Authorization for Variants, Views and Folders
Hi SDN'ers,
How can you manage the edit restrictions on a variant, view and folders? I mean how can you make sure certain users dont change or delete a variant for example? This has to do with authorizations and the role where you publish it in.. but i don't know the full details about it.
Thanks.
The easiest way to discover what's being checked is to perform the actions you mention with a user that has sufficient authorizations, while tracing the user with ST01 (here you can perform a trace on authorizations, except for all the query display authorizations wich you can check with rsecadmin).
In this way you can see exactly wich objects and values are being checked and thus you should be able to discover the objects and values that you need (if available).
Regards,
Jesse
Similar Messages
-
Hi All,
I have created may own transaction that calls ABAP query and gives some report. It has its own variant for selection screen. Now as I am creating roles, I get the message that the authorization for variant is missing. So, I know how to create/edit roles in PFCG but I don't know how to add authorization for variant to existing role.
Thx.Dear Suad,
I think, the best place for your query is [Forum: ABAP, General|ABAP Development; or [Forum: SAP NetWeaver Administrator|SAP NetWeaver Administrator;
Instead, Best way is, to Contact BASIS-Admin.
There are few Transactions, that could be referred:
T. Code: SE93
You have created Z - VARIANT Transaction Code, using the Transaction and the Transaction Variant. Based up BASIS-Admin will assign the authorizations (for the respective users).
T. Code: SU53 or ST01 - for missing Authorization
T. Code: SU21 - Create Authorization Object
T. Code: SUIM - Roles by Authorization Object (which is not relevant, as your's is Z-Transaction for Screen Variant)
Best Regards,
Amit
Note: There are few relevant threads, it might help you
[Roles - Authorization Issue|Re: Roles - Authorization Issue]
[Missing Authorization|Missing Authorization] - Albert's Post
[Authorization Object|Re: Authorization objects and Roles] -
No authorization for variant ZPAK_D3FS09V87UVHYB1D72JT1RUSK
Hi,
I have trasnported the process chain from Dev to Quality . when I go to quality system & see the process chain is in grey color
in my application component . when I try to check & activate it gives me the error:
No authorization for variant ZPAK_D3FS09V87UVHYB1D72JT1RUSK from process type LOADING
Then I have created onemore new inforpackage & in RSPC I have opened my PC in edit mode & in process type I draged & dropped Load Process & Post - Processing -> Execute infopackage here I have selected the new infopackage name that I have created & coonected it to the start process & deleted the old infopackage connection.
As I have done all this in the Quality sytem . Can this be done in this way or do I need to follow some other procedure .
If the same issue comes in the procedure do I nned to follow the same procedure in Production as well? Pls let me knowI decided to write to an answered thread because my case was different.
I got the error together with error RSM894 An internal error occurred during the authorization check.
The cause was that corresponding datasource was 3x instead of 7x in target system.
After migrating of datasource the error was corrected.
So it was not an authorization issue.
Edited by: raaleksandr on Aug 15, 2011 9:33 AM -
The specified file or folder name is too long,the url path for all files and folders
The specified file or folder name is too long,the url path for all files and folders must be 260 character or less
can we increase this limit?
MCTS,ITILHi,
As I understand, you want to increase the length of URL path in SharePoint 2010.
Per my knowledge, this limit cannot be increased. SharePoint limits URL length because all relative URL links are stored in the clear forms on the SharePoint content DB and often this links are used as primary keys to link one table with another. Fields
which are used to store these links (for instance tp_DirName from the AllUserData table) allow storing only 256 characters.
There are several ways that you can resolve or mitigate URL length problems in the SharePoint Server 2010 environment. The following list provides suggestions:
1. Upgrade all the end-user browsers to Internet Explorer 8, which has a longer URL length limit.
2. Use shorter names for sites, folders, and documents and control the depth of the site and folder structures to reduce the lengths of URLs.
3. If possible or allowed, use ASCII names for sites, folders, and documents. This will avoid situations where the URL will be lengthened by being encoded.
