Authorization for User Creation for Admin user

Similar Messages

• Authorization for Service Desk

  Hello,
  what SAP Roles are necessary for Solman Users to create and changes Messages in (for) the Service Desk.
  The Users should only be to create and change Messages , no authorization for Admin the Service Desk.
  The Users should create Messages in the Satellites Systems and it should be possible also to change this messages directly in the Solman.
  Thanks
  Toni

  Hi Antonio,
  At the moment, I am not fully aware of the possible Authorisation object level of controlling this.
  However, the following could be a solution, if explored.
  The transaction CRM_DNO_MONITOR is the one the message processing person is supposed to be used, to list and then act upon messages. I hope that's what you were planning to use.
  If so, you can attempt this:
  (1) Under the sub-section Business Partner, you can restrict the Partner Function to the following three entries:
        (a) SLFN0002 - Reported By
        (b) SLFN0004 - Message Processor
        (c) 00000022 - Person Responsible
  (2) In the field above that, Business Partner, specify the individual's Business Partner number.
  Save this as a user specific variant
  Having saved this variant, you can make it possible for this User ID to always pick that particular variant everytime the transaction is accessed.
  Regards,
  Srini

• Authentication and authorization for AD users in UCM11g

  Hi all
  we are using webcenter content server 11g. I read some where that for 11g users authentication is done in weblogic server environment, mean content server for 11g in now managed by weblogic server only, am i right?. we have successfully integrated Active Directory with weblogic sever and user of AD are able to log-in UCM but they don't have any role like contributor or Admin. How to do this role mapping for AD user in UCM i.e. authorization for these users. Please provide any guidence on this issue any doc or blog, we are new to webcenter suite.
  Thanks
  Somesh

  As you already have weblogic integrated with AD, remains only role mapping and Single Sign-On integration. For authorization, AD must contain groups with exact names as roles in the Content Server. Those groups should be where Group Base parameter in the weblogic ActiveDirectoryAuthenticator point (like OU=Roles,OU=Oracle,DC=example,DC=com). Assigning AD user to the AD group named contributor, will add contributor role to logged Content Server user.
  As for SSO, refer to the:
  http://docs.oracle.com/cd/E23943_01/web.1111/e13707/sso.htm
  and
  http://docs.oracle.com/cd/E23943_01/doc.1111/e10792/c05_security.htm#autoId21
  Procedure steps are:
  Create a user account for the hostname of the web server machine in Active Directory
  Create krb5.ini file, and locate it in the C:\Windows directory at both machines (Domain Controller and WLS host)
  Generate the keytab file
  Create a JAAS Login File named krb5Login.conf
  Put both keytab and krb5Login.conf files to …/user_domains/domains/my_domain/
  Configure the Identity Assertion Provider
  Adjust Weblogic Server startup arguments for Kerberos authentication
  Redeploy CS (and optionally other servers) server with the documentation given deployment plan
  Check web browser configuration (IE and Firefox only)
  Take a deep breath and test
  If successful have a cake and cup of coffee else goto step one
  Regards,
  Boris

• Need authorization for business document services attachment list with user status in ps claim for clm2 and clm3

  Dear Friends,
  client wants to restrict the attachment list changing, deletion after the user status sets to close in PS Claims for transaction clm2 and clm3.
  Currently any one can attach documents as GOS and delete even the claim is completed and status is closed.
  How can we restrict all users even who created the claim can not change create and delete attachment list documents once the claim is completed and approved and user status sets to closed.

