Authorization group in Z-Table and user assignment
Hello,
I have created Z table which stores sensitive data and have created maintenance view. I want particular users only to have change access to this table through SM30 and for that I have created my own autorization group. Now my question is: How I can assign user names to this authorization group? how does it work? Is this through Role assignment to user profile? I dont have any basis support help for me for this task and hence trying to do it myself in sandbox system.
Since this is not my domain step by step help will be appreciated.
Thanks.
Agasti..
HI,
useful link
http://www.richardsantos.net/2009/03/16/sap-how-to-create-and-use-the-authorization-objects-in-abap/
Thanks
Sudheer
Similar Messages
-
ASSIGN AN AUTHORIZATION GROUP TO MANY TABLE
Hello,
I have several hundreds table to assgin an authorization group zaut.
Is there any easy way to do it?
I do not want to go se54 and change all table authorization group one by one.
Please help.
Thanks,
JeongbaeUse Tcode SM30V_DDAT to assign the Authorization Group to multiple tables.
Regards,
Naimesh Patel -
Extraction of roles content and user assignment
Dear all,
we want to transfer some CCA-rights to BI into a table, which will be referenced in a role in BI.
Purpose is to tranfer the authorization concept from ERP to BI.
I have to write for this some function module, which might be a bit complex but not impossible.
Has anyone experience with this?
Regards
Harald.HII,
To search for roles with no users assignment u can run a report RSUSR070 AFTER EXECUTING TCODE SA38 in the progran field enter the name of the report and click execute button u get roles by complex selection criteria then scroll down and in the selection according to user assignments select without user assignment then cli ck execute button u will get the roles with no user assigments............
Thanks and regards -
Importing all tables and users from Oracle 8i database to Oracle 10g
Hi friends,
It would be highly appreciated if someone would kindly advise steps needed to
import full Oracle 8i database ( with all users, tables, table spaces
and other components ) to Oracle database 10g .
Thanks and regardshi
ur exp ur database from oracle 10g. from exp cmd instead of expdp cmd bcoz oracle 10g. expdp cmd is not compitable with oracle 8.
simple give cmd>exp cmd if u want exp complete database from oracle 10g..
if u have any problem go reference oracle database utilities ....
and then imp in oracle 8 using imp cmd cmd>imp cmd bcoz here u want imp complete database....
i hope u do ur work successfully...
regards
Mohammadi -
Hi ,
We are on EP6 SP10 and have a strange issue involving
collaboration rooms.We are having MS-AD UME.
Now after changing from one ldap to another , some users
are displayed as ldap id's in the rooms while some are not.
They are displayed properly with name itself.
Why is this so? Is this because they have been deleted in the
ldap but not in the room , something like that.
Also there is no way to remove these id's from the room too,
this generates a runtime error.
Any help on this would be appreciated
Regards
VineethHi Vineeth,
Why is this so? Is this because they have been deleted in the
ldap but not in the room , something like that.
Sound reasonable, if this is in fact your situation.,
Also there is no way to remove these id's from the room too,
this generates a runtime error.
Ýou could try to remove the users from the corresponding group via the UME. For each room, there is a group created in the UME with the name "ROOM_[roomname]_MAIN" and the ID "ROOM_[roomid]_MAIN". Open that group and try to remove the user entries in question from there.
Hope it helps
Detlev -
Groups out of Repository and Users out of LDAP
Hi together,
is this combination above possible?
Regards,
Stefan HessI think it should be possible, but I would not recommend it.
About storing the users in the repository:
- For each new user you have to update the repository. You can add the users on the fly by opening the (production) repository in online mode. But then you have to do the same action again in the offline (development) repository, because otherwise the added user will be gone when the development repository is released on production.
About deleting groups out of the repository:
- In this case you cannot authorize the presentation layer for a group of users. So for each subject area, or worse presentation column, you may need to set the right authorization for each user. -
Subject area security validating users and groups from external table
Hi all.
I don't have practice to put question here, but there is one problem, that seems don't work correctly in OBIEE.
I'm trying to put users in groups within external table and this works fine.
I put security on the subject area level like this:
SA1 -> GroupA allow, Everyone not allow
SA2 -> GroupB allow, Everyone not allow
External table:
User----------Group
A---------GroupA;GroupB
B---------GroupB
Users A, B and GroupA, GroupB exists in the RPD, but I didn't put users inside them, I want this from table.
From the init block, external table I'm taking users and join them in the group. Same name users and groups are also in the presentation service.
When i connect with user A i don't see any subject area, when go to My Account i see in Group Membership/GroupA and GroupB, so it's readed from the external table.
Why in this case the subject area permission is not working?
It works if I explicitly put users in groups, in the RPD.
