Authorization control for 2, T-codes at a same role

Similar Messages

• Authorization controll for  2 ,T-codes at a same role

  Hi all I need your professional support
  When we execute the PV00 t-code  and try to “Create Attendance “and it will allow the user to create it by going to PA40 which should not allowed and this has to be blocked.
  But in the same user under a different role, PA40 is also attached and we have to keep it available to the user.
  If I specify more about this issue, under HR role we have assigned PA40, for 5 personal areas and for another role we have assigned 20 personal areas for PV00,  so if the same user try to click on the “Create Attendance” it will give 20 personal areas access through PA40 , which we have to block it some how. Through PV00, should not allow the user to access PA40 transaction. I tried through authorization which I couldn’t control.
  We are using role based authorization. Please advice me how to resolve this issue.

  hai
  i got the answer tnx for every one
  regard
  nawa

• Authorization control for actual price calculation

  Dear all,
  I found that there is no authorization control for actual price calculation(KSII), this means user can calculate actual price for all cost centers, even this cost center belongs to other company. Is there a way to control this?
  Thanks,
  Ben

  Hi Ben,
  By SAP standard we do not have the control.  we also have the same situation.  We are venturing in to Realisation phase and we decided to have some kind of program (development) to control this.
  Please let me know if you find some better solution
  Best Regards
  Surya

• Authorization control for "Revoke  Status Closed"

  Dear Experts,
  We are trying to restrict the authorization of business transaction u201CClosedu201D & u201CRevoke status closedu201D through authorization control for transaction COR2.
  For that I have included authorization objects- K_ORDER, K_VRGNG, I_VORG_ORD in the user profile.
  I have also added these objects in SU24 with check indicator u201CChecku201D & proposal u201CYESu201D
  Through authorization object- K_ORDER I succeeded to restrict business transaction u201CCloseu201D.
  But I am unable to restrict u201CRevoke Status Closedu201D.
  I have also tried for this with user status but through user status also I am unable to restrict u201CRevoke Status Closedu201D.
  Can anybody help me for this.
  Regards
  Vivek

  Dear ,
  You can do it through two option :
  1.Apply Screen variant -SHD0 at user level in which you can switch off menu path of TECO/REVOKE etc.
  Refer : http://wiki.sdn.sap.com/wiki/display/Snippets/TransactionVariant-AStepbyStepGuidefor+Creation
  2.You can try User Status at Production Order level .Refer : authorization for TECO
  You can also check by User Exit : PPCO0007 (Exit when saving Production Order)
  Regards
  JH

• MD61 -Authorization control for Version , requirements type -reg

  Hi,
  We have an issue in providing MD61 -Create Planned Independent Requirements to the users
  By standard authorization objects available , Plant level authorization control only is there
  if we have to give authorization for many users in the same plant based on teh VERSION , REQUIREMENTS TYPE  etc... is it not possible ?
  can the authorizations objects be created manually for these and assign to teh concerned user's roles ?
  please provide your thoughts
  regards,
  madhukiran.

  Dear Madhu,
  Authorization objects can be added for an individual T Code also in SU24.
  Check with your Basis consultant,Also i think its possible to give the authorization for versions as well
  as requirement type also.
  Regards
  Mangalraj.S

• Authentication and Authorization control outside of application code

  I have an application which has no security code implemented in it.  I would like to control who can access certain URL paths within the application.  In addition, I would like to have single sign on to authenticate the users that have also logged on to the network with their Active Directory userids.
  Environment: ColdFusion 10
  App Server: default (Tomcat)
  WebServer: IIS 7.5
  Server: Windows Server 2008 R2
  Authentication: Active Directory
  In a currently existing environment I was able to do this using SiteMinder to protect certain URL paths.  I am putting together a new environment that no longer has SiteMinder.  I was also able to do this in a configuration using WebSphere as the application server and modifying ColdFusion's web.xml file to create security roles for the protected URL paths.  This was done by adding <security-constraint> and <security-role>  clauses to the web.xml.  I could then use WebSphere to control what users or groups have access to these URL paths.  In addition, I was able to implement Single Sign On for the users using SPNEGO.  This was all pretty clean and worked nicely for the users.  I would like to run under WebSphere, but unfortunately I have to use Version 8.5 of WebSphere which is not supported by ColdFusion.  So I have to use Tomcat.  Is there a way I could provide a similar access control using Tomcat?
  Authentication using SPNEGO
  Defining roles in the web.xml
  I am also open to other ideas to obtain the same results.