  HI,
  what is the claim creation transaction in that 01 is for creation 02 is for edit and 03 for display so with the help of basis consultant you can assigned transaction in user's assigned role accordingly.
  But user who is authorize for create claim can not modified or edit once he save the job. this would be limitation.
  Regards,
  Sanjeev

• How to give user authorizations for a Program or an ICF service

  Hi,
     1)How to give user authorizations for a report program or an ICF service.
     2)How to create an user authorization object.
  Regards,
  Vinay.

  check this online help for more info on authorization object creation
  http://help.sap.com/saphelp_nw04/helpdata/en/52/67168c439b11d1896f0000e8322d00/frameset.htm
  for question no1.
  ICF - you either maintain the auth obj relevant at the icf service level itself or you can code call authority object and block access
  for abap programs:
  you maintain auth object at the tcode or code the call authority object within the program
  Regards
  Raja

• List of users who have authorization for a particular transaction?

  Hi All,
  Can anyone guide me how to know the list of users who have authorization for a particular transaction?
  I need this to find out the list of authorizations that are obsolete ,when the particular trnsaction is obsolete in an Upgrade process.
  Thanks in advance.

  we can get the list of users for a particular transaction as below.
  get the tcode and place in AGR_TCODES and we get the list of roles .
  loop the roles and pass each role to AGR_USERS and we get list of users for that role.
  finally we got the list of users for that tcode.

• How to Control authorization for users with certain status for level 2 WBS Element

  Dear All,
  Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
  Pre-requisite:
  There is only 2 level of project i.e.
  Lev_ WBSE_______Description
  1___ 7-14.E_______summay outage controller
  2___ 7-14.E.2310__ Plant/unit # 2310
  2___ 7-14.E.2310__ Plant/unit # 2220
  Project Controller  (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
  Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
  User ID_ Plant #
  123345_ 2310
  122455_ 2220
  Issue:
  After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
  Solution required: 
  Can any one tell how to control this scenario either by standard or enhancement available to control authorization
  BR
  Saqib Usman   

  Hi,
  Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
  Thank you and regards,
  Varshal Kachole
  The SCN Rules of Engagement

• BPS retraction (CCA) - authorizations for background user (R/3)

  Hi,
  I'm  trying to retract plandata for statistical key figures from BW to R/3. During data retraction I get an error message in BW. The message is about missing authorities on R/3 side, but without any detailed information. We use the standard backround user for BW => R/3 RFC connections. So my question is, if the background user needs additional authorizations for data retraction? Are there any notes or documentation?
  Thanks for help,
  Tanja

  Hi,
  I remember having faced this issue...
  I fixed it by creating a RFC connection for the retraction itself connecting with a service user (S_BWRETR) having profiles SAP_ALL, SAP_NEW.
  hope this helps...
  Olivier.

• HT1338 What's going on with iCloud (MobileMe)?  I'm able to sign in here, but I can't access mail on my Macbook Pro, iPhone, or work computer.  I always get an authorization error (user-id or passwork wrong).  This has been going on for almost a week now.

  What's going on with iCloud (MobileMe)?  I'm able to sign in here, but I can't access mail on my Macbook Pro, iPhone, or work computer.  I always get an authorization error (user-id or passwork wrong).  This has been going on for almost a week now.

  The single download means that you won't be able to redownload it from the store without paying, either on a computer's iTunes or an iOS device - it doesn't stop you from copying the audiobook to your other computers or syncing it to your iOS devices, you just can't redownload it. (I believe that they are all supplied to Apple by audible.com, so I assume that it's them requiring the one-time download.)
  You can download audiobooks on your computer's iTunes and sync them to iOS devices, you do not have to buy them directly on the device (if you do then you can copy them back to your computer's iTunes library by connecting the device and using the File > Devices > Transfer Purchases menu option on your computer's iTunes).
  What you are doing to sync them should work i.e.
  - connecting the iPad to your Mac
  - selecting the iPad on your Mac's iTunes
  - selecting its Books tab and selecting the audiobooks that you want to sync to the iPad and syncing/applying that selection.
  You should then get an audiobooks option in the Music app on your iPad. If they aren't appearing there  then do they show in Settings > General > Usage > Music on the device - if you have audiobooks on the iPad then they should be listed there under an 'audiobooks' heading.
  By 'restart the iPad' do you mean a soft-reset : press and hold both the sleep and home buttons for about 10 to 15 seconds (ignore the red slider), after which the Apple logo should appear - you won't lose any content, it's the iPad equivalent of a reboot.
  You could also try closing its Music app via the iPad's taskbar : Force an app to close in iOS.
  And do a soft-reset and retry syncing.
  I assume that music and other items sync ok ?

