Authorization for Manual Maintenance of Logon Data
Dear Experts,
In LRFMD, I can see the field maintain logon data. Normally it is unchecked.
Can any one let me know what is the impact of checking this field?
In order to lovk the screen variant in LM00, I need to check this field in LRFMD.
What will be the impact of changing this filed?
regards
Shetty
Hi,
Auth object = BBP_PD_AUC
I think activity PA is used to control 'Extension" of time.
Try to create a new role where PA is unchecked.
Assign it to a user & test.
Best regards,
Ramki
Similar Messages
-
Problem wih analysis authorization for two scenarios on same data provider
Dear all,
I am looking for a solution on the following authorization scenario (using the new analysis authorization). Unfortunately everything that I tried did not work out as expected:
User A is allowed to manually access query 1 (based on cube A) with authorization on all sites A-Z
The same user A shall get an email distribution automatically (derivation of the filter in the query out of the authorization) for query 2, which is as well based on cube A, but this time the authorization shall be limited only to site A.
As both queries are based on the same infoobject (0PLANT) and the same infoprovider (0TCAIPROV) I always get the result for all sites A-Z. The 0TCAACTVT is in both cases 03 (display), so I have no chance to distinguish between reporting and email distribution.
Probably the only chance would be to derive the values for the email distribution scenario not from the authorization directly, but using a customer exit to fill the filter - but I would prefer a "standard" solution...
Any ideas??
Thanks,
AndreasDear Andreas,
Before give you an alternative for you problem, Iu2019d like to comment the combining authorization concept:
http://help.sap.com/saphelp_nw70/helpdata/EN/46/98cd87f37d19ace10000000a11466f/frameset.htm
For this reason I suggest you which combing restriction through authorization and query filter. For query 2 try to use in 0PLANT characteristic the single value u201Csite Au201D, this restriction give you only authorization for see this value.
Otherwise, you have to use customer exit.
I hope that alternative help you to find a solution,
Luis -
Search for User by last logon date no longer works after upgrading to SPS18
We used to be able to Search by last logon date under User Administration as a quick way to find out who logged on for a particular date. It worked well, but only for a single date range. We were on EP 6.0 SPS13 at the time. Since we have upgraded to SPS18, it no longer works. All we get back now is no user found no matter what date we enter.
Has anyone else experienced this problem? I've been searching and haven't found anything. I wanted to try and get more information before I create an OSS message.
Thank you,
Kathyit's since SP16, to be correct: http://help.sap.com/saphelp_nw04/helpdata/en/43/bc6b9202454dece10000000a422035/frameset.htm
kr, achim -
Defining Authorizations for User to restrict the data in report.
Hi Gurus,
I have no idea on authorization concept in BI. Please give me anyone steps to creating authorization objects, roles and profiles to restrict the data for users.
Ex.
i have functinal location info object checked as authorization relavent with below data.
FL001
FL002
FL003
FL004
FL005
FL006
FL007
FL008
FL009
We have users like below.
User1
User2
User3
Now, if User1 is analysing a report he can see only FL001, FL005, FL009 only, remaining have to be omited.
If User2 is analysing that report he can see only FL002, FL003, FL009. And like wise.
So, Please help me providing the completed steps. I have done somting but failed.
Thanks in advance
Peter.Hello Peter,
Please go through the following links
Authorization :
http://help.sap.com/saphelp_nw70/helpdata/en/59/fd8b41b5b3b45fe10000000a1550b0/frameset.htm
SAP Authorization Concept :
http://help.sap.com/saphelp_nw70/helpdata/en/52/671285439b11d1896f0000e8322d00/frameset.htm
Thanks.
With regrads,
Anand Kumar -
SAP standards for retriving the Material Master Data
Can someone provide me list of all SAP standards for retriving the Material Master Data with respect to views.
Standard Reports
Function Modules
RFC's
BAPI's.
T.codes
Sample code's
useful answers will surely be awarded.
