Authorization for a custom programme

Similar Messages

• No authorization for changing Customer Centrally- Idoc in Error Status 51

  Hi Experts,
  We are implementing MDM for one of the client.
  The client  runs a  modification scenario in MDM for Customer Master.
  He modifies a customer record in MDM and this record is transfered from MDM to ECC via PI through Idocs.
  We are using standard Idocs for Customer Master which is DEBMDM
  There are 2 Idoc's generated in ECC by PI from DEBMDM as DEBMAS and ADRMAS.
  ADRMAS Idoc is succesfull in ECC and the corresponding record is modified.
  Now the issue is that the corresponding DEBMAS Idoc goes into Error 51.
  The Error details is as below:
                                                                                  No authorization for changing vendor Centrally                                                                               
  Message no. F2326                                                                               
  System Response                                                                               
  You cannot access the requested data.                                                                               
  Procedure for System Administration                                                                               
  If necessary, include an entry in the user's authorization profile for  
      the authorization object and parameters specified below.                                                                               
  Authorization object:                                                                               
  o   F_KNA1_APP                                                                               
  Parameters:                                                                               
  o   Activity: 02
      o   Application authorization : *
  We gave the respective authorization object to the RFC User ID used in PI RFC created to connect to ECC.
  Also we have given the user id  Tcode authorization like XD01/02/03.
  But this error still persists.
  Request to throw some light on this.
  Cheers
  Dhwani

  Check these threads
  [Re: IDOC STATUS - 51 " IDOC HAS TEST STATUS|IDOC STATUS - 51 " IDOC HAS TEST STATUS";
  [Error Inbound IDoc - Status 51|Error Inbound IDoc - Status 51;
  thanks
  G. Lakshmipathi

• Authentication and authorization for a custom connector

  I have the following problem: I have a software which tries to connect with the server through its own custom RMI connector.
  So I have the  RMI Connector deployed via Mlet-Service. I have written a small TestClient and can get a RemoteMBeanServer  with RemoteMBeanServer rs = getRemoteMBeanServer(), but if I try to call something like  rs.getMBeanCount() I get :
  com.sap.engine.services.jmx.exception.JmxSecurityException: Caller Guest not authorized, only role administrators is allowed to access JMX
  So the WebAS considers someone who tries to connect with this connector as guest. How do can I get authentication  and autorization to access the JMX parts? The manual seems only to cover JSP and webapplications, where it is possible to configure a role for them. I only have this connector.jar, configuration and mlet-file.
  I still have the option to use JAAS authentication with  this connector, then I have to configure it differently and, the more difficult, to implemend
  a method "public Subject authenticate(Object credentials)" where credentials are two Strings with user and passwd. But I am not quite sure how to fill the Subject with useful information.
  Thanks in advance
  Nils

  Jmx is secured resource and only administrator role user
  can access it.
  If your code is running in a servlet you can define
  the servlet to run as administrator
  1. Add in the web.xml
  <security-role>
     <role-name>AnyName</role-name>
  </security-role>
  2. Add in the web-j2ee-engine.xml
  security-role-map>
     <role-name>AnyName</role-name>
     <server-role-name>administrators</server-role-name>
  </security-role-map>
  If you are runnig from a remote client you just have to
  Properties connectionProperties = new Properties();
  connectionProperties.setProperty(
  Context.INITIAL_CONTEXT_FACTORY,
  "com.sap.engine.services.jndi.InitialContextFactoryImpl");
  connectionProperties.setProperty
  (Context.PROVIDER_URL, "<host:p4port>");
  connectionProperties.setProperty
  (Context.SECURITY_PRINCIPAL, "<ADMIN USER>");
  connectionProperties.setProperty
  (Context.SECURITY_CREDENTIALS, "<PASSWORD>");
  MBeanServerConnection mbsc =
                      JmxConnectionFactory.getMBeanServerConnection(
                           JmxConnectionFactory.PROTOCOL_ENGINE_P4,
                           connectionProperties);

