Authorization Group in Document creation...
Dear Experts,
While creating a document , in the document data i am i am finding Authorization group Filed, wherein i am not able to view any search fields in the authorization group, how to define the search fileds in the authorization group, kinldy do the needful.
Regards
abhi
Hi
Authorization group in Digital signature and Authorization group in Basic data screen of create / change document is different.
I assume u r refering to the basic data screen type.. This works as an on / off switch. This can be utilized to limit the DIR's of same Document Types within a group of users who have access to the Authorization Group code.
For example, a group of users have access to Doc type DRW, but certain DIR;s u do not want to give access to all users. Then u type in a four character code while creating the DIR and for the PFCG Role of the users whom you want to access the DIR, the Authorization code has to be added in their PFCG Role.
Then the DIR's with Auth Code would not be accessable to all users having access to DRW Doc type, but only for those having access to the Auth. Code
Hope this is clear..
Regards
Aby
Similar Messages
-
Authorization for Measuring document creation
Hi,
i have one issue. I want to provide authorization for measuring documents creation. That has been done by providing the different authorization groups in roles for T codes IK11, Ik12 etc to the users. Now users with a authorized authorization group for perticular measuring point can create a measuring document fo that. But the problem is that despite the authorization group, if user goes to t code iw41 for order confirmation , there he can create measuring documents of any authoprization group. How to control that thing. I also give authorization group authorization for t code IW41 but still it is allowing for the creation of documents. any help on this thing.
Regards,
Aman SharmaHi
there are two ways you can control the measurement reading entry
1. Block the authorisation of IK11.When you go to confirmation screen through IW41 , there a button for measurement document update. Even the user will press it system will not allowed to enter in it as he is no authorisation
2.You can configure the screen template for overall confirmation and use this profile while doing overall confirmation using iw42. There you can hide the measurment detail screen.
customising node " Set Screen Templates for Completion Confirmation "
Regards
Amar -
Regarding ABAP Query authorization group
Hi Team,
This is regarding ABAP Query!
I have created one authorization group, for testing i have assigned my id in authorization group.
After creation of ABAP query,standard program got generated. Now i have created one transaction code at the last for the ABAP Query.
Now the isse is even though i have deleted my id from the authorization group. I am able to execute the query from SQ01 and with the Transaction code .
It should not happen...i want who soever id is mapped to the transaction code ...that member should only be able to run that query, otherwise there is no use of authorization group.
Please help me out in this case.
Thanks & Regards,
Anil Kumar SahniAre you sure that you don't have access to that authorisation group? Execute report RSUSR002. In the 'Authorization Object 1' block inform S_TABU_DIS in 'Auth.Object' and accept. Then inform Activity=03 and Auth.Gruop= your group.
You will get a list of all the users which, theoretically, will be able to execute the query. If you press 'Roles' or 'Profiles' in the toolbar of the listing you will get to know why you have authorisation. May be you have the SAP_ALL profile.
Also, one more thing to take into account: how have you created your transaction? Is it referring directly to the generated report? Then it is an error, you should execute program SAP_QUERY_CALL. Read this post: [Relate transaction to query; -
Authorization Group in T-Code: OB52
Hi,
I need to maintain 2 Auth. Group in T-Code: OB52, my requirment is below:
for some users (nearly 25) needs to post the transaction in June Month and for some users (nearly 10)should have to post for selected GL in the month of June.
So we decide to create two roles and assign the Auth Group in F_BKPF_BUP Auth. group. But i need to know whether the system will allow to assign two Auth. Group for one Company code (ie., 2 Auth. Group and all common users)
Please revert ASAP.
Regards
JSThe help on AuGr field in OB52 is good. Here it is
Authorization Group
The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. The authorization groups usually occur in authorization objects together with an activity.
Use
A posting period can be made available to only a limited set of users using the authorization group.