4. To reduce the risk that the SharePoint Server 2010 end-users will encounter problems because of URL length limitations, we recommend that you apply the following effective limits in the deployment:
256 Unicode (UTF-16) Code units - the effective file path length limitation, including a domain/server name
128 Unicode (UTF-16) Code units - the path component length limitation
More reference:
http://technet.microsoft.com/en-us/library/ff919564(v=office.14).aspx
http://sharepointknowledgebase.blogspot.in/2013/04/url-path-length-restrictions-in.html#.VKJN53BJA
Best regards,
Sara Fan -
Authorization for material type and material views
Hello all,
I would need to restrict a user group, in creation (MM01) and modification of material master, based of type material and material views.
The authorization, for each user should be:
- view, modify and create of all views, except accounting (B) for type material ZFER;
- view, modify and create of all views for type material ZOFF.
I tried to create 2 roles in PFCG with the following authorization objects:
1) M_MATE_MAR (Material Master: Material Types) ACTVT = *, BEGRU = ZFER and M_MATE_STA (Maintenance Statuses) ACTVT = *, STATM = A,C, D, E, F, G,K, L, P, Q, S, V, X, Z (excluding B)
2) ) M_MATE_MAR ACTVT = *, BEGRU = ZFER and M_MATE_STA ACTVT = *, STATM = B
but the effect is to be authorized, to all view for material type ZFER and ZOFF.
I have already updated the authorization group of the type materials (OMS2).
Is there a solution for this problem?
(component version SAP ECC 6.0)
Thanks.
Regards,
LucaI tried to create 2 roles in PFCG with the following authorization objects: 1) M_MATE_MAR (Material Master: Material Types) ACTVT = *, BEGRU = ZFER and M_MATE_STA (Maintenance Statuses) ACTVT = *, STATM = A,C, D, E, F, G,K, L, P, Q, S, V, X, Z (excluding B) 2) ) M_MATE_MAR ACTVT = *, BEGRU = ZFER and M_MATE_STA ACTVT = *, STATM = B
- Are both these roles assigned to the same user? then your purpose is not solved, It is more or less like giving full authorization.
- One role should be
M_MATE_MAR (Material Master: Material Types) ACTVT = *, BEGRU = ZFER and M_MATE_STA (Maintenance Statuses) ACTVT = *, STATM = A,C, D, E, F, G,K, L, P, Q, S, V, X, Z (excluding B) for view, modify and create of all views, except accounting (B) for type material ZFER. This should be assigned to one user
- Second role should be
M_MATE_MAR ACTVT = *, BEGRU = ZOFF and M_MATE_STA ACTVT = *, STATM = * for view, modify and create of all views for type material ZOFF. This role should be assigned to the second user.
Regards,
Subbu -
System Status Authorizations for Marketing Plans and Campaigns
Hi Experts,
We are using the Standard System Statuses on the Marketing Planner like the Created , Released, Approved, Finished, Locked and Rejected. My requirement is to limit the access to the Users for these Statuses. For Example :
User 1 will have access to Created.
User 2 will have access to Aproved.
User 3 will have access to Aproved,Released, Create
How do I set the Authorizations for the System status based on the User? I tried creating Authorization Keys under Status Profiles, but I am not clear on where to assign them.
Please guide me.
Thanks in Advance.Hi ,
Thanks for your input. I am planning to go with your second option to go with assigning the Authorization objects at the Marketing Plan and also at the Campaign level . My only concern here is will we be able to assign status specific authorizations here ?
The Authorization objects given are for change, create etc. There are no status specific authorization objects mentioned. My requirement is the person who creates the MP should have access to release it and only the approver should be able to see the approved status and change the status o approved.
Do you suggest using Authorization keys and assigning them ?If so where do we define the restictions on the Authorization keys like
Authorization Group 1 has authorization to Create , modify a MP and can only View / Change the statuses to Create and Release.
Authorization Group 2 has access to Modify and has access to change the statuses to Aproved.
Is there any way this can be achieved ? Please let me know if I am going in the right direction.
