Authorization for project relase

Similar Messages

• Authorization for project (table PROJ)

  Hi experts !
  I would like create role for PS modula which is limited to field Object Class equal Investment. Itu2019s impossible. How I can check which field I can use for authorization for project (table PROJ).
  Rgds Stenwa

  Stenwa,
  there are no user fields in the project definition. Instead you will find them in the WBS element. In that case, you can use standard authorization objet C_PRPS_USR to check on the user fields, but, as I say, it will not point to PROJ but to PRPS.
  CNEX0002 is a user exit to enhance authorizations in PS. You can check it in SMOD and create an implementation in CMOD but you will need the help of an abaper to create the necesary coding.
  Rgds
  Martina

• Authorizations for Projects (Restricting Read/Write to users )

  Hi
  I want to know how I can .
  1) Restrict one users from editing projects of each others in xMII Workbench.
  (for ex. User A shud not be able to modify the projects created by user B)
  Tell me the steps.
  Regards
  Tulip

  Just some info on MI 12.1 if you are thinking about upgrading...
  MI 12.1's Content Management could solve your issue. In this version of MI, you can restrict content developers to shared projects. Shared projects are versioned by the repository thereby allowing developers to track revisions to all MI objects (queries, display templates, HTML pages, etc.). So if developer 1 makes incorrect changes to developer 2's web page, developer 2 can create a new version based on his previous correct version. You should evaluate CM if you are upgrading to 12.1 and have curious developers deleting important content.  
  Regards,
  Kevin

• ECC 6.0 and BI Authorizations in Project Implementation Phase for Dev only

  I ) ECC 6.0 Authorizations for Project Team
       I have browsed through SDN and gone through several documents and perhaps trying to post our senario as clearly as possible for better answers
  Aim : 1) To give appropriate authorizations to
        a) Functional Consultants
        b) ABAP developers
        c) BI consultants 
        in Development environment only on Customizing client,
        sandbox client and unit testing client
  There is no inhouse security consultant in house at this time.
  Type of Oragnization : Midsize
  project Life cycle phase : Bluprint-Realization
  Question1:
       What role and profile should I assign to functional consultants by preparing a role from the SAP standard role and what is the best way to restrict functional consultants from sensitive areas.
  eg: Modifying SAP_ALL option and assigning it to functional consultants.
  II.
  BI 7.0 Authorizations for BI consultants in Development environment
  Aim: 1) To give authorizations to BI 7.0 consultants (using only ABAP          stack)
    Question: I have read through some forum and wiki answers in sdn and many explain that give SAP_ALL and SAP_NEW to BI consultants and in addition give 0bi_all, SAP_BW_DEVELOPER and much more.
      Can some body list what are the needed Roles for this kind of users ?
  I know in theory many talk, do not assign SAP_ALL, but the person who advice this never explained the best alternative, and none of them I know have practially told that they have not assigned SAP_ALL.
  Please explain . I think asnwering my question will bury many questions in this fourm .

  Hi Nick,
  Did you get the answer? I'm lookinf for the same information about profiles.
  Thanks!!

• Person responsible based Authorization in Projects is not working for me

  Hi,
  Does 'Person responsible' based authorization for WBSE works for the WBS element only, or for the hierarchically sub-ordinate non-WBS objects (meaning Networks, Activities, Materials etc) as well?
  Details:
  (Authorization objects: C_PROJ_VNR and C_PRPS_VNR)
  -- User1 is assigned with role TESTROLE1. This role has the Project manager based WBS & project authorization objects, with person number 101.
  -- User2 is assigned with role TESTROLE2. This role has the Project manager based WBS & project authorization objects, with person number 102.
  Following sample project is created by a super-user:
  PROJ123 (Details: person responsible - 101)
    WBS-1 (Details: person responsible - 101)
      WBS-1/1 (Details: person responsible - 101)
        NETWORK1
        ACTIVITY11
        MATERIAL111
        MATERIAL112
      WBS-1/2 (Details: person responsible - 102)
        NETWORK2
        ACTIVITY21
        MATERIAL211
        MATERIAL212
  Now the requirement of super-user is that WBS-1/1 and its subordinate elements (Activities, Materials etc) should be editable only by User1. And similarly, WBS-1/2 and its subordinate elements should be editable by User2 only.
  My issue:
  Although WBS-1/1 is not accessible to User2, BUT User2 can edit the subordinate elements (NETWORK1, ACTIVITY11, MATERIAL111, MATERIAL112) of WBS-1/1. I do not want User2 to have edit access to subordinate elements of WBS-1/1.
  Above issue is with User1 for WBS-1/2 as well.
  Hope I am clear in explaining my issue. Can anyone please help me understand the standard authorization concept of Person responsible based roles. I suspect that I am going wrong somewhere but I am not able to identify the problem.
  I want to allow access of a part of project to one user, and another part to some other user. And I do not want to go for an ABAP option if I can do above using basis authorizations.
  (Above mentioned problem is not just with part of projects, but with a complete project as well.)
  Hope to see some quick replies. Thanks in anticipation.