Regards
VinayakHi,
These are the standard BAPI's for Material master.
BAPI_MATERIAL_DELETE Flag Material for Deletion
BAPI_MATERIAL_DISPLAY Display Material
BAPI_MATERIAL_EDIT Change Material
BAPI_RETAILMATERIAL_CREATE Create Material
BAPI_RETAILMATERIAL_DELETE Discontinue Material
BAPI_STANDARDMATERIAL_CREATE Create/Extend Material
BAPI_MATERIAL_SAVEREPLICA BAPI for Mass Maintenance of Material Data
BAPI_MATERIAL_SAVEDATA Create and Change Material Master Data
BAPI_MATERIAL_EXISTENCECHECK Check Existence of Material
BAPI_MATERIAL_GETBATCHCERT Create Quality Certificate for Batch in Portable Document Format (PDF)
BAPI_MATERIAL_GETBATCHES Create Batch List for a Material
BAPI_MATERIAL_GETCHARMERCHHIER Supply Characteristics of Retail Material for Material Group Hierarchy
BAPI_MATERIAL_GETINTNUMBER Assign New Internal Numbers for a Material Type
BAPI_MATERIAL_GETINTNUMBERRET Assign New Internal Numbers for a Material Type for Retail Materials
BAPI_MATERIAL_GETLIST Supply List of Materials for Search Criteria Transferred
Thanks., -
Upgrade on SAP Plant Maintenance and Product Data Management
Hi Gurus,
I assigned to a upgrade project for Plant Maintenance and Product Data Managemet modules.
Please guide me what are the steps to follow and provide more information on this ...
Thanks in advance!!!!!!!!!
Regds,
RKHello Kurni,
In PDM/PLM latest version is PLM 7.0.
There are many new functionalities available in this version.
Earlier version can be accessed from SAP GUI, but the latest one can be accessed from Portal/NWBC.
DMS side many notes have to be applied as you will be instaling EHP4.0 as part of the upgrade.
ECM side some standard reports are missing in PLM 7.0, which were available in ECC6.0.
Regards
Prasad K -
Authorization for Web Application Designer
Hello,
I'm trying to grant authorizations for the WAD without having to grant SAP_ALL and SAP_NEW. What authorizationobjects do i have to use?
We're working on a BW7.0 (SP12) system.
Kind regards.
Joost Krukhi Joost,
take a look
http://help.sap.com/saphelp_nw70/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/frameset.htm
Business Explorer - BEx Web Templates (NW 7.0+)/S_RS_BTMP
Authorizations for working with BEx Web templates
Business Explorer BEx reusable Web items (NW 7.0+)/S_RS_BITM
Authorizations for working with BEx Web items
BEx Broadcasting authorization for scheduling/S_RS_BCS
Authorization for registering broadcast settings for execution.
Business Explorer BEx texts (maintenance)/S_RS_BEXTX
Authorizations for the maintenance of BEx texts
hope this helps. -
List of logon/logoff activity for a user in specfied date range
Hello all,
We have a requirement to check the activity of two users. It is requested that we get their logon/logoff and timeout activity in our PRD system for a specfic range of dates. To retrieve that info do we have to be auditing their user ID's or can it be retrieved via ST03N or some other report?
I was not sure whether this information would be available via a lookup in the USR02 table or not.
Any help would be greatly appreciated.
Thank you!Unfortunately login has more than one spot as it is dependent on contexts and authorizations even.
Logoff could be network problems with a keepalive timeout, or server side session end, or client side termination (there are many clients).
Hopefully we will have more infos. Perhaps we can influence the authentication and client protocol because SAML supports single-log-off which might work with message based authentication but lead to a rather long log...
Cheers,
Julius -
Updating Logon Data for Web Service in SICF not possible
Hello, hopefully someone can help me with my problem.
I have created a custom Web Service based on a custom Z Function Module.
