Authorization for user on WF

Similar Messages

• How to Control authorization for users with certain status for level 2 WBS Element

  Dear All,
  Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
  Pre-requisite:
  There is only 2 level of project i.e.
  Lev_ WBSE_______Description
  1___ 7-14.E_______summay outage controller
  2___ 7-14.E.2310__ Plant/unit # 2310
  2___ 7-14.E.2310__ Plant/unit # 2220
  Project Controller  (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
  Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
  User ID_ Plant #
  123345_ 2310
  122455_ 2220
  Issue:
  After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
  Solution required: 
  Can any one tell how to control this scenario either by standard or enhancement available to control authorization
  BR
  Saqib Usman   

  Hi,
  Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
  Thank you and regards,
  Varshal Kachole
  The SCN Rules of Engagement

• Defining Authorizations for User to restrict the data in report.

  Hi Gurus,
  I have no idea on authorization concept in BI. Please give me anyone steps to creating authorization objects, roles and profiles to restrict the data for users.
  Ex.
  i have functinal location info object checked as authorization relavent with below data.
  FL001
  FL002
  FL003
  FL004
  FL005
  FL006
  FL007
  FL008
  FL009
  We have users like below.
  User1
  User2
  User3
  Now, if User1 is analysing a report he can see only FL001, FL005, FL009 only, remaining have to be omited.
  If User2 is analysing that report he can see only FL002, FL003, FL009. And like wise.
  So, Please help me providing the completed steps. I have done somting but failed.
  Thanks in advance
  Peter.

  Hello Peter,
  Please go through the following links
  Authorization :
  http://help.sap.com/saphelp_nw70/helpdata/en/59/fd8b41b5b3b45fe10000000a1550b0/frameset.htm
  SAP Authorization Concept :
  http://help.sap.com/saphelp_nw70/helpdata/en/52/671285439b11d1896f0000e8322d00/frameset.htm
  Thanks.
  With regrads,
  Anand Kumar

• Authorizations for user db2 sid after systemcopy  with DB2 V9.7 on AIX

  Hello,
  I made a homogenous systemcopy from the system PRD to ENT with an redirected restore. I had the following system environment:
  AIX 5.3 TL10 SP1
  DB2 V9.7 (without any fixpack)
  After the restore and the recovery were finished, I was able to start the database manager and to activate the database.
  I tried to execute a script for cleanup some tables according to the systemcopy guide but I got the following SQL messages:
  SQL0551N, SQL0552N for the user db2ent. I checked the authorization for this user and got the following information:
  db2 => get authorizations
  Administrative Authorizations for Current User
  Direct SYSADM authority                    = NO
  Direct SYSCTRL authority                   = NO
  Direct SYSMAINT authority                  = NO
  Direct DBADM authority                     = NO
  Direct CREATETAB authority                 = NO
  Direct BINDADD authority                   = NO
  Direct CONNECT authority                   = NO
  Direct CREATE_NOT_FENC authority           = NO
  Direct IMPLICIT_SCHEMA authority           = NO
  Direct LOAD authority                      = NO
  Direct QUIESCE_CONNECT authority           = NO
  Direct CREATE_EXTERNAL_ROUTINE authority   = NO
  Direct SYSMON authority                    = NO
  Indirect SYSADM authority                  = YES
  Indirect SYSCTRL authority                 = NO
  Indirect SYSMAINT authority                = NO
  Indirect DBADM authority                   = NO
  Indirect CREATETAB authority               = NO
  Indirect BINDADD authority                 = NO
  Indirect CONNECT authority                 = NO
  Indirect CREATE_NOT_FENC authority         = NO
  Indirect IMPLICIT_SCHEMA authority         = NO
  Indirect LOAD authority                    = NO
  Indirect QUIESCE_CONNECT authority         = NO
  Indirect CREATE_EXTERNAL_ROUTINE authority = NO
  Indirect SYSMON authority                  = NO
  db2 =>
  The user db2ent was/is in the group dbentadm and the group dbentadm is configured as SYSADM:
  SYSADM group name                        (SYSADM_GROUP) = DBENTADM
  SYSCTRL group name                      (SYSCTRL_GROUP) = DBENTCTL
  SYSMAINT group name                    (SYSMAINT_GROUP) = DBENTMNT
  The only solution was to grant the authorizations with an other user to db2ent.
  For the restore I created an new instance with the following command (as user root):
  /db2/ENT/db2_software/instance/db2icrt -a SERVER_ENCRYPT -s ESE -u db2ent db2ent
  I set the correct DBM configuration and created an empty database as user db2ent with the following command
  db2 create db ENT on /db2/ENT
  The restore was executed with db2 -tvf restore_prd.clp as user db2ent.
  Is there a bug in the db2 software or is there any other solution? I did not changed the environment for the user db2ent.
  The authorization concept has been changed in DB2 V9.7
  http://www-01.ibm.com/support/docview.wss?uid=swg21385801
  Kind regards,
  Christian