• IDOC Scenario - User  has no RFC authorization for function group EDIN

  Hi all,
  I'm trying to configure an IDOC scenario from ECC to XI.
  RFC's, ports and destinations already configured. On WE19 I'm creating an IDOC for testing the scenario. The IDOC is sent successfully, and it stops on TRFC Monitor with error "User PIRFCUSER has no RFC authorization for function group EDIN." .
  Some of you knows what authorization is needed? Basis team said the roles are the same at DEV environment, and there this scenario works fine.
  Thanks for your help.
  regards.
  Roberti

  Hi,
  Check with PIRFCUSER user , that is having the right authorization or not ..
  And make sure that this user is present in the system & it should  not locked.
  to check that user is present or not-----goto su01 of the system & check
  Regards
  Seshagiri

• EDMS: 'Missing authorization for this functionality' when searching user

  Hi,
  I've activated ALC authorization for DMS. In EDMS, when trying to add an user to a DIR with search function an error occurres as below.
  'Missing authorization for this functionality'
  BTW, the user has contains SAP_ALL profile. It can't be any authorization reasons.
  Regards,
  Yemi

  Hi,
  authorization checks will not happen if the search help from sap-gui.I
  think the problem is releted to missing implementation of "check
  function module" from your side. If the search help is linked to a
  "master data table" (type A) a check function must be implemented to
  check the permission of the user.
  This function module is read from table BAPIF4T.                 Please
  check the following link:                                 http://help.sa
  p.com/saphelp_nw04/helpdata/en/a5/3eca044ac011d189
  4e0000e829fbbd/content.htm
  http://wiki.sdn.sap.com/wiki/display/PLM/Object+Link+search+in+EasyDMS
  Regards,
  Hari

• Authorizations for user db2 sid after systemcopy  with DB2 V9.7 on AIX

  Hello,
  I made a homogenous systemcopy from the system PRD to ENT with an redirected restore. I had the following system environment:
  AIX 5.3 TL10 SP1
  DB2 V9.7 (without any fixpack)
  After the restore and the recovery were finished, I was able to start the database manager and to activate the database.
  I tried to execute a script for cleanup some tables according to the systemcopy guide but I got the following SQL messages:
  SQL0551N, SQL0552N for the user db2ent. I checked the authorization for this user and got the following information:
  db2 => get authorizations
  Administrative Authorizations for Current User
  Direct SYSADM authority                    = NO
  Direct SYSCTRL authority                   = NO
  Direct SYSMAINT authority                  = NO
  Direct DBADM authority                     = NO
  Direct CREATETAB authority                 = NO
  Direct BINDADD authority                   = NO
  Direct CONNECT authority                   = NO
  Direct CREATE_NOT_FENC authority           = NO
  Direct IMPLICIT_SCHEMA authority           = NO
  Direct LOAD authority                      = NO
  Direct QUIESCE_CONNECT authority           = NO
  Direct CREATE_EXTERNAL_ROUTINE authority   = NO
  Direct SYSMON authority                    = NO
  Indirect SYSADM authority                  = YES
  Indirect SYSCTRL authority                 = NO
  Indirect SYSMAINT authority                = NO
  Indirect DBADM authority                   = NO
  Indirect CREATETAB authority               = NO
  Indirect BINDADD authority                 = NO
  Indirect CONNECT authority                 = NO
  Indirect CREATE_NOT_FENC authority         = NO
  Indirect IMPLICIT_SCHEMA authority         = NO
  Indirect LOAD authority                    = NO
  Indirect QUIESCE_CONNECT authority         = NO
  Indirect CREATE_EXTERNAL_ROUTINE authority = NO
  Indirect SYSMON authority                  = NO
  db2 =>
  The user db2ent was/is in the group dbentadm and the group dbentadm is configured as SYSADM:
  SYSADM group name                        (SYSADM_GROUP) = DBENTADM
  SYSCTRL group name                      (SYSCTRL_GROUP) = DBENTCTL
  SYSMAINT group name                    (SYSMAINT_GROUP) = DBENTMNT
  The only solution was to grant the authorizations with an other user to db2ent.
  For the restore I created an new instance with the following command (as user root):
  /db2/ENT/db2_software/instance/db2icrt -a SERVER_ENCRYPT -s ESE -u db2ent db2ent
  I set the correct DBM configuration and created an empty database as user db2ent with the following command
  db2 create db ENT on /db2/ENT
  The restore was executed with db2 -tvf restore_prd.clp as user db2ent.
  Is there a bug in the db2 software or is there any other solution? I did not changed the environment for the user db2ent.
  The authorization concept has been changed in DB2 V9.7
  http://www-01.ibm.com/support/docview.wss?uid=swg21385801
  Kind regards,
  Christian

