Authorization for HR data.
How can we check Authorization for HR data.
can any one spot light on this.
Regards
vamsi.
What they said...and to add..
SAP has two type of authorization. Standard authorization which is at the infotype and subtype level. You could lock down what infotypes, subtypes, object types, and transaction codes a person has access to display, update, and/or execute.
The other authorization is structural. A person can only see and/or update people below him/her from an organizational structure perspective. For example, a manager can only see his/her subordinate. He can not see subordinate of other managers nor can he see another manager information. However, his manager could see him, his subordinate, and all of people below down the organizational structure.
Here is an article written by Keith Pulliam on Structural Authorization
http://www.photographybykevin.net/ccount/click.php?id=14
If implimented correctly, the standard logicial database (PNP/PNPCE) will support it and check for it on all programs / reports that uses the logical database.
Similar Messages
-
Authorization for Basic dates and Forecast dates
Hello colleagues,
My customer requires is to have separate authorizations for using Basic dates and Forecast dates within WBS Element, Network and Milestone.
Iv'e noticed that the rellevant autorization object to have this separation is C_PROJ_TCD ; field: PSARG ; activity: 111 & 112. However I wonder if this is relevant to all related objects in the project or only to the Project definition object.
If the answer is only to PD I will be glad to have an idea how to controll it within the other objects .
Thanks in advance
Best Regards,
Nir
Edited by: Nir Horvitz on Nov 23, 2010 10:32 AM
Edited by: Nir Horvitz on Nov 23, 2010 10:41 AMIt is for all the objects... but you can not control it on basis of only that auth object.
For network,
use object :
C_AFKO_ACT
and activity 22 Display dates
for Project def and WBS, use
C_PROJ_KOK, C_PROJ_PRC, C_PROJ_VNR
C_PRPS_KOK, C_PRPR_PRC, C_PRPS_VNR
Regards,
Amol Sarode -
Maintain Authorization for Master Data
Hi Experts,
We are implementing PM Module to our client now i want to know.Is there is any relation of PM Team to Maintain Authorization for Master DataPFCG Transaction Code.I want to know for creating the Role for PM Users how the PM team provide the support.
Regards,
KavvyaYes, we play a greater role in getting the roles defined. We practically don't do it, the basis team gets it done. But, all the list of tcodes per role, authorization objects are to be listed by us. Check with your seniors, you should see the authorization matrix made during the implementation.
This sheet lists all the roles to be assigned along with tcodes, authorization objects and list of the users, who will be assigned these roles. Maintenance engineer and Maintenance manager will obviously be two different roles. It again depends on the size and the way the company works and wants authorization.
Regards,
Ketul -
What are required authorizations for accessing data through DI API?
Hi All,
I have one scenario
After receipt from production add-on asks user if he wants to close the related production order.
in form Data Event et_FORM_DATA_ADD
if user says yes then related production order will be closed using DI API.
This works perfectly for Superuser account, but not for the user who has full access to Production Module only.
Is there any specific authorization I am missing here.
Thanks,
Atul.Hi Gordon,
It gives error at this point way before closing the document
Private Sub SBO_Application_FormDataEvent( ByRef BusinessObjectInfo As SAPbouiCOM. BusinessObjectInfo , ByRef BubbleEvent As Boolean) Handles SBO_Application.FormDataEvent
If (BusinessObjectInfo .BeforeAction = False) Then
It says that user is not authorized
Thanks,
Atul -
Authorization for Master Data (Customer / Vendor)
Dear All,
I've requirement in Master Data Transaction display (XD03 / XK03), to control the dispaly of data for certain fields based on Authorization. As an example like below...
User X1 to see F1 & F2 data in above master transaction display data
User X2 to see F1 field, but F2 field not authorized...should be displayed as XXX (u2018XXXu2019 u2013 means data exists in database); if data doesn't exits for field F2...then I would like to display as YYY)
Can you please share your thoughts / ideas to implement the above requirement.
Regds,
Ramki.SAP standard does not provice such function in XD03/XK03.
