Authorization for specific business scenario or business step in solar01
Dear all,
we have an issue regarding solution manager blueprinting management restricting an access to specific nodes. Our goar is to have several substructures devided by modules like: FI, SD, PS and etc. And each team member according his position in a company should have an access only to his substructure and all the related documentation below that. Saying an access means a change mode not a display access.
Please find the steps have been performed during the configuration of project below:
All the configuration around system landscape has been done properly.
A new project for solution was created in solar_project_admin.
A correct logical componens has been assigned.
All the required users have assigned as a team members of a project.
At the projec. team member tab a box has been checked in for: restrict changes to nodes in project to assigned team members.
A proposed structure of nodes has been created within Tx solar02.
The right team members have assigned to specific node. So that only they suppose to have a change permission within that nodes. All others read only access.
Every user has sap_solar01_all role assigned to him. We have tryed assigning varios roles according to http://help.sap.com/saphelp_sm310/helpdata/en/db/a1033b2a98f46ae10000000a11402f/content.htm
However as a result we are having a change permission allowed for every node within the structure. Like FI responsible member can access to any node from a tree. And he can make a change for SD related documentation.
Please assist regarding this issue.
Kind regards,
P.S.
I found a thread with a similar problem which was solved by activating a checkbox which is already activated in our system and actually doesn't solve that problem for us.
Authorization for specific business scenarios in Solar01/02
Edited by: Artjoms Nikulins on Mar 11, 2010 3:37 PM
Hi
As far my knowldege goes this is not possible to do within same project or making the same.
You can have project specific access given to member but you cannot go module wise authorization.
Ofcourse there satellite system authorization will be different but not in solman.
In addition check this security guide
https://websmp104.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000075728&_OBJECT=011000358700007187872005E
Hope it ans ur query.
Regards
Prakhar
Edited by: Prakhar Saxena on Mar 12, 2010 3:22 AM
Similar Messages
-
Solar01 - Business Scenarios/Process/Process steps out of alignment
Hello Folks,
We have a situation where the business process that are now in BPH in Solar01 in Solman should have been business scenario
and same with process step should be process.... Is there any quick way to fix that like going into tables and fixing the
data? If so, Can you please let me know what are the tables in which the Business scenarios, processes and steps or the hierarchy is stored?
Or is there any other way to fix this?
Appreciate your kind response.
Cheers,
VenkyHi Venky,
Unfortunately, there is no way to do it, because the nodes have different types, and it would be like trying to transform one thing in other totally different. You can only recreate the hierarchy manually.
kind regards,
Fabricius -
Business Scenario and Business Process in IR
Business Scenario vs Business Process in IR???
Pls give the example for BPEL???Business Scenario - it is nothing but how the business is done in a particular scenario. It mainly is documented in your Functional Spec.
Integration Scenario - http://help.sap.com/saphelp_nw04/helpdata/en/88/7adb7a030b424b8ef29b99461e52a8/content.htm
/people/venkat.donela/blog/2006/02/17/companion-guide-to-integration-scenario
/people/siva.maranani/blog/2005/08/27/modeling-integration-scenario146s-in-xi
Integration Process / BPM -
http://help.sap.com/saphelp_nw04/helpdata/en/3c/831620a4f1044dba38b370f77835cc/content.htm -
Define read-only authorization for specific field(s) on a form for 11.5.9
Dear all,
Can you pls let me know how is it possible to define read-only authorization access for specific field(s) per responsibility / user on a form in 11.5.9?
For example I want to protect the item master file by assigning for example to users with responsibility buyer authorization to modify the buyer information but to have read-only only authorization on other sensitive fields such as make/buy flag, expense accounts, etc
Through UI Modeller I have only managed to make specific fields on specific forms invisible, or whole tabs invisible, to specific responsibilities but this does not cover my needs as I want them to be able to view the data of the fields but to not be able to update themArun,
Almost but not quite.. The example you've given has the person VO at the top level which includes all the id's (City, State etc). My use case is slightly different.
query 1
select org_id, OrgName from x;
query 2
select emp_id, emp_name from y where org_id = x.org_id
query 3
multi-table join (approx 9 tables) to retrieve depts associated to employee
where org_id = x.org_id
and emp_id = y.emp_id
Rather than using LOV's would it be better to create VO's and pass in the bind parameters at run time? -
Delete authorization for specific Company Code
All,
For a specific transactions, our users may only run the transaction for a specific company code. Transaction is TPM55A
What authorization object do I need to add to my role, so the users have only authorization for let's say Company code range 1000 - 1050.
Many thanx for help
kr,
StefHi Stef,
Please try to add this authorisation object manually F_BKPF_BUK- Authorisation object for company code.