• Amount Authorization for Customer

  I want to Enter Customer invoice While creating Invoice Following Message Display
  No Amount Authorization for vendor/customer in co. code?
  Pls Reply

  Hi,
  Go to -
  img - fa u2013 arap u2013 business transaction u2013 incoming payment u2013 manual incoming payment u2013 define tolerance (customers)
  Define Tolerance Groups for Employees and Assign User/Tolerance Groups
  Regards
  udayakumar.k

• Authorization Problem (I am Using Authorization For Custom Forms)

  Hi All,
  I am Using Authorizations To My Forms (I created One Addon For This Addon I am Using Authorization).I created Authorization For My Addon But While Working It Showing Some Errors
  . In My Addon Four Forms are there For  this four forms I am Using Authorization based on usres some screens only super  user can access. normal user he is not a super user he  cliekd on that authorization form it shows one message  Your not a authorized user to permitted this operation in this message box we have two butons one is ok button and one is Authorized by another user . When i clicked on Ok Button  I am getting error Internal error (-10) occured [131-183]. Please give me Your Valable Suggestion.
  I am waiting for  your Reply.
  Thanks & Regards
  Naresh

  I am using Sap Authorizations For My Custom Form  See The Code Also U Can Get Clear Idea
  Private Sub CustomAuthorization()
          Dim li_RetVal As Integer
          Dim pUserPer As SAPbobsCOM.UserPermissionTree
          Try
              pUserPer = Me.SBO_Company.GetBusinessObject(SAPbobsCOM.BoObjectTypes.oUserPermissionTree)
              'Purchase Indent
              If pUserPer.GetByKey("NHCL_PM") = False Then
                  pUserPer.PermissionID = "NHCL_PM"
                  pUserPer.Name = "Purchase Module"
                  pUserPer.Options = SAPbobsCOM.BoUPTOptions.bou_FullNone
                  li_RetVal = pUserPer.Add()
              End If
              'Purchase Indent ->New Purchase Indent
              If pUserPer.GetByKey("NHCL_PM_NPI") = False Then
                  pUserPer.PermissionID = "NHCL_PM_NPI"
                  pUserPer.Name = "New Purchase Indent"
                  pUserPer.Options = SAPbobsCOM.BoUPTOptions.bou_FullNone
                  pUserPer.ParentID = "NHCL_PM"
                  pUserPer.UserPermissionForms.FormType = "2000010002"
                  li_RetVal = pUserPer.Add()
              End If
              'Purchase Indent->View For Approval
              If pUserPer.GetByKey("NHCL_PM_VIE") = False Then
                  pUserPer.PermissionID = "NHCL_PM_VIE"
                  pUserPer.Name = "View For Approval"
                  pUserPer.Options = SAPbobsCOM.BoUPTOptions.bou_FullNone
                  pUserPer.ParentID = "NHCL_PM"
                  pUserPer.UserPermissionForms.FormType = "2000010003"
                  li_RetVal = pUserPer.Add()
              End If
              'Purchase Indent ->Selection For RFQ
              If pUserPer.GetByKey("NHCL_PM_SEC") = False Then
                  pUserPer.PermissionID = "NHCL_PM_SEC"
                  pUserPer.Name = "Selection For RFQ"
                  pUserPer.Options = SAPbobsCOM.BoUPTOptions.bou_FullNone
                  pUserPer.ParentID = "NHCL_PM"
                  pUserPer.UserPermissionForms.FormType = "2000010006"
                  li_RetVal = pUserPer.Add()
              End If
              'Purchase Indent ->Purchase Quotation
              If pUserPer.GetByKey("NHCL_PM_PUR") = False Then
                  pUserPer.PermissionID = "NHCL_PM_PUR"
                  pUserPer.Name = "Purchase Quotation"
                  pUserPer.Options = SAPbobsCOM.BoUPTOptions.bou_FullNone
                  pUserPer.ParentID = "NHCL_PM"
                  pUserPer.UserPermissionForms.FormType = "2000010007"
                  li_RetVal = pUserPer.Add()
              End If
              'Purchase Indent ->Final Quotation
              If pUserPer.GetByKey("NHCL_PM_FIN") = False Then
                  pUserPer.PermissionID = "NHCL_PM_FIN"
                  pUserPer.Name = "Final Quotation"
                  pUserPer.Options = SAPbobsCOM.BoUPTOptions.bou_FullNone
                  pUserPer.ParentID = "NHCL_PM"
                  pUserPer.UserPermissionForms.FormType = "2000010008"
                  li_RetVal = pUserPer.Add()
              End If
          Catch ex As Exception
              Dim ErrCode As Long
              Dim ErrMsg As String
              Me.SBO_Company.GetLastError(ErrCode, ErrMsg)
              Me.SBO_Application.StatusBar.SetText("Authorization Problem" & ErrCode & li_RetVal, SAPbouiCOM.BoMessageTime.bmt_Short)
          End Try
      End Sub