  Hello All,
  I finished restore using redirect method, but i did not know about this security issue.
  Now I tried creating db2<oldsid> user and tried granting dbadm secadm priv.
  but i get this error
  db2 => GRANT DBADM to USER DB2P60
  DB21034E  The command was processed as an SQL statement because it was not a
  valid Command Line Processor command.  During SQL processing it returned:
  SQL0707N  The name "DBADM" cannot be used because the specified identifier is
  reserved for system use.  SQLSTATE=42939
  Please help me.
  I need a solution at the earliest possible.
  Thanks,
  Sree

• How many ways we can create authorization for user groups in sap query reports

  Hi Gurus, I am getting a problem when I am assigning users to user group in sap query report .The users other than created in user groups are also able to add &change  the users .So please suggest me how to restrict users outside of the user group.
  Please send me if u have any suggestions and useful threads.
  Thank You,
  Suneel Kumar.

  I don't think it can be done. According to the link below 'Users who have authorization for the authorization object S_QUERY with both the values Change and Maintain, can access all queries of all user groups without being explicitly entered in each user group.'
  http://help.sap.com/saphelp_46c/helpdata/en/d2/cb3f89455611d189710000e8322d00/content.htm
  Although I think you can add code to your infoset and maybe restrict according to authority group, i.e.:
  Use AUTHORITY-CHECK to restrict access to the database based on user.
  Press F1 on AUTHORITY-CHECK to find out how to use it in the code

• Authorization for User to Jump the Query

  Hi,
  The user1 (log is not generating for this user in RSSM) cannot use the jump target in the reports which have been placed under a role, whereas the other user2 (log is able to generate for this user in RSSM) is able to jump target in the reports in SAP BI.
  I need to give the proper authorization to user1 same like user2.
  How can I solve this issue.
  Thanks in advance.
  Regards,
  Ravi Sankar

  I dont understand what you mean with "(log is able to generate for this user in RSSM)"
  In RSSM you can create authorization objects....
  If you want to give some authorizations for  a specific query you must check the SU53 in order to see the objects that you need to add to the users profile.....
  The procedure is.......give th user the Query link in order to open the query....and obviously that action gives you an authorization error.....then enter to the SU53 and this transaction shows you the authorization object you need to add to the profile.....
  I hope this helps
  Regards

• Authorizations For User Defined Forms

  Hi Experts !!!
  I have created a user form , and would like to apply authorization for that user form.
  Whether it is possible.I tried using standard method,but it seems that no such provision available ,
  And also I have created UDT . and would like to provide series for that UDT . My client wants that particulat UDT should be by 2 different users .and they need Series for that .
  Suggestions are appreciated
  Regards
  Krishna Vamsi