Procedure
If only a limited set of users is to be able to post in a particular posting period, proceed as follows:
Add the posting period authorization (authorization object F_BKPF_BUP) to the authorizations of the selected users. Assign an authorization group (e.g. '0001').
Enter the account type '+' for the posting period variant to which the restriction is to apply. Enter the period(s) whose use is to be restricted in the first period, those which are available to all users in the second period, and the authorization group (e.g. '0001') in the last column.
Examples
A posting period can be successively restricted. If, e.g. 10 users have the posting period authorization with authorization group '0001', and 3 of these 10 users also with authorization group '0002'.
If the period is only to be accessible to the 10 selected users the authorization group '0001' is entered in the posting period variant. Access can later be restricted to the remaining 3 users by entering '0002'.
I guess your requirement can very well be met, as explained in the example above. Also implement the following SAP Note to be able to assign the authorization group at document header level (account type '+') and at line item level in Transaction OB52.
https://service.sap.com/sap/support/notes/891505
Srikanth
PS: I have seen in a reply above that AuGr controls only special periods, which is not a correct statement. AuGr controls postings in the period specified in From per.1/Year To period/Year in OB52. -
Hello,
I'm doing my internship at a litte Telekom company. I'm investigating how they can use MS SharePoint as their central place to put projectinformation. Now i've been thinking what happends when i do the following:
Make one document library
Add 2 groups to the Active Directory, group "A" with all the employees and group "B" with only four people working on a project. When i add a document to the document library and set the authorizations for the document as
follows:
Group B: Read/Write
Group A: Read
Does the people from group B still be able to edit the document, because they are also in group A?
I don't have a test environment to test this myself.
Why i want to know this? The company want's one place to place all their documents with projectinformation. This information is about different projects. You only wan't that people can change the specific document when they are working on the specific project
where the document belongs to.You get the union of permissions, so if one group allows access and the other not, you will get the union of both and therefore access. Of course, you can break security settings per library/folder or document, and specify new settings,
if you need too.
Kind regards,
Margriet Bruggeman
Lois & Clark IT Services
web site: http://www.loisandclark.eu
blog: http://www.sharepointdragons.com -
Creation of Authorization group
Hello All,
I have a requirement from FI consultant for creation of new authorization group. This auth. group we want to use in FI objects like F_BKPF_BEK. so that for few end users they should not change any vendor data in FK02.
I have gone through several posts, but not able to get / understand clear steps for creation of auth group and assignment.
One of the post i found is below:
[How to create Authorization group;
i tried to do few steps but not in right direction. Request you some one please suggest me the steps for cration.
Rgds,
Durga.Julius,
Thanks for the update. As suggested by you i have inserted one entry of auth group in TBRG table against FI object with SE16.
Now how do we maintain the view of V_TBRG. Is it from SE11?, if yes then i should do this step from ABAP login.
But what i heard is, this activity is purely involved by Basis people.
Please suggest.
Rgds,
Durga. -
Authorization Group in CV01n Document Data tab
Hi SAP Gurus,
I went on to Configure the Authorization groups at spro / Document Management / Approval Tab,
but the same is not appearing in CV01N create document, Basic data tab. Screen......
can any one explain how to configure this Authorization Group and make use of this Authorization Group
i tried in PFCG, at object C_DRAW_BGR, also but the authorization groups i have created is not displayed at all.
what is the Configuration missing and to work with Authorization groups.
please Advice
Points Awaiting
Thanks and Regards
KumarDear Punam,
Thanks for ur reply. i have created the authorization groups in SPRO at the approval Tab,
and also can see the Field Authorization Group in CV01N basic data Field but
By pressing F4 or searching i could not find my Auth groups created there,
Nor i could find them at PFCG, at C_DRAW_BGR objects, at BEGRU
where has my created Auth group gone,
please explain how to work with Auth groups. where and all it has to be assigned and linked.
How to use Authorization Groups for Digital signatures and restrict users For accessing Documents And Original files specifically.