• Authorization for customized transaction

  Hi,
       In our system, developers create one transaction ZSIDUPDATE.
  Whenever I (Basis Admin) hit this transaction, error "No Authorization for Transaction" is occurred. I don't understand why the error is for authorization for this customized transaction because I have SAP_ALL & SAP_NEW profile.
     Can anybody give the solution?
  Regards,
  Rajesh

  Hello Rajesh,
  Check the report behind ZSIDUPDATE. I suppose there must be some kind of code which will allow only certain user to execute it based on their user ids. Either the user ids will be hardcoded or else they are being picked up from some table. This is not a classical authorization error. You may set a trace also but debugging is best. it will crack it open in seconds.
  Regards.
  Ruchit.

• Authorization for FBL5n specific customer

  Hi all,
  I have a scenario where we want to restrict sales person to view specific customer. We maintain sales person and customer number relation in a Z table.
  Please advise how I can restrict?

  Hello Ravi
  You can restrict access to master records in order to prevent unauthorized changes from being made. Depending on how you organize your master data, you can assign authorizations for maintaining this data. For example, one user may have authorization to maintain all master data, while another may have authorization to maintain only accounting master data.
  You can also assign different authorizations for different types of processing. All users could have authorization to display master records, while only a limited group of users may be able to create and change master data.
  Authorizations are specified during system configuration and assigned to each user in his or her user master record. If you have any other questions on this subject, you should contact your system administrator. The Implementation Guide (IMG) for Financial Accounting explains how to set up authorizations.
  Suresh

• Authorization for custom form

  Hi,
  How we can give Authorization for custom form as well as custom menu

  Hi,
  Try this out
  Go to Administration module
  > system initialization
  > Authorizations
  >Additional Authorization Creator
  Add same level and just mention your
  Authorization id=Custom
  Name=Custom
  Option=Full/Read/None
  Forms id=*(Your Form ID) *
  Ok
  Now Go to Administration module
  > system initialization
  > Authorizations
  >General authorizations
  Now select user and set user authorization-------> Custom -
  > No Atuorization
  Reply me
  Remember if Problem Resolved then mark as answered

• Customizing Authorization for Controlling

  Hello, Experts,
    I need to create a role with authorization for SPRO but only for the Controling branch.
  How do I do it ?
  Thank you !
  Rami Kleiman - HP

  Hi,
  DSK-  How do create configuration project ?
  Anil - Can you be more specific ? PFCG is transaction for creating roles.
  When I add SPRO to the role, it DOES NOT add all the authorization for
  the SPRO options.
  Thank you,
  Rami

