Authority Check for the User

Hi,
     In how many ways can we set authorizations? I mean, in how many levels? My requirement is, to check the Authorization for a specific user to see if he is authorized to execute a Specific Z-Transaction (Report) for a specific Plant. How do I do that? I assume I need to code the AUTHORITY-CHECK OBJECT.... in my report. If yes, in which event? Please let me know.
Thanks and Regards,
Venkat.

Hi Venkat,
You can put in the AUTHORITY-CHECK at a number of points, after initialisation, during selection, prior to output - it depends on what the program is doing and how the rest of it is coded.
For example, doing a big select and then only outputting based on the authority check may not efficient with large volumes of data.

Similar Messages

  • Su01 - authority check for the object s_user_grp

    Dear Basis Gurus,
    requirement:
    Decentralisation of user administration. Local site admins should only be able to administrate users belonging to special user groups.
    What I have done:
    Generated a new role via pfcg for transaction su01 and object s_user_grp. Activity for s_user_grp = 02. Up to this point this works without any problems.
    But trying to limit the role to a certain user group (s_user_grp => class), this doesn't have any effect for the local site admins. They are still able to change all user data, nevertheless if the users are member of another group or not (group membership via sugr).
    Please advice.
    thanks and regards..,
    sven

    Hi Lakshmi,
    thanks! That solved my problem.
    regards..,
    sven

  • Authority Check at the T.Code level for the user in particular User Group

    Hi Friends,
    I have created a ZREPORT and assigned this report to a ZTRANSACTION CODE.
    Need to give Authority Check at the T.Code level for the user in particular User Group.
    I have searched in SCN, but not get suitable pages.
    How to solve this?
    Regards,
    Viji.

    Hi Viji.
    Saha way is actual way for authority tcode but user authority in TCODE:- SE38 he/she can run report(ZREPORT) wise program is run is no authority check.
    Another way is you have also check authority in program level.
    DATA: T_ROLE_USERS TYPE STR_AGRS OCCURS 0 WITH HEADER LINE.
       INITIALIZATION.
      CALL FUNCTION 'ESS_USERS_OF_ROLE_GET'
        EXPORTING
          ROLE       = 'ZROLE''  " Role define
        TABLES
          ROLE_USERS = T_ROLE_USERS.
      READ TABLE T_ROLE_USERS WITH KEY UNAME = SY-UNAME.
       IF SY-SUBRC NE 0.
       RETURN.
       ENDIF.
    Thanks & Regards
    Rahul

  • How to check if the user has only the display authority of a message

    hi,
    How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
    Best regards,

    hi blake
    though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
    Basically Authorization Management 
    Use
    You can use the following authorization objects to control the authorizations for maintaining business partner data:
    •        Authorization objects for the Business Partner:
    •             B_BUPA_GRP
    •             B_BUPA_ATT
    •             B_BUPA_FDG
    •             B_BUPA_RLT•       
    Authorization objects for relationships:
    •             B_BUPR_BZT
    •             B_BUPR_FDG
    In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
    You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
    In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
    For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developer’s Handbook for the BDT under  Authorizations.
    IntegrationAuthorization management for the Business Partner forms part of the  SAP authorization concept.
    Prerequisites
    You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
    Moving over
    AS ABAP Authorization Concept 
    The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
    To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
    Authorization Checks 
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
    •        Starting SAP transactions (authorization object S_TCODE)
    •        Starting reports (authorization object S_PROGRAM)
    •        Calling RFC function modules (authorization object S_RFC)
    •        Table maintenance with generic tools (S_TABU_DIS)
    Checking at Program Level with AUTHORITY-CHECK
    Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
    AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
    Starting SAP Transactions
    When a user starts a transaction, the system performs the following checks:
    •        The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
    •        The system then checks whether the user has authorization to start the transaction.
    The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
    •             The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
    •             If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
    If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
    •        The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
    The check is not performed in the following cases:
    You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
    This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
    •             You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
    •             So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to “Y” (using transaction RZ10).
    All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
    Starting Report Classes
    You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
    We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
    You must consider the following:
    •     •         After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
    •     •         There are certain system reports that you cannot assign to any authorization class. These include:
    •     •         RSRZLLG0
    •     •         STARTMEN (as of SAP R/3 4.0)
    •     •         Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
    •     •         Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
    Calling RFC Function Modules
    When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
    Checking Assignment of Authorization Groups to Tables
    You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
    You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
    please See also:
    •        SAP Notes 7642, 20534, 23342, 33154, and 67766
    guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
    but if u sit with ur BASIS guy then u can learn lot of things in PFCG
    i guess u r a basis guy,then its not a problem
    best regards
    ashish

