Authorization Group in Document creation...

Similar Messages

• Authorization for Measuring document creation

  Hi,
  i have one issue. I want to provide authorization for measuring documents creation. That has been done by providing the different authorization groups in roles for T codes IK11, Ik12 etc to the users. Now users with a authorized authorization group for perticular measuring point can create a measuring document fo that. But the problem is that despite the authorization group, if user goes to t code iw41 for order confirmation , there he can create measuring documents of any authoprization group. How to control that thing. I also give authorization group authorization for t code IW41 but still it is allowing for the creation of documents. any help on this thing.
  Regards,
  Aman Sharma

  Hi
     there are two ways you can control the measurement reading entry
  1. Block the authorisation of IK11.When you go to confirmation screen through IW41 , there a button for measurement document update. Even the user will press it system will not allowed to enter in it as he is no authorisation
  2.You can configure the screen template for overall confirmation  and use this profile while doing overall confirmation using iw42. There you can hide the measurment detail screen.
  customising node " Set Screen Templates for Completion Confirmation "
  Regards
  Amar

• Regarding ABAP Query authorization group

  Hi Team,
  This is regarding ABAP Query!
  I have created one authorization group, for testing i have assigned my id in authorization group.
  After creation of ABAP query,standard program got generated. Now i have created one transaction code at the last for the ABAP Query.
  Now the isse is even though i have deleted my id from the authorization group. I am able to execute the query from SQ01 and with the Transaction code .
  It should not happen...i want who soever id is mapped to the transaction code ...that member should only be able to run that query, otherwise there is no use of authorization group.
  Please help me out in this case.
  Thanks & Regards,
  Anil Kumar Sahni

  Are you sure that you don't have access to that authorisation group? Execute report RSUSR002. In the 'Authorization Object 1' block inform  S_TABU_DIS in 'Auth.Object' and accept. Then inform Activity=03 and Auth.Gruop= your group.
  You will get a list of all the users which, theoretically, will be able to execute the query. If you press 'Roles' or 'Profiles' in the toolbar of the listing you will get to know why you have authorisation. May be you have the SAP_ALL profile.
  Also, one more thing to take into account: how have you created your transaction? Is it referring directly to the generated report? Then it is an error, you should execute program SAP_QUERY_CALL. Read this post: [Relate transaction to query;

• Authorization Group in T-Code: OB52

  Hi,
  I need to maintain 2 Auth. Group in T-Code: OB52, my requirment is below:
  for some users (nearly 25) needs to post the transaction in June Month and for some users (nearly 10)should have to post for selected GL in the month of June.
  So we decide to create two roles and assign the Auth Group in F_BKPF_BUP Auth. group. But i need to know whether the system will allow to assign two Auth. Group for one Company code (ie., 2 Auth. Group and all common users)
  Please revert ASAP.
  Regards
  JS

  The help on AuGr field in OB52 is good.  Here it is
  Authorization Group
  The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. The authorization groups usually occur in authorization objects together with an activity.
  Use
  A posting period can be made available to only a limited set of users using the authorization group.
  Procedure
  If only a limited set of users is to be able to post in a particular posting period, proceed as follows:
  Add the posting period authorization (authorization object F_BKPF_BUP) to the authorizations of the selected users. Assign an authorization group (e.g. '0001').
  Enter the account type '+' for the posting period variant to which the restriction is to apply. Enter the period(s) whose use is to be restricted in the first period, those which are available to all users in the second period, and the authorization group (e.g. '0001') in the last column.
  Examples
  A posting period can be successively restricted. If, e.g. 10 users have the posting period authorization with authorization group '0001', and 3 of these 10 users also with authorization group '0002'.
  If the period is only to be accessible to the 10 selected users the authorization group '0001' is entered in the posting period variant. Access can later be restricted to the remaining 3 users by entering '0002'.
  I guess your requirement can very well be met, as explained in the example above.  Also implement the following SAP Note to be able to assign the authorization group at document header level (account type '+') and at line item level in Transaction OB52.
  https://service.sap.com/sap/support/notes/891505
  Srikanth
  PS: I have seen in a reply above that AuGr controls only special periods, which is not a correct statement.  AuGr controls postings in the period specified in From per.1/Year To period/Year in OB52.