  Did you figure out how to get the IIS "Authorization Rules" to work with ColdFusion files?  I am having a very similar problem and until I solve it I cannot upgrade my production environment to CF10.

• Authorization control for batch master

  Hello Experts,
  I have a special requirement from client on authorization control on batch master. The requirement is user should not be allowed to change the batch header details but allow to change selected characteristic values. For e.g If I have a batch A, the header values such as prod date, country of orgin etc should not be allowed to change. In classification view few characteristics only should be editable, rest all should only be displayed.
  Is there any option to do this. Either through authorization control or exits. We dont want to create a custom transaction to achieve this.
  Thanks in advance
  Prathib

  Hello
  The following document explains how to check which authorization objects are called on each transaction:
  How to analyze authorization issues in debug
  BR
  Caetano

• Authorization control for document status

  Dear All,
  I want to control the status change of Documets created,
  How can i achieve this, so that a perticular user /ID can change the perticular status,
  I have ,
  01
  02,
  03,
  04, Rel.
  05,
  Do i need to put some trace anf find Objects to control...
  or there is any standard method to do this..
  Please guide me..
  Regards
  Raghu

  Hi Raghu,
  Here are DMS authorizatoins objects. For handle status it should be C_DRAW_STA
  C_DRAD_OBJ          Create/Change/Display/Delete Object Link                         
  C_DRAW_BGR          Authorization for authorization groups                         
  C_DRAW_DOK          Authorization for document access                         
  C_DRAW_MUP          Authorization for Markups                         
  C_DRAW_STA          Authorization for document status                         
  C_DRAW_TCD          Authorization for document activities                         
  C_DRAW_TCS          Status-Dependent Authorizations for Documents                         
  C_DRZA_TCD          Document Distribution: Authorization for Recipient Lists                         
  C_DRZI_TCD          Document Distribution: Authorization for Distribution Order                         
  S_ECL_CAT          ECL Viewer: Authorization Object for Stamp Categories                         
  S_ECL_STP          ECL Viewer: Authorization Object for Printing with Meta Data                         
  S_ECL_STP2          ECL Viewer: Authorization Object for Printing with Meta Data                         
  Hope that it will help you
  //Håkan

• Can we assign 1 credit control for multiple company codes

  hi,
  sap gurus,
  good afternoon to all
  can we assign 1 credit control area for multiple company codes.
  if yes can any body explain the pro's and cons of the assignment.
  if no can any body explain the why?
  its urgent plz.......
  regards,
  balaji.t
  09990019711

  Yes Balaji,
  We can assign.
  Here the risk categiry and terms of one credit control area will be applicable to all company code.
  Credit Control Area
  Definition
  An organizational unit that represents the area where customer credit is awarded and monitored.
  This organizational unit can either be a single or several company codes, if credit control is
  performed across several company codes. One credit control area contains credit control
  information for each customer.
  Use
  Credit and risk management takes place in the credit control area. According to your corporate
  requirements, you can implement credit management that is centralized, decentralized, or
  somewhere in between.
  For example, if your credit management is centralized, you can define one credit control
  area for all of your company codes.
  If, on the other hand, your credit policy requires decentralized credit management, you
  can define credit control areas for each company code or each group of company codes.
  Credit limits and credit exposure are managed at both credit control area and customer level.
  You set up credit control areas and other data related to credit management in Customizing for
  Financial Accounting. For more information, see the Implementation Guide under Enterprise
  Structure   Definition or   Assignment   Financial Accounting and then Maintain credit control
  area. You assign customers to specific credit control areas and specify the appropriate credit
  limits in the customer master record.
  Thanks,
  Raja

