Authorization by Project

Similar Messages

• ECC 6.0 and BI Authorizations in Project Implementation Phase for Dev only

  I ) ECC 6.0 Authorizations for Project Team
       I have browsed through SDN and gone through several documents and perhaps trying to post our senario as clearly as possible for better answers
  Aim : 1) To give appropriate authorizations to
        a) Functional Consultants
        b) ABAP developers
        c) BI consultants 
        in Development environment only on Customizing client,
        sandbox client and unit testing client
  There is no inhouse security consultant in house at this time.
  Type of Oragnization : Midsize
  project Life cycle phase : Bluprint-Realization
  Question1:
       What role and profile should I assign to functional consultants by preparing a role from the SAP standard role and what is the best way to restrict functional consultants from sensitive areas.
  eg: Modifying SAP_ALL option and assigning it to functional consultants.
  II.
  BI 7.0 Authorizations for BI consultants in Development environment
  Aim: 1) To give authorizations to BI 7.0 consultants (using only ABAP          stack)
    Question: I have read through some forum and wiki answers in sdn and many explain that give SAP_ALL and SAP_NEW to BI consultants and in addition give 0bi_all, SAP_BW_DEVELOPER and much more.
      Can some body list what are the needed Roles for this kind of users ?
  I know in theory many talk, do not assign SAP_ALL, but the person who advice this never explained the best alternative, and none of them I know have practially told that they have not assigned SAP_ALL.
  Please explain . I think asnwering my question will bury many questions in this fourm .

  Hi Nick,
  Did you get the answer? I'm lookinf for the same information about profiles.
  Thanks!!

• Authorization for project (table PROJ)

  Hi experts !
  I would like create role for PS modula which is limited to field Object Class equal Investment. Itu2019s impossible. How I can check which field I can use for authorization for project (table PROJ).
  Rgds Stenwa

  Stenwa,
  there are no user fields in the project definition. Instead you will find them in the WBS element. In that case, you can use standard authorization objet C_PRPS_USR to check on the user fields, but, as I say, it will not point to PROJ but to PRPS.
  CNEX0002 is a user exit to enhance authorizations in PS. You can check it in SMOD and create an implementation in CMOD but you will need the help of an abaper to create the necesary coding.
  Rgds
  Martina

• Person responsible based Authorization in Projects is not working for me

  Hi,
  Does 'Person responsible' based authorization for WBSE works for the WBS element only, or for the hierarchically sub-ordinate non-WBS objects (meaning Networks, Activities, Materials etc) as well?
  Details:
  (Authorization objects: C_PROJ_VNR and C_PRPS_VNR)
  -- User1 is assigned with role TESTROLE1. This role has the Project manager based WBS & project authorization objects, with person number 101.
  -- User2 is assigned with role TESTROLE2. This role has the Project manager based WBS & project authorization objects, with person number 102.
  Following sample project is created by a super-user:
  PROJ123 (Details: person responsible - 101)
    WBS-1 (Details: person responsible - 101)
      WBS-1/1 (Details: person responsible - 101)
        NETWORK1
        ACTIVITY11
        MATERIAL111
        MATERIAL112
      WBS-1/2 (Details: person responsible - 102)
        NETWORK2
        ACTIVITY21
        MATERIAL211
        MATERIAL212
  Now the requirement of super-user is that WBS-1/1 and its subordinate elements (Activities, Materials etc) should be editable only by User1. And similarly, WBS-1/2 and its subordinate elements should be editable by User2 only.
  My issue:
  Although WBS-1/1 is not accessible to User2, BUT User2 can edit the subordinate elements (NETWORK1, ACTIVITY11, MATERIAL111, MATERIAL112) of WBS-1/1. I do not want User2 to have edit access to subordinate elements of WBS-1/1.
  Above issue is with User1 for WBS-1/2 as well.
  Hope I am clear in explaining my issue. Can anyone please help me understand the standard authorization concept of Person responsible based roles. I suspect that I am going wrong somewhere but I am not able to identify the problem.
  I want to allow access of a part of project to one user, and another part to some other user. And I do not want to go for an ABAP option if I can do above using basis authorizations.
  (Above mentioned problem is not just with part of projects, but with a complete project as well.)
  Hope to see some quick replies. Thanks in anticipation.

