Authorization field value

Similar Messages

• Can we give more than one value for an Authorization field in Auth-Check.

  Hi all,
  Can we give more than one value for an Authorization field in Auth-Check.
  Ex: AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD <Value 1> <Value 2> <Value 3>.
  IF SY-SUBRC 0.
  MESSAGE E...
  ENDIF.
  If yes, please help me with exact syntax.
  Think it will be like
  ID 'CUSTTYPE' FIELD: <Value 1>, <Value 2>, <Value 3>.

  Hi,
  yes we can give more than one field.
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object> 
     ID <authority field 1> FIELD <field value 1>. 
     ID <authority field 2> FIELD <field value 2>. 
     ID <authority-field n> FIELD <field value n>. 
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  please reward points, if it is useful.
  satish.

• Table for Analysis authorization along with values for authorization fields

  Hi,
  I am looking for table that contains the Analysis Authorization name along with values for all the authorization fields within this Analysis Authorization. Individually i can go to PFCG or Rsecadmin but since i need all the Analysis auth objects, i need to get this info into excel, so need a table.

  Hi Prashanth
    You can check RSECVAL that is appropriate for your requirement please let us know if any further help is needed.
  Thanks & Regards
  Santosh Varada

• Searching for values of authorization fields

  Is there a way to see the transaction codes or programs that makes use of a specific value of an authorization field?
  Example: K_PRICE001 has the following authorization fields.
                 BUKRS - Company Code 
                 WERKS - Plant        
                 CWPRICLABL - Price Type   
                 ACTVT - Activity     
  The permitted activities are "02" (Change) and "03" (Display).
  Can I find programs/transaction codes that use "02" only? or "03" only? or "*" for all?

  > What it does not do is show you what values are linked to it, that you have to do manually but atleast you would have a list to start with.
  Someone already did that and left all the information behind in the system for you - both check indicators (the capability of the transaction to control something) and proposals (the intended use of the transaction).
  They also update it with each support package, but it is nor 100% correct not a perfect match for all your intentions. You can use authorizations to tune it if you have set it up correctly in the first place...
  --> SU24.
  Cheers,
  Julius

• Maximum number of field values for an Authorization object

  Hello Experts,
  What is the maximum number of field values can be put into the role, Is there any restriction for number of values in any authorization field?
  I have put 326 values for field OBJTYPE in authorization object S_DEVELOP but not able to generate the role it is showing error.
  I know I can split the values in two or more instance but wanted to know if there any other way out for this (without creating more instances)
  Thanks
  DK

  If the values for OBJTYPE are not uniquely the same, then the system will not merge them - so nothing will be lost.
  Here is another trick for you: Choose one of the transactions in the role (or create a "symbolic" one for it") where you want to have the OBJTYPE proposed automatically from. Now maintain one or two of them in SU24 and then download it to your PC. Now from the F4 value range of the OBJTYPE, add all of those values you want via copy&paste into the file and then upload into SU24 again. A read old / merge new in PFCG will then swing all the values in for you.
  Single values are always better, as you do not know what else is hidden in the range or might be added in future. It is however common to see FROM / TO ranging around values such as DEBUG and FUGR although all aspects of S_DEVELOP are dangerous - even in display mode.
  Cheers,
  Julius

• Field value(s) for object S_SERVICE were not entered

  Hi
  Whenever I try to generate a profile in PFCG I get an error, that is saying;
  ... field value(s) for object S_SERVICE were not entered
  Number of values could be different but message text is always the same.
  The problem is in CRM2007 IDES.
  It is regardless if I try to generate for existing role (like SAP_CRM_UIU_MKT_PROFESSIONAL) or for own role
  Does anybody know how to solve such issue ?
  regards
  Rafal

  Dear Rafal,
  kindly check documentation of customizing node
    SAP Customizing Implementation Guide
      Customer Relationship Management
        UI Framework
         Business Roles
           Define Authorization Role
  "Make sure that the authorization object S_SERVICE is set to inactive.
  An active authorization object S_SERVICE could interrupt the profile
  generation."
  You have to deactivate the S_SERVICE authorization object in PFCG to
  solve the error.
  Hope this helps,
  Gerhard

• Field "Value field texts" is disabled to enter new values

  Hi there,
  I'm trying to enter new values on the field "Value field texts" from Depreciation Area, in Config Asset Value Display(Financial Accounting (New) > Asset Accounting > Information System > Configure Asset Value Display). The fields are disbled to enter new text values.
  I don't know what's happening. I've see the SAP Note 121433, but I don't intend to request the creation of a program to fill these fields. Does anyone know if there's another way to deal with this?
  Thanks in advance.

  Hi Srinivasa,
  Thanks for reply. I've checked the transaction ANSICHT following the steps said and the Master Data fields are with "No authorization" for all Depreciation areas.
  Do you know if there's another way of enable these fields? We cannot change the Authorization settings from one Depreciation Area to another.
  Thanks a lot.

