Authorization issue for a DSO
There is a DSO in our system.
It contains characteristics 0ORGUNIT and 0USERNAME which are each flagged as Authorisation Relevant
The report than runs off this ODS doesnu2019t actually use them. However, the authorisation process still makes checks when checking at Infoprovider level (Paul has run a trace to show this)
What I plan to do is to unflag the characteristics and transport them up.
i) I can do that without it having any impact on the ODS itself , yes?
ii) Can you think of a reason why I shouldnu2019t do this? We donu2019t need these 2 characteristics to be auth objects.
Thanks,
Nitika
What I plan to do is to unflag the characteristics and transport them up. => this plan will solve all your issues but mind it they are SAP standard chars
i) I can do that without it having any impact on the ODS itself , yes? => yes , there will be no impact on ODS due to these changes
ii) Can you think of a reason why I shouldnu2019t do this? We donu2019t need these 2 characteristics to be auth objects. => if authorization check is there then it means it could be used for authorization purpose while query execution but in yr case if authorization is not needed then just deflag those checks and go ahead if it is creating a trouble
Similar Messages
-
Authorization issue for TR VD01 & VD02
Hi all,
In customer master creation for TR VD01 and VD02 basically we have 3 VIEWS( General data, company code and sales area data). My main requirement is we have 3 sets of users. for one set of users we should give authorization only for creating and changing general view., and other set of users to create only company code data and changing this view. Ie based on views i need to give authorization to the end users. Is it possiable to do this through abap( through user exit) or else this requirement can be done by basis.
Regards,
Smitha.Hi Suvendu,
Many thanks for your replay,
here for this scenario i am not able to identify which view currently the user is changing(techinically)
Ie in userexit i am not able to identify which view he is currently changing.
How can i distinguish bwtween this 3 views.
Regards,
Smitha -
HR Authorization issue for specfic User
Dear all,
One of the HR user , he can run payroll on particular site ,
i have assigned Org key of site to master data on the particular role .
User tried to run payroll using pa30 with personnel no (one of store user) .
but system is not take any value and its not showing any error also .
For example pls check below detail i have tried my user id and system has shows below details of the user (below details is one of the store user ).
Personnel no. 2941
Name A Mohammed Younus
Personnel ar ZOSO EE group A
Subarea STCH EE subgrp 3E
Kindly suggest to resolve the issue
Note : 1, i have deleted the user and i have recreated role .
2, i have copied another user role (he can run payroll) to effected user ,even though he cant able to run payroll.
Edited by: satheesh0812 on Dec 17, 2010 9:29 AMDear all,
I dont thing so there is no issue with Role ,only issue with Structure Auth..
Becoz pls check below Authorization Object.
Changed HR: Master Data
Authorization level E, M, R, W
Infotype *
Personnel Area *
Employee Group *
Employee Subgroup *
Subtype *
Organizational Key 20000156, 20000157, 20000201
In OOSP for particular Org key .
Auth profile Auth.Profile name
CTHR_CHENNAI CTHR_Chen
Auth profile No Plan Vers Obj Type Object I Maint Eval.path Status vec
CTHR_CHENNAI 1 01 O 20000156 O-S-P 12
CTHR_CHENNAI 2 01 O 20000157 O-S-P 12
CTHR_CHENNAI 3 01 O 20000201 O-S-P 12
In OOSB details
IN OOSB I have assigned Authorization profile to UserXXX, user can see all employee details in PA30 except one employee details , can
User name Autho.profile Start date End date Exclustion Display Objects
XXXX CTHR_CHENNAI 01.01.2005 31.12.9999
If i give Autho.profile --> all instead of CTHR_CHENNAI ..
HR executive can able see all employee details in PA30 ...
Let me know where exactly issue is there ...
Kindly suggest... -
Authorization issue for Jump query from Summary to Detail
Hello Gurus,
I am facing an interesting issue in Jump query authorization.
I have a query on a summary cube which has Company code as a authorization relevant object .From this query I launch a query on detail cube.This details cube has company code and customer as authorization relevant objects.Customer is present in free characteristic for this query.Summary cube doesnt have the customer object at all.
When the user drillsdown on the Customer level in the details query he get the authorization error.After this if he just refreshes the query it works fine .
Can anybody please suggest any innovative workaround for this issue.
GautamHello Gurus,
I am facing an interesting issue in Jump query authorization.