  Thanks for the inputs Sreenivas.
  Are you aware of any authorization objects which can restrict access to Networks, Activities, Material components and Milestones, using 'Person responsible' or any other suitable field? I hope you got what I am looking for.
  Restricting WBSE based on 'Person responsible' without restricting sub-ordinate elements is not much useful according to me. It helps only with simple project structures (having only WBSE) and nothing much. Right?
  Thanks again

• Authorization for project relase

  Hello PS Guru's,
  1. I have a requirement, for a user ID he have authorization to use tcode CJ20N. but in this tcode he should not be able to release the project. I know this can be achived through user status management, but we dont want to implement any user status. Can anyone plz suggest me how to achive this with the help of authorization.
  2. Also User is authorized for X company code, this is maintained at org level in his role, but the system allow him to create the project for Y company code?
  I have also tryed to trace the process but there is no specific object hit during company code assignment as well as for status change.
  Please through some highlights for the same.
  Regards,
  Tushar

  Hi,
  For authorisation b/w company codes you can try with object A_S_ANLKL
  Controlling area authorisation for project def. - C_PROJ_KOK
  Or else use user exit on saving to check the value while saving
  or else try VALIDATION
  regards
  pv

• Authorization to project versions

  Hi All,
  My requirement is to provide authorization to some users to  already created versions in cProjects. I am able to create a new version using the class 'CL_DPR_APPL_OBJECT_MANAGER' and the method 'CREATE_PRJ_SNAP_WITH_PROJECT'. But I need to provide authorization to the existing project versions. I searched many classes and methods to achieve this, but not able to get a solution.
  Request your comments on this.
  Thanks in advance.
  Regards,
  Vidhya.

  Vidhya,
  I regret that I am unable to answer your specific question.  My team also has this question.
  I did want to share this thought with you in the hopes that it would be useful for the future.  In testing I had realized that any users we added in the future would not have access to old project versions.  We informed our user of this and asked him to use user groups with authorizations so that if a new person joins the team that person is assigned to the user group.  Because the user group had access to the old project versions, this new person should be able to also get to this data.
  I hope that someone will be able to help answer your question though as we did not implement the use of user groups in time.  We have some projects with this same issue.
  Best wishes,
  Wendy

• SAP Authorizations Concept Project

  Hello,
  Before, i would like to say that this thread will stay open, with questions and answers. Thanks
  I am starting a little project on authorizations. The company has only 9 users, and all of them have the SAP_ALL, SAP_NEW profiles, wich after an audit generated the need to have them removed and the need to implement an Authorization Concept from the root.
  The first step and most important is to get the profiles fixed before the next audit, wich i think will only give me time to create generic profiles based on a List of Transactions and Reports, that each one of them, or a group, executes. I've been reading the ADM940 module, and i have some experience in SAP BI Authorizations, but no experience in Authorizations at a higher level.
  My questions are, Recomendations and attentions i must have to implement this concept i've described and
  Is the automatic profile generator, based only on transactions and reports enough to fullfil the needs i described before enough? Or after that i'll have to maintain some Authorizations objects manually?
  Thank you very much
  JO

  Closing the thread, as it has a lot of days by now

• Authorizations for Projects (Restricting Read/Write to users )

  Hi
  I want to know how I can .
  1) Restrict one users from editing projects of each others in xMII Workbench.
  (for ex. User A shud not be able to modify the projects created by user B)
  Tell me the steps.
  Regards
  Tulip

  Just some info on MI 12.1 if you are thinking about upgrading...
  MI 12.1's Content Management could solve your issue. In this version of MI, you can restrict content developers to shared projects. Shared projects are versioned by the repository thereby allowing developers to track revisions to all MI objects (queries, display templates, HTML pages, etc.). So if developer 1 makes incorrect changes to developer 2's web page, developer 2 can create a new version based on his previous correct version. You should evaluate CM if you are upgrading to 12.1 and have curious developers deleting important content.  
  Regards,
  Kevin

