Authorization for Infotypes and Actions

Similar Messages

• Authorization for Infotype 0008

  Dear Experts,
  I am new for SAP HR module, and I am facing one authorization issue.
  It is about the PA30 authorization for Infotype 0008, I want to restrict user ( ext_test) who can change Infotype 0008 for person ID 44000156, Employee group 1, Employee subgroup EP(ETXAT).
  And I create the role for T-code PA30.
  In the P_ORGINCON object, I configure the activity as following :
  Authorization level            E, R, S                                                                      AUTHC
  Infotype                           0008                                                                          INFTY
  Personnel Area                *                                                                               PERSA
  Employee Group              1                                                                               PERSG
  Employee Subgroup         EP                                                                            PERSK
  Authorization Profile         *                                                                               PROFL
  Subtype                          ' ', 0                                                                          SUBTY
  Organizational Key          *                                                                               VDSK1
  But when I execute PA30 with person ID 44000156, and want to change Infotype 0008, It shows that I miss the authorization.
  The result of SU53 are
  Authorization level            E
  Infotype                           0008   
  Personnel Area                *
  Employee Group              *
  Employee Subgroup         *
  Authorization Profile         *
  Subtype                          0
  Organizational Key          *
  I don't know why it asks the * authorization for Employee group and subgroup even I want to chagne the data which are fit my created authorizations.
  Could anyone give me some advice?

  Dear Amamath,
  Employee group is 1 (Direct), and subgroup is EP ( Expat).
  I don't know if it is possible if I want to restrict the authority as following:
  I have two person ID, one is 44000156, the other is 44000246.
  44000156 has Employee group 1(Direct) and subgroup EP(Expat)
  44000246 has Employee group 2(Indirect) and subgroup 3(Management)
  I want to restrict the authority that end user can only change Infotype 0008 for the person which subgroup is EP ( No matter the Employee group is 1,2, or 3).That is , in this case, I can only change 44000156 basic pay but not 44000246.
  So in the P_ORGINCON object, I restrict the Authorization level as "E,M,and R); Infotype as "0008"; and subgroup as "EP".
  After that , I did the test with end user's accout. then SU53 shows that it need to have Employee subgroup = "*".
  I don't know why it need the * authority for Employee subgroup. I should be able to change 44000156 since I granted the subgroup "EP" to end user account.

• No authorization for object K_VRGNG, action 16, fi,Message no. DB000

  Hi,
  User got error message while doing GR .
  Error message :
  Cost allocation Document was NOT Posted due to  No authorization for object K_VRGNG, action 16, fi
  Message no. DB000
  Regards....

  Hello,
    this is an authorization problem: user must run transaction SU53 after getting the error message in order to see in detail the authorization object and values missing. Then you must ask the person who manages authorization profiles to maintain properly the user's profile.
  Tipically some roles are assigned to the user: you must identify the role to be maitained, then go to transaction PFCG and in the authorization tab, add the missing authorization object and/or the missing authorization value for the activity. An alternative way is identifying an existing role with the expected values and assign it to the user.
  Hope to be useful.
  Best regards,
  Andrea

• Authorizations for materials and material groups

  Hello experts,
  Is it possible to limit the authorization to make purchase requerisiton of some materials or material groups depending on the user?
  I heard that it is possible be able to update some materials using the authorization M_MATE_MAT and including them in the material master, material group and user. But this also works for the creation of purchasing documents (PR,PO,RFQ,...)? Do I have to include this authorization for all the materials? If they do not have I understand that works for every people.
  Thanks in advance for your help
  Best regards,

  Hi Madii,
               actually Authorization works at the object level, i.s if you have provided the authorization for the user to makePR with certain Material Grp, then if you dont define that grp in the PO role, but still user will get the authorization from the PR role.
  why you want to allow the user to make the PR of certain Mtrl Grp for which he should not be making the PO.
  or let a different Body take care of the other mtrl Grp.
  Hope it helps.
  Regards,
  Yawar Khan

• How to give authorization for create and change particular Condition Type

  Hi...
     In my requirement is , Only one user can be authorized to create and change a particular condition type 'ZABC' in vk11 and vk12 .
  For remaining condition type can be used as in normal .
  How to do this ? How to give authorization for a particular user for particular condition type ?
  Plz guide me ..
  Thanks in advance .
  Deepa .