Regards,
Pooja -
How set authorizations for sales reports and other reports in SAPB1
Hi, I'm currently working in SAP Business One Version 8.82
The issue I'm facing is that I want to set it up so that certain users cannot see other users' sales information. I know that I can turn on or off the Sales Analysis Report for various users for instance, but what I really want specifically is this. Suppose we have 3 different teams: Team A consists of (Angie, Angela, and Anita the manager), Team B consists of (Bob, Barbara, and Ben the manager), Team C consists of (Cat, Charlie, and Courtney the manager). I would like to make it so that everyone can view the individual sales order documents of everyone else (in case a customer calls and needs information, but the salesperson who created that document isn't there); however, Angie should only see her own orders when she does a Sales Analysis while Anita, the manager of Team A, should see the the orders of Angie, Angela, and herself of course.
To summarize, I'd like to see the following
1. Each salesperson can lookup and view any sales order.
2. Each salesperson can run an sales report to view all his/her own open sales orders.
3. Each manager can run a sales report on his/her subordinates, but not on the other managers or their subordinates.
4. The boss or other people working in corporate are able to run a report on all open sales orders.
What's the best way to approach this? Is it best if I create my own report? I haven't created any reports from scratch yet, so I'm not sure exactly how that works. I'd like to be able to group the salespeople up by location if possible. The sales analysis report doesn't really do that, but it is useful. I just don't want everyone to be able to see the numbers on their peers.
Thank you I appreciate any help or advice.Hi,
1. Each salesperson can lookup and view any sales order.
Answer:
Create own report by using query and save under query manager and the assign for all group. So that all sales person can run this query and can get sales order detail.
2. Each salesperson can run an sales report to view all his/her own open sales orders.
Answer:
Create individual query ( add condition in where clause slpname = 'XXX') for each sales person and save it under query manager and assign to particular user group
3. Each manager can run a sales report on his/her subordinates, but not on the other managers or their subordinates.
Answer:
Create query for only particular team ( condition is slpname = XXX OR YYY OR ZZZ) and save under query manager. Make schedule report on this and send it to only particular manger
Same way create for another manager and schedule report.
4. The boss or other people working in corporate are able to run a report on all open sales orders
Answer.
Create query for all sales person and schedule report to big boss.
Hope you can get an idea.
Let me know if you need sales report ( advice required field)
Thanks & Regards,
Nagarajan -
How do I set up my iPad for outlook files and folders
I want to see and use, on my iPad, the same files and folders I have in outlook on my PC. Also I want any changes I make on the PC or the iPad to sync with each other.
PC is running Windows 7,
Outlook version 2007, not the exchange version although I think I can get that by re-installing outlook and choosing that option.(I don't understand what exchange is but don't bother to explain it unless the solution requires using it)
I currently use Gmail for my email accounts server. They are set up as POP accounts with Outlook using a .PST data file. However, IMAP is available for Gmail. My brief past experience with IMAP and .OST data files was kind of a disaster so it isn't my 1st choice for this.
As I understand it using Outlook 365 with Microsoft's cloud and mobile app would solve my problem but I don't like clouds, 365 or IMAP (I may have to concede on some of those). If there is a way to do it through the Gmail accounts without any other cloud that would be ideal since they already have all my email and I won't be spreading my personal info to other companies.
I do have a Drop Box account but I currently only use it for some well vetted specific files that I share with specific individuals.
I do not have any computer or network drive that is always on and might serve as a private cloud. That could be changed but then i'm relying there being no ISP or power interruptions which, of course do occasionally happen.
Obviously I'm being rather picky here knowing that I'll probably have to live with some things less than ideal.
I will consider 3rd party apps if they seem to be part of the solution.
Thank you in advance for any person/s that want to help me on this.
hsvtThanks. I can change the forwarding settings in Gmail to be either POP or IMAP. That is quite simple. I just looked at those settings on the Gmail server and, to my surprise, both are enabled. In order for outlook client on my computer to receive IMAP emails I have to change the email account settings in my current outlook from POP to IMAP. I don't need to be using the Exchange version of Outlook to receive IMAP. I guess I'll do a little research tomorrow on Exchange so i can figure out what, if anything, it might do for me.
I glanced at the link you sent me and it looks like it might be very helpful - another project for tomorrow.
