Authorisation Restrictions in PR05

Hi Experts,
We want to restrict Authorisatons in t-code PR05 userwise ie.,
The scenario is  X user will created the Trvl Exp. in PR05 
Head-HR ( Y user) will approve the Trip ( only display)
Pre-Audit(Z User) will  Verify the Expense Voucher and Trip details do corrections if required, save & settle the Trip
Creater should not have Change
Approver should have only disply and approve
pre-audit only change and settle
Now how can I restrict Authorisation Userwise
Thanks in advance
Chaitra

Hi Chaitra
There is very good documentation for this so you should be achieve this via PFCG and the authorization objects P_TRAVL/F_TRAVL and  for the values for the authorization fields BUKRS, KOSTL, PERSA, PERSG, - remember though that the object P_ORIGINCON (structural authorization) is not checked in travel.
Values of the individual authorization fields:
The authorization field AUTHC
In the components HR and Travel Management (FI-TV) the authorization
level is defined using the field AUTHC. The following authorization
level values are possible:
Value  Authorization for
R      Read (display travel plans)
W     Maintain SAP data (create/change travel plans)
A      Approve travel plans
B      Book in connected reservation system
C      Book approved trips in connected reservation system
Q      Create trip templates
      All operations
You can only specify the values 'W', 'A', 'B' and 'C' together with 'R'
and you must specify the value 'Q' together with 'R' and 'W'.
The authorization field AUTHP
In the field AUTHP the value for the personnel number check must be
defined.
Value  Authorization for:
O      Own personnel number only
E       All personnel numbers except own
      All personnel numbers
If the authorizations in the AUTHP field have the value 'O' or 'E', theassignment user name/personnel number must be defined in the HR Infotype   0105 (communication), subtype 0001 (system user name SAP system).
Note 574467 will also help as BAdi for other requirements and please have a look at also at the following User Roles in PFCG.  You can see also the documentation in SAP Help->http://help.sap.com-> Financial Accounting->Travel Management->Roles in Travel Management.
   SAP_FI_TV_ADMINISTRATOR    Travel Management Administrator
   SAP_FI_TV_ADVANCE_PAYER    Trip Advance Payer
   SAP_FI_TV_MANAGER_GENERIC  Trip Approval Manager
   SAP_FI_TV_TRAVEL_ASSISTANT Travel Assistant
   SAP_FI_TV_TRAVELER         Traveler
   SAP_FI_TV_TRAVEL_MANAGER   Travel Manager
So for this if you assign the role of Traveler for the end user (creator) given them O and W authorizations only for the object and assign this to the role in PFCG, second person Trip approval manager role with E and A auth and 3rd advance payer role with whatever authorization is required.

Similar Messages

  • Authorisation restrictions on Customer Master

    Hello all,
    Within our organisation there is a request to restrict user access to certain views of the customer master.  For example : one group of users are able to create/maintain address and control information, and another group of users are only allowed to maintain the marketing view for example.
    I have tried using field groups by assigning fields of certain views to the field groups and then creating a new role and assigning the field group value to object F_KNA1_AEN.  I have to say this has not been very successful.
    Any ideas?
    Any assistance would be greatly appreciated.  By the way we are using version 4.6c.
    Thank you
    Melanie

    Hi Melanie,
    Scenario-
    I have faced similar issue as you. Our requirement was to give authorize marketing department to only extend the customer master but authority to create customer must be with Finance department.
    Solution-
    I have given Authorisation of XD01 to Marketing department and deactivated General data and company code data form the authorisation object.
    Result-
    Unless customer number exists marketing  department cannot do anything with customer master (cannot extend the customer) and only finance dept has created General and company code data Marketing dept will be allowed to extend the customer master.
    I hope it helps.
    Note: We are currently using ECC 6.0

  • PO, PR creation authorisation restriction based on Internal Order

    Dear Forum
    We have created a new Interla order type and want that only selective users can make a PO or PR in the Internal orders of that Intenal order type. Is there any way by which we can restrict creation of a PO or PR against an Internal Order, on the basis of Internal order number or internal order type
    regards
    Parag Bhargava