  Hi,
  You Can give authorizations to your customized (user developed) screens.
  Administration --> System Initialization --> Authorizations --> Additional Authourization Creator
  In right hand side you can find the structur.
  There defaultly XL reporter autorization will be there select the any one and click add same level button in bottom of the screen.
  Then in Right hand Side
  Authorization ID - give some unique id
  Name --> Description of Authorization
  In Option --> Select Full/read/None
  Item --> Tick as Item
  Then Come down you can find big text box, near to that you can find edit button, just click that it will open a popup window.
  In that window you please enter the Form Id of your user form
  to find the form id --> Just Enable the system information menu in menu bar and move the cursor to any item in your user screen, you can find the form id.
  Just type that form id in that pop up box.
  then Add the window.
  now Open the General Authorization.
  There in last row you can find the user authorization. just expand that you can find your authorization id and name there which you have created.
  Give your authorization there.
  thats it.
  There is no need for SDK Developement for Authorization.

• Authorizations for users to change their own data

  Hi
  All the employees are given the userids to logon to sap when these employees log on to sap with the particular userids they should be able to change /Display only the details pertaining to them not others
  We have not implemented ESS but this is in pipeline but only after 3 -4 months But Authorizations are required for users now only
  How to design role which should apply to all user requirements and they should get their Personnel no by default
  Kind Regards
  Vinod

  Hi,
     For your requirement goto transaction SU21 and select the object P_PERNR and click DOCUMENTATION. Refer the Documentation for the steps to be followed.
  (i.e)  For a user to be able to maitain his or her own data. You should assign the user an authorization for the HR: Master data - Personnel number check object (P_PERNR), with the following specificatons:                   
  1. Authorization level:  *               
  2. Interpretation of assignment
     User - personnel no:  I  
  3. Infotype           :  0002
  4. Subtype            :  *
  A related link http://www.sapfans.com/forums/viewtopic.php?p=502235&sid=cd1bde22eb24059e4d5a2eae086b7c96

• Authorization for user to release a PRQ

  Hi,
  I would enable in SU01 the authorization so that only users allowed to release PRQ can do this
  What is the authorization to add in SU01 for PRQ ?
  Thanks
  Best Regards

  - create a role(approver role) with Tcode ME55(collective release) and ME54N(individual release) if its only for PR,if you want for PO, add ME28(collective release) and ME29N(individual release).
  - when you create the role in PFCG, you can also see the authorization objects when you add the TCODES, so you can restrict even for plant level or purchase organization level.
  - In PFCG, assign the specified users to the role and also "check and compare users"
  Now authorization for approval is restricted

• Authorization for user

  Hi ,
  The minimum authorization for the Sales user in Sales Department..

  Neetu,
  Your question at least needs to be: If I would like our Sales user in Sales Department can do their job, what will be their least authorization?
  Am I right for your puzzle?
  If it is true then there is no minimum you can define.  No company has exaclty the same process.  You have to articulate what your Sales users need.
  Thanks,
  Gordon

• Authorization for User Creation for Admin user

  Dear All,
  We have Cronacle 6.0.2.
  We have a requirement where in we want to create an admin user with all access to Redwood (in order to avoid using SYSJCS). We have and created an admin role with which our criteria is almost met. After assigning this admin role to our newly created admin user, everything work except user & role authorization. I am not able to create, delete or alter any user or role with this user.
  I have seen that we have the oracle system privileges related to user and role authorization (create user, alter role, etc), but when we are trying to assign the same to the admin user, its not allowing us to do so. We have tried the assignment using sysjcs from both RWE and from the shell using the SYJCS, RSI users.
  How can I achieve this? with which user?
  Any pointers on this would be highly appreciated.
  Thanks in advance for your help.
  Warm Regards
  Rajeet

  Hi Rajeet,
  This is because SYSJCS has the privileges to create users and roles in the database, but not the right to actually give out these privileges to other users.
  For that, you need a user with the DBA role in the database, or with the "create user" and "create role" privileges "with admin option". A user with the admin option on a privilege can hand out this privilege to other users.
  If you don't have any own users with these privileges yet, the SYSTEM user will work as well.
  Regards,
  Anton.