• What happends when you give 2 groups with some of the same members different authorizations for a document

  Hello,
  I'm doing my internship at a litte Telekom company. I'm investigating how they can use MS SharePoint as their central place to put projectinformation. Now i've been thinking what happends when i do the following:
  Make one document library
  Add 2 groups to the Active Directory, group "A" with all the employees and group "B" with only four people working on a project. When i add a document to the document library and set the authorizations for the document as
  follows:
  Group B: Read/Write
  Group A: Read
  Does the people from group B still be able to edit the document, because they are also in group A?
  I don't have a test environment to test this myself.
  Why i want to know this? The company want's one place to place all their documents with projectinformation. This information is about different projects. You only wan't that people can change the specific document when they are working on the specific project
  where the document belongs to.  

  You get the union of permissions, so if one group allows access and the other not, you will get the union of both and therefore access. Of course, you can break security settings per library/folder or document, and specify new settings,
  if you need too.
  Kind regards,
  Margriet Bruggeman
  Lois & Clark IT Services
  web site: http://www.loisandclark.eu
  blog: http://www.sharepointdragons.com

• Creation of Authorization group

  Hello All,
  I have a requirement from FI consultant for creation of new authorization group. This auth. group we want to use in FI objects like F_BKPF_BEK. so that for few end users they should not change any vendor data in FK02.
  I have gone through several posts, but not able to get / understand clear steps for creation of auth group and assignment.
  One of the post i found is below:
  [How to create Authorization group;
  i tried to do few steps but not in right direction. Request you some one please suggest me the steps for cration.
  Rgds,
  Durga.

  Julius,
  Thanks for the update. As suggested by you i have inserted one entry of auth group in TBRG table against FI object with SE16.
  Now how do we maintain the view of V_TBRG. Is it from SE11?, if yes then i should do this step from ABAP login.
  But what i heard is, this activity is purely involved by Basis people.
  Please suggest.
  Rgds,
  Durga.

• Authorization Group in CV01n Document Data tab

  Hi SAP Gurus,
  I went on to Configure the Authorization groups at  spro / Document Management / Approval Tab,
  but the same is not appearing in CV01N create document, Basic data tab. Screen......
  can any one explain how to configure this Authorization Group and make use of this Authorization Group
  i tried in PFCG, at object C_DRAW_BGR, also but the authorization groups i have created is not displayed at all.
  what is the Configuration missing and to work with Authorization groups.
  please Advice
  Points Awaiting
  Thanks and Regards
  Kumar

  Dear Punam,
  Thanks for ur reply. i have created the authorization groups in SPRO at the approval Tab,
  and also can see the Field Authorization Group in CV01N basic data Field but
  By pressing F4 or searching i could not find my Auth groups created there,
  Nor i could find them at PFCG, at  C_DRAW_BGR objects, at BEGRU
  where has my created Auth group gone,
  please explain how to work with Auth groups. where and all it has to be assigned and linked.
  How to use Authorization Groups for Digital signatures and restrict users For accessing Documents And Original files specifically.
  Thanks and regards
  Kumar

• SOCO, when PO creation "No authorization to access document BBP_PD_PO"

  Hello,
  I am in SOCO transaction trying to creta a PO from two SC.
  I have this error "No authorization to access document BBP_PD_PO"
  Someone know who to resolve it?
  Cheers,
  Marta

  Hi
  Seems like Z roles created in the PFCG transaction by BASIS team is having problems.
  For time being, to verify this, Try giving SAP_ALL access to the user to confirm the same. Ask BASIS guys to help you out.
  In Transaction SU53 -> you can get the detailed Authorization object missing in the user's profile.
  Try executing the same transaction in SRM GUI and then you will be able to get to know that which Authorization object is missing.
  Regards
  - Atul
  After attaching the missing object in the user's profile, the problem will be solved.

• Authorization Group (BEGRU) search help  required in Easy DMS

  Hi all,
  I had defined some value in authorization group (BEGRU) in SAP. When i opened the Document using CV01N/ CV02N transaction, then F4 help is available to me.
  but when i opened the same document via SAP Easy DMS 7.0, Search help functionality is not there.
  How could i activate this.
  Pls.. Suggest.
  Regards,
  S Anand

  Hello Sheo,
    EasyDMS does not provide search help for Authorization object as of  the latest release. The search help achieved by customization of the domain BEGRU does not reflect in EasyDMS.
  To achieve this, you can enhance easydms interface by using either easydms plugins or EasyDMS custom tab.
  refer:
  http://wiki.sdn.sap.com/wiki/display/PLM/EasyDMSPlugin%28Addin%29-Advanced+Development
  note: 1355293
  Regards
  Surjit