This all works fine in our Development environemnt. I was able to go into SOAMANAGER and generate the end point. This created the web service in SICF. I was then able to go into SICF and change the logon data to use our service ID.
All tested and functionaing great.
We then transported everything to QAS. I again went into SOAMANAGER to generate the End Point, and this worked fine, we have the web service now visible in SICF.
The problem now occurs when I go into SICF and try go into change mode to enter the service user in the logon data tab. I get a popup message stating :
"You cannot use this transaction to change the service."
When I click on the long text explanation I get:
"Message SHTTP824
You cannot use transaction SICF to modify this service.
This means that only the application has the authorization to use the defined interface to modify this service."
Does anyone know how to get around this ? Or how to define our logon data using SOAMANAGER ?
thanks
Adrianthe right way to transport logon info along with SICF service is to create an external alias for your BSP and maintain the logon info in the external alias.
other wise you have to open the production system for changes and change it , which may not be allowed.
Regards
Raja -
Authorizations for users to change their own data
Hi
All the employees are given the userids to logon to sap when these employees log on to sap with the particular userids they should be able to change /Display only the details pertaining to them not others
We have not implemented ESS but this is in pipeline but only after 3 -4 months But Authorizations are required for users now only
How to design role which should apply to all user requirements and they should get their Personnel no by default
Kind Regards
VinodHi,
For your requirement goto transaction SU21 and select the object P_PERNR and click DOCUMENTATION. Refer the Documentation for the steps to be followed.
(i.e) For a user to be able to maitain his or her own data. You should assign the user an authorization for the HR: Master data - Personnel number check object (P_PERNR), with the following specificatons:
1. Authorization level: *
2. Interpretation of assignment
User - personnel no: I
3. Infotype : 0002
4. Subtype : *
A related link http://www.sapfans.com/forums/viewtopic.php?p=502235&sid=cd1bde22eb24059e4d5a2eae086b7c96 -
Authorization for Task - Manual Document Posting
Hi All
We have have few tasks in our consol monitor like data collection, manual posing, validation, reclass etc. I want to restrict authorizaiton to users based on company and tasks. When I do so its perfectly working except for manual posting task. The system is allowing user to post manual posting of other company in which the user is not supposed to. I am wondering. The system is just ignoring manual posting task alone. Is there any tricky way to solve the issue for manual posting task?
I am currently using the objects R_UGMD_CHA, R_UGMD_SNG, R_UC_TASK combinations. It works fine except for manual document posting task. If any one got any suggestions, let me know to fix this problem.
Regards
A.BharathNote 610621 - SEM-BCS: Authorization check for the Manual Posting
During the execution of the Manual Posting the system by mistake checks the authorization for consolidation groups or consolidation units against value '#'. The system should check against the initial value instead.
For example, if you start a Manual Posting task, which posts on posting level 10, for a consolidation unit 'xyz', the system checks the authorization against the following values:
Consolidation unit = 'xyz'
Consolidation group = '#'
Instead of this, the system should check against the following values:
Consolidation unit = 'xyz'
Consolidation group = initial value
Other terms
Manual Posting, authorization check
Reason and Prerequisites
This problem is caused by a program error -
You have no authorization for the requested data
Hi Gurus,
While trying to display data in manual layout it shows the erros as
You have no authorization for the requested data.
Any reason behind that.
Thanks,
DebasishHi Debasisha
I faced the same problem yesterday, as Ivan told apply the transaction code rssm. In Business Information Warehouse Authorizations window go to checks for InfoProvider and select your Cube and click the change button. in that window you can see the which infoobjects are selected under switched on column deselct the checkboxes for authorization obj. save - refresh
and go to BPS screen execute your layout you can find your layout. I solved my problem like that.
Hope it helps you.
Regards, -
Getting message No maintenance authorization for shipping point 2001
Getting message No maintenance authorization for shipping point 2001 when performing goods receipt for a STO with reference to delivery using BAPI BAPI_GOODSMVT_CREATE.
When same program is executed in program it is working fine.