  Thanks for the inputs Sreenivas.
  Are you aware of any authorization objects which can restrict access to Networks, Activities, Material components and Milestones, using 'Person responsible' or any other suitable field? I hope you got what I am looking for.
  Restricting WBSE based on 'Person responsible' without restricting sub-ordinate elements is not much useful according to me. It helps only with simple project structures (having only WBSE) and nothing much. Right?
  Thanks again

• COGS Value showing as null for Projects

  Hi All,
  We have a report called Revenue Report. In this report we track the revenue and cogs value for both OM orders and Projects. We are able to see th cogs value for OM order(i.e. sales order)but not for projects. We are using OOTB out of box mapping(i.e.SDE_ORA_GLCOGS) for populating cogs value.So we have approached oracle team to address this issue. Please find the below reply from Oracle. Can somebody help me how to calculate COGS value for projects.
  BIApps 7.9.6.x do not support the integration of Project and COGS out of the box. If you have cogs trx from Projects and would like to extract these trx, you can customize the SDE sql.
  [OOTB sql in SDE_ORA_GLCOGS]
  WHERE
  MMT.TRANSACTION_TYPE_ID IN (15, 33, 10008) AND
  (MMT.TRANSACTION_ACTION_ID,MTA.ACCOUNTING_LINE_TYPE ) IN
  ((27, 2), (1, 36), (36, 35))
  MMT : MTL_MATERIAL_TRANSACTIONS
  MTA : MTL_TRANSACTION_ACCOUNTS
  15 = RMA Receipt (Return Material Authorization)
  33 = Sales order issue (Ship Confirm external Sales Order)
  10008 = COGS Recognition
  (27, 2) = (Receipt into stores, Account)
  (1, 36) = (Issue from stores, Deferred Cost of Goods Sold)
  (36, 35) = (COGS Recognition, Cost of Goods Sold)
  These are OOTB default values to extract the cogs trx for sales order etc. These are configurable. You can add/modify these values as needed. You can check the OLTP MTL module for the meaning of each values

  Please do not post duplicates -- COGS Value showing up as null Projects

• What happends when you give 2 groups with some of the same members different authorizations for a document

  Hello,
  I'm doing my internship at a litte Telekom company. I'm investigating how they can use MS SharePoint as their central place to put projectinformation. Now i've been thinking what happends when i do the following:
  Make one document library
  Add 2 groups to the Active Directory, group "A" with all the employees and group "B" with only four people working on a project. When i add a document to the document library and set the authorizations for the document as
  follows:
  Group B: Read/Write
  Group A: Read
  Does the people from group B still be able to edit the document, because they are also in group A?
  I don't have a test environment to test this myself.
  Why i want to know this? The company want's one place to place all their documents with projectinformation. This information is about different projects. You only wan't that people can change the specific document when they are working on the specific project
  where the document belongs to.  

  You get the union of permissions, so if one group allows access and the other not, you will get the union of both and therefore access. Of course, you can break security settings per library/folder or document, and specify new settings,
  if you need too.
  Kind regards,
  Margriet Bruggeman
  Lois & Clark IT Services
  web site: http://www.loisandclark.eu
  blog: http://www.sharepointdragons.com

• How to Control authorization for users with certain status for level 2 WBS Element

  Dear All,
  Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
  Pre-requisite:
  There is only 2 level of project i.e.
  Lev_ WBSE_______Description
  1___ 7-14.E_______summay outage controller
  2___ 7-14.E.2310__ Plant/unit # 2310
  2___ 7-14.E.2310__ Plant/unit # 2220
  Project Controller  (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
  Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
  User ID_ Plant #
  123345_ 2310
  122455_ 2220
  Issue:
  After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
  Solution required: 
  Can any one tell how to control this scenario either by standard or enhancement available to control authorization
  BR
  Saqib Usman   