• Solution Manager Project Authorization

  Dear Friends,
     I have come across one authorization object namely "S_PROJ_AUTH.
  What is the importance of this object?
  In that object, field name, PROJAUTH, system asking me to enter project number. But i know only project name. From where i can the project number for my project name?
  Even i can input only 3 digit value in "Project number" field.
  Plz guide me
  Thnaks
  Senthil

  Hi Ragu,
    Sorry..plz refer the following auth object:S_PRO_AUTH (New authorizations for projects) & field:PROJAUTH(Project number).
  In Field "PROJAUTH"---I need to enter 3 digit project number. But i could not find project number for my projects. Even i am not possible to enter my name of the project, since system permits upto 3 digits.
  Thanks
  Senthil

• Staffing manager checkbox in project authorizations

  Hello!
  We made a few tests on authorizations at project level, and we don't understand the use of "staffing manager" checkbox.
  We use mainly project roles with type Staffing by Resource Manager via Authorization. Each role is linked to a Organisationa Unit (staffin process), and the staffing manager of this Org Unit (from the HR Org Struct) can see the project roles in his/her staffing view. This works perfectly.
  SAP Help says: If you are a staffing manager, the system displays all project roles with the staffing type Staffing by Resource Manager via Authorization and these are staffed by resources in the worklist of the external resource management application.
  When we flag this checkbox, we don't see any difference in the behaviour. A Staffing manager sees the same data. If we flag this checkbox at project level to an other user that is not defined as a Staffing Manager in HR, there is no effect after in his/her staffing view.
  Can anyone explain us the usage of this staffing manager checkbox?
  Thank you very much.
  Matthias

  Hi Matthias.
  Is it not the staffing scenario "resource manager via responsible organization" (defined in the project role type) that you use? 
  I think the checkbox you mention is used if you assign the resource manager directly in the project via authorization (instead of via the org unit in the staffing process tab).  In these cases the staffing scenario in the project role type shoud be "resource manager via authorization".
  Cheers / Anders

• SAP BI Authorization issue

  Hii,
  User A with ZALL auth can see the data OF PROJECT ABC for same query .
  But user B with project specific authorization OF PROJECT ABC can't see the data.
  note: no error of no authorization .seems to be some object auth issue.
  Regards,
  Akshay

  Hi,
  enter the T-CODE - RSECADMIN -> select analysis table -> select execute as -> give the user name -> select with log -> select RSRT -> select start transaction -> now it will show which error your facing.
  then based the resolve the problem.
  Thanks,
  Phani.

• Restricting project profile in CJ20N/CJ01 t-code

  Hi Experts,
  Based on the client requirement we have created a new Project Profile named as theShutdown Project. The type of Project is ShutDown. The client wants to restrict the same only for the Plant users usage. 
  I know that the type of the project can be restricted thru standard authorization object -
  C_PRPS_ART. The coding mask is not restricted or defined as of now.
  Since we could not find any standard authorization object which restricts specifically on Project Profile, we tried creating a Z
  auth.object as follows:
  u2022 SU20 -CREATE AUTHORIZATION FIELD
  u2022 SU21 -CREATE AUTHORIZATION OBJECT
  u2022 SU21 -LINK AUTHORIZATION FIELD AND AUTHORIZATION OBJECT
  u2022 SU24 -ADD THE AUTHORIZATION OBJECT IN THE TCODE CJ20N AND CJ01
  u2022 PFCG-CREATE ROLE WITH AUTHORIZATIONS TO TCODES- CJ20N AND CJ01. ALSO
  ADD THE AUTHORIZATION OBJECT MANUALLY. GENERATE THE ROLE AND SAVE THE
  SAME. LINK USER ID TO THE ROLE
  u2022 SE38- LCJWBF7S. CREATE ENHANCEMENT IN FORM PROJ_SET AND ADD
  AUTHORISATION CHECK OF THE ABOVE CREATED OBJECT 
  The issue is that the above procedure is restricting the access for all the other users too despite it being attached to a particular role only. Every project profile other than shutdown  project is getting an error -"You are not authorisedfor this activity"  
  Please advice if our approach is correct or are there any alternative available.
  Regards
  Khushali