BTW: I hit "This Solved my Question" by accident. I meant only to "like' your response so you would get some benefit from the help you've given me so far. I hope I haven't discouraged others from taking a shot at helping me. I suspect there is more than one way to approach this and, as you know, my problem isn't really solved until I have what I need all set up and running smoothly. -
Authorizations for BW reportings and BW BPS
Hello,
The project we are working on contains two aspects : one in BPS and one in BW reporting
First the user needs to input or change data in the BPS application and then he can check his figures in a BW Report. We want each user to have authorizations only for his company and his business unit.
So we created authorization objects (RSSM) with a typical user profile (does not have SAP_ALL and all profiles required to customize anything).
In this authorization object we put different characteristics such as : Company, Business Unit, Activity and Version.
In the (PFCG), for company and business unit we put the values needed for the user. For Activity, we put "change" and "display". And for version we put "*".
We can then change values in the BPS layouts but we do not have access to the concerned report in BW.
Could somebody help us on this matter ??? Or does somebody have informations on how to implement this kind of authorizations ?
Thank you very much for your helpHi Jacques,
I hope the following links and documents ll be useful to u.
<u>BUSINESS PLANNING AND SIMULATION BPS:</u>
go to https://websmp103.sap-ag.de/bi
-> SAP BW 3.5 -> SAP BW Business Planning and Simulation
Here you can find "HOW TO... Guides - BPS", "SEM-BPS ASAP" and other useful section with many documents...
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/ae9fba90-0201-0010-d490-cbf9a364de95
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/d-f/enhancements bw-bps formerly sem-bps in sapnetweaver 04.ppt
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/d-f/frequently asked questions - planning with sap netweaver bi.faq#q-6
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/5d90209f-0501-0010-59a2-9243ac94a4d7
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/s-u/sap bw business planning and simulation - how to guides list.htm
http://help.sap.com/saphelp_sem40bw/helpdata/en/05/242537cedf2056e10000009b38f936/frameset.htm
<u>Hierarchies in BPS appln :</u>
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/ae9fba90-0201-0010-d490-cbf9a364de95
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/d-f/enhancements bw-bps formerly sem-bps in sapnetweaver 04.ppt
<u>for BEx-reporting</u>
http://searchsap.techtarget.com/searchSAP/downloads/chapter-august.pdf
http://searchsap.techtarget.com/featuredTopic/0,290042,sid21_gci1121728,00.html?bucket=REF
Hope it helps...let me know
regards,
R.Ravi -
I found a script that adds rights to files and folders.
We need to grant administrators rights to a set of folders for a specific project.
ChangePermissions.ps1
# CACLS rights are usually
# F = FullControl
# C = Change
# R = Readonly
# W = Write
$StartingDir=
"C:\Users"
$Principal="Administrators"
$Permission="F"
$Verify=Read-Host `n "You are about to change permissions
on all" `
"files starting at"$StartingDir.ToUpper() `n "for security"`
"principal"$Principal.ToUpper() `
"with new right of"$Permission.ToUpper()"."`n `
"Do you want to continue? [Y,N]"
if ($Verify -eq "Y") {
foreach ($file in $(Get-ChildItem $StartingDir -recurse)) {
#display filename and old permissions
write-Host -foregroundcolor Yellow $file.FullName
#uncomment if you want to see old permissions
#CACLS $file.FullName
#ADD new permission with CACLS
CACLS $file.FullName /E /P "${Principal}:${Permission}" >$NULL
#display new permissions
Write-Host -foregroundcolor Green "New Permissions"
CACLS $file.FullName
When the project is over, we need to undo the changes and remove administrators permissions from the same group of folders.
How do we change the script to remove administrators group members instead of adding?I'm not sure I understand how to use that example script to undo the changes in the script I posted..
Is there a way to just change a few lines in the first script so that it removes instead of adding the administrators group?
This line appears to be the line that adds permissions:
#ADD new permission with CACLS
CACLS $file.FullName /E /P "${Principal}:${Permission}" >$NULL
What would be the syntax to remove the permissions
$Principal="Administrators"
$Permission="F"
from files and folders in $StartingDir= "C:\Users"
and everything below it? -
Authorization for "Select Layout and Print"
I am using Business One 8.8 PL 18. The option under the File menu for "Select Layout and Print" is available for super-users and some other users. We want it to be available for all users. What authorization setting controls this function? Thanks.