• Authorization Group

  Dear Friends,
  I know I can restrict two user "A" & "B"  who create DIR  " 1001" & "1002" respectively under same document Type say "DRW". Means they cannot display the DIR created by each other  by Authorization Object "C_SIGN_BGR".
  I have tried this and works perfect.
  But my question is can I maintain these Authorization Groups so that  when user enters any wrong Authorization group, it should not allow him to enter in Authorization Group Field.
  If I Maintain the setting in SPRO in DMS>Approvals>Define Authorization groups, will my maintained  values will be validated with the values I enter in Authorization Group field.
  Also I know the developement mentioned under link.
  [https://wiki.sdn.sap.com/wiki/display/PLM/F4forAuthorization+group]
  But I want to avoid this developement.
  Waiting for your reply.
  With warm Regards
  Mangesh

  Hi Mangesh,
  To achieve this I suggest you to Update domain BEGRU as mentioned in the link
  http://wiki.sdn.sap.com/wiki/display/PLM/UsingAuthorizationGroupfieldin+DMS
  values can be maitained in ztable
  You can also have search help for BEGRU, by adding search help in DRAW table for BEGRU.
  also go through post - Re: Authorization Group in CV01n Document Data tab
  Auth object C_DRAW_BGR has field value reference to data element BEGRU
  Regards
  Surjit

• Authorization control for document status

  Dear All,
  I want to control the status change of Documets created,
  How can i achieve this, so that a perticular user /ID can change the perticular status,
  I have ,
  01
  02,
  03,
  04, Rel.
  05,
  Do i need to put some trace anf find Objects to control...
  or there is any standard method to do this..
  Please guide me..
  Regards
  Raghu

  Hi Raghu,
  Here are DMS authorizatoins objects. For handle status it should be C_DRAW_STA
  C_DRAD_OBJ          Create/Change/Display/Delete Object Link                         
  C_DRAW_BGR          Authorization for authorization groups                         
  C_DRAW_DOK          Authorization for document access                         
  C_DRAW_MUP          Authorization for Markups                         
  C_DRAW_STA          Authorization for document status                         
  C_DRAW_TCD          Authorization for document activities                         
  C_DRAW_TCS          Status-Dependent Authorizations for Documents                         
  C_DRZA_TCD          Document Distribution: Authorization for Recipient Lists                         
  C_DRZI_TCD          Document Distribution: Authorization for Distribution Order                         
  S_ECL_CAT          ECL Viewer: Authorization Object for Stamp Categories                         
  S_ECL_STP          ECL Viewer: Authorization Object for Printing with Meta Data                         
  S_ECL_STP2          ECL Viewer: Authorization Object for Printing with Meta Data                         
  Hope that it will help you
  //Håkan

• Authorization group restriction

  Hi ,
  I would like to know how to restrict authorization group FCAR and FCAP.We could see it is related to F_BKPF_BES object .It seems the same authorization object should be given the following access
  --display access for documents asigned to authorization group FCAP
  --should not allow display for documents assigned to authorization group FCAR
  If we restrict using FCAP (displays access)the second condition works fine but the first one it displays line items only for G/L accounts.Vendor line items does not get displayed.
  Please let me know your thoughts on this.

  Hi Mekha,
  You can add another object F_BKPF_BES manually and in the first one give
  display access for documents asigned to authorization group FCAP  and in another no display for documents assigned to Auth group FCAR
  **Reward points accordingly
  Junaid

• Set up authorization group F_LFA1_BEK

  Hi All,
  I would like to limit visibility of specific vendors and any related documents.  In the contol field of the vendor master (lfa1-begru), I entered an authorization group.  How do I limit the user's access to this authorization group.  Do I need to create an activity group before our security team can enter it into the user's profiles? 
  When I do an F1 on the control field, the procedure information states that 'You assign the authorization using authorization object F_LFA1_BEK.' 
  Kind regards,
  Cheryl Adamonis

  Hi Cheryl
  You just need to advise your Security Team the authorisation group value that you assigned, and what activity the users will need to have.
  For example, if you entered authorisation group ZZZZ in the vendor master:
  You would need to tell the Security Team, for roles XXXXXX, the authorisation object is L_FA1_BEK.  The activity is (1 = Create, 2 = Change, 3 = Display etc) and the Authorisation is ZZZZ (eg the one assigned to the vendor).  This will then restrict the users access.
  Regards
  Kylie