Thanks and regards
Kumar -
SOCO, when PO creation "No authorization to access document BBP_PD_PO"
Hello,
I am in SOCO transaction trying to creta a PO from two SC.
I have this error "No authorization to access document BBP_PD_PO"
Someone know who to resolve it?
Cheers,
MartaHi
Seems like Z roles created in the PFCG transaction by BASIS team is having problems.
For time being, to verify this, Try giving SAP_ALL access to the user to confirm the same. Ask BASIS guys to help you out.
In Transaction SU53 -> you can get the detailed Authorization object missing in the user's profile.
Try executing the same transaction in SRM GUI and then you will be able to get to know that which Authorization object is missing.
Regards
- Atul
After attaching the missing object in the user's profile, the problem will be solved. -
Authorization Group (BEGRU) search help required in Easy DMS
Hi all,
I had defined some value in authorization group (BEGRU) in SAP. When i opened the Document using CV01N/ CV02N transaction, then F4 help is available to me.
but when i opened the same document via SAP Easy DMS 7.0, Search help functionality is not there.
How could i activate this.
Pls.. Suggest.
Regards,
S AnandHello Sheo,
EasyDMS does not provide search help for Authorization object as of the latest release. The search help achieved by customization of the domain BEGRU does not reflect in EasyDMS.
To achieve this, you can enhance easydms interface by using either easydms plugins or EasyDMS custom tab.
refer:
http://wiki.sdn.sap.com/wiki/display/PLM/EasyDMSPlugin%28Addin%29-Advanced+Development
note: 1355293
Regards
Surjit -
Dear Friends,
I know I can restrict two user "A" & "B" who create DIR " 1001" & "1002" respectively under same document Type say "DRW". Means they cannot display the DIR created by each other by Authorization Object "C_SIGN_BGR".
I have tried this and works perfect.
But my question is can I maintain these Authorization Groups so that when user enters any wrong Authorization group, it should not allow him to enter in Authorization Group Field.
If I Maintain the setting in SPRO in DMS>Approvals>Define Authorization groups, will my maintained values will be validated with the values I enter in Authorization Group field.
Also I know the developement mentioned under link.
[https://wiki.sdn.sap.com/wiki/display/PLM/F4forAuthorization+group]
But I want to avoid this developement.
Waiting for your reply.
With warm Regards
MangeshHi Mangesh,
To achieve this I suggest you to Update domain BEGRU as mentioned in the link
http://wiki.sdn.sap.com/wiki/display/PLM/UsingAuthorizationGroupfieldin+DMS
values can be maitained in ztable
You can also have search help for BEGRU, by adding search help in DRAW table for BEGRU.
also go through post - Re: Authorization Group in CV01n Document Data tab
Auth object C_DRAW_BGR has field value reference to data element BEGRU
Regards
Surjit -
Authorization control for document status
Dear All,
I want to control the status change of Documets created,
How can i achieve this, so that a perticular user /ID can change the perticular status,
I have ,
01
02,
03,
04, Rel.
05,
Do i need to put some trace anf find Objects to control...
or there is any standard method to do this..
Please guide me..
Regards
RaghuHi Raghu,
Here are DMS authorizatoins objects. For handle status it should be C_DRAW_STA
C_DRAD_OBJ Create/Change/Display/Delete Object Link
C_DRAW_BGR Authorization for authorization groups
C_DRAW_DOK Authorization for document access
C_DRAW_MUP Authorization for Markups
C_DRAW_STA Authorization for document status
C_DRAW_TCD Authorization for document activities
C_DRAW_TCS Status-Dependent Authorizations for Documents
C_DRZA_TCD Document Distribution: Authorization for Recipient Lists
C_DRZI_TCD Document Distribution: Authorization for Distribution Order
S_ECL_CAT ECL Viewer: Authorization Object for Stamp Categories
S_ECL_STP ECL Viewer: Authorization Object for Printing with Meta Data
S_ECL_STP2 ECL Viewer: Authorization Object for Printing with Meta Data
Hope that it will help you
//Håkan -
Authorization group restriction
Hi ,
I would like to know how to restrict authorization group FCAR and FCAP.We could see it is related to F_BKPF_BES object .It seems the same authorization object should be given the following access
--display access for documents asigned to authorization group FCAP
--should not allow display for documents assigned to authorization group FCAR
If we restrict using FCAP (displays access)the second condition works fine but the first one it displays line items only for G/L accounts.Vendor line items does not get displayed.