  Hi Deepa ,
  u can check A.Object V_KOND_VEA, in user profile u can assign condition type or tables.
  have a word with ur basis guy , so he can help u in better way.
  aand also ref FM SD_COND_AUTH_CHECK
  Regards
  Prabhu

• Authorization profile that provides "all authorizations" for PP and LO

  Hi:
  I'm looking for several authorization profiles provided by SAP:
  (1) Allow a user with "all authorizations" to work with PP module (Production Planning)
  (2) Allow a user with "all authoirzations" to work with LO module (Logistics)
  For examples, I found that there is the profile M_ALL that allows a user "all authorization" (universal authorization" for MM (Material Management) module.
  If you have some idea about one of these above (1) and/or (2) profile, please help. Any help would be appreciated.
  Thanks a lot,
  Thuan Nguyen

  Thuan,
  You can build it using PFCG fairly quickly. Go to PFCG, you will see a button called "Selection Criteria", all authorization objects are group by module (Object Class). You can include all PP auth objects in one shot. Logistic will separate into few class (General, Controlling, Warehouse Management, etc).
  It will be fairly clear to you once you get there.
  Hope this help.
  Thanks,
  Lye

• Merging of actions for Submit and action button

  Hello,
  How to merge actions for submit and Commit operations, in a single button?.
  For clarity, I have made a form with ADF table, where user can edit table fields. containing Submit and Commit buttons. Once editing is completed, if submit is pressed, changes will be posted and commit button becomes enabled.
  Now i want to be both actions should happen in one button. How to do this?.
  Thanks in advance
  seshu

  You can drag an operation onto an existing button (bind to existing button).
  The commit operation will automatically submit the form as well.
  To make the commit button enabled clear the "disabled" property of the button.

• Authorization for va01 and va02

  Hi all,
  I have a requirement to add an authorization for certain fields (not for editing) in va01 and va02. If i create an authorization object for the same, is it possible to integrate auth object to roles and What will be the fields of auth object ?. Anyone can put comments.
  Thanks and regards
  Jijo

  Hi,
  This is my code in so include program...
  AUTHORITY-CHECK OBJECT 'ZSO_SCHED'
           ID 'ACTVT' FIELD '02'.
  CASE SCREEN-NAME.
     WHEN 'RV45A-ETDAT' OR 'VBEP-WMENG'.
       IF SY-SUBRC  EQ  0.
         SCREEN-input = 1.
       ELSE.
         SCREEN-input = 0.
       ENDIF.
  ENDCASE.
  Now, i have to connect role to auth. object 'ZSO_SCHED'. Any idea how to do it?
  Thanks and Regards
  Jijo

• PI  Developer Authorizations for ABAP and Netweaver

  Hello,
  I was wondering if anyone had the basic authorizations for a developer in PI? I also need to know what they need access to in the Configuration Tool? I have the Security Guide but I was looking for a little more specifics? Anyone that could help would be fantastic.
  James

  Hi James,
  I find this one useful
  http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm
  As for the Config tool, i don't think developer should have access to it. It should be restricted to BASIS Team only
  Cheers !!
  Zaheer

• Authorizations for Z and Y queries in BI

  Hello everyone,
  I have a BI developer who needs to be able to create/save as BEx Y queries directly on our QA and Production systems.
  Right now they can do that on the DEV system because it is allowing changes to repository and cross-client customizations in transaction SCC4.  QA/PRD do not allow this.
  I was reading that you can allow people to create/save Y queries via authorizations/roles while still keeping the system locked down.  Is this true?
  If so, does anyone know what authorization object I need to use or add to a role?  I tried to find one in SU21.
  Also, does anything need to be done in SE38 to make the program call the auth check?
  Any help would be greatly appreciated and <removed_by_moderator>
  Thanks!
  Edited by: Julius Bussche on Dec 3, 2008 5:49 PM

  Hi Ben,
  For changing Queries in non-development systems you have to make some changes to your transport system:
  Transacation RSA1, Goto Transport Connection, Click on Object Changeability: change ELEM Query Element to 'Everything Changable'.
  See [OSS Note 992965|https://service.sap.com/sap/support/notes/992965] for further reference.
  Kind regards,
  Lodewijk

• Why don't some apps sync with comment not authorize for computer and go authorize computer at store. The computer is an authorized computer. What to do?