• BW report authorization for restrict cost center

  dear all,
  i have problem on BW report authorization for restrict cost center.....when i execute the query, after selection screen, appear error message 'you cannot change zv_cctr for characteristic 0COSTCENTER during query'.
  note : zv_cctr is variable restriction for costcenter, type processing = customer exit.
  below the customer exit :
  WHEN 'ZV_CCTR'.
      IF i_step = 2.
        DATA : gt_mstuidvscc TYPE TABLE OF  ztbw_mstuidvscc,
               gs_mstuidvscc TYPE  ztbw_mstuidvscc,
               wa_final2(10) TYPE c.
        SELECT * FROM ztbw_mstuidvscc INTO CORRESPONDING FIELDS OF TABLE gt_mstuidvscc
          WHERE userid = 'sy-uname'.
        LOOP AT gt_mstuidvscc INTO gs_mstuidvscc.
          wa_final2 = gs_mstuidvscc-kostl.
          l_s_range-opt = 'EQ'.
          l_s_range-high = wa_final2.
          APPEND l_s_range TO e_t_range.
        ENDLOOP.
      ENDIF.
  Regards,
  Tony

  i defined variable as ready for input and mandatory.
  regards,
  Tony

• Problem wih analysis authorization for two scenarios on same data provider

  Dear all,
  I am looking for a solution on the following authorization scenario (using the new analysis authorization). Unfortunately everything that I tried did not work out as expected:
  User A is allowed to manually access query 1 (based on cube A) with authorization on all sites A-Z
  The same user A shall get an email distribution automatically (derivation of the filter in the query out of the authorization) for query 2, which is as well based on cube A, but this time the authorization shall be limited only to site A.
  As both queries are based on the same infoobject (0PLANT) and the same infoprovider (0TCAIPROV) I always get the result for all sites A-Z. The 0TCAACTVT is in both cases 03 (display), so I have no chance to distinguish between reporting and email distribution.
  Probably the only chance would be to derive the values for the email distribution scenario not from the authorization directly, but using a customer exit to fill the filter - but I would prefer a "standard" solution...
  Any ideas??
  Thanks,
  Andreas

  Dear Andreas,
  Before give you an alternative for you problem, Iu2019d like to comment the combining authorization concept:
  http://help.sap.com/saphelp_nw70/helpdata/EN/46/98cd87f37d19ace10000000a11466f/frameset.htm
  For this reason I suggest you which combing restriction through authorization and query filter. For query 2 try to use in 0PLANT characteristic the single value u201Csite Au201D, this restriction give you only authorization for see this value.
  Otherwise, you have to use customer exit.
  I hope that alternative help you to find a solution,
  Luis

• What's the best way to do authorization for my app?

  The authorization situation is somewhat complicated for my app.
  Each component of the app is authorized based on not only the user, but also the page number, the value of at least one P0_ITEM.
  From what I've seen so far, there are two different options of setting the authorization for the component:
  1. Set its Condition
  2. Set its Security Authorization Scheme
  Here is my understanding for each (from my limited experience with APEX):
  1. Set its Condition
  + Can pass in parameters such as :APP_USER, page numebr, P0_ITEM. So I can just create one function that does all the authorization
  - Have to combine the SQL query with the component's non-authorization display conditions, if any.
  2. Set its Security Authorization Scheme
  + By name, it seems like it should be used for authorization
  - Cannot take in parameters relating to the page, such as the page number --> therefore I will need to create many different schemes, for all the different pages.
  #2 will end up with a long list of schemes (each with its own SQL queries) for different pages, which doesn't seem as efficient as #1 with far fewer SQL queries and just take in parameters.
  Which one should I pick?
  Thanks!