  • AUTHORITY-CHECK for an defined USER

    Hi,
    i write a abap (protokol) which shell be started every hour. In this report i will use
    an AUTHORITY-CHECK for an defined user, because i will send the protokol via email, but i have
    to check if this user is allowed to see the data.
    I will use this:
    AUTHORITY-CHECK OBJECT 'F_LFA1_BEK'
    ID 'BRGRU' FIELD '__________'
    ID 'ACTVT' FIELD '__________'.
    for an defined user.
    Is this possible, or how can i check this in another way?
    Thanks.
    Regards, Dieter

    Hi Eric,
    i tried it like this:
    UTHORITY-CHECK OBJECT 'F_LFA1_BEK'
             ID 'BRGRU' FIELD 'KRED'
             ID 'ACTVT' FIELD '03'.
    BREAK-POINT.
    CALL FUNCTION 'AUTHORITY_CHECK'
      EXPORTING
      NEW_BUFFERING             = 3
      USER                      = SY-UNAME
        OBJECT                    = 'F_LFA1_BEK'
        FIELD1                    = 'BRGRU'
        VALUE1                    = 'KRED'
        FIELD2                    = 'ACTVT'
        VALUE2                    = '03'
    EXCEPTIONS
       USER_DONT_EXIST           = 1
       USER_IS_AUTHORIZED        = 2
       USER_NOT_AUTHORIZED       = 3
       USER_IS_LOCKED            = 4
       OTHERS                    = 5.
    BREAK-POINT.
    at first breakt-point sy-subrc = 0 at second sy-subrc = 2. Can you tell why i get another sy-subrc?
    is my FM-Call correct?
    thanks.
    Regards, Dieter

  • Authority-check for particular comp code

    Hi All,
    when i'm using standard Authority Object F_BKPF_BUK  for a particular standard code say 'CO01'. but it is working for all company code, but i want work for only one company code say 'CO01' ONLY.i'm using in report program (zreport prog)
    I written code as
    AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
        ID 'BUKRS' FIELD 'BE10'
        ID 'ACTVT' FIELD '03'.
    Please can u advice on this .
    Many Thanks in Advance for u r Answer
    Naren

    Hi
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    Reward points if useful
    Regards
    Anji

  • AUTHORITY-CHECK for KUNNR

    Hi,
    I am new in core abap. For my report i have to do AUTHORITY-CHECK for kunnr. I am not finding any suitable object to use. kIndly suggest.
    Currently i am using the following code.
      UNPACK p_kunnr TO ws_werks.
      AUTHORITY-CHECK OBJECT 'M_MSEG_WWE'
               ID 'ACTVT' FIELD '01'
               ID 'WERKS' FIELD ws_werks.
    But this is giving dump in case KUNNR contains some alphabets because of type mismatch. Kindly suggest how can i achieve the same.
    Regards,
    Pankaj Aggarwal

    Don't use a WERKS authorization for KUNNR, did you foresee the problems that may will arise when you will manage the user authorisations and roles, this authorization is checked in many standard programs on WERKS fields.
    - SU20 - Create an authorization field with data element KUNNR and check table KNA1 (or use template KNDNR, look via SE16 at table AUTHX look for authorization fields using KNA1 as a control table)
    - SU21 - Create an authorization object in a Z-customer class which use this field and the ACTVT field (template W_AUFT_RMB)
    - Use the new object in your program
    - Give the object name to those who manage roles via PFCG
    Perform some search on subject like [Creating a Customer-Specific Authorization Object|http://help.sap.com/saphelp_ish471/helpdata/EN/9e/74ba3bd14a6a6ae10000000a114084/frameset.htm]
    Look also at some authorization objects like BRGRU which were intended to manage groups of customers.
    Regards,
    Raymond

  • How to make Authority Check for ALVGrid?!

    Hey mates,
    i got the problem which is mentioned in the headline. How can i make an authority check for my ALVGrid? I mean i want to restrict special functions to the matching users ( Display, Edit, Delete mode ).
    Would be cool if someone can help
    Regards Basti

    Hello Bastian
    A simple approach would be to define three different transactions (e.g. Z_MYALV01, Z_MYALV02, Z_MYALV03) for editing/deleting, editing only and displaying only. Add the following coding to the report displaying your ALV grid:
      CASE syst-tcode.
        WHEN gc_tcode_create.    " 01
          " Allow all grid functions
        WHEN gc_tcode_change.  " 02
          " Suppress grid functions for deleting rows
        WHEN gc_tcode_display.  " 03
          " Suppress grid functions for editing/deleting
        WHEN others.
          RETURN.
       ENDCASE.
    Regards
      Uwe

  • Include authority check in PM User exit

    Dear all,
    Is there any user exit for adding an authority check object in IW31 transaction program?
    Kindly advise.
    Thanks.