In the filed BUKRS you can maintain the company code as you required for the users.
I hope this may help you in resolving the issue.
Thanks
Karthick -
Authorization for specific report
Hello friends ,
I want to give authorization to user specific to only one report , can anybody tell me the specific object and values fro it ?
Regards
Nilesh VakilHi,
You can add this purticular Query in the Role which is assigned to that user. First you assign that role to your User ID and then you can add this object in the Role by opening the Query in BEx--> Click on publish in Role.
Now that report will be accessable for all the users where that role is Allocated.
Regards
Karthik -
OB52 - Authorization for specific population
Hello,
Here is the context:
At this moment in our client there are 2 group of populations: normal population and specific population (which has to be able to post some days during the month M).
We are managing posting periods through OB52 where normal population is managed through the interval 2 of OB52 and the specific population is managed through the interval 1 and has assigned authorization group (AG1).
Also we have created different variants assigned to different company codes as each company code has different users as specific population.
The issue is that we need a 3rd group of population (for migration purposes only) to be able to post when the two other periods are already closed.
Do you have any idea how to deal with a 3rd group of population in OB52?
Thank you
CristinaHi Cristina,
I believe you will have to assign the authorization object F_BKPF_BUP to the authorization group for the 3rd population in user roles in order to perform postings in a closed period.
Check with your basis team for this.
Thanks,
Sagar -
Add Configuration & Business Scenario in SOLAR02
Hi all,
I was trying to add item under Configuration and also Business Scenario folder (tcode SOLAR02). And the standard imported folders when I chose SAP ERP 6.0 are Basic configurations for Configuration folder, and only six business scenarios under Business Scenarios.
Since I am not a business person, does anyone know (anyone who ever used this functionality) that the imported business scenarios have covers all possibility scenarios in ERP? The same question for Configuration folder, there was only a few configuration items i recognize from SPRO tcode, many were missing. Does it mean that we have to add our own folder for each configuration tree from SPRO tcode? Is it the way this feature works?
ThanksHi
Go thru foll. links
https://websmp210.sap-ag.de/~sapdownload/011000358700002006042008E/HowTo_Impl_Bus_Proc.pdf
https://websmp210.sap-ag.de/~sapdownload/011000358700000478762009E/HowToCreateConfGuide.pdf
Regards
Prakhar -
Business scenario in ID and IR
In XI 2.0 Business scenario in ID has only name to identify the config.
But in XI 3.0 how do you differentiate Business scenario in ID and IRHey Gabriel,
I think you are getting confused between Integration Scenario and Business Scenario.
Business Scenario's are build using ID where are Intergration Scenario's build using IR.
Nilesh -
Our business scenario demands that a particular user should be able to access the T.code"Me23n(Display P.O)" but shouldn't be able to view condition tab in the "item detail",how to set up the authorization for this, please mention the detailed steps.
Hi Shashi,
I would recommend you to look under M_BEST_BSA authorization object in the role.If you are not able to restrict the user from viewing the Conditions tab with this approach then it is something to do with MM Configuration.
Hope this helps.
Regards,
Kiran. -
Need help for configuring integration scenario for AII
Hi,
We are referring to "RFID-Enabled Outbound Processing: Configuration Guide" for transferring materials from ECC to AII through XI.
So far we have been successful sending the IDOC to XI.
When we display the XML message in XI using IDX5, we get the error message "No receiver could be determined".
I request you to help us with the configuration of the integration scenario in XI.
Regards.
GauravHi Yogesh,
Thanks for reply.
Maintaining XI Directory configuration
u2022 Generate business scenario using business scenario configurator
u2022 Creating a scenario
It is fine upto these two steps
u2022 assigning business systems
We have assigned "AII" business system
only (receiver)
u2022 creating communication channels
Following parameters are set for comm channel
Adapter type: HTTP
Configured as Receiver
Transport Protocol: HTTP: 1.0
Message Protocol: XI payload in HTTP Body
Adapter engine: Integration server
Addressing type: URL Address
Target host: <name of AII system>
Service number: <service no>
path prefix: /sap/xi/engine?type=entry
u2022 defining receiver determinations
u2022 defining interface determinations
u2022 defining receiver agreements
All these were generated automatically
Are these configurations alright?
Regards,
Gaurav -
Restrict F4 search results for specific plants / sales org / purchasing org
Hello All,
We have a project where a particular plant / sales org / purchasing org needs to be restricted because of the top secret data for that business. We would like to be able to restrict the search results that are displayed based on sales org / plant / purchasing org in the F4 help. If a user does not have access to the data / documents related a plant / sales org / purchasing org, we do not want the user to be able to see doc numbers, ship-to's, material numbers etc... My question is where do we restrict F4 results for the Sales and Distribution, Finance, Materials Management, Production Planning, Logistics, etc... modules? Thanks in advance for the help.