Please let me know your thoughts on this.Hi Mekha,
You can add another object F_BKPF_BES manually and in the first one give
display access for documents asigned to authorization group FCAP and in another no display for documents assigned to Auth group FCAR
**Reward points accordingly
Junaid -
Set up authorization group F_LFA1_BEK
Hi All,
I would like to limit visibility of specific vendors and any related documents. In the contol field of the vendor master (lfa1-begru), I entered an authorization group. How do I limit the user's access to this authorization group. Do I need to create an activity group before our security team can enter it into the user's profiles?
When I do an F1 on the control field, the procedure information states that 'You assign the authorization using authorization object F_LFA1_BEK.'
Kind regards,
Cheryl AdamonisHi Cheryl
You just need to advise your Security Team the authorisation group value that you assigned, and what activity the users will need to have.
For example, if you entered authorisation group ZZZZ in the vendor master:
You would need to tell the Security Team, for roles XXXXXX, the authorisation object is L_FA1_BEK. The activity is (1 = Create, 2 = Change, 3 = Display etc) and the Authorisation is ZZZZ (eg the one assigned to the vendor). This will then restrict the users access.
Regards
Kylie -
Re: userexit in AR document creation
Hi,
Where can I find the User exit for ar entry, tcode FB70.
I need to update a customized table when creating an entry (regardless CN or DN).
Thankshi,
check these exits.
Transaction Code - FB70 Enter Outgoing Invoices
Enhancement/ Business Add-in Description
Enhancement
SAPLF051 Workflow for FI (pre-capture, release for payment)
RFKORIEX Automatic correspondence
RFEPOS00 Line item display: Checking of selection conditions
RFAVIS01 Customer Exit for Changing Payment Advice Segment Text
FARC0002 Additional Checks for Archiving MM Vendor Master Data
F180A001 Balance Sheet Adjustment
F050S007 FIDCCH Outbound: Influence on IDoc for Document Change
F050S001 FIDCMT, FIDCC1, FIDCC2: Edit user-defined IDoc segment
F050S002 FIDCC1: Change IDoc/do not send
F050S003 FIDCC2: Change IDoc/do not send
F050S004 FIDCMT, FIDCC1, FIDCC2: Change outbound IDoc/do not send
F050S005 FIDCMT, FIDCC1, FIDCC2 Inbound IDoc: Change FI document
F050S006 FI Outgoing IDoc: Reset Clearing in FI Document
Business Add-in
FI_PAYREF_BADI_010 BAdI: Payment Reference Number
FI_RES_ITEM_CURRENCY Document of Residual Item with Invoice Currency
FI_TRANS_DATE_DERIVE Derive BKPF-WWERT from Other Document Header Data
FVFZ Replacement for Function Modules of Function Group FVFZ
INVOIC_FI_INBOUND BADIs for Inbound IDoc INVOIC FI (Vendor Invoice)
RFESR000_BADI_001 BAdI for Own Processing of POR Item
FI_DOC_DISP_LI Diversion to Document Items (FB03)
FI_FB08_SUBST_BUDAT FB08: Check Posting Date for Reversal of FI Doc. with FB08
FI_HEADER_SUB_1300 Screen Enhancement for Document Header SAPMF05A
FI_GET_INV_PYMT_AMT BAdI for determining the payment amount for an invoice
FI_AUTHORITY_ITEM Extended Authorization Check for Document Display (FB03)
BADI_BRNCH_TO_BUDAT Deriving BUDAT based on BRNCH (ENJOY)
BADI_ENJ_ALT_ADR Go to alternative vendor/customer data
AC_QUANTITY_GET Transfer of Quantities to Accounting - Customer Exit
ADJUST_NET_DAYS Change to Net Due Date