• No RFC Authorization for user

  Hi
  I am trying to develop a report, with screeen painter, using 4.6c version.
  when i click on Layout editor , it doesnt show the screen from where I can drag and drop......and gives the message No RFC autorization for user.
  I havent worked on 4.6c. do I need to be authrorized or 4.6c dont have this facility.....please help
  thanking in advance
  cheers
  AJ

  Hi,
    it might be that the network guys have blocked specific ports that the screen painter uses to connect your SAP GUI to the SAP. "Please contact your system administrator"!! BASIS and then network/firewall guys. Also, install latest SAP GUI and patch.
  Reward please if helpful.
  Regards,
  George

• Check Authorization for User ID

  hi all,
  as per i know, i can check the authentication by check an object as the following
    AUTHORITY-CHECK OBJECT 'ZOBJECT'
             ID 'ACTVT' FIELD '_____'.
  in case i have user id (user does not launch the program by himself) and i want to check the authorization. what can i do on this?
  Regards,
  Peerasit

  Hey Raymond,
  your answer hits the point!!
  Thanks so much
  Regards,
  Peerasit
  PS thanks for every response as well.

• Authorization for user in ECC while creating source system in RSA1 in BW

  Hello All..
  We are trying to create source system from BW(7.0) system using transaction code rsa1 to R/3 Production server.
  After providing details in RSA1->Source system ; Remote logon screen of Production server pops up ...and ask to login thru admistrator Id..
  To achieve the above task,, what authorization user should have in R/3 system..
  Thanks

  Hi,
  Hope you are using the RFCUSER with these profile SAP_ALL , SAP_NEW , S_BI-WX_RFC in SAP ECC. Please create the RFCUSER with above profiles in ECC and BW (SAP_ALL , SAP_NEW and S_BI-WHM_RFC).
  Pls follow the below steps for source system connection
  In ECC side
  1.) Client administration SCC4 ( select your client and allow changes to repository and cross client customizing)
  2.) Define a logical system in ECC
  3.) Assign a logical system in ECC
  4.) Creating RFC user with system user type and give these profiles SAP_ALL, SAP_NEW, S_BI-WX_RFC
  In SAP BI Side
  1.) Client administration SCC4 ( select your client and allow changes to repository and cross client customizing)
  2.) Define a logical system
  3.) Assign a logical system
  4.) Creating RFC user with system user type and give these profiles SAP_ALL, SAP_NEW, S_BI-WHM_RFC)
  5.) Define RFC user as default (Click RSA1> Global Settings/Customizing dialog box> Glob. Settings)
  Connection of SAP BI with ECC
  RSA1> Source System>SAP>create>Enter the below entries
  Target computer (server)                        Server of the SAP ECC
  System ID System ID of the SAP ECC
  System number System number of the SAP ECC
  Background user in source system RFCUSER
  Password for source system Password
  Background user in BW RFCUSER (can not be changed in this activity)
  Password for BW user Password
  Select unicode in RFC destination and don't select the checkbox in logic screen.
  On the dialog box Please log on as an basis administrator in the following screen choose Continue.
  Log on to the Source System with your administrator user. Choose the correct client.
  On the Replicate Metadata dialog box, choose Only Activate.
  Make sure ECC client will allow changes in cross customizing client. It is one time activity once success then deselect the entry.
  Hope this will help you to connect the system.
  Rgs,
  Ambuj Kathuria

• Roles/authorizations for user to Solman Diagnostics.

  We have a need to have non-administrator persons access our Sol Man
  Diags environment. We do not want them to access with j2ee_admin
  account.
  How / what roles or authorizations do I assign to restricted users so
  users cannot see the administration and setup tabs and not be able to
  turn traces on?

  The roles for the end users are mentioned in the standard SMD guide  pleas go thuroug it