• Authorization object for sales tax code (MWSKZ) in FB60

  HI, there is a FI tcode FB60 in FI module. The requirement is that user wants to restrict some users to enter only few sales tax codes from among the list. For example if there are 30 tax codes, then user should be authorised to enter only 5 tax codes from the list. In standard authorization, there doesn't exist an authorization object to restrict tax codes. Kindly tell me the process of making authorization object for this task.
  I have made one authorization object. I think i need to call this object somewhere in user exit of FB60. Is this the way of doing this?? Kindly if someone have done this, mention down the procedure of making authorization object and how to implement it. Thanks

  Hi,
  Instead of creating a authorization obejct and assigning it to the tax code, it will be easy to write the code in a user exit to check whether the tax code is applicable for the user. Suppose if the user enters a non-applicable tax code, you can throw an error.
  Do u want to restrict the number of entries in F4 help for tax code for a particular user?
  Cheers
  ~Niranjan

• Plant level authorization control for Internal Order

  Dear Sir,
  We create Internal Order using tcode KO01 and  being a multi plant scenario , we want to have an authorization control on Internal Order creation/change so that plant or profit-center level authorization rights can be given to the users .
  We request you to Kindly guide us about the steps to be followed for addressing such requirement .
  With thanks and Regards
  Sonia Agarwala

  Sonia-
  It can be done. You have two options.
  1. SAP security - when your security person can limit a user by plant, profit center etc using authorization objects.
  2. Validations - Here you can create a validation where you define you logic. In your logic you can restrict set of users who can access a set of fields (profit center, plant etc). If he deviates, the system can issue error messages which is maintained in validations. Use transaction GGB0 to create validations.
  Hope this helps.
  Shail

• Authorization control for Z fields

  Hi all,
  We have appended a structure to VBAP; our requirement is to update these Z fields based on authorization control.
  Other than creating Z auth objects and checking them in our exit before updating Z fields, is there any other standard option to control updating of these Z fields.
  Regards,
  Krishna.
  SAP SD Techno Functional.

  Hi all,
  We have appended a structure to VBAP; our requirement is to update these Z fields based on authorization control.
  Other than creating Z auth objects and checking them in our exit before updating Z fields, is there any other standard option to control updating of these Z fields.
  Regards,
  Krishna.
  SAP SD Techno Functional.

• Authorization control for cost analysis/itemization view

  Hi Experts,
  Can we control the access to cost analysis/itemization report  in CO03 by authorization control ?
  Thanks

  Hi,
  Most probably it may not be possible.
  moreover, Why do you want this? Cost analysis will be in display mode only. Infact it benefits the user. They can analyse and correct the master if required.
  Think once again before making control. Because, everytime people has to come to authorised person to see the cost difference, which will disturb the authorised person.
  This is my personal opinion.
  Madhava

• Authorization Control For characteristics Maint.

  Dear All,
  My requirement is that,during material master creation/change,my user can change only certain characteristics in a class.What is the purpose of Authorization group field available in CT04.This what comes with F1 help,but I am not able to relate to it.I have assigned this authorization object in user role with relevant value,but nothing is happening.I am able to maintin all charac.
  Authorization Group for Characteristics Maintenance
  This key defines whether a user is allowed to maintain this characteristic.
  This authorization must be defined in the user master record.
  The authorization object is C_CABN_GRP.

  Dear,
  The object and values what you are taking about is to restrict the charectristucs change,,,This will not restrict value assignment in material master classification view.
  This is required for not to allow chages to that chateristics in CT04.
  If you want the material master chareostics value assignment restoction then you need to restict material master claasification maintaince view through the auth object - M_MATE_STA
  the values are as below
  A     Work scheduling
  B     Accounting
  C     Classification
  D     MRP
  E     Purchasing
  F     Production resources/tools
  G     Costing
  K     Basic data
  L     Storage
  P     Forecasting
  Q     Quality management
  S     Warehouse management
  V     Sales
  X     Plant stocks
  Z     Storage location stocks
  remove C from the value and assignthe role to user by whom you donot want the value not to be assigned
  come back if required

• How do i find authorization object for a transaction code?

  Hi SD Guru's
  I need to find the authorization object for both standard & Z transactions.
  How can i find this?
  Regards
  Ravi

  Hi,
  check the coding with SE38 for "authority-check" and you will get the objects or set a breakpoint on statement "authority-check" while you execute the transaction.
  Regards,
  Andreas