  953006 wrote:
  Thanks fac586 for the detailed response, and also everyone else who replied. You guys are very helpful and respond promptly. And we'd appreciate it if you changed "953006" into a real handle promptly.
  Andre mentioned using conditions:
  The way I work around this is to have two functions, one which is used at the page level as a normal authorization scheme and one which can be passed variables which is called as a Condition and the name of the item is one of the variables, in effect giving it "self awareness".But fac586 said:
  You can't pass "parameters" to authorization schemes. Use application items, APEX collections or application contexts to set current context before the authorization scheme is evaluated, and access these values in the functions.Does this mean, fac586, that we can avoid conditions altogether? No, it means that I prefer to use Authorization Schemes to control access to resources based on user privileges and security, and Conditions to control rendering and processing for functional reasons. Using the approach described above I have found it possible to maintain this separation.
  Say if a page has two buttons, Button_A and Button_B. Button_A has a set of requirements for displaying and Button_B has its own set of requirements (some of which are shared with Button_A). So far, the only way that I can see of using pure authorization is to write 2 different authorization schemes, and set the authorization schemes for the two buttons respectively.What's the problem with that? Consider a more concrete example using a standard APEX report/form pattern for customer maintenance. Page 6 contains the report, and page 7 is the maintenance form with P7_CREATE and P7_SAVE buttons. Only users entitled to create new customers should have access to P7_CREATE, and only users able to edit customers access to P7_SAVE. This would be controlled by the CREATE_CUSTOMER and EDIT_CUSTOMER authorization schemes respectively. Functionally, conditions are used to show P7_CREATE if the P7_CUSTOMER_ID is null, and P7_SAVE if it's not null. We don't mix non-functional security considerations with functional requirements.
  The CREATE_CUSTOMER and EDIT_CUSTOMER authorization schemes are of type PL/SQL Function Returning Boolean. These are implemented using package functions. Exactly how a user has create/edit customer privilege is determined in the package. Determinants that are shared by multiple schemes can be combined at this level. These implementations can be changed as necessary without requiring changes to the application.
  The authorization schemes are reusable across pages and components. On page 6, CREATE_CUSTOMER can be used on the "Create New Customer..." button; EDIT_CUSTOMER on the report column containing the "Edit" links.
  Each component of the app is authorized based on not only the user, but also the page number, the value of at least one P0_ITEM. So I guess this goes back to my original concern with Authorizations:
  [Using purely authorizations] will end up with a long list of schemes (each with its own SQL queries) for different pages [and page items] ....
  Re: VPD policies. Note that in the example above there's no need for the authorization schemes to "know" which pages/items are being evaluated. The P7_SAVE button and the page 6 link column are involved with the EDIT_CUSTOMER operation, so that authorization scheme is applied to them.

• Transaction Variant for a Custom Report

  Hi Folks...
  I am trying to create a transaction variant for a custom report...and i am unable to do it. Have any one tried that before and got it worked..please let me know.
  Thanks in advance.
  Rajeev

  hi,
  i also used a different approach based on the requirement.  this might be helpful to someone:
  requirement: to make one of the parameter fields as display only.  other users should not be allowed to edit this field & make it modifiable again.
  _solution1:_ in the program, assign the parameter field to a modification id and make it protected (screen-input=0). 
  limitation: needs program modification incase there is a future requirement to change the parameter field value.
  solution2: [1]create & save a variant and protect that parameter field. [2] go to SE93 & create a report transaction, put your saved variant in the 'start with variant'. [3] go to SU21 & create an authorization object for controlling the access to the variant. [4] ask your basis to attach this authorization object to the user id responsible for maintaining the variants for that program. [5] add a logic to check the authorization object in your program whenever the user tries to save or delete variants.
  remarks: in production, make sure the authorization object & the update profile are transported.  create also the same variant name as what you have defined in your report transaction code.

• No Authorization for release process error for Purchase requisition App.

  We have configured a custom workflow for the purchase requisition and we are getting following error while:
  You have no authorization for a release process
  You have no authorization for a release process [GBAPP_APV_MSG/017] (error)
  No exception text available [/IWBEP/CX_MGW_BUSI_EXCEPTION] (error)

  Hi Masa,
  I have the same problem, I did the test to run a workitem from SAPGUI inbox and works well.
  The strategy is defined correctly, but continue with the error.
  2015-03-27 17:36:21 The following problem occurred: HTTP request failed400,Bad Request,{"error":{"code":"GBAPP_APV_MSG/017","message":{"lang":"es","value":"Not authorized for release process"},"innererror":{"transactionid":"551461B844396C12E1000000B52A6013","timestamp":"20150327201237.8762600","Error_Resolution":{"SAP_Transaction":"Run transaction /IWFND/ERROR_LOG on SAP NW Gateway hub system and search for entries with the timestamp above for more details","SAP_Note":"See SAP Note 1797736 for error analysis (https://service.sap.com/sap/support/notes/1797736)"},"errordetails":[{"code":"GBAPP_APV_MSG/017","message":"Not authorized for release process","propertyref":"","severity":"error"},{"code":"/IWBEP/CX_MGW_BUSI_EXCEPTION","message":"","propertyref":"","severity":"error"}]}}} - 
  Please your Help.
  Regards,
  Francisco.