I have a query on a summary cube which has Company code as a authorization relevant object .From this query I launch a query on detail cube.This details cube has company code and customer as authorization relevant objects.Customer is present in free characteristic for this query.Summary cube doesnt have the customer object at all.
When the user drillsdown on the Customer level in the details query he get the authorization error.After this if he just refreshes the query it works fine .
Can anybody please suggest any innovative workaround for this issue.
Gautam -
Authorization Issue for Object CRM_ORD_PR
Dear All,
When user search sales orders in PCUI by sales org, Distributional Channel and Division criteria it shows the result list. But it is also throwing the error as "You are not authorized to Display this transaction"
I am not sure why system is showing this message.
I have checked the auth objects for this user.Authorization Objects CRM_ORD_PR and Object CRM_ORD_OE are inactive for the Role.
When I searched the sales order in SAP GUI and when I click on the sales order from Locator it is giving the message as "You are not authorized to Display this transaction". When I checked the SU53 dump it is giving the message "Authorization check failed
Authorization Obj CRM_ORD_PR Authorization Object CRM Order -Business transaction Type.
So my question is though we have made the CRM_ORD_PR object inactive why system is showing the message in SU53.
Also when I checked the trace system is also checking this object.
Please help.
PankajRika,
Thanks for taking the time to reply, it's really appreciated.
I will pass the details of this note over to our Basis team to see if this helps us resolve our issue also (we are trying to prevent unauthorised objects showing in user search result lists).
We are on CRM 2007 though, so I am not sure whether it will still be relevant.
Many thanks again,
Andrew G. -
Authorization Issue for Inventory in warehouse report
`Hi All
I face a issue in giving authorization for a single report to a user in the Inventory reports. The report is Inventory in warehouse report.
Can u please tell what are the preliminary authorizations to be set for the user to execute the report. The thing is he should not be able to see the item cost and Last purchase prices.
Thanks... MarikannanHi,
I am not sure if the authorization for such report is available. I just suggest you to check if form settings icon is able to access or not. if you can open the form settings, I think you can set authorization to be no authorization to access the form setting for certain users.
Rgds, -
Authorization Issue for BI Reports
Hi All,
I am running the report with one User, and while running i am getting the error message as "NO AUTHORIZATION"
I have checked in Su53 and got some logs over there. Pls find below.
Authorization check failed
Object Class RS Business Information Warehouse
Authorization Obj. S_RS_COMP Business Explorer - Components
Authorization Field ACTVT Activity 16
Authorization Field RSINFOAREA InfoArea 0CRM_SERV_SO_QUOTE
Authorization Field RSINFOCUBE InfoCube ZLEVAL
Authorization Field RSZCOMPID Name (ID) of a reporting component ZLEVAL
Authorization Field RSZCOMPTP Type of a reporting component REP
User's Authorization Data PROGRAM
Object Class RS Business Information Warehouse
Authorization Object S_RS_COMP Business Explorer - Components
Authorizat. T-B372019300 Business Explorer - Components
Profl. T-B3720193 Profile for role Z_PROGRAM_LOGIN
Role Z_PROGRAM_LOGIN Role for Login Program
Authorization Field ACTVT Activity *
Authorization Field RSINFOAREA InfoArea *
Authorization Field RSINFOCUBE InfoCube *
Authorization Field RSZCOMPID Name (ID) of a reporting component ASPDEFECTSTOCKDESPATCH, ASP_DEFECT_STOCK_REPORT
Authorization Field RSZCOMPTP Type of a reporting component
Thanks,
Jelina.Hi jelina,
the user has only
Authorization Field ACTVT Activity 16 >> include 03, 06 also
Authorization Field RSINFOAREA InfoArea 0CRM_SERV_SO_QUOTE >> try to include the info area the report in or *( all)
Authorization Field RSINFOCUBE InfoCube ZLEVAL >> try to include the info cube the report in or * (all)
Authorization Field RSZCOMPID Name (ID) of a reporting component ZLEVAL >> the technical name of the report should include
Authorization Field RSZCOMPTP Type of a reporting component REP >> include Query View too
kris -
Hi All Authorization Issue for CS02
Hi,
I have a transaction cs02. I am making changes using by calling this transaction( ie i have used it in program as call transaction cs02.) but for this transaction few user's don't have Authorization .So when these user's run the report they are not able to do the changes using this transaction. Is there any way where we can do these changes eventhough these user's don't have Authority to 'cs02'.Hi Jaffer,
You need to use su53 after the error happen and assign the right roles or access to the objects needed so users can make changes in the required transaction.