JordanWe can set authorization for specific plants and other organization levels,contact the basis team and discuss about the authorization
-
Hello Experts,
One of my user wants to see a report in the web and wants an authorization for the same. When he is trying to execute the query in the WEB he is facing the follwoing error.
User SCANESIN has no RFC authorization for function group SDIFRUNTIME.
What steps do i need to follow to resolve this issue.
Regards,Hi,
You can solve this problem with the help of your basis person.
Go to the role of that use using RSECADMIN. Find the authorisation object S_RFC. Include SDIFRUNTIME in
'Name of RFC to be protected' field. Activate the role.
Regards
Githen -
How to connect steps in business scenario
Hello,
After creating a project in Solution Manager, creating a business scenario in that project and creating a custom business process in my scenario, Iu2019ve defined the necessary steps that I want in my process. These steps involve 2 different logical components, a component specified for a SAP XI/PI system and a logical component for SAP ECC system.
The business process will involve interaction between the two logical components where Idocs will be exchanged. My first issue is, in transaction SOLAR01 when I click the tab Graphic, Iu2019m able to see the two separate components each with their steps but with no connection or relation between them or with any step order. Where can I define the order and flow for the steps in the business process? After defining the flow, will the connections be presented in the graphic?
One other question, if this business process involve interfaces, should I define this as a business scenario or as an Interface Scenario? What is the main difference between these two objects? Canu2019t I have only business scenarios and define the steps as interfaces?
Thank your for the attention.
Best regards,
Goncalo Mouro VazHello,
please be aware that only business process maintained in the operations part of SAP Solution Manager. i.e. the Solution Directory, are available for Business Process Monitoring. Processes defined within SOLAR01 are in the project part and hence not directly available for monitoring. But those processes can be copied into the Solution Directory.
For BPMon only "Business Scenraios" are of interest. "Interface Scenarios" need not be maintained but can be used for additional documentation purposes.
Please refer to http://service.sap.com/bpm > Media Library > Technical Information > Setup for Interface Monitoring.pdf
You may also visit the FAQ page http://wiki.sdn.sap.com/wiki/display/SM/FAQBusinessProcess+Monitoring
Best Regards
Volker -
Read the Adapter-Specific Identifiers of a Business Service in mapping step
Hi,
Is it possible to get the values specified in "Adapter-Specific Identifiers" of a Business Service / Business System in the Integration Directory, to be used in the mapping step - and how?
My idea was to access the information via a user definded function in a messages-mapping.
I know the IDOC receiver adapter reads the value for "Logical System" when creating the EDI_DC40 record, but this is done in the Call Adaper step after the mapping step and therefore not available in the message SOAP Header (IDocOutbound not created yet I guess).
Can anyone help?
Thanks
Best Regards
ChristianHi Christian,
In Java Mapping, we have some constants using which we can achieve this.
Refer the below link:
[http://help.sap.com/saphelp_nw04/helpdata/en/e2/e13fcd80fe47768df001a558ed10b6/frameset.htm|http://help.sap.com/saphelp_nw04/helpdata/en/e2/e13fcd80fe47768df001a558ed10b6/frameset.htm]
Regards
Bhanu
Intelligroup.
Maybe you are looking for
-
JDeveloper 11.1.1.3 has Bug "adrci.exe" when I Run ADF Applications
Hi all my Environment is 1- Windows XP Service pack 3 2- Database 10g r10.2.0.4.0 2- Jdev 11.1.1.3 when I Run any ADF Applications, I got this error "adrci.exe" any solution for this error or this bugs from JDev 11.1.1.3? mugmug
-
Use of Delimit button while Maintaining a View
Hi Experts, I have created a table with ENDDA as key field. I have created the corresponding maintenance view for table and generated it . Now while maintaining the entries in the view, I see a button 'DELIMIT' in menu bar. I have created two entries
-
Hi guys, Quick question I need to transfer quite a lot of photo's from and to a dropbox account using my My mirror. Now I would like to know if there is a way to do so without having to keep my computer on because it takes a lot of time. I've found t
-
Hi, There is an information on page http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=41&p_exam_id=1Z0_051 Exam available onlineWhere need one go to find it?
-
I'm trying to remove my Windows partition and delete Boot Camp altogether off my laptop. When I try to remove the partition, I get an error saying "An error occurred while restoring the disk to a single partition." Can someone please help?