• User has no authorization for Function group SYST

  Hi,
  We are starting to make customisation to B2B application. I have just created a new project for B2B_XXXX application and deployed it on the server. When I run this custom application, I am not able to login using the same user that is working fine for the standard B2B application.
  Following is the error I am getting
  ERROR 1 - RFC_ERROR_LOGON_FAILURE: User INTUSER05 has no RFC authorization for function group SYST
  ERROR 2-  The application was not able to switch to a stateful connection......
  Strange thing is that the same user works very well for standard B2B.
  Any clue? All I have done is created a CUSTCRMPRJ for B2B ERP (SHRWEB, SHRAPP). Please help.
  Best regards,
  -Tarun
  Edited by: Tarun Bakshi on Nov 10, 2011 7:37 PM

  Hi Shanto,
  The problem is still occuring. Even If I give s_rfc authorisation the order is not being created.
  I compared the source code for b2b and b2b_custom application, I have pasted below the component info
  sap.com      CORE-TOOLS      7.00 SP14 (1000.7.00.14.0.20071210170909)      SAP AG      SAP AG      20080125132852
  sap.com      SAP_JTECHF      7.00 SP14 (1000.7.00.14.0.20071210172424)      SAP AG      SAP AG      20080125132853
  sap.com      BASETABLES      7.00 SP14 (1000.7.00.14.0.20071210170411)      SAP AG      SAP AG      20080125132853
  sap.com      SAP-JEECOR      7.00 SP14 (1000.7.00.14.0.20071210172300)      SAP AG      SAP AG      20080125132852
  sap.com      JLOGVIEW      7.00 SP14 (1000.7.00.14.0.20071210160700)      SAP AG      SAP AG      20080125132853
  sap.com      SAP-JEE      7.00 SP14 (1000.7.00.14.0.20071210172039)      SAP AG      SAP AG      20080125132853
  sap.com      SAP_JTECHS      7.00 SP14 (1000.7.00.14.0.20071210172719)      SAP AG      SAP AG      20080125133813
  sap.com      BI_UDI      7.00 SP14 (1000.7.00.14.0.20071210170522)      SAP AG      SAP AG      20080125133909
  sap.com      BI_MMR      7.00 SP14 (1000.7.00.14.0.20071210170459)      SAP AG      SAP AG      20080125133230
  sap.com      UMEADMIN      7.00 SP14 (1000.7.00.14.0.20071210164800)      SAP AG      MAIN_APL70VAL_C      20080125140341
  sap.com      LM-TOOLS      7.00 SP14 (1000.7.00.14.1.20080124101556)      SAP AG      MAIN_APL70P14_C      20080125134809
  sap.com      SAP-SHRWEB      6.0 SP0 (1000.6.0.0.2.20080129095806)      SAP AG      MAIN_CRM70PAT_C      20110608153828
  sap.com      SAP-SHRAPP      6.0 SP0 (1000.6.0.0.2.20080128172843)      SAP AG      MAIN_CRM70PAT_C      20110608154506
  b2b_custom application has been created by using code from the following SCs that were added to the track
  SAPSHRWEB10_7-20003522.SCA
  SAPSHRAPP10_7-20003520.SCA
  SAPCRMWEB10_7-20003518.SCA
  SAPCRMAPP10_7-20003516.SCA
  SAPCRMDIC10_0-20003519.SCA
  STRUTS01_0-10003646.SCA
  SAPIPCMSA10_0-20003515.SCA
  SAPCRMJAV10_7-20003517.SCA
  SAPSHRJAV10_7-20003521.SCA
  TEALEAF00_0-20001451.SCA
  SAPBUILDT14_0-10003479.SCA
  Any help would be great...