Authorization control

Similar Messages

• Authorization control for batch master

  Hello Experts,
  I have a special requirement from client on authorization control on batch master. The requirement is user should not be allowed to change the batch header details but allow to change selected characteristic values. For e.g If I have a batch A, the header values such as prod date, country of orgin etc should not be allowed to change. In classification view few characteristics only should be editable, rest all should only be displayed.
  Is there any option to do this. Either through authorization control or exits. We dont want to create a custom transaction to achieve this.
  Thanks in advance
  Prathib

  Hello
  The following document explains how to check which authorization objects are called on each transaction:
  How to analyze authorization issues in debug
  BR
  Caetano

• MD61 -Authorization control for Version , requirements type -reg

  Hi,
  We have an issue in providing MD61 -Create Planned Independent Requirements to the users
  By standard authorization objects available , Plant level authorization control only is there
  if we have to give authorization for many users in the same plant based on teh VERSION , REQUIREMENTS TYPE  etc... is it not possible ?
  can the authorizations objects be created manually for these and assign to teh concerned user's roles ?
  please provide your thoughts
  regards,
  madhukiran.

  Dear Madhu,
  Authorization objects can be added for an individual T Code also in SU24.
  Check with your Basis consultant,Also i think its possible to give the authorization for versions as well
  as requirement type also.
  Regards
  Mangalraj.S

• Authorization control for Z fields

  Hi all,
  We have appended a structure to VBAP; our requirement is to update these Z fields based on authorization control.
  Other than creating Z auth objects and checking them in our exit before updating Z fields, is there any other standard option to control updating of these Z fields.
  Regards,
  Krishna.
  SAP SD Techno Functional.

  Hi all,
  We have appended a structure to VBAP; our requirement is to update these Z fields based on authorization control.
  Other than creating Z auth objects and checking them in our exit before updating Z fields, is there any other standard option to control updating of these Z fields.
  Regards,
  Krishna.
  SAP SD Techno Functional.

• Authorization control for cost analysis/itemization view

  Hi Experts,
  Can we control the access to cost analysis/itemization report  in CO03 by authorization control ?
  Thanks

  Hi,
  Most probably it may not be possible.
  moreover, Why do you want this? Cost analysis will be in display mode only. Infact it benefits the user. They can analyse and correct the master if required.
  Think once again before making control. Because, everytime people has to come to authorised person to see the cost difference, which will disturb the authorised person.
  This is my personal opinion.
  Madhava

• Authorization control for actual price calculation

  Dear all,
  I found that there is no authorization control for actual price calculation(KSII), this means user can calculate actual price for all cost centers, even this cost center belongs to other company. Is there a way to control this?
  Thanks,
  Ben

  Hi Ben,
  By SAP standard we do not have the control.  we also have the same situation.  We are venturing in to Realisation phase and we decided to have some kind of program (development) to control this.
  Please let me know if you find some better solution
  Best Regards
  Surya

• Authorization control in Web Dynpro

  Dear experts,
  I have a question about setting authorization in Web Dynpro.  For example, how can I control if a button can be pressed or what kinds of data should be displayed based on user role in UME. 
  Moreover, if I have security settings declared in EJB (ejb-jar.xml). Then I use this EJB in Web Dynpro.  Can the UME role be passed to the EJB, i.e. the security setting in EJB still valid?  Thanks.
  Best regards,
  Ken

  Hi
    I have created a webdynpro component that interacts with SAP. I have done the authorization control through SLD. Well for individual elements of a webdynpro application i dont know if it is possible to restrict through authorization control.Maybe its something that needs to be worked upon.
  thanks
  ravi

• BOM authorization controls -reg

  Friends ,
  we use only BOM with usage 1 -production BOM , we dont want to maintain many BOMs like engineering bom ,design bom ,production bom like that seperately.
  in this context we require some authorization control to control the users for BOM changes for
  BOM during new product developmental stage
  BOM once mass production kicks
  we want certain people only authorised to create or change BOM at new product development stage (precisely at R&D personnel )
  once it goes to mass production we dont want the R&D personnel control on it we would like to authorize operations personnel to take owership of it 
  is this can be done ? which object i have to use to differentiate between BOM at new product stage and mass production stage
  once it changes from new product stage to mass production stage some where we have to maintain this object and contro, through this
  please help at the earliest
  thanks
  madhu kiran