MarciaUnder "General" section, assign "Full Authorization" rights to "Print Layout Designer"
George -
Releasing authorization for maintenance order and permit.
Hi,experts,
We have two different user id say "X" and Y.We want to block releasing authorization of maintenance order and permit for user id "X" and give the same to user id "Y",How we can do it in SAP?Please,give some suggestions on this.Thanks in advance.
rgds
rajibHiii
You can create two seperate Authorization role using PFCG transaction code. Assign it to particular users & control the authorization. Use Following procedure.
1. Transaction code PFCG will take you on screen role creation screen.
2. Give authorization for IW32 transaction code in that block authorization according to business transaction for BFRE. This business operation is made for order release.
For permit there is seperate option is available for permits also.
If you have any issue, pl. be free to ask question.
Regards -
Authorization for Basic dates and Forecast dates
Hello colleagues,
My customer requires is to have separate authorizations for using Basic dates and Forecast dates within WBS Element, Network and Milestone.
Iv'e noticed that the rellevant autorization object to have this separation is C_PROJ_TCD ; field: PSARG ; activity: 111 & 112. However I wonder if this is relevant to all related objects in the project or only to the Project definition object.
If the answer is only to PD I will be glad to have an idea how to controll it within the other objects .
Thanks in advance
Best Regards,
Nir
Edited by: Nir Horvitz on Nov 23, 2010 10:32 AM
Edited by: Nir Horvitz on Nov 23, 2010 10:41 AMIt is for all the objects... but you can not control it on basis of only that auth object.
For network,
use object :
C_AFKO_ACT
and activity 22 Display dates
for Project def and WBS, use
C_PROJ_KOK, C_PROJ_PRC, C_PROJ_VNR
C_PRPS_KOK, C_PRPR_PRC, C_PRPS_VNR
Regards,
Amol Sarode -
Timeouts for Discoverer Viewer and SSO
We've enabled SSO for Discoverer Viewer 9.0.4. We set the Viewer timeout in the web.xml file to 120 minutes. We set the SSO Global user Inactivity Timeout to 240 minutes. Viewer sessions don't timeout at 120 minutes. Does the GUIT timeout override the Viewer timeout?
--- SteveHi
As far as I know, the Viewer sessions don't time out using the Discoverer settings. These only affect Discoverer Plus. The SSO timeouts will apply though. Out of interest can you tell in which folder was the web.xml you modified?
By the way, 240 sounds an awful long time to allow an SSO connection to stay active.
Best wishes
Michael -
Authorization for "Support Team" and "Message processor"
Dear colleagues.
In message edit screen in CRM_DNO_MONITOR I want to prohibit changes for "Support team" and "Message processor" fields for been cnahged.
I didnot find any authorizatiopn object,
Is it possible?
Regards
Vladimir KoganOne way to achieve this is via partner dermination customizing. If you go to IMG then your can find something called Define Partner Determination Procedure under CRM -> Basic Functions. Here locate the relevant partner procedure, select it and double click on "Partner Functions in Procedure". Here you can for each partner function define if it is changeable after determination (flag/unflag the field called changeable).
Maybe you are looking for
-
What is the best setup for us to maintain ownership of our corp issued iPhones and iPads yet allow users their personal apps from their iTunes accounts? I have gone out and created a corp apple ID that we are using in the iCloud setup on all our corp
-
How can I get Pantone colours (for example PMS 285) back in CS6 Illustrator?
Pantone colours (for example PMS 285) are not available in CS6 ( Illustrator and Indesign). How can I get the right colours back?
-
How do I solve ?memory issues with RTFObj.u32
I am currently developing an interactive data analysis & reporting package to handle the results from an AW assessment program. Using RTFObj.u32, I can save an assessment report for each candidate that contains a runtime-generated score distribution
-
What transaction code/codes?
What is the most efficient way if I want to get ALL the custom objects: tables, structures, report programs, function modules, function groups, enhancements/user exist, events, BOR, workflow, BADIs, messages, etc?
-
Hi, I am moving into my own place in a few weeks time. I share my current flat and my flatmate isn't moving out, and our BT account is in my name. Please could someone advise me of how I can arrange to transfer the existing line into my housemates na