    Hi,
    look for an user exit (within enhancement project MEREQ001) when saving a PR / PO where you check SAP-user (maybe from a Z- table) against internal order type.
    Best regards, Christian

  • Authorisation restriction to change batch ( MSC2N ) by material type

    Hi ,
    We have a requirement wherein we want to restrict users from changing batch records ( MSC2N ) by material type. Viz. A user xyz should not have authorization to change batch for material type FERT.
    We cannot use the authorization group ( BEGRU ) field of material master alongwith object M_MATE_CHG as this field is already being used for another purpose to restrict users by country for MM01,MM02 & MM03.
    Please do let know if you know of any alternative method of doing so.

    Hi,
    The new authorization object will work only if the corresponding changes are made in the related program.
    Open the program code for the MSC2N transaction (via Se93), and search for the string "AUTHORITY-CHECK". You will find a piece of code that checks for the authorization object M_MATE_CHG and its related field values. This will need to be changed to Z_MATE_CHG and its corresponding values.
    You will need an ABAP-er for this.
    Only then will the authorization check work correctly. Once this is done add the object in the corresponding role (and also change SU24 entry for MSC2N accordingly if required).
    Regards,
    Sanju.

  • V_V2 and VA02 authorisation restriction

    Hi,
    When we run the transaction V_V2 (rescheduling sales and stock transfer documents),once we get the open sales order document number the user is able to go to that particular sales order change mode by double click (VA02) changing the document i.e. he can change delivery block remove, Article QTY etcu2026
    Can we restrict the user in transaction V_V2 should not allow to double click or change the document, as for some user we are not providing access to VA02.
    Regards
    Rikin

    Hi Eduardo,
    No its not like that..i have two types of user..Power user and floor user. So those who are power user will have an access to Va02 and those who are floor user will not have an access to Va02 instead that only have an access to V_v2.
    But these user are missing using the functionality of V_v2 and from there they are changing few fields like qty and removing delivery block etc..
    So i want to restrict Va02 to floor user even via V_v2.
    Regards
    Rikin

  • T code QA11, quantity can not be posted to blocked stock

    For Inspection lot with system status is   INSP RREC SPRQ, when user tries to perform QA 11 to post stock to blocked stock the system does not allow as "to blocked stock field" is greyed out and also can not chnage the storage location on that screen.
    I have checked the material already exists in the WH/storage location also inspection charachterstics are corrct not sure what else to check.please advise.

    Does not seem like authorisation restriction since user is able to process other QA11 for the same plant/WH and storage location. Does not seem like customisation either since all " Quantity to be posted "options and storage location are greyed out under inspection lot stock Tab
    After Accept atleast system should allow posting to "unrestricted stock " but thats not available either.
    For the same material/plant/WH, I am able to sucessfully post stock when system status is -REL  CALC SPRQ but in this case the status is -INSP RREC SPRQ, what does this signify.Please help

  • Pi71,Error while creating processcompoent model in folder

    Hi Friends,
    we are creating folders under modelling.once the folder is created we are trying to create Process component models under this folder.Its throwing an Access error.
    " write access needed to complete this operation".Do we need to edit any role for this to work.
    Regards
    chandra dasari

    Hi
    check the below 
    1) what application profile have you selected (or set as default) while you log-in to ESR - Builder?
    Try to use 'unsrestricted' mode & see if it works.
    if other option was already set as default then, you can change that within ESR menu. follow link to change.
    http://help.sap.com/saphelp_nwpi71/helpdata/en/46/8b081f8a9c01dde10000000a1553f7/content.htm
    2) is there any authorisation restriction set on these objects??
    check this
    http://help.sap.com/saphelp_nwpi71/helpdata/en/45/18edbad26321a1e10000000a1553f6/frameset.htm
    3) does any other user can perform this?? if so compare the UIDs & set necessary access/ roles to yours.
    Regards
    Vishnu

  • Trial Balance not appearing

    Dear all,
    In the trial balance selection criteria window - the option to choose BP or GL A/c's not appearing (the small tick box not appearing) so that trial balance cant be viewed.

