Authorization check on users workstation basis

Hi experts,
I want to explore any log on event on SAP. I want to authorize the user according to users workstation. For example, If a user login into SAP from PC ABC he will get one type authorization. And if that user login to system using same id from another machine , he will get another type authorization. Is it possible ? Please help me on it.
Asad

Hi Asad,
Users are individually authorised, so you will need to set their authorisations per user.
Regards,
Graham

Similar Messages

  • How add Authorization check for user with assigened role for t.code-MIR4

    Hi All,
    Regarding authorization how to check authorizations check for user whith assigned roles for the t.code MIR4  using ABAP.
    In Detail:2)     All users are allowed to go to MIR4(invoice number), But ONLY for users with role: MM_RELEASE_INVOICE can proceed to do the posting.
    suggest me...
    Thanks,
    srii..

    Hi Sri ,
    first u need to find out  in which user rules u are using this object , after that if u want to restrict users then remove create/change values from that object values .
    make use of Tcode SUIM to find out all roles which are using this Object.
    or
    ask ur basis guy to remove authorizations to create/change....
    regards
    Prabhu

  • Failed to activate authorization check for user SAPSYS

    Hi Experts
    I am trying to run the sdcc, it was throwing time_out error. i have increased the work process runtime. now
    i am getting a error Failed to activate authorization check for user SAPSYS.
    Please help me to solve this issue.
    Regards
    Venkat

    Hi, Mr. Joe Bo.
    Thanx for your reply. We are using ECC6 (HP Unix with Oracle)
    Basis Patch - 15, Kernel 159
    I have seen the the note but it's showing ccms method defination settings, but for my case we are yet to go live we have not made any settings from sap they are planning to run a session for the go live. When i am running sdcc i am getting a error in the system log "Failed to activate authorization check for user SAPSYS"
    Thanks & Regards
    Venkatesan J

  • Authorization check by user

    I need to do determine if a user is authorized to execute a certain transaction. What is the easiest way to implement this. I have been looking at ABAP statement AUTHORITY-CHECK but am not sure if it will work for me.

    You can use Authority object S_TCODE to check if user has authority to execute particular transaction. Pass transaction code in id 'TCD'
    AUTHORITY-CHECK OBJECT 'S_TCODE' FOR USER user_name ID 'TCD' FIELD 'ME23N'.

  • Authorization check to users in Report

    Hi frds,
    FI- Posting document created smart form
    My customer is asking Document values greater than RS : 250000/-  restrict to view some users ..........
    How to acheive this requirement...........

    Hi Kabil,
    a third option to the suggestions Nabheet Madan mentioned is to look for a property to recognize the special users.
    This might be a common role or authority, that no other users will own.
    For checking roles you can access table AGR_USERS, for check checking special authorities you need a matching AUTHORITY-CHECK in your report.
    Regards,
    Klaus

  • HCM Transfer process - Authorization Check Failed

    Hi All
        We are trying to run the Standard Transfer  process of HCM . We are trying to run the tcode u201C HRASR_TEST_PROCESSu201D  Can anybody Tell us what authorization objects does a user  require to run this process if the user does not have SAP_All Authorization.
    We have already added u201CP_ASRCONTu201DAuthorization object  as suggested by sap .
    We are failing in some HR authorization check but we have already added the same in useru2019s profile and it has already been genereated . 
    Note : We have already ran this process with SAP_All Authorization and it ran succesfully . Employee was Succesfully transferred to the new position .
    Please check the shreen  shots (click the links) below to get an idea of the problem .
    Authorization Check Failed :
    Link : [http://www.mediafire.com/?edtznzkmdm0]
    Process flow :
    Link : [http://www.mediafire.com/?ytxz3wlmjiz]
    Please click on " Click here to start download.. "  to check the screenshots.

    Hi, Mr. Joe Bo.
    Thanx for your reply. We are using ECC6 (HP Unix with Oracle)
    Basis Patch - 15, Kernel 159
    I have seen the the note but it's showing ccms method defination settings, but for my case we are yet to go live we have not made any settings from sap they are planning to run a session for the go live. When i am running sdcc i am getting a error in the system log "Failed to activate authorization check for user SAPSYS"
    Thanks & Regards
    Venkatesan J

  • Authorization Check of Multiproviders

    Dear all,
    we have a scenario like this:
    Two Basiscube (A & B) with two authorization objects created in RSSM (AUT_A and AUT_B).
    The assignment in RSSM is like this:
    Cube A checked by AUT_A
    Cube B checked by AUT_B
    No we created a Multiprovider where A and B are assigned to.
    We thought that the authorization check of the underlying Basis Cubes is also carried out in the Multiprovider.  Therfore we thougth it is necessary to assign the user both authorization objects AUT_A and AUT_B to run a query on the MC. Now I found a OSS note (921820) that says:
    "(XIII) For queries on MultiProviders, you must activate the relevant authorization objects for this MultiProvider (in transaction RSSM). The setting for individual basis providers is not relevant."
    For me that would have the following implications:
    We can assign either
    only AUT_A or
    only AUT_B or
    both AUT_A and AUT_B or 
    a new authorization object to MC.
    As long is the authorzation object that is assigned to the MC is also used in the roles the users can run the queries.
    Can anyone confirm this?
    Thanks in advance!
    Thomas