I have read this blog entry http://kpipartners.blogspot.com/2009/07/groups-webgroups-and-delivers.html and it is said that this works, but I'm interested how.
What should we have in the presentation part, administration, Manage Privileges -> Access within Oracle BI Answers option for those two subject area?
This doesn't work or something is missing:
Re: Security on Subject Areas
Regards
Goran
http://108obiee.blogspot.comWhat should we have in the presentation part, administration, Manage Privileges -> Access within Oracle BI Answers option for those two subject area?Yes, you should remove Everyone and add the relevant groups to each Subject Area. You don't need to set privileges in the RPD, in fact that's probably why it doesn't work for you. Leave your RPD Presentation Catalog as "Everyone" = Read as you will controlling access from the Presentation Services and it should work.
-
Table for Role & Authorization group
Hi Gurus,
I am looking for a table or FM to get all roles for Authorization group.
I tried in SUIM tcode but could not able to find exact DB table for these.
Giri
P.S.: To Moderator:
My earlier thread was locked for the same question, I was searching in SDN and google from last 3 days and could not able to find enough information on it. AGR_USERS, TBRG, TACT are the tables i found. But still there is a link missed between Role & Authorization Group.Thomas,
My report have selection screen with Auth group and user.
If user provides Auth. Group then need to find all roles linked to auth group and users assigned to that role.
In my investigation, there is link between Auth. Group <--> Auth. object.
Also Auth. Object <--> Role.
but still there is a fine link missing between Auth Group <--> Role.
For Eg: Auth Object S_TABU_DIS will be associated to all Auth. Groups but assigned to only limited roles.
I tried to debug the SUIM transaction multiple times but couldn't find the tables to find the link and not able to find the FM's.
if anybody have any idea to find that link between Auth. Group & Role then it will be helpful....
Giri -
How to find tables contain in particular authorization group.
hi all
By using SE11 , i just enter a table name like "MARA"
then i go for display
then by clicking utilities->assign authorization group
i can get the info. about tablename and which authorization group(MM) the table belongs and its desc.
my question is if the Authorization group is MM, i need to know the list of tables belongs to that particular auth. group.
regards
prasHi Pras,
These are stoed in table TDDAT. you can use se16 for this table and enter MM in CCLASS field hit execute.
Ravi
[My SAP Blog|http://raviinsap.blogspot.com] -
Authorization group for table maintenance view
I need to create table maintenence view for a custom table, client provide name for auth. group, but no clue how to create auth. group.
can someone provide the steps to do this?Hi,
Follow below steps to create table maintenance for a table and to assign authorization group to a table:
step1: Go to SE11 enter the table name
step2: In the standard toolbar you will find UTILITIES
Go to UTILITIES -> TABLE MAINTENANCE GENERATOR
You will go to first screen of Table maint. gen.
Here you will find to enter authorization group.
Thanks and Regards,
Shravan G. -
BADI or exit for WA08 to group it by allocation table and vendor
Hello Experts,
I have a requirement wherein I need to group the rows upon generation of purchase orders in tcode
WA08. I need to group them so that I can create a PDF format of the PO grouped by allocation table and vendor.
For example, If I created 4 purchase orders with allocation table 123 and vendor 456 then it should only produce
1 PDF file. Are there any BADI or exit that can group my selected rows as per my requirement?
Thank you guys and take care!Hi ,
I also have this problem and want to know any exit or BAdI for controlling PO item in WA08.
Best regards,
Connie -
Authorization Group in BOM Header
Can any one guide how to create Authorisation group for Bom and also it's use. <See field Authorization group in BOM header>
Regards,
SamarHi,
The Authorization group can be created as follows
Transaction SE54 >Select 'Authorization Groups'>Create/Change-->New Entries.
Now the authorization group created can be assigned to your table.
Goto transaction 'SE56' and select authorization group radio button and create your authorization group.
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
USE
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented.check Su22 and SU24u will get list of objects
Hope clear to you.
Regards,
R.Brahmankar -
Authorization coding in custom table
Hi frnds,
I want to give an authorization to a custom table. I have created a new authorization group and assigned a role and user for it.
I had done a coding to check the authorization in Maintenance generator program.
MODULE CHECK_AUTHORIZATION OUTPUT.
data : w_tddat like tddat,
viewname type tabname value 'ZTSD_IB_TRMAP',
act_level.
select single * from tddat into w_tddat where tabname = viewname.
if sy-subrc <> 0 or w_tddat-cclass = space.
w_tddat-cclass = '&NC&'. " 'non classified table'
endif.
authority-check object 'S_TABU_DIS' "check by class
id 'ACTVT' field '02'
id 'DICBERCLS' field w_tddat-cclass.
if sy-subrc <> 0. "not allowed
authority-check object 'S_TABU_DIS' "check by class
id 'ACTVT' field '03'
id 'DICBERCLS' field w_tddat-cclass.
if sy-subrc = 0.
fupd = space.
fshow = 'X'.
act_level = '03'.
p_action = 'S'.
message w106(tb) with viewname."only show allowed
else.
message e107(tb) with viewname."no upd auth
endif. "sy-subrc from 2nd auth_check
else. "act_level <> 02
message e105(tb) with viewname . "no show auth
endif.
endif.