• Re: userexit in AR document creation

  Hi,
  Where can I find the User exit for ar entry, tcode FB70.
  I need to update a customized table when creating an entry (regardless CN or DN).
  Thanks

  hi,
  check these exits.
  Transaction Code - FB70                     Enter Outgoing Invoices
  Enhancement/ Business Add-in            Description
  Enhancement
  SAPLF051                                Workflow for FI (pre-capture, release for payment)
  RFKORIEX                                Automatic correspondence
  RFEPOS00                                Line item display: Checking of selection conditions
  RFAVIS01                                Customer Exit for Changing Payment Advice Segment Text
  FARC0002                                Additional Checks for Archiving MM Vendor Master Data
  F180A001                                Balance Sheet Adjustment
  F050S007                                FIDCCH Outbound: Influence on IDoc for Document Change
  F050S001                                FIDCMT, FIDCC1, FIDCC2: Edit user-defined IDoc segment
  F050S002                                FIDCC1: Change IDoc/do not send
  F050S003                                FIDCC2: Change IDoc/do not send
  F050S004                                FIDCMT, FIDCC1, FIDCC2: Change outbound IDoc/do not send
  F050S005                                FIDCMT, FIDCC1, FIDCC2 Inbound IDoc: Change FI document
  F050S006                                FI Outgoing IDoc: Reset Clearing in FI Document
  Business Add-in
  FI_PAYREF_BADI_010                      BAdI: Payment Reference Number
  FI_RES_ITEM_CURRENCY                    Document of Residual Item with Invoice Currency
  FI_TRANS_DATE_DERIVE                    Derive BKPF-WWERT from Other Document Header Data
  FVFZ                                    Replacement for Function Modules of Function Group FVFZ
  INVOIC_FI_INBOUND                       BADIs for Inbound IDoc INVOIC FI (Vendor Invoice)
  RFESR000_BADI_001                       BAdI for Own Processing of POR Item
  FI_DOC_DISP_LI                          Diversion to Document Items (FB03)
  FI_FB08_SUBST_BUDAT                     FB08: Check Posting Date for Reversal of FI Doc. with FB08
  FI_HEADER_SUB_1300                      Screen Enhancement for Document Header SAPMF05A
  FI_GET_INV_PYMT_AMT                     BAdI for determining the payment amount for an invoice
  FI_AUTHORITY_ITEM                       Extended Authorization Check for Document Display (FB03)
  BADI_BRNCH_TO_BUDAT                     Deriving BUDAT based on BRNCH (ENJOY)
  BADI_ENJ_ALT_ADR                        Go to alternative vendor/customer data
  AC_QUANTITY_GET                         Transfer of Quantities to Accounting - Customer Exit
  ADJUST_NET_DAYS                         Change to Net Due Date
  BADI_F040_SCREEN_600                    Screen Enhancement on F040 0600 Document Header
  BADI_FDCB_SUBBAS01                      Screen Enhancement 1 on FDCB Basic Data Screen (010, 510)
  BADI_FDCB_SUBBAS02                      Screen Enhancement 2 on FDCB Basic Data Screen (010, 510)
  BADI_FDCB_SUBBAS03                      Screen Enhancement 3 on FDCB Basic Data Screen (010, 510)
  BADI_FDCB_SUBBAS04                      Screen Enhancement 4 on FDCB Basic Data Screen (010, 510)
  BADI_FDCB_SUBBAS05                      Screen Enhancement 5 on FDCB Basic Data Screen (010, 510)
  BADI_PRKNG_NO_UPDATE                    BAdI for Deactivating Update of Parked Documents
  F050S008                                FIDCC1, FIDCC2 Inbound IDoc: Update Comparison Ledger
  FBAS_CIN_LTAX1F02                       Tax interface
  FBAS_CIN_MF05AFA0                       EWT - Downpayment Clearing - Tax transfer for CIN
  FISPLIT                                 Online Split: Cash Discount, Exchange Rate Differences

• Authorization Group restrictions

  Hi Experts,
  I want to restrict user to access documents with help of Authorization Group field in DIR.
  But, problem is client required this Auth. Group field as selection field and not as an entry field available in standard DMS.
  How to provide selection list to user for Auth. Group field. With BADI & SAP Access Key possible but not useful in my case because of some client side restrictions.
  Can SAP Moderator guide me, why SAP chose not to offer a drop down on Authorization Group field with a user selectable list option? Also not even gave chance to consultant to do configuration for such a critical field.
  Thx in advance..

  Hi
  Check my Wiki on the same.
  If you need any more info, get back
  Link: [Authorization group|https://wiki.sdn.sap.com/wiki/display/PLM/UsingAuthorizationGroupfieldin+DMS]
  And if you want to activate dropdown F4 then check this wiki:
  Link: [F4 for auth group|https://wiki.sdn.sap.com/wiki/display/PLM/F4forAuthorization+group]
  Niranjan
  points welcome for useful info
  Edited by: Niranjan Dandekar on Dec 12, 2008 2:08 PM