  Hi Madhu,
  The authorization objects checked for BOM, Inform your basis personnel to use them to authorize as per your business need.
  C_STUE_BER     CS BOM Authorizations     
  C_STUE_NOH     CS Authorization to process BOMs without a change number     
  C_STUE_WRK     CS BOM Plant (Plant Assignments)
  C_AENR_BGR          CC Change Master - Authorization Group
  C_AENR_ERW     CC Eng. Chg. Mgmt. Enhanced Authorization
  C_AENR_RV1     CC Engineering change mgmt - revision level for materials
  C_DRAD_OBJ     Create/Change/Display/Delete Object Link     
  C_TCLA_BKA     Authorization for Class Types
  Hope the above answers your query.
  Regards,
  Vivek

• Authorization control- WBS specific

  Hi Experts
  My client handles major projects.
  Each WBS is owned by a management personnel like:
  DGM Mehanical: Mechanical activities
  DGM Electrical: Electrical engg activities
  DGM Civil: Civil engg activities
  Like wise various other responsible teams handle each work package (WBS).
  In this context, can we ensure authorization control WBS wise?
  It means, the WBS owned by Mech DGM should be editble to him only, and rest users should not be allowed for editing the sub objects of Mech WBS?
  Or, if this can be managed using user status, please suggest how the required functionality can be achieved.
  warm regards
  ramSiva

  Hi,
  You can use Person Resposible field in the WBS master data for the purpose.
  In T-code OPS6 you enter Person Responbile , Name , Office User.
  Create Three roles , DGM Civil (12), DGM Elec (13) , DGM Mech (14).
  For Authorization object C_PRPS_VNR enter for field PS_VERNR = 12 and PS_ACTVT = 01,02 & 03 for DGM Civil Role.
  Similarly for other roles.
  Key in 12 in person responsible field of the WBS belongs to DGM Civil.
  Assign DGM Civil role to DGM Civil user.
  Then he can only edit and ret can only view.
  Option 2 :
  You can also use Project Type.
  Object = C_PRPS_ART
  Create three project types Civil, Elec, Mec . In respective WBS select the project type as desired and assign that project type to the concerned role.
  You can take help of Basis consultant for clear understanding.
  Thanks
  Saikishore.Ganga

• Authorization control based on responsible persons

  Hi Experts
  My project structure is operated by several users.
  To have a control on each WBS (based on responsible person) i have set up authorization control for auth object C_PRPS_VNR.
  I have acheived control on WBS elements.
  However, the activities and network are still editable.
  Please suggest the auth control for the wbs and resp NWAs based on resp person.
  warm regards
  ramSiva

  Hi Ram Siva,
  If you are using individual Network header for different WBS element,you can use MRP controller field in the assignment tab page of Network heade for this authorisation.You can create the equal number of Person responsible as MRP controller and control the authorisation.

• Authorization control on material reservation creation and change (MB21 & M

  Hi Friends
  Please help me to find a solution on Authorization control on material reservation creation and change (MB21 & MB23).
  Client looking for a control over end user on those T.Code s but not at T.Code level;
  Client looking for control either based on "Storage location" and/or u201CProduct hierarchyu201D.
  More specifically, user A and B both can Create/Change MR but user A only can do it for the MR which related to storage location say YY while B authorized for storage location ZZ
  Thanks in advance.

  Hello Partha,
  Only available Standard SAP Authorization Objects, related to Reservations, are M_MRES_BWA (Reservations: Movement Type) & M_MRES_WWA (Reservations: Plant) where you can maintain authorizations based on Movement Type & Plant respectively and hence seggested enhancement.
  You can use Tcode-SUIM to search for Basis authorization details i.e. Roles defined for specific transaction/authorization object / profiles.
  Revert if any further info required.
  Regards,
  Anup

• Support for  Proxied Authorization Control ?