Yes, you can achieve this function using custom ABAP code but implementing in sap-standard transaction would be challanging because of the restriction on modifying sap-standard code and not having exits at right place where you would need to implement this.
Regards,
Pawan. -
Display authorization for plan data
Dear All,
I have to split users into two categories as reviewers and planners.
I have created two roles from rsecadmin. For plan users it is working perfectly but for the reviewers system gives an authorization issue.
Plan users auth:
0TCAACTVT - ACTIVITY : 02
Reviwers auth:
0TCAACTVT - ACTIVITY : 03
Is there any possibility to do it but copying queries as not input enabled?
Thank you very much.
AlkanDear,
That ROLE will be SAP_ALL_DISPLAY
"what is to be done"
just assign the role to the display user via SU01
Hope this help!
Also refer this ,
DISPLAY ONLY AUTHORIZATION
Regards,
R.Brahmankar -
Authorization object for additional data of material
Hi,
in our Authorization there some user they can use MM01/MM02 only for specific
Maintenance Statuses - object M_MATE_STA (say L - Storage, X - Plant stocks, Z - Storage location stocks).
We also want, that this user are not allowed to change some additional data, but i don't know, if there
is some Authorization object.
Has anyone an idiea?
thanks.
Regards, DieterHave a look at M_MATE_MAN. Help text below:
Definition
This object determines whether a user is authorized to maintain material master data at client level.
Data at client level includes fields that cannot be maintained for each organizational unit (for example, for each plant or sales organization). It includes the following data in particular:
Material descriptions
Long texts (except sales texts and the material memo)
Units of measure
EANs
However, it does not include the objects of other applications that you can assign to a material when maintaining the material master record (for example, document assignment or classification) since separate authorizations can be given for objects of this kind.
Note
Even if a user does not have the authorization to display data at client level, the following data is still displayed for the material nevertheless:
Material descriptions and base unit of measure
Deletion flag on the initial Flag Material for Deletion screen
Defined fields
Fields Possible values Meaning
ACTVT 01 User may create data.
02 User may change data.
03 User may display data.
06 User may change deletion flags.
Edited by: Nick WW on May 27, 2011 9:27 AM -
Hello Expert,
I have a problem with authorization in MDG-F.
I want to create Account with Collective processing. After, entered Entity type, Edition and Chart of account, Blocking message "Data model 0G: No authorization for entity type Account (Company Code) - activity Display" is displayed.
But, i checked in PFCG transaction, for this user profil, activity are : create or generate, Change and display. So, for me , it is correct.
Please, check screen shot below :
Blocking message :
and in PFCG transaction
Could you help me to solve this point?
Kind regards,
Heri RAOELISONHi Heri,
the system behavior is correct. The account in company code consists of three entity types:
1) COA - Chart of Accounts (Type 3)
2) ACCOUNT - Account (A-Segment, related to ECC table SKA1, Type 1)
3) ACCCCDET - Account in Company Code (B-Segment, releated to ECC table SKB1, Type 1).
3) includes 1) and 2) whereas 2) includes 1). If you grant authorization only for 3) but not for 1) and 2), you cannot do anything.
Best regards
Michael -
BPS You have no authorization for the requested data
We are implementing Hierarchy node based security for our BPS.
When the user tries to display the planning layout, they get the error message "You have no authorization for the requested data "
I have given authorization to the relavant Infocubes, also checked the all the Authorization Relavant Info Objects and added theses Info Object to the custom authorization created in RSECADMIN.
Also added the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID to the custom authorization.
In pfcg, this authorization has been added to S_RS_AUTH. I have also given activity 02, 03, 16 values and a * to planning areas, functions, packages, groups, levels, folders, ... to the objects R_AREA
R_BUNDLE
R_METHOD
R_PACKAGE
R_PARAM
R_PLEVEL
R_PM_NAME
R_PROFILE
But still we get the same error.
Has anyone encountered this problem? Can you please provide me some clues to resolve this issueThank you very much Grevaz, but that template does not help.
