Authorization object creation manual method

Similar Messages

• Authorization object for manual condition type in sale order

  Hi experts
  I want ask them, If exist an authorization object for manual Condition type (KOMV-KSCHL) in the sales order (VA01/VA02), that the user don' t can create neither modify the sale orden with a specific manual condition type (payment term) by stardard way.
  Best regards
  John Angulo

  HI John,
  I would be surprised to know that someone uses the Payment terms as a condition in the Pricing procedure for sales orders. The payment terms define when the customer agrees to pay, (15, 20, 45 ,....days or 5 years or 10 years....whatever it be)
  this detail for what i know is in the sales order header,and ideally has nothing to do with the Item level material price conditions.
  its ok, If you mean something else by payment terms.....in principle you can have a conditon type restrcited such that manual entries on the condition are not possible. this cane be done in SPRO customizing, i am sure your functional consultants would know what to do (SPRO->Sales and Distribution->Basic Function->Condition Types), in the tab "Changes that can be made" have a value that says manual Processing is not allwowed
  The ABAP route mentioned above is for a different scenarion and i dont think it is necessary for your requirement

• Authorization object creation

  Hi All,
  I want to creat an authorization object whihc is similar to the P_ORGIN with an extra field payroll area 'ABKRS'.
  So that I have created a new authorization obj which includes all the fields from P_ORGIN and with ABKRS.
  And I assigned this to role instead of P_ORGIN. But is it not working as P_ORGIN.
  Can anybody help me in this regard?
  Thanx in advance.

  Hi,
  have you assigned your object to the transactions via SU24 ?
  http://help.sap.com/saphelp_erp2005vp/helpdata/en/9e/74ba3bd14a6a6ae10000000a114084/content.htm
  Please have also a look at
  http://help.sap.com/saphelp_erp2005vp/helpdata/en/4e/74ba3bd14a6a6ae10000000a114084/frameset.htm
  The link describes how to generate your own object if p_orgin isn't enough for your requirements.
  Hope this helps.
  Regards
  Bernd

• Authorization object creation for transaction MIGO

  Hi,
  We have created the auth object for acct asignment category with values as activity & acct assignment category.
  But when assigned to respective users, its still allowing to perform the transactions.
  Basically I am using this object for doing Goods Reciept tcode MIGO.
  As in if auth object carries value 'K' in this object i.e. for cost center then other user with value 'P' i.e. project wont be allowed to perform the MIGO for POs with 'K'.
  Kindly tell me the specifications for the auth object, so that it will restrict users from performing the MIGO.
  Regards,
  Krutika

  hi!
  1) identify the infoobject which must have restricted access. I think it is Profit Center in your case or may be PSP element
  2) in infoobject maintainance screen check Whether it is marked as Authorization relevant(RSD1)
  3) goto RSSM and create a new authorization object and add your infoobject to it.
  4) in PFCG role maintainance screen add create a new role Project Management and addt eh users to it. under the authorizations tab go to maintaina authorizatioons and add your authorization object that you create in RSSM. and maintain the correct values with in it.
  with regards
  ashwin

• Authorization Object: P_ORGXX - fields can be from a custom infotype ?

  I need to create a customer-Specific Authorization Object, but the documentation states that we can use any of the fields in IT0001, and also customer-specific additionald fields. But we need to know if those additional fields can be from a custom infotype.
  If it is not possible, we need to replicate the std P_ORGXX and the way it validates the field pa0001- SACHZ. But with fields from a custom infotype. Is there any way to do it?
  I hope you can help me with this.
  Regards,

  Hi,
  Try the link from SAP as reference for authorization object creation and how functionality for authorization object works w/ infotype.
  http://help.sap.com/saphelp_470/helpdata/en/9e/74ba3bd14a6a6ae10000000a114084/content.htm
  http://help.sap.com/saphelp_470/helpdata/en/16/b8b83b5b831f3be10000000a114084/content.htm
  Thanks,
  Ameet

• Role creation and authorization objects in sap

  Hi
  i want to know the full relationship between  creation of roles , authorization objects ,authorizations in web as abap
  Please explain the process in detail the use of PFCG and all its options and how to create Z roles

