi there,
  The easiest way to get all of the t-codes, is for a customising project to be created in the IMG with all of the relevant IMG activities assigned to it.  (Your FI CO consultant can assist here.)
  Once that has been done, you can go and create a role in PFCG.  Select the menu tab, then select Utilities - Customizing Auth. and it will then ask you to select a customising project.
  Once you've done that, all IMG activities and transactions for that customising project will automatically be entered into the menu.
  You then need to go and maintain and generate the authorisations.
  That's my suggestion.
  Hope you can use it.
  Regards
  Lucille

• Authorisation for creator to confirm his messages in support desk

  Hi Friends,
  I have configured support desk functionality where user creates a support message.This message is handled by 1st level support team.If  1st level  is not able to resolve it is sent to 2nd level.
  Also support message can be created by 1st level and 2nd level support team also.
  My requirement is user should confirm his messages only and it should not be done by others.similarly messages created by 1st level support team should be confirmed only by them  so as 2nd level should
  confirm their own messages.
  Is there any way to control these through authorisation.
  Kindly give your valuable suggestions.
  Regards,
  Shanmugam Balamurugan

  Hey Brendan,
  Let me simulate the whole process for you.
  lets assume you have transaction type say T.
  1) Go to spro and find the text determination proc asssigned to T.
  path: SAP solution manager-> scenario specific settings-> Service desk-> general
  settings-> Define Transaction types. Here you find the Text determination Proc assigned to transaction type.
  2) Now navigate to the Text determination proc that you found above following:
  path: SAP solution manager-> scenario specific settings-> Service desk-> Text Determination proc-> Define TEXT types Or Text Ids.
  Reward for usefull answer.
  Revert for any clarifications.
  Regards,
  Anand

• Appraisal authorisation

  Hello there
  I've got a few questions here regarding MBO:
  1) Can someone kindly advise which are the authorisation objects are to control the following fields in PHAP_ADMIN.
  I know P_HAP_DOC is used, but does this authoristion object restricts the following fields:
  - Appraisal Template
  - Appraisal Status
  2) How does the authorisation of Appraisal works in ESS, if I want to restrict employees accessing only their own data.
  3) If I want to give access for seeing the status of certain induction, how should I do?
  Appreciate your help!
  -BT

  2) How does the authorisation of Appraisal works in ESS, if I want to restrict employees accessing only their own data.
  I think this can be done also by turing the auth switch PERNR on, and controlling access to the employee's personnel number through P_PERNR?
  SPRO ->Personnel Management ->Personnel Administration -> Tools -> Authorization Management ->
  Maintain Authorization Main Switches -> Choose Maintain authorization main switches ->
  Change PERNR to value 1 (or t-code OOAC)
  Edited by: Bernard Sheridan on Jun 17, 2008 3:45 PM

• QUery in SPRO PO?

  hii
  In SPRO, under PO, what is the purpose of below things ..
  1.Define Reasons for Ordering
  2.Define Reasons for Cancellation
  3.Set Up Authorization Check for G/L Accounts
  4.Set up for subcontract order
  Explain me short in detail with some real time exampless without links ....
  Thanks

  Define Reasons for Ordering
  In this step, you define possible reasons for ordering. These describe why a purchase order was placed. You can enter the reason for ordering in the item data when creating or maintaining a purchase order. The "reason for ordering" can also be used to document the reason for returning goods if the item in question is a returns item.
  Example
  A typical reason for the creation of a purchase order may be "New business contact following attendance at a trade fair". Returns may be due to suppliers recalling parts or quality deficiencies you have discovered yourself.
  Activities
  1. Check which reasons for ordering are likely to occur in your enterprise.
  2. If you wish to define new reasons, enter an alphanumeric key of max. three characters in length plus a short description.
  ======================================================================================================
  Define Reasons for Cancellation
  In this step, you can specify the circumstances under which a purchase order with a validity period (i.e., in the standard system, a PO of the document type 'FO') is terminated prematurely.
  Activities
  Define a key and enter a description of the relevant reasons for cancellation.
  Example - if some one purposely cancels order, it can be tracked so that no one does it and only authorised officials can cancel orders in case of emergency.
  ======================================================================================================
  Set Up Authorization Check for G/L Accounts
  In this step, you set up the authorization check for G/L accounts in the case of purchase orders and scheduling agreements.
  You can determine whether or not the authorization check is to be active for each company code.
  If the check is active, each time a G/L account is entered in a PO or a scheduling agreement, the system checks whether the user has the posting authorization for the specified account.
  Activities
  Make the desired settings.
  Mainly for Authorisation for GL.
  ====================================================================================================
  Set Up Subcontract Order
  For the supply of the input materials to be provided to the vendor (subcontractor) with respect to subcontract purchase orders, you have the option of creating an SD delivery from the list of stocks for a subcontractor.
  In this step, you can specify a delivery type for the delivery of materials to be provided to the subcontractor.
  If you make no settings here, in the standard system the delivery type "LB" is used. This means that you need make no further settings in order to use the functionality.
  If you wish to set up new delivery types, you must extend all the relevant settings in SD Customizing for the delivery.
  For more on this topic, please refer to Deliveries in Customizing for Shipping.