I did run both ST01 trace and BI RSECADMIN trace. RSECADMIN Trace shows the below authorization failure
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
No Check for Aggregation Authorization Required
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Quantity
Characteristic Contents
0FUNDS_CTR
0TCAACTVT
SQL Format:
FUNDS_CTR BETWEEN '4012001000'
AND '4012001999'
AND TCAACTVT = '03'
Characteristic Contents
0FUNDS_CTR Node 1 I EQ #
I EQ :
0TCAACTVT I EQ 02
I EQ 03
Partially Authorized (Average) Characteristic Contents
0FUNDS_CTR
0TCAACTVT
SQL Format:
FUNDS_CTR > '4012001000'
AND FUNDS_CTR <= '4012001999'
AND NOT FUNDS_CTR IN ('4012001001','4012001002','4012001003','4012001004','4012001005','4012001006','4012001007','4012001008','4012001009','4012001010')
AND TCAACTVT = '03'
Value selection partially authorized. Check of remainder at end
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Quantity
Characteristic Contents
0FUNDS_CTR
0TCAACTVT
SQL Format:
FUNDS_CTR > '4012001000'
AND FUNDS_CTR <= '4012001999'
AND NOT FUNDS_CTR IN ('4012001001','4012001002','4012001003','4012001004','4012001005','4012001006','4012001007','4012001008','4012001009','4012001010')
AND TCAACTVT = '03'
Characteristic Contents
0FUNDS_CTR Node 1 I EQ #
I EQ :
0TCAACTVT I EQ 02
I EQ 03
Not Authorized
All Authorizations Tested
Message EYE007: You do not have sufficient authorization
No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
206 ( 0FUNDS_CTR )
Authorization Check Complete
We have created custom authorization and trying to restrict based on hierarchy node.
One point I observed is, when I give access to all nodes with a wildcard * in the custom authorization, then the error disappears and the layout is visble. But our point here is to try to restrict based on the nodes and we cannot give display access to all nodes. -
You have no authorization for the requested data. Message no. UPC217
Hi All,
When i execute a BPS planning function i am getting the following error.
'You have no authorization for the requested data. Message no. UPC217'
Plz let me know how to rectify the problem asap.
Thank you all in advance
KiranHello,
Your Function/level makes use of an authorization relevant InfoObject without restriction (or at least no restrictions enough).
Check that the Level is restricted correctly regarding the authorizations.
regards, -
Data Authorization for info-objects
Dear Experts,
We have designed a query in costing displaying the plan and actual costs by cost center. Our requirement is that that users shoul be able to see only those cost centers in the query which are relevant to them? How can I acheive this without creating multiple queries?. Is there any authorizatin abject that I can use for this purpose?
Regards
SuneethHi,
Pls check the below
Data Warehousing Workbench u2013 objects/S_RS_ADMWB
Authorizations for working with individual objects of the Data Warehousing Workbench. In detail, these are: source system, InfoObject, monitor, application component, InfoArea, Data Warehousing Workbench, settings, metadata, InfoPackage, InfoPackage group, Reporting Agent settings, Reporting Agent package, documents (for metadata, master data, hierarchies, transaction data), document store administration, (Customer) Content system administration, broadcast settings.
Data Warehousing Workbench u2013 InfoObject/S_RS_IOBJ
Authorizations for working with individual InfoObjects and their subobjects.
Until Release 3.0A, only general authorization protection was possible using authorization object S_RS_ADMWB. General authorization protection for InfoObjects still works as in the past. Special protection using S_RS_IOBJ is only used if there is no authorization for S_RS_ADMWB-IOBJ.
Regards,
Marasa. -
Authorizations for users to change their own data
Hi
All the employees are given the userids to logon to sap when these employees log on to sap with the particular userids they should be able to change /Display only the details pertaining to them not others
We have not implemented ESS but this is in pipeline but only after 3 -4 months But Authorizations are required for users now only
How to design role which should apply to all user requirements and they should get their Personnel no by default
Kind Regards
VinodHi,
For your requirement goto transaction SU21 and select the object P_PERNR and click DOCUMENTATION. Refer the Documentation for the steps to be followed.