  Hi,
  Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
  Thank you and regards,
  Varshal Kachole
  The SCN Rules of Engagement

• Authorization for specific business scenario or business step in solar01

  Dear all,
  we have an issue regarding solution manager blueprinting management restricting an access to specific nodes. Our goar is to have several substructures devided by modules like: FI, SD, PS and etc. And each team member according his position in a company should have an access only to his substructure and all the related documentation below that. Saying an access means a change mode not a display access.
  Please find the steps have been performed during the configuration of project below:
  All the configuration around system landscape has been done properly.
  A new project for solution was created in solar_project_admin.
  A correct logical componens has been assigned.
  All the required users have assigned as a team members of a project.
  At the projec. team member tab a box has been checked in for: restrict changes to nodes in project to assigned team members.
  A proposed structure of nodes has been created within Tx solar02.
  The right team members have assigned to specific node. So that only they suppose to have a change permission within that nodes. All others read only access.
  Every user has sap_solar01_all role assigned to him. We have tryed assigning varios roles according to  http://help.sap.com/saphelp_sm310/helpdata/en/db/a1033b2a98f46ae10000000a11402f/content.htm
  However as a result we are having a change permission allowed for every node within the structure. Like FI responsible member can access to any node from a tree. And he can make a change for SD related documentation.
  Please assist regarding this issue.
  Kind regards,
  P.S.
  I found a thread with a similar problem which was solved by activating a checkbox which is already activated in our system and actually doesn't solve that problem for us.
  Authorization for specific business scenarios in Solar01/02
  Edited by: Artjoms Nikulins on Mar 11, 2010 3:37 PM

  Hi
  As far my knowldege goes this is not possible to do within same project or making the same.
  You can have project specific access given to member but you cannot go module wise authorization.
  Ofcourse there satellite system authorization will be different but not in solman.
  In addition check this security guide
  https://websmp104.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000075728&_OBJECT=011000358700007187872005E
  Hope it ans ur query.
  Regards
  Prakhar
  Edited by: Prakhar Saxena on Mar 12, 2010 3:22 AM

• Restrict authorizations for payment item transaction

  Hi All,
  This is regarding authorizations for a banking system.
  The requirement is the users need to be restricted for the following transaction based on the Bank Posting Area or the contract managing unit.
  BCA_PAYMITEM_CREATE
  When the user goes to create payment item the user should be allowed to enter an account which has been created with the contract managing Unit ZSUM007 or Bank Posting area ZSUM. The user should not be allowed to go in for any other values of contract managing unit and Bank Posting Area
  BCA_PAYMITEM_MAINTN
  The user should be allowed to enter an account which has been created with the contract managing Unit ZSUM007 or Bank Posting area ZSUM .The user should not be allowed to go in for any other values of contract managing unit and Bank Posting Area.
  I checked the transactions in SU24 and found only authorization object S_TCODE associated with the transcations BCA_PAYMITEM_CREATE and BCA_PAYMITEM_MAINTN.
  Can someone please suggest a way to acheive this.
  Regards,
  Thamarai.

  Hi Shiva,
  I tried assigning the org unit using PFCG ORGFIELD CREATE.
  Now the org unit in pfcg shows Org. level Contract-Managing Organizational Unit (Encrypted) but there is no coresponding field in the authorization objects in the role.
  Can you please help since the project is very critical.
  Regards,
  Thamarai.

• Customizing Authorization for Controlling

  Hello, Experts,
    I need to create a role with authorization for SPRO but only for the Controling branch.
  How do I do it ?
  Thank you !
  Rami Kleiman - HP

  Hi,
  DSK-  How do create configuration project ?
  Anil - Can you be more specific ? PFCG is transaction for creating roles.
  When I add SPRO to the role, it DOES NOT add all the authorization for
  the SPRO options.
  Thank you,
  Rami