  I sync my iPad to computer and get the following message: "some of the purchased items on the iPad, including 'Angry Birds', could not be transfeered to your itues library because you are not authorized for them on this computer. to authorize this computer for items purcchase from the iTunes store, choose Store>Authorize This computer.
  I don't understand because the computer is one of my authorized computers. What am I missing?

  I have had this problem and after some time noticed that the apps that i couldnt put on my new computer were downloaded with a different ITUNES ID.
  e.g.
  I downloaded about 50 under [email protected] which was my account.
  There were about 10 under [email protected] which is my daughters account (she used a $20.00 itunes card)
  And a couple were from my sisters account [email protected]
  i logged into those accounts and authorised the computer for each ID and it worked fine... You just have to remember what ID's downloaded each item. (app, song, etc) Log into each ID, authorise, then Sync....
  Hope this helps..
  Troy

• Finder requires authorization for every single action

  I'm afraid I have been messing up too much with access rights (to copy information from my iMac to my brand new MacBook Air).
  On my iMac Finder now requires that I type an administrator name and pwd every time I move a file from a folder to another folder.
  I have made sure that I have read / write permissions to the folders concerned. Actually I have made sure that my account has read/write access to the whole of my home directory (including all enclosed items).
  Does anyone know how I can revert to a normal situation? Thanks.

  Still sounds like permissions and/or ACLs in your Home folder are amiss...
  http://osxdaily.com/2011/11/15/repair-user-permissions-in-mac-os-x-lion/
  1. Restart Lion and hold down the Command and R keys.
  2. You will boot into the Repair Utilities screen. On top, in the Menu Bar click the Utilities item then select Terminal.
  3. In the Terminal window, type resetpassword and hit Return.
  4. The Password reset utility launches, but you’re not going to reset the password. Instead, click on the icon for your Mac’s hard drive at the top. From the drop-down below it, select the user account where you are having issues.
  5. At the bottom of the window, you’ll see an area labeled ‘Reset Home Directory Permissions and ACLs’. Click the Reset button there.
  The reset process takes a couple of minutes. When it’s done, quit the programs you’ve opened and restart your Mac. Notice that ‘Spotlight’ starts re-indexing immediately.

• User Authorization for Network and Activity

  I have given WBS authorization according to the Person Responsible.
  Further I want to control all networks & all all activities under that particular WBSE.
  System is blocking the reqd. WBS but allowing to create/change all Networks & activitites under blocked WBSE.
  RIYA M

  Hi,
  Networks / Activities have different authorization checks than WBS / project definitions. You can check them by work center or plant, but not by person responsible on superior element.
  From what I've seen you will have to either use a different authorization check or develop the check as an enhancement.
  Kind regards,
  Neil

• Plant level authorization for Notification Change

  Hi All
  We have 7 plants and person belong to one plant is able to open and change the notification of other plants.
  In the role we have given restriction for the plant for the Tcode IW 22 and for the object SWERK .In the Notification only Workcenter and Plant fields are mandatory.
  How can we restrict for a user belong to a particular plant can only change his plant notifications using IW22 only ---not IW28
  Thanks in advance
  gangs

  Dear gangs,
  Check in all the roles of that user in orgnozation levels maintenance plant and planning plant.
  It may happen in one role you have ristricted for that user, but in other roles it may be having the t.code authorization for IW22 and with other plant also.
  Check that also.
  Regards,
  Praveen.

• Authorization for super user

  I want to create a super user on the production server who can create and save the queries only (no other authorization). He can save queries only under $TMP.
  For that I have already created role for super user in the transaction PFCG and in business content S_RS_COMP and S_RS_COMP1 I have given all authorization.
  Now User is able to create the query, but when He is going to save it the Error message is coming- 'No authorization for create and change'.
  Please suggest what I am missing.
  Regards,
  Dheeraj

  Hi Dheeraj,
  Have you given auth as per http://help.sap.com/saphelp_nw04/helpdata/en/41/05453caff4f703e10000000a114084/content.htm : Analyst3?