    Hi Suda,
    Thank you for your response.Now the issue is solved.
    I'm using Version -2005B PL32.
    When i'm trying in superuser id - its working .I think that may b'cos of authorisation restriction.But ma doubt is why it is not giving authorisation restriction message instead in that selection criteria itself its not appearing(ie, that G/L & BP selection check box).
    Thanks
    Suresh Kannan

  • Segmentation Basis

    Hi All,
    In my project, we are using mix of CRM and BI queries for Segmentation. Some attribute lists have Data source Infosets with direct table read from CRM tables, some using ADS table(for Vehicle- BI update this table which is actually in CRM and has iobject linked. This was done to normalise all the vehicle data in BI and then update the Z table in CRM with harmonised information ) and some BI Infosets.
    We are also indexing the Attribute Lists for which source is CRM tables using TREX. Since it is a global project so for authorisation restriction, we have created Segmentation basis for each market and then scheduled background TREX update report and Segmentation Basis update report(country distribution).
    Issue is that If we do segmentation without Segmentation Basis, count is different as compared to the segmentation with Segmentation Basis although I tried just after updating the index and Segmentation Basis. Moreover, If I create new Segmentation Basis and Index it, count is correct(same as that comes without Segmentation Basis).
    Any ideas what could be wrong??

    HI,
    You can use a segmentation basis to restrict your selection to relevant business partners, thus excluding non-relevant business partners from the selection while creating Targer group. For e.g. you can make Segmentation basis for specific country say USA that means when you create target group for USA customer using this sementation basis system will only search the data from USA segment and not from all CRM BP database.
    Please refer [Link|http://help.sap.com/saphelp_crm70/helpdata/en/46/35e07f86e01421e10000000a1553f6/content.htm] to get more details on Segmentation Basis.
    Regards,
    Dipesh.

  • PM module fine tuning in materail consumption level

    Dear all
    I would like to shart the things and same expecting from you all
    Basically problems with PM module to give the good preference in organisations , we can say as materails consumptions is big problems .
    In mostly organisations has 1 main stores (ware house) , the materails will be stores and issued thro that dept only.
    Mostly it is distance from the some equipments, in non availablity of stores ( night ) technicains laziness & breakdown times taking thro PM order is somewhat hard.
    Mostly they are following to consuming most the matearils thro 201 movements and storing into thier own locations . Here they are keeping materails for stock,.
    while requirement they are easily replacing the same .
    how we can avoid this in sap wise? beacuse of this mtc actvity completion dont take more time .
    We are given options is present client
    1. creation of sub stores (all thier purchase materails shifted there) when requirements they are getting against the orders.
    2. Authorisation restrictions 201 movement in PM log in.
    This sucess in batch industry, but my another one client is continious.
    Please give your idea & share , how we can sucuess for continious & big organisations with one main stores
    Thenna

    dear
    Yes if the client not interest to go substores (expenses in all the way, admin risk) . Then what will be the options we can provide in Pm modules ?
    201 movemnet restrictions will take mtc tasks delay and productions affection.
    My interest is we take the override for all modules. but we need this (materails) in proper way 
    All can put your suggestions here

  • For APP (F110) Authorisation to be restricted by vendor account group

    Hi,
    My requirement is to restrict the users to post the automatic payment program by vendor account group.
    Can anybody tell me the authorisation object name which can be restricted in rolls.
    Regards
    K Khatri

    Hi Ken,
    unfortunately no solutions found.
    Here is a reminder of the "business case"
    Within our company code we have different regional divisions with their individual A/P and Treasury departments running their F110 payment runs to pay "their" invoices. In our model this "regional division" is depicted as an SAP Business Area (GSBER).
    Internal Controllers and auditors argue that one Business Areas should not be authorized to run one anothers F110 to avoid paying one another's invoices.  That's wehre the idea of using L_LFA1_GRP came about.
    regards,
    Luis

  • Restricted Backflush Authorisation Object C_BFLS_L  is NOT working!