    Hi,
    There is a Function module AUTHORITY-CHECK to check the authrization, here you can give the trnasaction code as well as the user name .. look at the function module in SE37..
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    <b>Reward points if useful</b>
    Regards
    Ashu

  • Authority-check for a particular company code

    Hi,
       I need to check authorization for a particular company code.In my bdc call transaction program i'm fetching mass data from excel file and for every record i've to check the company code field.If the company code is not the required one then that record should not be processed.
      So before filling the bdc data i wrote like
    LOOP AT gt_inrec INTO gs_inrec.
         AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
                   ID 'ACTVT' field '02'
                   ID 'BUKRS' field '2800'.
        IF NOT sy-subrc = 0.
          MESSAGE e058(zz) WITH gs_inrec-bukrs.
          EXIT.
        ENDIF.
         PERFORM fill_bdc.
      ENDLOOP.
    but it is not exiting for different company codes and is allowing records with all company codes.
    can anybody pls tell me how to rectify this?
    thanks in advance,
    poornima

    I need to perform authority check on the field NAME1 present in the standard screen - customer master ( T.Code-XD02). Only certain users should be allowed to edit the field and others should be restricted.
    I have created a field exit FIELD_EXIT_AD_NAME1 for the ADRC-NAME1 field.
    Now inside this field exit i need to write the authority-check code.
    I have created the authorisation object Z_KNA1_NAM for the field NAME1 using the SU20 and SU21.
    For this scenario how do i write the authority-check code in my field exit?
    Below is my field exit code,is that correct?
    FUNCTION FIELD_EXIT_AD_NAME1.
    ""Local Interface:
    *" IMPORTING
    *" REFERENCE(INPUT)
    *" EXPORTING
    *" REFERENCE(OUTPUT)
    AUTHORITY-CHECK OBJECT 'Z_KNA1_NAM'
    ID 'NAME1' FIELD SY-UNAME
    ID 'ACTVT' FIELD '03'.
    IF SY-SUBRC = 0.
    MESSAGE 'Not Allowed to Edit the Name 1 Field' TYPE 'E'.
    ENDIF.
    ENDFUNCTION.
    In the above code i have given SY-UNAME in the code line 2 - ID 'NAME1' FIELD SY-UNAME ,is that correct? what should i give there?
    Please help me on this issue.
    Cheers,
    P.S.Chitra

  • Function module for se16 with out authority check for se16

    Hi ,
    I am creating a tode YSE16 which has same functionality as SE16 but having its own authority check. I am calling a function module RS_TABLE_LIST_CREATE function module to get the functionality of SE16. But is there any way that i can get the function module which do not check for the authorization for se16 and execute my tcode.
    Regards,
    Sri.

    Hi Sri,
    If I am not wrong this is the question?
    Guys , Sri is modifying the YSE16 as per this requirement. Do u have some other solution? Thanks.
    Requirement is to create customized tcodes YSE16, YSM30 and YSE38 for se16, sm0 and se38. Lets start with YSE16.
    Client want YSE16 tcode to restrict users based on some tables within a authorization group or even * value for auth group field.
    SE16 restricted on:
    S_TABU_DIS
    Auth Group and Activity
    As per Requirement YSE16 tcode sld be restricted on :
    Y_TABU_DI2 (customized object)
    Auth Group, Activity and Table name
    We dont want to give SE16 to users in Production. So basically requirement is to restrict users on table name with YSE16 irrespective on authorization group. User sld only be able to access the table mentioned in Table name field.
    so Srilu is trying to modify the Program. Can you please suggest some other way to modify it.
    Thanks.
    Regards,
    Naveen Dalal

  • Authorization key for the user profile

    In SAP, there is a provision where we can create the authorization key and assign this key to the various user statuses in the user status profile.
    The application is that when the user status is changed from one to other and if to the user status, the authorisation key is assigned then the authorised person should be only able to change the status.
    But my query is that i have not come across any customization where a SAP user can be assigned to the auth. key so that he can only change the user status.
    Can anybody let me know that whatever i understood, is it correct? And if yes, let me know where to assign the user to the authorisation key?
    Thanks