  Although, It would be a very long document to explain the query, I have briefed you on the concept. I hope it leads you well.
  - Roles are nothing but a container for authorizations. A role represents a specific part of an employeeu2019s job.
  - The R/3 authorization concept permits the assignment of either general and/or finely detailed user authorizations. These assignments can reach down to transactions, field and field value level.
  For e.g. If a user wants to create a PO we can restrict him on:
  u2022     Activity : Create/Change/Display
  u2022     Org elements like Company Code, Plant, Purchase Organization etc
  u2022     Document type etc.
  - Authorization objects are grouped in an object class such as Materials Management: Master Data (MM_G). Each Object Class may have several authorization objects and within each object we can have several authorizations (max. up to 99).
  - Fields :The permissible values for the fields constitute the authorization. For e.g. ACTVT (Activity) is a field with permissible values of 01 (Create), 02 (Change) & (03 Display) for the object M_MATE_CHG (Material Master: Batches/Trading Units). Value * for field BEGRU signifies all possible values.
  - An authorization allows you to carry out an R/3 task based on a set of field values in an authorization object. By themselves authorizations do not exist and they only have a meaning inside a profile
  - Authorizations are contained within profiles and these profiles are assigned to users manually or automatically via role assignment. When you assign the field values for all the authorization objects and save system will auto generate a profile name.
  - Authorization check are included in the transactions source code in standard SAP R/3.A user may carry out an action if the authorization check is successful for each field in the object.
  Edited by: Subramaniam Iyer on Nov 27, 2008 12:08 PM

• Creation of a user with a particular authorization object (Very Urgent)

  Hi,
  There is a requirement in my project to create a user who can only reset his password. So for this I think a authorization object should be created and assign it to a profile which displays only the tab for reseting the password which is( Logon in SU01). I want to know two things in this regard.
  1. The whole process of creating customised authorization object and assigning it to a profile and
  2. Any other way to achieve the needed scenario.
  Thanks & Regards,
  Sujith
  Edited by: Sujith K on Feb 4, 2008 1:26 PM

  In transaction pfcg ,
  give single/composite role name
  give profile name and description in authorization tab, save it
  enter into change authorization data
  select manually tab
  give authorization objects name (creating auth. objects)
  fields will automatically come inside it
  enter the field values
  save and generate profiles (Profiles created)
  go to su01,
  create users (fill address, logon data, roles )
  In pfcg,
  select the role you created and click on the user comparison for giving the authorization to access.
  award points if useful

• BAPI for creation of Authorization Objects in BI 7.0

  Hi BW Gurus,
  Greetings!!!
  Is there any BAPI Available for creation of Authorization Objects in BI 7.0.
  The data will be transferred through flatfiles.
  Kindly provide me the info as earliest as possible.
  Best Regards,
  Priya

  Got the Workaround...
  Priya

• Authorization object for field, EBAN-ESTKZ (creation indicator)

  Dear All,
  Does anyone know if there is an authorization object for field, EBAN-ESTKZ?
  I need to control the PR's authorization at creation indicator level. i.e. we need to remove the ability for all users to change Purchase Requisitions created by MRP.
  Thanks,
  Arun.

  Hi Jay,
  Thanks for your response.
  I didnt find it there. You have any Z options?
  Thanks,
  Arun.

• Manually added Authorization object

  All ,
  What is the impact for manually added authorization objects in the roles after the system upgrade??

  My 2 cents, since I don't see any replies.
  I try to avoid manual auth objects on a role as much as possible.  One problem with manually auth object is in PFCG, it will not give a reference to what transaction the auth object came from.  Unless thoroughly documented this can be an audit issue. 
  In regards to upgrades, I don't this it will have any affect.  It is usually the tcodes that are affected.

• Authorization Object for role creation for query display?

  Hi,
  Can Anybody here tell me what is the Authorization object that we use for role creation for query display?
  I want to assign a role to the newly designed query! that query does not have any role so far!
  Pls suggest me
  Thanks,
  Ravi

  Hi,
  I could make the authorization tab green by entering the authorization object!
  But user tab still remains red as it is not allowing me to enter my username in the user tab!
  in the user tab  i am unable to enter my user name?
  Any suggestions?
  Thanks,
  Ravi

• Creation of a new Authorization object

  Hi ,
  I need to create a new Authorization group and add three existing tables to it.
  Kindly suggest a way.
  Regards.