Regards
Juan
PS: Please award points if helpful! -
VL09 Authorization issue for Inbound Delivery
Dear Experts,,
When we reverse the goods movement in VL09, authorization check is made for Goods receiving/Shipping Point.
This is fine for outbound delivery because we always have a shipping point defined.
However, most of the Inbound Deliveries have no Goods Receiving/Shipping Point.
So, if we give the authorization for u201CBlanku201D receiving point = " ", the user can reverse goods movement for any inbound delivery.
How can we restrict this?
Please suggest your valuable inputs
Regards,
ShahsidharHi,
most of the Inbound Deliveries have no Goods Receiving/Shipping Point.
If you doing inbound delivery by VL10B, then you should specify shipping point.
Define shipping point for inbound delivery and maintain authorization
kapil -
Authorization Issue for Transaction Codes PA10,PA20,PA30 &PA40
Hi Experts,
I have created Custom role for accessing ALL HR Transaction codes in IDES System and added to the user & Tested.
All transactions codes are working except PA10,PA20,PA30 &PA40
Please help me regading this.
Advance Thanks,
BBCHi,
I had check with basis Team, they told that I have all authorizations.
This is New Installation for R/3 HR IDES System. even basis Team also created role for above transaction code but not getting access.
We can accesss all transaction codes except these.
All are new for HR. here anything needs to be configure for access PA10 to PA40 Transaction codes.
Please advice me.
Thanks & Regards,
BBC -
Transaction Launcher - TCode Authorization Issue for ERP transaction
We are trying to implement an ERP transaction in the CRM WebUI via the transaction Launcher. Everything has been set up properly and the transaction appears in the nav bar. I am running it to launch a new window. When i click on it, a new window pops up, with transaction IC_LTXE and an error saying
*"You do not have authorization to view transaction ZSD_IC".*
Everything seems to be set up properly and we can access the transaction with the same user id in ERP. He has SAP_ALL.
Does this have anything to do with IC_LTXE? Is there anything special i need to do to assign proper authorization to this user.
Thanks,
jeremyHello Jeremy,
We are trying to execute R/3 transaction from Transaction Launcher but we are facing problems.
In order to execute transactions from TL we have copied object TSTC to ZTSTC in both systems and use the method Execute to be used from Transaction Launcher customizing. Then we have customized T. Launcher in order to get two links, one to R3 transaction (using the object ZTSTC, method execute and XD03 as value parameter) and one to CRM transaction (using the object ZTSTC, method execute and CRMD_MKTDS as value parameter).
When we execute the TL link to CRM, transaction works properly through ITS, but executing the link to R3 transaction we receive the following popup message:u2018Logged Off Successfully. You have been logged off from SAP NetWeaver Application Server.u2019 the screen gets in blank and no further actions are executed.
In order to correct the fail we have implemented these notes, but the problem still remains.
0001224663 Launch of Front Office with Transaction Launcher fails
0001263716 Launching Front Office Process using Transaction Launcher
Based on your experience could you help us to get the right configuration to reach R/3 transaction through Transaction Launcher.
Thank you very much in advance.
Best regards. -
Regarding authorization issue for vf04
Hi Experts,
I have copied the vf04 transaction into ysdvf04 transaction.
And my requirement is One user is responsible for one plant.
In YSDVF04 we have the field shipment point field on the selection screen.
When that user executes this transaction ,only that particular plant related records has to come .
How to do that
Please replyHi Ramakrishnan,
Solution1:
You can delete the shipping points and plants for the user based on the table TVSWZ at the event AT SELECTION-SCREEN.
Solution2:
You can obtain the link on shipping point and plant from the table TVSWZ. If you determine for which plant the user is responsible then in your program at the final output table you can delete those records which is not pertaining to the user.
hope this would help you!.
Regards,
Devendran Krishnan. -
Issue for DTP from DSO to open hub destination
Hello Gurus,
I have a issue for DTP from DSO to open hub destination, long text for error in the monitor is as follows:
" Could not open file
SAPBITFS\tst_bi\bit\BIWork\GENLGR_OneTimeVendr_2 on application server"
" Error while updating to target ZFIGLH03 (type Open Hub Destination) "
for open hub destination, I check the configure for logical file name , which is "
SAPBITFS\tst_bi\bit\BIWork\GENLGR_OneTimeVendr",
I am wondering where that file "
SAPBITFS\tst_bi\bit\BIWork\GENLGR_OneTimeVendr_2" in the error message comes from?