    You will be fine with setting the authorization at the multi provider level as far as the cubes are concerned.
    But you seem to have authorization objects based on info objects. Is that correct?
    If so, then you need to maintain authorization for the objects regardless of how you maintain authorization at the cube level.
    Ravi Thothadri

  • Authorization Check when logon into SAP via ITS

    Hello
    We have implemented Authorization Check after user have logged on to SAP via ITS in this User Exit SUSR0001. It was working fine in 46C version, but after upgrade to ERP 2005, when user logs on into SAP via ITS, this user exits is ignored, while logging normally via SAP GUI; authorization check is performed as before?
    Did anyone else have experienced the same problem?

    From what I understand something on that line changed.  We are still hanging on to our external ITS 6.20 so I am afraid I can not go into details.

  • Document search error in webshop(Error in authorization check: user unknow)

    Hi All
    actually we have implemented the document search functionality in webshop to access all the documents in webshop who have created order in the webshop.
    actually when i am logging into the portal with userid "skumar" after that there was role called "Document Search" when i click that document search role then the document search will be opened, based on the selections in the selection criteria then the documents will be displayed generally.
    actually come to my error when i select in the selection criteria "order acknowledgement" and i select the one more column called "period" after that i click the search button then i am getting the error as follows.
    <b>Error in authorization check: user unknown.</b>
    Can you please help me where to check the authorizations in the system for accessing the documents.
    Regards
    Sunil

    Hi Sunil generally this kind of error will occur when you choose acknoledgement
    for Future Periods,eventhough input is past date if the same problem occurs you should check for Su05 Internet USer authoriasations
    Reward if helpful
    Venkat

  • Logical Data Base- Authorization Check

    Hi,
        Please tellme when is the authorization checked if the LDB is used in the program. If I am not using 'GET PERNR' statement in the START-OF-SELECTION then will this authorization check will be performed for the data being extracted from the Data base using select statement.
    Waiting for reply,
    Shwetambari.

    HI,
    No it won't perform if you write the select statment, when you write the code GET PERNR, then internally it will get the data based on the Auth check and a SET PERNR will be triggers. so better to use the GET statment
    Regards
    Sudheer

  • Error for customer specific Authorization check (User Exit)

    Dear Experts,
    I am facing a problem in PM.
    I have created a maintenace plan for calibration via t code IP42 and mentioned the order type PM05. Scheduling is done for the order. I got the order number.
    I have released the order and got the inspection lot number.
    While entering the results recording through t code QE17, the reluts are out of the specified range, i have given the valuation Rejected, immediately system is giving an error message as below:
    "Error for customer specific Authorization check (User Exit)"
    Though there is no user exit activated in the system, this message is coming and not allowing the result recoring for rejection.
    If I'm entering the result recording within the specified range, then valuation is Accepted and its allowing to save.
    I have checked the following user exits:
    QQMA0002: QM: Authorization Check for Entry into Notif. Transaction
    QQMA0026: PM/SM: Auth. check when accessing notification transaction.
    The above 2 User Exits are not active.
    I have also checked a note 429066. But it says incase of any dump for that user exit only its applicable and more over the current version of the system is ECC 6.0 packae 15, where as that note is applicable upto 4.6C.
    Please some one help me on this issue.
    Thanks and Regards,
    Praveen.

    Dear Pete,
    I have cheked with my technical team, There is no hotpacks updated recently. This is the implementaion project I'm in, so performing the cycle for the first time.
    Any how I got it solved, in T code QE17, after entering the Inspection lot in next screen goto menu path Settings - User settings - Defects recording mention the reprt type and tick on Reprt type Changable.
    At the time of result recording if the valuation is Rejected then it ask for defects recording close that window if not rwequired then save, the error message no longer apperaing now.
    Regards,
    Praveen

  • Any BADI or USER EXIT for Authorization check in ME51N

    Dear MM Gurus,
    My requirement is to assign Authorization to the User to create Purchase requisition based on the combination of Plant and Storage location. Is there any BADI or User Exit available to achieve this?
    Regards
    Yoga

    hi,
    > Its not possible to have the authorization for PR at storage location level...
    > you can have authorisations for Puchase organisation EKORG, plantWERKS, puchase group EKGRP, puchase document type BSART ...
    > and authorisations objects are:
    >M_BANF_BSA :   Document Type in Purchase Requisition
    > M_BANF_EKG :  Purchasing Group in Purchase Requisition
    > M_BANF_EKO :  Purchasing Organization in Purchase Requisition
    > M_BANF_FRG :  Release Code in Purchase Requisition
    > M_BANF_WRK :  Plant in Purchase Requisition
    Regards
    Priyanka.P
    Edited by: Priyanka Paltanwale on Apr 27, 2009 3:01 PM