We have set the SU24 for the program name as no authorization check.
For back ground do we neeed to set anything specific.Yep. The same also applies to couples of call transactions (see SAP note 358122) - although BAPI's by definition do not and may not check S_TCODE...
The reason for this is because the checks can be turned off in SU24 against specific transactions. BUt when you schedule a program into a background job, then it does not have a transaction context. You will experience similar behaviour if you execute the program directly from SA38, SE38, etc.
Generally, you have 3 options:
- Some functions will expose a "NO_CHECK" or "NO_AUTHORITY" parameter which can be set when calling the function module. Some of them will only let you do it once Others will call themselves again with certain (usually customizable) parameters. You can look for this in the function module documentation, interface and coding.
- Grant the authority to the user ID, and ensure that this is a SYSTEM type user segregated from the dialog users. It would then have this authority, but by design could not start the transaction directly (even if someone did logon as the user...).
- If this object is not intended to be used at all for control in your concept, then you can globally deactivate some authorization objects using transaction AUTH_SWITCH_OBJECTS. The object will have no affect in the whole system when the ABAP application coding checks it in an AUTHORITY-CHECK object statement. The return code is always set to 0, and not only selectively...
You need to be carefull with all 3 options, but they can all three be applied in a secure way.
Cheers,
Julius -
How to Extract Data for a Maintenance View, Structure and Cluster Table
I want to develop 3 Reports
1) in First Report
it consists only two Fields.
Table name : V_001_B
Field Name1: BUKRS
Table name : V_001_B
Field Name2: BUTXT
V_001_B is a Maintenance View
For this one I don't Find any Datasource
For this Maintenance View, How to Extract the Data.
2)
For the 2nd Report also it consists Two Fields
Table name : CSKSZ
Field Name1: KOSTL (cost center)
Table name : CSKSZ
Field Name2: KLTXT (Description)
CSKSZ is a Structure
For this one I don't Find any Datasource
For this Structure How to Extract the Data
3)
For the 3rd Report
in this Report all Fields are belonging to a Table BSEG
BSEG is a Cluster Table
For this one also I can't Find any Datasource,
I find very Few Objects in the Datasource.
For this One, How to Extract the Data.
Please provide me step by step procedure.
Thanks
PriyaHi sachin,
I don't get your point can you Explain me Briefly.
I have two Fields for the 1st Report
BUKRS
BUTXT
In the 2nd Report
KOSTL
KLTXT
If I use 0COSTCENTER_TEXT Data Source
I will get KOSTL Field only
what about KLTXT
Thanks
Priya -
Error in gettnig logon data for Adapter Engine
Hi,
We have Http > XI > RFC Scenario. We are getting 401 unauthorized error in "CALL ADAPTER" section. From the trace its clear that the logon data for the adapter engine (there is no value for USER in trace) is not getting poulated. We fixed this issue last evening....i think by doing full cache refresh, but this problem propped up again today. Yesterday when this issue was fixed the USER has "PIISUSER" in the trace.
We haven't changed any config settings since yesterday so all the passwords and other config info is same. Not sure what's causing this issue. Below is the trace. Any help will be highly appreciated.