Many thanks,Hi
You do not need to create a file in application server. It will be created automatically.
But if you have defined a logical file name in tcode FILE and used that in OHD and if it is not correct then it will show a conflict. Check this out. -
Authorization restriction for Goods issue against an Order
Hello All,
We have a situation wherein the user is able to issue goods using tcode MIGO by choosing Goods issue --> Others and mentioning an order number that belongs to another plant in the account assignment tab and issues a material which belongs another plant.
For eg we have material A that has been created for plant 1. The user issues the material (movement type 261)and the account is assigned to an order which has been created for plant 2.
I could not find any authorization object that restricts this.
I checked the objects M_MSEG_BWA and M_MSEG_WWA and he has authorizations only for plant 1 and all movement types.
Any pointers to restrict this access will be appreciated.
Thanks & Regards,
Subramaniam IyerHi,
MIGO transaction by default restricted with Plant. If you say that the user A is having access to only Plant 1 & 3, but not for 2, please check the below authorization objects does not have any manual objects inserted into the Role and restricted with the value only in organization field.
M_MSEG_LGO
M_MSEG_WMB
M_MSEG_WWA
M_MSEG_WWE
This issue may occur because if the objects are maintained manually in the role. If so, when you check in the organization field, it may not be showing the value which are manually added into the manual object.
Also, please check the other roles are assigned to the user. If any of the other roles assigned to the user having any of the above objects with * value, this may provide the user to do the Goods movement for any plant.
To check the issue, please go to SUIM and check the user under "Roles by Complex Selection Criteria" and make sure that you are checking the objects for the particular user. This should be able to identify whether the user is getting access from any other roles assigned to the user.
Regards
Anandm -
PGI for STO - Mvmt :351 - Authorization issue
Hi,
I have an authorization issue while posting GI. In my scenario, user does GI by movement type 351 for Plant A to Plant B or Plant A to Plant C. To execute this transaction, he needs authorization for Plant A, Plant B and Plant C. Restricting the authorization to only Plant A does not allow him to post GI, But if he is authorized for Plant A , B and C then he can do GI for B to C or B to A as well. Please suggest if there is any authorization object to sort it out.
YuvnishI am also experiencing this issue with movement type 351 in my Project.
The Project authorisation design has restricted roles to particular movement types and users to particular plants.
We are seeing that movement type 351 is requiring authorisation access to both the issuing and receiving plant (presumably becuare the movement puts the stock into 'stock in transit' stock of the receiving plant, so needs access to this plant).
However, giving the user access to multiple plants means the user can transact other movement types in these other plants - because the authorisation has been opened up for multiple plants and the authorisation check on plant seems a higher level than movement type.
In our design users should be restricted to just their own plant and in the case of the 351 movement be able to transact the movement 351-GI out of their plant successfully without needing the access to the 'receiving plant' as well. Is there a solution?
I note that movement type 303 does not require this open plant authorisation, and that movement puts the stock in 'transfer', whereas 351 movement puts the stock 'in transit', so I'm wondering what is the difference from an authorisation check perspective between these 2 movements? We will use 303 movement for the time being until a solution is sought for 351. We want to use Stock Transport Orders (with movement 351) from an MRP perspective (movement 303 doesn't work with planning).
Many thanks
Maybe you are looking for
-
Code view not in synch with Design view (Dreamweaver CS3)
Hello All, On my main work PC, I am running Dreamweaver CS3. When I am working in split view (with both Design and Code view visible) when I click on an element (say, a button) in Design view, the code view automatically shows me the code for the ele
-
In JTextArea,what Listener instead of TextArea's addTextListener ()
thank you
-
Mass Retrieval of Scanned Documents/Facsimiles
Hello Everyone, We have recently changed how we scan documents. The future process does not involve utilizing SAP to store scanned documents; however, we have historical information that we would like to extract out of SAP. Does anyone know of a wa
-
Visual Studio "Lite" vs CR 2008 upgrade for about 300 bucks
I have a problem in program access to CR objects - specifically that when i get a TextObject in code it does not support all the properties that I see in the Designer for this same object. Thats not good for me so I am considering an upgrade to next
-
How to define spare key (next to the space) as Alt Gr?
I'd like to define the spare key (net to the space key) to work as Alt Gr. Is there any software available for Satellite to remap the keyboard?