• PPOMA_BBP Structural Authorisations Setup

  Hi,
  I am setting up the structural authorisations via transaction OOSP so that I can grant local admins access to their part of the org structure in PPOMA_BBP. However, to assign a user to a profile (tcode OOSB) that has been setup via OOSP, it is considered config and has to be done in the development system.
  Does anyone know if the assignment of user to profile can be changed so that it is not config and can be done in a production system?
  Thanks,
  Mark

  Hi Mark,
  You are absolutely right. Here is what you can do then:
  Expand SPRO tree until you find the transaction you want.
  Then, select it (don't execute it, just click on its name once).
  Then click on Edit > Display img activity.
  Then click on 'Maint Objects' tab.
  Then copy the value of colum 'Customizing Object'.
  Depending on the value of colum 'Ty' this might not work. If the Ty colum value is 'V' or 'S' it should work.
  Then access transaction SE54
  Paste the copied value in the 'Table/View'
  Select 'Generated objects'
  Click on 'Create/Change'
  Then select 'no, or user, recording routine' option.
  This should be done in the customizing client and a request will be generated. Then transport the generated request as needed.
  If you want to implement this changes in you productive system, there is an extra step;
  Go to transaction SOBJ
  Click on 'Maintain'
  Select the object you copied in the previous steps.
  Then click on 'Details'
  Then mark the field 'Current Settings'.
  Refer to the following notes if you need:
  Note 356483 - Customizing: Current settings in the test system
  Note 77430 - Customizing: Current settings
  I hope this helps! I'm confident this will solve your problem 100%!
  Regards,
  Henrique

• Hierarchies in Authorisation

  Hi Experts,
  The guys who are in thiead are very help and I appriciate that.
  Can any body tell me how to set up the Authorisation on Heirarchy basis
  For Exampl - A user creates the PR then .The created PR needs to be Approved by  the  Purchase Department head.After Department head approves then it should be approved by the finance Department then only the PR has to be relesae to PO.In this way the PR should  have the step by step Authorisation with out having a work flow concept.
  Any inputs greatly appriciated..............
  Regards,
  Sri Devi

  Hi,
  Similar process for PO.
  SPRO -> Material Management -> Purchasing -> Purchae order -> Release Procedure
  -> Define Release Procedure.
  As well as creating this, you would need to make sure you assign the authorisation profiles correctly. So if you create 4 levels of release process, then the user roles need to match this so only the correct user has access to release.
  Your basis guy can help, but in summary the following auth objects can be help. Use SUIM to analyse.
  Purchasing Group = M_BEST_EKG
  Purch Org in PO = M_BEST_EKO
  Plant in PO = M_BEST_WRK
  Release Code and Group = M_EINK_FRG (most important one).
  Thanks.

• FICO and SPRO access in development system

  hi security admins,
  i am a security consultant. now i am in development system. i want to give FICO access and SPRO access( only fico nodes should be authorised to access, others nodes should not authorised ) in development system. please suggest and tell me the procedure for restricting specific access.
  regards
  ramesh

  >
  Dimitri van Heumen wrote:
  > using search will give you useful topics such as [this one|Trace File|UTFS]
  Dimitri,
  That one links me to a thread about trace files..... or am I missing something here?

• No data displayed in LISTCUBE (BI 7.0 in old authorisation concept)

  Dear experts,
  we have made an upgrade from bw 3.1 to 7.0 and for the moment we have decided to keep the "old" authorization concept (switch done  in SPRO).
  We have activated the whole dataflow and loaded infocube 0IC_C03.
  We can see the data from the browser but no data is extracted in transaction "listcube" or in manage/display content.
  The problem only occurs with this infoprovider. 
  The authorisation check is successful.
  Any idea will be appreciated!
  Regards,
  Alessandro

  For non-cumulative cubes only.
  <b>Rationale -</b>
  The Listcube transaction per default only selects deltas from non-cumulative cubes, because it does not make sense to mix and aggregate deltas and reference points.
  Listcube does NOT contain any non-cumulative logic, because it is no replacement for the OLAP-Processor. It only displays and aggregates cube data on a database level.
  <b>Solution -</b>
  If you want to look at reference points with transaction LISTCUBE , you have to include the technical characteristic 0RECORDTP into the list of fields for selection and you have to add a restriction of 0RECORDTP=1 .
  Hope it Helps
  Chetan
  @CP..