  Authorization Field
  Smallest unit in an authorization object. An authorization field either represents data, such as a key field in a database table, or activities, such as Read or Create. Activities are specified as identifiers, which are stored in the database table TACT and the customer-specific table TACTZ.
  Maintenance using transaction SU20.
  Authorization Object
  Repository object that forms the basis for authorizations. An authorization object comprises up to 10 authorization fields. The combination of authorization fields, which represent data and activities, is used for authorization assignment and to check authorizations. Authorization objects are grouped together in authorization classes.
  Maintenance using transaction SU21.
  Authorization
  Enter in the user master record or part of an authorization profile. An authorization comprises complete or generic values for the authorization fields in an authorization object. The combination determines the activities with which a user can access certain data.
  Maintenance in transaction SU03 or generation from transaction PFCG (profile generator for role maintenance).
  Authorization Profile
  Grouping of several individual authorizations or further authorization profiles. Can be entered in the user master record instead of individual authorizations. An authorization can be assigned to authorization profiles as often as you wish.
  Maintenance in transaction SU02 or generation from transaction PFCG (profile generator for role maintenance).

• Creation of Authorization Object

  Dear All,
  Can anyone of you guide me on how to create Authorization Object?
  My Knowledge on this concept:-
  1) Mark required object as Authorization Relevant
  2) Use of T-code RSSM
  3) Select marked Authorization Object
  4) Assign fields to it, for authorization.
  thats all i know.
  There are few more additional settings we need to do for it.
  Request you to provide with step by step procedure for the same.
  Thanks & Rgds,
  Anup

  hi
  To create an authorization object:
  1) Execute transaction SU21
  2) Double-click an Object Class to select a class that should contain
  your new auth object
  3) Click on CREATE (F5)
  4) (If creating custom field) - Click the 'Field Maintenance' button -->
  Click on CREATE (Shift+F1)
  5) Enter the Name for the New Authorization field and the corresponding
  Data Element and SAVE
  6) Confirm the Change Request data for the new Authorization Field
  7) Go back two screens (F3-->F3)
  8) Enter the Authorization field name and document the object:
  9) SAVE and ACTIVATE the documentation
  10) Save the new Authorization Object
  11) Confirm the change request data for the Authorization Object and
  EXIT SU21
  12) Finally, the SAP_ALL profile must be re-generated
  the following link will be helpful
  http://209.85.175.104/search?q=cache:BigTSV4_olEJ:www.gingle.com/glenaccess%255CsdnAuthorizationObjectsimple.docHowtocreatauthorisation+object&hl=en&ct=clnk&cd=10&gl=in
  http://aroundsap.blogspot.com/2008/02/sap-bw-70bi-70-new-authorization.html
  Use of T-code RSSM
  Through BIW Authorizations (TCode RSSM)
  Authorization check log. This gives information on
  missing authorizations for reading data.

• Creation of an authorization object

  Hi,
  I want to create an authorization object, in which I can add my own selection of fields.
  Hence, if I include this object in a role, I can restrict the user as per my requirements.
  I found SU21 in one of the forums, however I'm not sure if this is possible thru' SU21.
  Pls. help.
  Thanks a lot,
  Saba.

  Hi,
  Thanks for the reply...I was able to create the authorization objetc, however now I'm facing amother problem.
  In my role , I've removed the std. object (since it has insufficient fileds) 7 added the new "z" objetc, howver the T-code still checks for the std. object & does'nt pick up values from my Zobject...Is there some way I can embed my Z objetc into the std. one??
  Pls. help.
  Thanks a lot,
  Saba.

• Authorization object for Sales Area Data creation ...

  Hi Gurus,
      Please suggest on this:
                  "when an CRM Sales employee creating a BP , employee wants the sales Area for the BP from the sales area of employee in the Input selection option of Sales Area for BP".  Any authorization object will help?
  Thanks in advance.,

  Hi Joern,
  will this ST01 also work for the PCUI or BSP application for finding the authorization objects.
  Actually our requirement is that we need to restrict a user searching documents belonging to him and reporting to him.
  without any authorizations given we are able to search the documents of all users in activty management under activtiy monitor. we would like to block users to view only documents done by him in his sales area.
  can you provide me the details of the authorization object, please.
  thanks
  Srini