  • Authentication and authorization for AD users in UCM11g

    Hi all
    we are using webcenter content server 11g. I read some where that for 11g users authentication is done in weblogic server environment, mean content server for 11g in now managed by weblogic server only, am i right?. we have successfully integrated Active Directory with weblogic sever and user of AD are able to log-in UCM but they don't have any role like contributor or Admin. How to do this role mapping for AD user in UCM i.e. authorization for these users. Please provide any guidence on this issue any doc or blog, we are new to webcenter suite.
    Thanks
    Somesh

    As you already have weblogic integrated with AD, remains only role mapping and Single Sign-On integration. For authorization, AD must contain groups with exact names as roles in the Content Server. Those groups should be where Group Base parameter in the weblogic ActiveDirectoryAuthenticator point (like OU=Roles,OU=Oracle,DC=example,DC=com). Assigning AD user to the AD group named contributor, will add contributor role to logged Content Server user.
    As for SSO, refer to the:
    http://docs.oracle.com/cd/E23943_01/web.1111/e13707/sso.htm
    and
    http://docs.oracle.com/cd/E23943_01/doc.1111/e10792/c05_security.htm#autoId21
    Procedure steps are:
    Create a user account for the hostname of the web server machine in Active Directory
    Create krb5.ini file, and locate it in the C:\Windows directory at both machines (Domain Controller and WLS host)
    Generate the keytab file
    Create a JAAS Login File named krb5Login.conf
    Put both keytab and krb5Login.conf files to …/user_domains/domains/my_domain/
    Configure the Identity Assertion Provider
    Adjust Weblogic Server startup arguments for Kerberos authentication
    Redeploy CS (and optionally other servers) server with the documentation given deployment plan
    Check web browser configuration (IE and Firefox only)
    Take a deep breath and test
    If successful have a cake and cup of coffee else goto step one
    Regards,
    Boris

  • Authorization check

    Hi ,
    i new to authorization so i need help ,
    i go to transaction SU21 and i choose some object for example:
    Object R_CPM_BSC
    Text Authorization Object SEM: BSC Elements
    Class SEM Strategic Enterprise Management*
    Author STASTNY
    Field name Heading
    SEMSCARD Scorecard
    SEMOBJTYPE Scorecard Elements: Object Type
    SEMOBJKEY Scorecard Elements: Object Key
    ACTVT Activity
    And when i push on permitted activities i get:
    R_CPM_BSC Authorization Object SE
    ACTVT Activity
    activists
    01 Create or generate
    02 Change
    03 Display
    04 Print, edit messages
    1. i have always just permitted activities for ACTVT ?
    if i wont that user just have display Authorization how i have to write it like below?
    AUTHORITY-CHECK OBJECT R_CPM_BSC
    ID ACTVT FIELD '03'
    thats it i don't use the other fields?
    Regards

    Hi,
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    Thanks
    Vikranth

  • LDB PNP authorization check authorization object

    Hi,
    I have used LDB PNP for HR reports.
    We are using the authority check also, but the problem is all the records/data for all the people is being read by the report where some of the people data should not have been read as they belong to some other personal area that the role of the executer (user).
    Hence it appears that authorization check is not working properly.
    Following is how I am using it, Please suggest corrections or alternate way to correct this issue.
        rp-provide-from-last p0002 space gwa_outlist-begda 
                                                        gwa_outlist-begda.
        IF pnp-sw-found NE '1' OR
            pnp-sw-auth-skipped-record EQ '1'.
            EXIT.
        ELSE.
            ls_tab-vorna = p0002-vorna.
            ls_tab-nachn = p0002-nachn.
        ENDIF.
    Please reply with the corrections ore alterations,
    Thanks in advance.
    Akash.

    Hi,
    (1)
    Actually, if you're wirting report with PNP LDB, you do NOT need to do this hard-coded auth checking at all. Because the LDB abap code behind PNP has already do this job for you.
    So all you need to do is to ask you HR consultant or Basis consultant to modify the authority config of certain ROLE with t-code PFCG, and then assign that ROLE to certain user with t-code SU01.
    ABAP code behind PNP will automatically verify the current user according to his ROLE setting.
    (2)
    In some case you do not work with LDB report, then you need to do the authority check by yourself. General function  AUTHORITY_CHECK is what you need.  AUTHORITY_CHECK do the authority check by means of Authority Object.Belows are authority objects used in HR module(you can also see in PFCG if technial name switched on):
    P_ORGIN    HR: Master Data
    PLOG       Personnel Planning
    P_PCLX     HR: Clusters
    P_TCODE    HR: Transaction codes
    Sample of checking personal area:
    CALL FUNCTION 'AUTHORITY_CHECK'
         EXPORTING
              FIELD1              = ' PERSA'
              OBJECT              = 'P_ORGIN'
              USER                = 'SAPSUPPORT1'
              VALUE1              = 'Z001'  
         EXCEPTIONS
              USER_DONT_EXIST     = 1
              USER_IS_AUTHORIZED  = 2
              USER_NOT_AUTHORIZED = 3
              USER_IS_LOCKED      = 4
              OTHERS              = 5.  
    IF SY-SUBRC NE 2.
    MESSAGE E001(01) RAISING AUTH_FAILED.
    ENDIF.
    Reward if helpful pls!

Maybe you are looking for