  HI,
  You need not have a separate Auth Object for "Project Profile".
  Make use of your standard auth object "Project Type" only.
  Introduce a simple validation to say that The only project type "Shutdown Projects" should be allowed for your Project Profile "Shutdown Project"
  By this, while Project creation, system throws error (Error you defined in the validation) in case both the Profile & Type are incompatible. When the user selects the appropriate "Project Type", then the subsequent standard error would be related to authorization on Project Type for the desired users.
  regards

• Project release - CJ20n

  Hi Friends,
  I need to put authorization while releasing a <b>Project/WBS/Networ/Activity/milestone</b> in CJ20n transaction. Only authorised person should be allowed to do a release.
  Please anybody have a solution for this?
  Thanks & Regards
  Kapil

  Hi
  Check the following Authorization Objects related to the PSystems
  and use the related one for your requirement
  C_AFKO_ACT Activities on network header level                         
  C_AFRU_APL Confirmation: Authorization for actual work center         
  C_AFKO_DIS Network: MRP Group (Plant) and Transaction Type            
  C_CSCR_ACT PS: Activities for Flexible Detail Display                 
  C_VERS_ACT PS: Activities for Project Versions                        
  C_AFVG_TYP PS: Activity types for network act. and activity elements  
  C_PRPS_KOK PS: Controlling Area Authorization for WBS elements        
  C_PROJ_KOK PS: Controlling Area for Project Definition                
  C_PRPS_KST PS: Cost Center Authorization for WBS elements             
  C_MLST_BGR PS: Milestones (Authorization Group)                       
  C_PRPS_USR PS: Model for User Field Authorization for WBS elements    
  C_RESB_TRM PS: Monitoring Dates for Components                        
  C_PLKO_PLG PS: Planner Groups for Standard Networks                   
  C_PRPS_PRC PS: Profit Center Authorization for WBS elements           
  C_PROJ_PRC PS: Profit center for project definition                   
  C_PRPS_VNR PS: Project Manager Authorization for WBS elements         
  C_PROJ_VNR PS: Project Manager for Project Definition                 
  C_PRPS_ART PS: Project type authorization for WBS elements            
  C_SIMU_BGR PS: Simulation (Authorization Group)                       
  C_PSTX_ART PS: Text Type Authorization for PS Texts                   
  C_PROJ_TCD PS: Transaction-Specific Authorizations in Project System  
  C_AFVG_USR PS: User fields network activity. Activ. element model auth.
  C_AFVG_APL PS: Work Center for Network Activities and Activity Elements
  C_PROG_TR  Progress Tracking for Components                           
  C_PROMAN   Project-Oriented Procurement                               
  C_DIP_STDV Standard Varients in DP Processor                          
  Creation of Authorization
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  Reward points if useful
  Regards
  Anji

• Authorization on Summarization Report

  Hi Guys
  I need to know, how I can achieve Plant authorization on Project summarization reports.
  I can explain the scenario:
  We have Project manager A. who is having authorization of for PLANT 1
  So he should not allow seeing summarization report for any other PLANT.

  Hi Guys
  I need to know, how I can achieve Plant authorization on Project summarization reports.
  I can explain the scenario:
  We have Project manager A. who is having authorization of for PLANT 1
  So he should not allow seeing summarization report for any other PLANT.

• Unable to open some projects

  Hi.
  I have 44 projects who previously working fine.
  I saved then to a ntfs disk, using Paragon NTFS.
  Clean Lion installation, and a new installation from App Store to Imovie.
  I restored the projects and the events from the NTFS disk to my Lion partition.
  Some projects (13) are running fine. The rest is not seen by Imovie.
  I got this error message in the console log :
  09/08/11 04:41:51,795 iMovie: Skipping loading of project "Stage City" due to error: Unable to load project
  I try to repair authorization, rename project, create a new one and put info inside : no success.
  I can view the content of the project (right clic / show content).
  Any ideas to solve the problem ?
  Thanks in advance.

  Hello.
  Thank for your answer.
  No other choice at this time, I only have a NTFS disk for backup, and important data on it.
  I really don't understant why some of my projects are not working, and why my events are all fine ...
  I try to use a network folder to transfert projects, but no luck, still the same problem.
  The only good new is I'm able to find the export video in the package.
  I think I will stop spending time on this, and start making new videos
  Regards.