ENDMODULE. " CHECK_AUTHORIZATION OUTPUT
But the problem is on debugging even for the unauthorized user the authorization check coding:
authority-check object 'S_TABU_DIS' "check by class
id 'ACTVT' field '02'
id 'DICBERCLS' field w_tddat-cclass.
gives sy-subrc = 0.
What is the problem with the coding.
Also can an one explain me about
fupd = space.
fshow = 'X'.
act_level = '03'.
p_action = 'S'.
and what are the datatypes to be given for it on data declaration.
Thanks in Advance>
neethu wrote:
> I have created a Z table and I need to create and assign an Authorization group to the table. The requirement is like, say, if there are 10 users who belong to this particluar Authorization group, then 5 users should be given display and change authorization. And the remaining 5 users should be given only display authorization & no change authorization.
>
Assuming users are accessing the table content using SM30 (or SM30 parameterised transaction) you can use authority object S_TABU_DIS to control change mode. User who are suppose to change content should have authority object S_TABU_DIS with following values in their role.
S_TABU_DIS
ACTVT = 02
DICBERCLS = AUTH_GRP
for display only
S_TABU_DIS
ACTVT = 03
DICBERCLS = AUTH_GRP
Where AUTH_RP is authorization group assigned to table
Regards,
Pawan.
Edited by: Pawan Kesari on Aug 9, 2010 4:17 PM -
Authorization Group in CV01n Document Data tab
Hi SAP Gurus,
I went on to Configure the Authorization groups at spro / Document Management / Approval Tab,
but the same is not appearing in CV01N create document, Basic data tab. Screen......
can any one explain how to configure this Authorization Group and make use of this Authorization Group
i tried in PFCG, at object C_DRAW_BGR, also but the authorization groups i have created is not displayed at all.
what is the Configuration missing and to work with Authorization groups.
please Advice
Points Awaiting
Thanks and Regards
KumarDear Punam,
Thanks for ur reply. i have created the authorization groups in SPRO at the approval Tab,
and also can see the Field Authorization Group in CV01N basic data Field but
By pressing F4 or searching i could not find my Auth groups created there,
Nor i could find them at PFCG, at C_DRAW_BGR objects, at BEGRU
where has my created Auth group gone,
please explain how to work with Auth groups. where and all it has to be assigned and linked.
How to use Authorization Groups for Digital signatures and restrict users For accessing Documents And Original files specifically.
Thanks and regards
Kumar -
Creating Authorization groups for material types
Hi All,
I have a requirement to create Authorization groups for different material types we have in our company. Basically these are intended to restric the users from accessing the material master. Different material types needs to be assigned to differnt group of users.
So if we can create couple of Authorization groups, then I am thinking of assigning the material types to these groups.
I went to SPRO---Logistics general ---Material master -
Tools --- Maintain authorization and authorization profiles. TCODE : PFCG
Is this the right path?
Please advise
ShaneHi All,
I don't think SPRO---Logistics general -Material master- Tools --- Maintain authorization and authorization profiles is the right path to create new authorization groups.
Can anyone explain how to create new authorization groups for different material types. The purpose is to create a role and assign this auth. group to this role and provide that security role to specific users.
Regards
Shane
Maybe you are looking for
-
Vendor text doesn't transfer from SRM PO to R/3
Good evening, We are new in SRM SCE, we have a problem with the vendor text. In SRM appears this information and the PO is e-mailed correctly but when we review the PO in R/3 this information doesn't fill in. We don't know if the problem is in SRM or
-
Firefox have some problems and it block when is opening hotmail, in my laptop always have that problem, so i need check my email using another programs...that problem is in my laptop or it´s a problem of navigator??
-
Capturing Log changes made to Z Table
Hi All, I have to detect changes for a Z-field in a Z-table. Im going to use CDHDR table and CDPOS table to check if any changes are made to field. I enabled log data changes in technical settings of Z-table and also change document for the
-
Future support for C++0x in Sun Studio
I've recently been having to defend my choice of using the sun studio compiler against several gcc advocates here in the office. The one reasonable issue they keep bringing up is when the upcoming C++0x (more like C++1x or even C++2x at the pace the
-
Hi, I am trying to split invoices based on SH (ship-to-party) I have a couple of questions regarding this: 1. I am planning to create a routine that will set the split criteria. Should the structure that is to be passed to VBRK-ZUKRI should always be