    Hi,
    We are using the IS-MILL version of SAP 4.7. We are trying to restrict the authorisation of users for Tcode MFBF only to a few. As suggested in the SPRO help files we tried useing the 'Authorisation Object' [bC_BFLS_L]</b> Restricted Backflush but it is giving an error message <b>"This object is out-of-date and is no longer checked from Release 4.6A".</b>
    KINDLY ADVISE ON WHICH AUTHORISATION OBJECT IS TO BE USED and also HOW TO RESTRICT USAGE OF MFBF ONLY TO A FEW USERS if this does not work!
    <u>With Best Regards,</u>
    <b>V.NAGARAJ,</b>

    Hi Enrico,
    Thanks a ton for your advice. We did check the authorisation object mentioned by you <b>(C_BFLS)</b>. But the following message is displayed -<b> "This object is out of date and is no longer checked from 4.6A"</b>. KINDLY ADVISE, PLEASE!

  • Restricting the change or display authorisation of quotation

    Hi,
    Once the pricing is done at quotation level. It is sent for review to head of department. He will add some profit margin by adding another header surcharge on it. Once the quotation is saved by the department head, no one else can change or display that quotation with the help of restricting the authorization.
    How can I restrict the even the original creator of the quotation (Estimator) as well as others from seeing the quotation. Because once the profit margin is added by department head, they want to keep it secret. Is there any user exit for it?
    Regards
    Suman

    Hi Suman,
                Give the Quatation change and disply authorisation to only head of the department person.
    Regard,
    Murali.

  • Authorisation Object - for specific functins to restrict access

    Hi,
    I have to use Authorisation Object in my program to restrict the access by all users.
    Only those users with the zcxbilllock security role will be able to perform the functions like 'Lock/Unlock', 'Delete', and 'Recosting' ..
    How do I code this.... Can anybody please help.... I would really appreciate...
    INCLUDE YFMXBOMCL1.
    INCLUDE YFMXBOMO01.
    INCLUDE YFMXBOMI01.
    INCLUDE YFMXBOMF01.
    *-At selection screen
    AT SELECTION-SCREEN.
    AUTHORITY-CHECK OBJECT 'Z_PP_XBILL'
                 ID 'ACTVT' FIELD '02'.
    *SY-SUBRC = 0.
    *IF SY-SUBRC <> 0.
        AUTHORITY-CHECK OBJECT 'Z_PP_XBILL'
                  ID 'ACTVT' FIELD '16'
                  ID 'ACTVT' FIELD '95'.
        IF SY-SUBRC <> 0.
          MESSAGE E010(AD) WITH TEXT-A01.
        ENDIF.
    Here 16 -
    >execute
    and 95 is unlock.
    Thanks a lot in Advance
    Jaya

    Hi jaya
    Evaluate sy-subrc right after authorization object call.
    sy-subrc = 0 : user is authorized for the activities defined in authorization object
    sy-subrc ! = 0: no authorization.
    To understand more about authorization object creation and there usage refre this link.
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c
    Thanks
    Vishal Kapoor

  • Restrict Authorisation not to change a field in IO master

    Hi,
    I want to know how to restrict authorisation for few users not to change the 'Profit Center' field in the IO master eg user1 should have authorisation to change IO master other than 'Profit Center' field. .
    The t-code is KO02 (change Internal Order) and in the assignment tab there is a field for 'Profit Center' and I want to restrict the user from changing this field but should be able to change other fields.
    Please let me know how this can be achieved.
    Thanks
    V.S

    Hi VS,
    You can try this yourself, try giving full access of tcode KO02 to a test Id and put a trace on it. And now try to login with this test Id and change the "Profit Centre" field, now looking at the trace file you will get to know which is the authorization object being cheked during this whole process.
    Now try restricting those objects and continue negative testing with the test Id till you acheive your objective.

Maybe you are looking for