(i.e) For a user to be able to maitain his or her own data. You should assign the user an authorization for the HR: Master data - Personnel number check object (P_PERNR), with the following specificatons:
1. Authorization level: *
2. Interpretation of assignment
User - personnel no: I
3. Infotype : 0002
4. Subtype : *
A related link http://www.sapfans.com/forums/viewtopic.php?p=502235&sid=cd1bde22eb24059e4d5a2eae086b7c96 -
Data Ownership Authorization for JEs & Banking
Hello All,
Is it possible to have data ownership authorization for documents other than Sales & Purchase documents? For a company with multiple branches, we need to block access of Financial related information such as JE, Incoming & Outgoing payments, Deposits of one branch to the other. Can this be done?
Any help on this would be highly appreciated.
Thanks & Regards,
Gyanesh Rupani
Edited by: Philip Eller on May 27, 2008 11:48 AM
Edited by: Philip Eller on Jun 10, 2008 9:13 AM*Hello Suda,
Thanks for the reply. The requirement is that a user from one branch should not be able to see what the other branch is doing. However, stock levels at all the branches should be visible to any branch.
Hence, similar to marketing documents, the display of Journal Entries, Vouchers, Posting Templates, Inventory Transactions, Banking transactions of any given branch should not be visible to other branches.
Can this be accomplished using Transaction notification stored procedure or by some other means? If yes, I would appreciate if you can throw some light on it.
Thanks & Regards,
Gyanesh -
You have no authorization for the requested data
Hi Gurus,
While trying to display data in manual layout it shows the erros as
You have no authorization for the requested data.
Any reason behind that.
Thanks,
DebasishHi Debasisha
I faced the same problem yesterday, as Ivan told apply the transaction code rssm. In Business Information Warehouse Authorizations window go to checks for InfoProvider and select your Cube and click the change button. in that window you can see the which infoobjects are selected under switched on column deselct the checkboxes for authorization obj. save - refresh
and go to BPS screen execute your layout you can find your layout. I solved my problem like that.
Hope it helps you.
Regards, -
Hierarchy authorization: profit center, 0account for 0PCA_C01 data.
Hello my SAP Net friends,
I have built the authorizations/roles using profit center hierarchy for PCA data based the paper in BWExpert(Avoid these common pitfalls in using reporting authorizations with and without hierachies), it works fine.
Both 0profit_ctr and 0account are in the 0PCA_C01 cube, they both have hierarchies.
Now users also want to use the 0account hierarchy to limit PCA data access beside using the profit center. Have any of you had experience to use both profit center and 0account hierarchies for authorization? Could it works? Any limitation or issues?
I have created authorization object using the profit center, if I create another authorization object using 0account. Could these two authorization objects works together?
I will assign points to any helpful responses.
Thanks!
JXAHello Jun,
0profit_ctr and 0account are two different characteristics, so authorization to those two are independent of each other.
I.e., you can set authorization two both characteristics by means of both hierarchies.
Diogo.
Maybe you are looking for
-
FTE report tab is missing in the MSS Role
Hi All, We have installed BP's of MSS in the portal and it is working fine.but some users are facing the below issue. User is unable to see FTE report tab in the MSS Role in the portal inspite of having all the roles related to the MSS and BI system.
-
Ichat video, audio no responce
I am trying to connect over .mac accounts and have a video chat, we are working between ichat 2.1 and 3. Text works great but everytime a video or audio chat invite is sent and accepted on the other end it says that there was no responce on both comp
-
Exec stored procedure from another stored procedure - not working
Hey, we've got a bunch of .sql files that we run, and some of them are stored procedures. Our programs call the stored procedures from within the .sql files and that works, but we've tried calling a stored procedure from another stored procedure and
-
iphone 3 too slow so want to get iphone4 n ready to add sm money is iy possible
-
Mass upload of BOM for Equipment & Functional Locations
Dear Gurus, I have an existing system with Functional Locations & Superior Functional Locations, Equipments with Superior equipments. I need to update the BOM for all (most) of these. Can we do it through LSMW or any other Mass update transactions??