    Hi Iyer ,
    Please see the below,if it solves your requirement
    M/CS Autorisation Objects
    SAP Standard Authorisation Objects:
    I_ALM_ME: Mobile Asset Management  (ACTVT)
    I_AUART: Order Type  (IWERK, AUFART)
    I_BEGRP: Authorization Group  (TCD, BEGRP)
    I_BETRVORG: Business Operation  (BETRVORG)
    I_CCM_ACT: Configuration Control authorization object  (CCACT, ACTVT)
    I_CCM_STRC: Structure gap maintenance authority  (ACTVT)
    I_ILOA: Change location and accounting data in order  (IWERK, AUFART)
    I_INGRP: Maintenance Planner Group  (TCD, IWERK, INGRP)
    I_IWERK: Maintenance Planning Plant  (TCD, IWERK)
    I_KOSTL: Cost Centres  (TCD, KOKRS, KOSTL)
    I_QMEL: Notification Types  (TCD, QMART)
    I_ROUT: Task List  (ACTVT)
    I_ROUT1: Task Lists by PM Planning Plant, Work Sched., Status  (TCD, IWERK, VAGRP, STATU)
    I_SOGEN: Permit  (SWERK, PMSOG)
    I_SWERK: Maintenance Plant  (TCD, SWERK)
    I_TCODE: Transaction Code  (TCD)
    I_VORG_MEL: Business Operation for Notifications  (QMART, BETRVORG)
    I_VORG_MP: Business Operation for Maintenance Planning  (MPTYP, BETRVORG)
    I_VORG_ORD: Business Operation for Orders  (AUFART, BETRVORG)
    I_WPS_MEB: Maintenance Event Builder  (DIWPSMEBAR)
    I_WPS_REV: Revision authorization object  (REVTY, ARBPL, WERKS, WPS_REV_AC)
    S_NUMBER: Number Range Maintenance  (NROBJ, ACTVT)
    C_TCLA_BKA: Authorization for Class Types  (KLART)
    *Authorisation Tables:*
    TOBJ: Authorisation objects
    TOBJT: Authorisation object texts
    AGR_1250: Authorisation object assigned to role
    AGR_USERS: Users assigned to a role
    AGR_TCODES: Assignment of roles to Tcodes
    Authorisation Objects for System-Statuses:
    Order: I_VORG_ORD  (AUFART, BETRVORG)
    (REL = BFRE, TECO = BTAB, delete component = RMKL)
    Notification: I_VORG_MEL  (QMART, BETRVORG (NOPR = PMM2, NOCO = PMM4))
    Maint. plan: I_VORG_MP  (MPTYP, BETRVORG)
    User-Exits:
    CPAU0001: Enhancement for Authorization Check in Task Lists
    IMRC0005: Measure point: Exit in AUTHORITY_CHECK_IMPT
    IWOC0003: PM/SM authorization check of ref. object and planner group
    QQMA0026: PM/SM: Auth. check when accessing notification transaction
    QQMA0030: Check validity of status change
    BADIs:
    DIP_SET_USERSETTINGS: Initial Object Check in DP Processor
    INST_AUTHORITY_CHECK: PM/CS Enhanced Authorization Checks
    IWO1_ORDER_BADI: Maintenance, Service, and Refurbishment Order
    NOTIF_AUTHORITY_01: Additional Authorization Checks for the Notification
    WORKORDER_GOODSMVT: PM/PP/PS/PI orders: auto. goods movement
    Authorisation Groups:
    These can be created via TCode SM30 and table T370B. They can then be assigned to the following objects:
    a.     Equipment (IE02)
    b.     Functional Locations (IL02)
    c.     Maintenance plans (IP02)
    d.     Entry List for Measurement Documents (IK32)
    e.     Object links (IN05, IN08)
    f.     User-statuses
    Authorisation Debugging:
    TCode SU53: Evaluate Authorization Check

  • Regarding Authority check for V_VTTK_SHT  in one exit

    Hi Experts
    1.For VT01N transaction , there is one customer exit : ZXV56U18.
    2.In this  we will get the shipment type value.
    3.I have to check the authority check for this shipment type (SHTYP) field.
    4.I have written the following statement :
       authority-check object 'V_VTTK_SHT'
                      ID 'SHTYP' field    I_XVTTK_TAB-SHTYP
                      ID 'ACTVT' field '07'.
    5. For my user id , i have check the user profile in SU01.
    6.For me this authorization object , field ACTVT does not contain 07 value.
    7.In debugging , the SY-SUBRC  giving the value 0.even the user profile does not contain the value '07' for ACTVT field
    Can u tell y it is happening like that ?
    Regards
    Ramakrishna L.