BADI_F040_SCREEN_600 Screen Enhancement on F040 0600 Document Header
BADI_FDCB_SUBBAS01 Screen Enhancement 1 on FDCB Basic Data Screen (010, 510)
BADI_FDCB_SUBBAS02 Screen Enhancement 2 on FDCB Basic Data Screen (010, 510)
BADI_FDCB_SUBBAS03 Screen Enhancement 3 on FDCB Basic Data Screen (010, 510)
BADI_FDCB_SUBBAS04 Screen Enhancement 4 on FDCB Basic Data Screen (010, 510)
BADI_FDCB_SUBBAS05 Screen Enhancement 5 on FDCB Basic Data Screen (010, 510)
BADI_PRKNG_NO_UPDATE BAdI for Deactivating Update of Parked Documents
F050S008 FIDCC1, FIDCC2 Inbound IDoc: Update Comparison Ledger
FBAS_CIN_LTAX1F02 Tax interface
FBAS_CIN_MF05AFA0 EWT - Downpayment Clearing - Tax transfer for CIN
FISPLIT Online Split: Cash Discount, Exchange Rate Differences -
Authorization Group restrictions
Hi Experts,
I want to restrict user to access documents with help of Authorization Group field in DIR.
But, problem is client required this Auth. Group field as selection field and not as an entry field available in standard DMS.
How to provide selection list to user for Auth. Group field. With BADI & SAP Access Key possible but not useful in my case because of some client side restrictions.
Can SAP Moderator guide me, why SAP chose not to offer a drop down on Authorization Group field with a user selectable list option? Also not even gave chance to consultant to do configuration for such a critical field.
Thx in advance..Hi
Check my Wiki on the same.
If you need any more info, get back
Link: [Authorization group|https://wiki.sdn.sap.com/wiki/display/PLM/UsingAuthorizationGroupfieldin+DMS]
And if you want to activate dropdown F4 then check this wiki:
Link: [F4 for auth group|https://wiki.sdn.sap.com/wiki/display/PLM/F4forAuthorization+group]
Niranjan
points welcome for useful info
Edited by: Niranjan Dandekar on Dec 12, 2008 2:08 PM
Maybe you are looking for
-
Java dc use another java dc with java.lang.NoClassDefFoundError
Dear All: I've created 2 java dc. I assinged the second dc as a used dc for the first dc. I've created a web dynpro dc and add the first dc as used dc. I can build those three dc without any error, but when I deploy to server and run I got an excepti
-
Submitting Pdf form fields to a MySQL database via PhP
Hi there, I have recently created a Pdf in Adobe LiveCycle which looks great, and I have added a submit button which is set up to send all the form data in HTML to a PhP file on the server side. The PhP file then collects the form data and inserts it
-
Help w/ ADF UIX event parameters
Is there any way to add a parameter when firing an event like this: ==========code============= <link text=" Accounts " destination="${ctrl:eventUrl(uix,'changePage')}"/> =========================== Bellow is how I used to fire events using a link bu
-
Documentary Payment Guarantee Data Source (AKKP table)
Hi sap gurus, I couldn't find a data source based on AKKP table. I need Documentary Payment Guarantee information. I can create documants with vx11n. this transaction creates data at AKKP table for a specific customer. is there any specific data sour
-
Ovi map navigation crashes on E71
I have installed ovi maps on my E71. However, it crashes everytime within a minute of starting the navigation. Voice navigation will give the first instruction and then the E71 crashes to a dimmed white screen with the Nokia logo on it. The phone is