- <Trace level="1" type="B" name="CL_XMS_PLSRV_IE_ADAPTER-ENTER_PLSRV">
<Trace level="3" type="T">Channel for adapter engine: RFC</Trace>
- <Trace level="1" type="B" name="CL_XMS_PLSRV_CALL_XMB-CALL_XMS_HTTP">
<Trace level="2" type="T">return fresh values from cache</Trace>
<Trace level="2" type="T">Get logon data for adapter engine (SAI_AE_DETAILS_GET): af.ppi.dac-sapd1</Trace>
<Trace level="3" type="T">URL = http://dac-sapd1.actv2.com:8007/MessagingSystem/receive/AFW/XI</Trace>
<Trace level="3" type="T">User =</Trace>
<Trace level="3" type="T">Cached = X</Trace>
<Trace level="3" type="T">Creating HTTP-client</Trace>
<Trace level="3" type="T">HTTP-client: creation finished</Trace>
<Trace level="3" type="T">Security: Basic authentication</Trace>
<Trace level="3" type="T">Serializing message object...</Trace>
<Trace level="3" type="System_Error">HTTP-client: error response= <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>Error Report</title> <style> td {font-family : Arial, Tahoma, Helvetica, sans-serif; font-size : 14px;} A:link A:visited A:active </style> </head> <body marginwidth="0" marginheight="0" leftmargin="0" topmargin="0" rightmargin="0"> <table width="100%" cellspacing="0" cellpadding="0" border="0" align="left" height="75"> <tr bgcolor="#FFFFFF"> <td align="left" colspan="2" height="48"><font face="Arial, Verdana, Helvetica" size="4" color="#666666"><b> 401   Unauthorized</b></font></td> </tr> <tr bgcolor="#3F73A3"> <td height="23" width="84"><img width=1 height=1 border=0 alt=""></td> <td height="23"><img width=1 height=1 border=0 alt=""></td> <td align="right" height="23"><font face="Arial, Verdana, Helvetica" size="2" color="#FFFFFF"><b>SAP J2EE Engine/7.00 </b></font></td> </tr> <tr bgcolor="#9DCDFD"> <td height="4" colspan="3"><img width=1 height=1 border=0 alt=""></td> </tr> </table> <br><br><br><br><br><br> <table width="100%" cellspacing="0" cellpadding="0" border="0" align="left" height="75"> <tr bgcolor="#FFFFFF"> <td align="left" colspan="2" height="48"><font face="Arial, Verdana, Helvetica" size="3" color="#000000"><b> Authentication did not succeed.</b></font></td> </tr> <tr bgcolor="#FFFFFF"> <td align="left" valign="top" height="48"><font face="Arial, Verdana, Helvetica" size="2" color="#000000"><b> Details:</b></font></td> <td align="left" valign="top" height="48"><font face="Arial, Verdana, Helvetica" size="3" color="#000000"><pre> No details available</pre></font></td> </tr> </body> </html></Trace>
<Trace level="3" type="T">HTTP-client: closing...</Trace>
<Trace level="3" type="T">HTTP-client: sending http-request...</Trace>
<Trace level="3" type="T">HTTP-client: request sent</Trace>
<Trace level="3" type="T">HTTP-client: Receiving http-response...</Trace>
<Trace level="3" type="T">HTTP-client: response received</Trace>
<Trace level="3" type="T">HTTP-client: checking status code...</Trace>
<Trace level="3" type="T">HTTP-client: status code = 401</Trace>Hi,
go to the exchange profile.
there u need to maintain the password for the XIISUSER.
I think u need to restart the J2EE Engine for the changes to take effect.
Regards
Cornelius
Maybe you are looking for
-
Printing to my Windows Networked Printer from my MacBook
Let me apologize upfront, I'm new the world of Apple, just coming over from the PC world and so these will surely be stupid questions. I just got a new MacBook (which I LOVE!!!) I have a Desktop PC running XP I have an HP OfficeJet G85 connected by U
-
I was attempting to do the newest IOS 7 update and halfway through the reboot my phone froze. I attempted to restart the reboot by shutting the phone off but when it came back on it showed a USB cord with an arrow pointing to the itunes symbol. Whe
-
How to create a photo album direct on ipad?
Hello, I want to create a photo album on my ipad but I'm not in town, so I have not my computer with me. There is a possibility to do it direct on the IPAD? Thank you
-
Ipad mini constantly restart by its own
The screen suddenly displays some black strip then shut down and restart, happens often with some tap and sometimes on its own. The issue starts to constantly happen ever since one time when the device shut down by out of battery. Any help to resolve
-
Does anyone know what kind of ac adapter I need for a ThinkPad X230t? I can't seem to figure it out. Thanks!