    Hi Experts
    1.For VT01N transaction , there is one customer exit : ZXV56U18.
    2.In this  we will get the shipment type value.
    3.I have to check the authority check for this shipment type (SHTYP) field.
    4.I have written the following statement :
       authority-check object 'V_VTTK_SHT'
                      ID 'SHTYP' field    I_XVTTK_TAB-SHTYP
                      ID 'ACTVT' field '07'.
    5. For my user id , i have check the user profile in SU01.
    6.For me this authorization object , field ACTVT does not contain 07 value.
    7.In debugging , the SY-SUBRC  giving the value 0.even the user profile does not contain the value '07' for ACTVT field
    Can u tell y it is happening like that ?
    Regards
    Ramakrishna L.

  • How can I check for the existence of an XML file in Illustrator Javascript??

    I'm writing a Javascript to run at startup. I want to check for the existence of XML files and process them, if they are available. How can I check for their existence?

    Your first line just sets a variable to a string value… getFiles() is a method of Folder… so
    var InputXMLDir = Folder( "D:/Brackets/Create_Bracket_Graphics/Input/XML-n-Templates/" );
    Not a PC user so I can't remember if the colon is OK…? As you appear to know the file name why bother with a folder get files anyhow you could just check if the file exists then do some thing…
    alert( File( "D:/Brackets/Create_Bracket_Graphics/Input/XML-n-Templates/brackets_men_web.xml" ).exists );

  • Windows 7 very slow logon, Waiting for the User Profile Service, winlogon event 6006

    Hello,
    Every so often one of our Windows 7 clients which is not normally having any delay at logon will take a very long time to login. This may be 10 or 20 minutes or up to an hour in some cases.
    Typically the event log will contain entries like
    The winlogon notification subscriber <Profiles> took 572 second(s) to handle the notification event (Logon).
    There is no further information available from Event Log Online Help, nor any additional detail as to why the logon event was so slow. During the delay the user will just see "Waiting for the User Profile Service" on their screen.
    We first started seeing this problem with Windows Vista and if anything the situation has not improved since then. It has never happened with any of our Windows XP users.
    We are currently planning a migration of computers to Windows 7 but stuff like this which has not been resolved in Windows over a 2 year period will stall that migration. The least improvement is to increase the event notification to give a lot more
    information on why the user profile processing has stalled.

    Hi,
    When did the issue begin to occur? Did it occur after installing certain application or applying certain policy?
    To troubleshoot the issue, please perform the following step.
    1. Restart the machine in Safe Mode with Networking to check whether the system can login quicker.
    2. Type “gpedit.msc” in Search box and press Enter. Navigate to the following location:
    Computer Configuration->Administrative Templates->System->Logon
    Please double click “Always wait for the network at computer startup and logon” policy and disable it.
    3. Perform a
    Clean Boot to check the result.
    Thanks,
    Novak

Maybe you are looking for

  • Can't reboot or shutdown

    Recently, (the last few weeks) I haven't been able to shutdown or reboot my desktop or laptop machines, both running Arch. It seems to start the shutdown process but eventually just hangs. I've let it sit there for over an hour and it never finishes.

  • Yoga 3 pro installing Windows 8.1 Pro

    Hi Everybody, Currently we are looking for some alternative for heavy H... Elite solutions for our mobile workers. We were interested in Yoga 3 PRO until I noticed that it is NOT distributed with Windows 8.1 PRO. The question is whether anybody did i

  • Trying to download video into  Final cut pro from my canon XHA1 HD camera

    I have a brand new I-mac 24 inch 4gs of memory and a terabite of hard drive, with Final Cut Pro 6.0.1 Studio 2. I have a brand new Canon XHA1 HD camera. when I plug in my 4pin firewire the computer it won't except the camera or the firewire, but I-mo

  • I refunded app on appstore. Why i dont have money on my account?

    So, i refunded a game. I wanted back my money, if i knew i will not get money from refund i would not refund it !! What do i do now if i want my miney back?

  • Infoobject not available in the query

    hai gurus We have appended a cube with info object that had a query already on it but that infoobject is not available in query hw to refresh the query designer to get new appended info object TQ KEERTHi