  Does OID support the Proxied Authorization Control
  which in and extension of LDAP v3 spec? If not will
  it ever, and if so - when?
  Thanks,
  Artur...

   Not sure if it will work in your case but I am using the PixtoCam app which works very good for me.

• Authorization control for "Revoke  Status Closed"

  Dear Experts,
  We are trying to restrict the authorization of business transaction u201CClosedu201D & u201CRevoke status closedu201D through authorization control for transaction COR2.
  For that I have included authorization objects- K_ORDER, K_VRGNG, I_VORG_ORD in the user profile.
  I have also added these objects in SU24 with check indicator u201CChecku201D & proposal u201CYESu201D
  Through authorization object- K_ORDER I succeeded to restrict business transaction u201CCloseu201D.
  But I am unable to restrict u201CRevoke Status Closedu201D.
  I have also tried for this with user status but through user status also I am unable to restrict u201CRevoke Status Closedu201D.
  Can anybody help me for this.
  Regards
  Vivek

  Dear ,
  You can do it through two option :
  1.Apply Screen variant -SHD0 at user level in which you can switch off menu path of TECO/REVOKE etc.
  Refer : http://wiki.sdn.sap.com/wiki/display/Snippets/TransactionVariant-AStepbyStepGuidefor+Creation
  2.You can try User Status at Production Order level .Refer : authorization for TECO
  You can also check by User Exit : PPCO0007 (Exit when saving Production Order)
  Regards
  JH

• Plant level authorization control for Internal Order

  Dear Sir,
  We create Internal Order using tcode KO01 and  being a multi plant scenario , we want to have an authorization control on Internal Order creation/change so that plant or profit-center level authorization rights can be given to the users .
  We request you to Kindly guide us about the steps to be followed for addressing such requirement .
  With thanks and Regards
  Sonia Agarwala

  Sonia-
  It can be done. You have two options.
  1. SAP security - when your security person can limit a user by plant, profit center etc using authorization objects.
  2. Validations - Here you can create a validation where you define you logic. In your logic you can restrict set of users who can access a set of fields (profit center, plant etc). If he deviates, the system can issue error messages which is maintained in validations. Use transaction GGB0 to create validations.
  Hope this helps.
  Shail

• Authorization control in MIGO on basis of Pur. Group & Pur. Org.

  Hi Experts,
  As per requirement, we needed Authorization control in MIGO on basis of Purchasing group and Pur. Organisation
  In MIGO user should allow to do GRN with Movement type 101 & 102 on the basis of Pur. Group & Pur. Org. mentioned in PO.
  I wanted to know can we restrict user to do GRN on the basis of above autho. If yes, please tell me in detail.
  Thx in advance..

  Hi,
  I allready checked the Tr. code SU24 but it needs to checked Autho Object M_BEST_EKO & M_BEST_EKG. but still it is not restricting on basis of Pur. Group & Pur. Organisation.
  I want to know how people restricting user for T code MIGO for Pur. goup & Pur organ.
  any suggestions will realy help me.
  thx..

• Open and close posting period authorization control TCODE: S_ALR_87003642

  HI All,
  Is there any chance to control the user to open and close another company code posting period variant in TCODE: S_ALR_87003642.
  In our system we are using the same client for different countries. So user can able to change the other country company code posting periods.
  We would like to control either on the country (or) organizational unit(company code) (or) posting period variant so that user can only open/close  their country / company code posting periods.
  Our present authorization role for open and close posting period contain the auth.Obj. : S_TABU_DIS.
  Please share your knowledge if you come across this problem..
  Thanks in advance..

  Hey Sandhya,
  Congratz, this can be done using linbe item authorization with the object S_TABU_LIN.
  Field ORG_CRIT - Value 02
  Field ORG_FIeld1 - Value ZT001B
  We have successfully done it in our client.
  You need to contact your BASIS consultant for this.
  Thanks,
  Nitish