• Auth Group for Accounting Doc and Account authorization for  Vendors

  Hi guys,
  I have question regarding Accounting Doc for Vendor and G/l Account.  I have a security client whree I build my business roles for end user but we we configuration client where all the functional focus wokring and doing configuration.  My questiion when I start creating business roles  and start going  into these authorization objects and filling up the field values (F_BKPF_BEK, F_BKPF_BES,  F_BKPF_BLA).
  I won't  see auth group that will be c reated by functional  cocus because they are working on configuration Client and they probably create auth group for above authorization objects in Config lcient and I'm building Roles in my security client. 
  If it is true what would be the best way to create business role.  I'm in realization face of the project  Should I build my roles in Config client?   Please advise.
  Thanks in advance
  Faisal

  What is the benefit of a "security client" in DEV? I don't get it...
  You anyway need to protect the namespace... and the authorizations for role development (SU24) and admin (PFCG).
  Anyway, you have closed your question so we can only lick our wounds now
  Cheers and good luck on your project (let is know how it goes if you stick around for long enough to experience a release upgrade...
  Julius

• User has no authorization for Function group SYST

  Hi,
  We are starting to make customisation to B2B application. I have just created a new project for B2B_XXXX application and deployed it on the server. When I run this custom application, I am not able to login using the same user that is working fine for the standard B2B application.
  Following is the error I am getting
  ERROR 1 - RFC_ERROR_LOGON_FAILURE: User INTUSER05 has no RFC authorization for function group SYST
  ERROR 2-  The application was not able to switch to a stateful connection......
  Strange thing is that the same user works very well for standard B2B.
  Any clue? All I have done is created a CUSTCRMPRJ for B2B ERP (SHRWEB, SHRAPP). Please help.
  Best regards,
  -Tarun
  Edited by: Tarun Bakshi on Nov 10, 2011 7:37 PM

  Hi Shanto,
  The problem is still occuring. Even If I give s_rfc authorisation the order is not being created.
  I compared the source code for b2b and b2b_custom application, I have pasted below the component info
  sap.com      CORE-TOOLS      7.00 SP14 (1000.7.00.14.0.20071210170909)      SAP AG      SAP AG      20080125132852
  sap.com      SAP_JTECHF      7.00 SP14 (1000.7.00.14.0.20071210172424)      SAP AG      SAP AG      20080125132853
  sap.com      BASETABLES      7.00 SP14 (1000.7.00.14.0.20071210170411)      SAP AG      SAP AG      20080125132853
  sap.com      SAP-JEECOR      7.00 SP14 (1000.7.00.14.0.20071210172300)      SAP AG      SAP AG      20080125132852
  sap.com      JLOGVIEW      7.00 SP14 (1000.7.00.14.0.20071210160700)      SAP AG      SAP AG      20080125132853
  sap.com      SAP-JEE      7.00 SP14 (1000.7.00.14.0.20071210172039)      SAP AG      SAP AG      20080125132853
  sap.com      SAP_JTECHS      7.00 SP14 (1000.7.00.14.0.20071210172719)      SAP AG      SAP AG      20080125133813
  sap.com      BI_UDI      7.00 SP14 (1000.7.00.14.0.20071210170522)      SAP AG      SAP AG      20080125133909
  sap.com      BI_MMR      7.00 SP14 (1000.7.00.14.0.20071210170459)      SAP AG      SAP AG      20080125133230
  sap.com      UMEADMIN      7.00 SP14 (1000.7.00.14.0.20071210164800)      SAP AG      MAIN_APL70VAL_C      20080125140341
  sap.com      LM-TOOLS      7.00 SP14 (1000.7.00.14.1.20080124101556)      SAP AG      MAIN_APL70P14_C      20080125134809
  sap.com      SAP-SHRWEB      6.0 SP0 (1000.6.0.0.2.20080129095806)      SAP AG      MAIN_CRM70PAT_C      20110608153828
  sap.com      SAP-SHRAPP      6.0 SP0 (1000.6.0.0.2.20080128172843)      SAP AG      MAIN_CRM70PAT_C      20110608154506
  b2b_custom application has been created by using code from the following SCs that were added to the track
  SAPSHRWEB10_7-20003522.SCA
  SAPSHRAPP10_7-20003520.SCA
  SAPCRMWEB10_7-20003518.SCA
  SAPCRMAPP10_7-20003516.SCA
  SAPCRMDIC10_0-20003519.SCA
  STRUTS01_0-10003646.SCA
  SAPIPCMSA10_0-20003515.SCA
  SAPCRMJAV10_7-20003517.SCA
  SAPSHRJAV10_7-20003521.SCA
  TEALEAF00_0-20001451.SCA
  SAPBUILDT14_0-10003479.SCA
  Any help would be great...