• Authorization default values of transaction /MRSS/PLBOMGR for object /MRSS/

  Hello,
    When I add the tcode "/MRSS/PLBOORGM " throuh the menu tab and when I go the authrization tab and click  on either
      Change Authorization Data or    Expert Mode for Profile Generation the is an error message stating the following :
  ======================================================================================
  Authorization default values of transaction /MRSS/PLBOORGM for object /MRSS/PB1 inconsistent
  Message no. 5@015
  Diagnosis
  The authorization fields contained in the authorization defaults are incomplete or incorrect.
  System Response
  The process had to be terminated to avoid generating inconsistent authorization data.
  Procedure
  Use transaction SU24 to adjust the authorization defaults to the object definitions in transaction SU21 and then repeat the process.
  ============================================================================================
  SU24, the custom values maintained are same as SAP Default . Any suggestion?
  Thanks
  Osama Khalifa

  This indicates one of two things resulting from changes to the authorization object AFTER SU22 had been maintained for it:
  1) One or more of the fields were converted to org. levels using the "old" technique of maintaining the table instead of running the report for this.
  2) One of more of the fields were changed in SU20 or SU21 but the original data in SU22 was not corrected.
  Solution in both cases is to correct the proposals in SU24 (customer data) and report it to SAP to correct in SU22 (original SAP data).
  Cheers,
  Julius

• Mapping authorization field IDs to field names (description)

  Hello Folks,
  I am trying to map the authorization field (technical ) names to field descriptions (long names)
  Backgroud: I do not have enough input from the functional team yet on restrictions at data level. I have pulled out a list of orgfield values from USORG. Now i am trying to map the other authorization fields to their descriptions.
  Table AUTHX only maps the field to the data element and while table DD04V lists the long field names for a given data element, i need to drill down before i get the description and thats for each fieldname / data element.
  Question: Is going through SU20 for each object the best way to map the field description or is there a better way to map the auth field IDs to their description. And i mean for multiple input as there are scores of auth fields...
  Regards,
  Prashant

  Thanks Jurjen, that helped a lot.
  I downloaded the authorizations into an excel tough, (did not use uncoverted format).
  Solution in Excel: Since there are a lot of blank cell values
  -- name the columns clearly
  create a pivot table
  In the pivot select only the field technical name and field description columns
  For some reason when the other columns are selected, everything is going blank for values
  I am sure others are better with Excel than i am
  Regards,
  Prashant

• Add Authorization field to Authorization Object (BTRTL to P_ORGIN)

  Hi,
  Could anybody please let me know the steps to add authorization field to an authorization object.
  I want to add authorization field (BTRTL) to authorization object (P_ORGIN).
  Please suggest..
  Thanks is advance!

  Hai..
  Goto SU03- access Class HR -> Object P-ORIGIN-> then check/create the values for the field BTRTL.
  For checking authorization Reports, we use command 'AUTHORITY-CHECK OBJECT'.

• Authorization object with no authorization field

  Hi Experts,
  I have created authorization object with no field checking.
  This is possible? Because i want to create this auth object for conversion only, and its not needed field checking.
  Please advice.

  Hi
  See this and do accordingly
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  Regards
  Anji

• Authorization Object Values

  Hi All,
  There's an authorization object called P_ORGINCON. It has 8 different fields and respective values. Now, one of the fields has '' as a value (two continuous single quotes, <b>without space</b> between them) and another field has ' ' as a value (continuous single quotes, <b>with space</b> between them).
  What is the difference between both the values i.e., the two different quotes with and without spaces.
  It would be 'rewarding' if someone can help me on this
  Cheers,
  Ravi

  Hi
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  <b>Reward points for useful Answers</b>
  Regards
  Anji

• Authorization default values of transaction F-53 for object F_FAGL_LDR

  All,
  I am getting this error when I go to adjust an existing role
  "Authorization default values of transaction F-53 for object F_FAGL_LDR inconsistant"
  Can any one help me resolve this issue?  I tried to set the check indicator to "NO" but it is still giving me the error at the bottom.
  Please assist.

  > ... they had me add Profit center to F_FAGL_LDR through SU21 and then I ran into the inconsistant issue.
  This part was missing before hand... I can understand that SAP said this is not support, because you have modified as standard object by adding a field to it... that makes it yours now.
  Whoever "they" is, they gave you bad advice.
  To repair the authorization object preferably do so by transporting it from a system on the same release which still has the standard fields.
  Cheers,
  Julius
  Edited by: Julius Bussche on Aug 15, 2009 3:30 PM

• Comp BT116H_SRVO filter attachment Document Template on field value

  I have a requirement to filter the attachment template documents based on a zfield  value in component BT116H_SRVO . I created a table that will map the template id to a specific zfield value (drop down) & I'm using BADI: Authorization Check on Document Level to within contentmanagement filter which templates will be available. The first time the correct Templates are display but during field value change in  BT116H_SRVO/Details the template values are not updated. The compoment BT116H_SRVO is using component GS_CM to display the template. Please advice.

  This will happen if you mistakenly save a Child page as a Template.dwt and overwrite your original Template file. Do you have a backup of your original Template stored some place safe?
  In the future, when you have questions related to Dreamweaver, use the Dreamweaver Forum. You'll get better, quicker answers there.
  http://forums.adobe.com/community/dreamweaver?view=discussions
  Nancy O.

• Difference between * and ALL field values?

  Greetings to all,
  Here is an intresting question. For a particular authorization object of a role, I see that it has a field value of ALL for a specific field. Is this same as * or is there any subtle difference between the two. This is in ECC 5.0.I would greatly appreciate a discussion. Thanks.

  i have also seen the value ALL in some roles in my org...
  Object:C_PRPS_USR (PS: Model for User Field Authorization for WBS elements)
  Field:USR10_1 (User field with 10 characters)
  Value: ALL
  If ALL means value ALL then what is the significance of it in the above field?
  Pls throw some light...
  thankx
  Sachin