  Hello All,
  I finished restore using redirect method, but i did not know about this security issue.
  Now I tried creating db2<oldsid> user and tried granting dbadm secadm priv.
  but i get this error
  db2 => GRANT DBADM to USER DB2P60
  DB21034E  The command was processed as an SQL statement because it was not a
  valid Command Line Processor command.  During SQL processing it returned:
  SQL0707N  The name "DBADM" cannot be used because the specified identifier is
  reserved for system use.  SQLSTATE=42939
  Please help me.
  I need a solution at the earliest possible.
  Thanks,
  Sree

• How many ways we can create authorization for user groups in sap query reports

  Hi Gurus, I am getting a problem when I am assigning users to user group in sap query report .The users other than created in user groups are also able to add &change  the users .So please suggest me how to restrict users outside of the user group.
  Please send me if u have any suggestions and useful threads.
  Thank You,
  Suneel Kumar.

  I don't think it can be done. According to the link below 'Users who have authorization for the authorization object S_QUERY with both the values Change and Maintain, can access all queries of all user groups without being explicitly entered in each user group.'
  http://help.sap.com/saphelp_46c/helpdata/en/d2/cb3f89455611d189710000e8322d00/content.htm
  Although I think you can add code to your infoset and maybe restrict according to authority group, i.e.:
  Use AUTHORITY-CHECK to restrict access to the database based on user.
  Press F1 on AUTHORITY-CHECK to find out how to use it in the code

• Authorization for limited vendor for user in FBL1n

  Hi,
  I have certain user in my company, to whom, i want to give t-code FBL1N access. But for some vendors only.
  Please let me know, how it can be done.

  Hi Durga
  As far as I see I can suggest you 2 options:
  1. You can create a validation with sets for users and vendors. This way you can restrict to only the t-codes you want the restriction to apply
  2. You can co-ordinate with BASIS to restrict using authorization object F_BKPF_BEK. You have to assign authorization group to vendors and give authorization to users for specific authorization groups. In this case, you cannot restrict only to FBL1N. The restriction would be applicable to all the transaction codes for the users where vendors are impacted.
  Regards
  Sowmya

• User Authorization for a Query

  Hi,
  I have assigned a single role to a user, in which I have authorization for all the Infoproviders, including authorization for reporting. The user is able to access most of the queries, except one query. If there is a problem, he should not have accessed all the queries.
  What problem could have prevented the user from accessing on particular query???
  Any Ideas will be highly appreciated,
  Thanks and Regards,
  Ravi Sankar

  Some possibilities:
  The one query which the user is not able to run , who is the author of this query?
  You need to give authirozation for the object S_RS_COMP1.
  If the user has authorization for this object, then the next possibility is:
  The query may have a filter or a characteristic value for which the value is not set for the user.
  Ravi Thothadri