• Authorizations for Adobe Interactive forms

  Hi,
  During Adobe configuration I encounter serious trouble in determining the needed authorizations. We implement basic Adobe forms initiated by managers.
  Can anyone please instruct which SAP ECC roles are needed for executing Adobe Interactive forms?
  Situation
  We assigned the Adobe roles:
  SAP_BC_CM_USER
  SAP_ASR_MANAGER
  The manager has also assigned authorizations to view PA objects for subordintes.
  With extended authorizations I can start new process. However, when the process is started with same user but with the authorization mentioned above I receive the following error:
  "No Adobe Form Is Assigned to the Scenario"
  com.sap.pcuigp.xssfpm.java.FPMRuntimeException: No Adobe Form Is Assigned to the Scenario
       at com.sap.pcuigp.xssfpm.java.MessageManager.raiseException(MessageManager.java:111)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.raiseExceptions(FcISRProcessEvent.java:1980)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callRFCIsrGetFormUrl(FcISRProcessEvent.java:1042)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.setTemplateSource(FcISRProcessEvent.java:459)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callRFCIsrProcessEvent(FcISRProcessEvent.java:798)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEvent.callIsrProcessEvent(FcISRProcessEvent.java:380)
       at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEvent.callIsrProcessEvent(InternalFcISRProcessEvent.java:1234)
       at com.sap.pcui_gp.isr.isrprocessevent.FcISRProcessEventInterface.callIsrProcessEvent(FcISRProcessEventInterface.java:127)
       at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEventInterface.callIsrProcessEvent(InternalFcISRProcessEventInterface.java:409)
       at com.sap.pcui_gp.isr.isrprocessevent.wdp.InternalFcISRProcessEventInterface$External.callIsrProcessEvent(InternalFcISRProcessEventInterface.java:577)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.VcISRShowForm.onBeforeOutput(VcISRShowForm.java:215)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowForm.onBeforeOutput(InternalVcISRShowForm.java:435)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.VcISRShowFormInterface.onBeforeOutput(VcISRShowFormInterface.java:137)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowFormInterface.onBeforeOutput(InternalVcISRShowFormInterface.java:136)
       at com.sap.pcui_gp.isr.isrprocessevent.showform.wdp.InternalVcISRShowFormInterface$External.onBeforeOutput(InternalVcISRShowFormInterface.java:212)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.callOnBeforeOutput(FPMComponent.java:603)
  Help is greatly appreciated and will be rewarded when useful!
  Regards,
  Thomas

  Hi Tom,
  When you are familiar with authorizations in PFCG trabsaction you are finaliar with S_DEVELOP if not ask the authorization team on your project.
  Basically this authorization object handles the read/write etc authorization related to devlopment objects. If you implement Adobe forms you will probably develop your own forms or at least copy the SAP forms to customer namespace.
  For Adobe you will therefore have 2 custom development objects (1 for the form and 1 for the interface that is automatically generated). The end-user shoulf have at least READ access to these objects. If not the portal will trow an error on this.
  To determine the tech names of the objects find the form and related interface in transaction SFP. These should be inserted in the object S_DEVELOP in the role for the end users.
  You may want to consider to put the value Z* in the object which will give authorization for all the custom developed objects.
  If you can't find the object reply again and i will send a screenshot.
  Finally, make use of the splended transaction ST01!! It will make your life a lot more easy in portal! It traces all the authorizations needed and missing for any user you specify. After activating the trace and running a portal scenario the log will tell you want went OK and what not on an authorization object level.
  Good luck,
  Thomas

• Authorization for Infotypes and Actions

  Hi Experts,
  In my project i have a requirement to give authorization to individual infotype level and also give authorization for each and every PA40 actions .
  Please give me a solution if any.
  thanks..
  Avik

  Hello:
  For authorization to individual infotype, use object P_ORGIN, authorization field INFTY. In here you can specify individual infotypes, and also authorization level on field AUTHC:
  R - Read access
  W - Write access
  M - Matchcode access
  E, D - Enqueue, dequeue access (Asymmetrical double verification principle)
  S - Symmetrical (Symm. double verification principle)
  For authorization for each and every action, use:
  INFTY: 0000 (Actions infotype)
  SUBTY: ## (Specific actions)
  This is done with basis team cooperation in transaction PFCG.
  Hope this helps
  Regards.