Authorization object for a technical role

Similar Messages

• Authorization object for vL02N

  Hi,
  I need the Authorization object for the VL02N.
  My requirement is i need to give authorization for doing PGI in VL02N screen,but the user can only generate the VL02N(no change or modification). How can i control this?
  pls advice

  Hi,
  The authorisation object is:V_LIKP_VST
  First Goto T.Code:SUIM
  Check the role used for this T.Code:VL02N.I identified the role as "SAP_LE_GOODS_ISSUE_DELIVERY".
  Next goto T.Code:PFCG.
  Enter this role here.Click on Display.
  Goto Authorisations tab.
  Click on Display Authorisation data.
  Goto Utilities-->Technical names on(if it is available else leave it).
  Regrads,
  Krishna.

• Authorization Object for Z Tcodes

  Dear SAP Guru's
  how to find authorization object for Z tcodes
  e.g. in our orgnisation we have created report ZSR( Sales Register)  and we want to restrict user for Plant & sales office
  so where i can get authorization object.
  kindly help
  Thanks
  Paramanand

  Hi,
  Goto T.Code "SUIM".
  Click on "Roles".
  Click on "By Transaction Assignment".
  Enter your T.Code here i.e. "ZSR".
  Click on Execute or Press F8.
  You will identify the role assigned to it.
  Copy that role.
  Goto T.Code "PFCG".
  Paste that role here.
  Click on Display.
  Goto "Authorisations" tab.
  click on "Display Authorization data".
  Goto Utilities-->Technical names on in menu bar.
  Here you can see the authorization object assigned for this T.Code.
  But in general all the Z transactions will be in S_TCODE authorization object.
  Also,goto that T.Code.
  Immediately after this enter,"/nSU53" T.Code.
  Regards,
  Krishna.

• Mandatory Authorization object for the BO user

  Dear All
  I am facing some problem for the BO user.
  can you let me know what are mandatory Authorization object for BO user to run the dashboard without error.
  Fast reply appreciate.
  Thanks
  Haji

  Dear All
  i am working for Analysis Authorization.
  i included Analysis Authorisation object  to the user.
  S_RS_AUTH  BI Analysis Authorizations in Role.
  when i checked in the BW side its working fine.
  when i checked the user in the BO side.
  filter values are coming correct, but the values in the column are not showing.
  its throwing an error.
  kindly help me to solve this issue.
  Thanks
  Haji

• Authorization objects for  transaction, one to view, and one to maintain

  Hi all,
  My requrement is to create two authorization objects for  transaction, one to view, and one to maintain.
  I know how to create objetcs vai sm21, but i donot know how to crate objects with activity codes.
  Please suggest how to create object where i can asign activity codes.
  regards
  manish

  The Authorization Concept
  R/3 uses authorization objects to assign authorizations to users. An authorization object is a template for an authorization. For example, authorization object F_SKA1_BUK - G/L Account: Authorization for company codes requires the specification of two field values: Company Code and Activity. To allow a General Ledger supervisor to create a general ledger master record, he/she must be assigned an authorization to create (Activity 1) accounts for a specific company code (eg. Company Code 2000). Such an authorization is created using the object F_SKA1_BUK by assigning these field values and naming the authorization following an appropriate convention (eg. Z_SCC20001).
  Authorizations may be classified as general authorizations, organizational authorizations or functional authorizations. General authorizations specify the functions a user may perform. Authorization object F_SKA1_BUK has been assigned to the function for creating general ledger master records. The system checks for the useru2019s authorization to create general ledger accounts (Activity 1) in at least one company code. The system then checks whether the user is permitted to create accounts for the specified organizational unit (company code) and has the required functional authorizations. Authorizations in this case may restrict the user to certain Charts of Accounts. In addition, an authorization group may be defined in certain authorization objects to protect individual master records.
  Profiles relating to an organizational role (eg. General Ledger Supervisor) are defined consisting of a list of authorizations and other profiles. Such profiles are then assigned to users with that role and stored in their user master record along with other data (eg. password).
  Do check this link as well.
  http://articles.techrepublic.com.com/5100-10878_11-5110893.html

• Custom Authorization Object for HR

  Hi,
  As per our Company's internal needs I have created a Custom Authorization Object for HR named ZP_ORGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction & do a trace on it, the object ZP_ORGIN is never checked (for a user having this object in his/her User Master). Only P_ORGIN object is checked instead.
  I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell  which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked.
  Your help will be appreciated.
  Thanks,
  Mandeep Virk

  Hi,
  I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction  the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
  We've ran the report RPUACG00 also which is mentioned in this thread.
  We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
  I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked
  but still it is taking the P_ORGIN object.

• HR Authorization : Custom Authorization Object  for P_ORGIN

  Hi,
  I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
  We've ran the report RPUACG00 also which is mentioned in this thread.
  We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
  but still it is taking the P_ORGIN object

  Online Help
  <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/d9/64141c0774194593da29f3cb813f1b/frameset.htm">P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context)</a>

• Authorization Object for data downloading from application server

  Hi friends ,
     My program downloads and uploads data from the application server .
  My requirement is  ,
  Authorization checks should be performed on the Server directories to ensure that the user has access to read and write to the directory. It should check the s_dataset authorisation object for this.. If a user does not have the s_dataset authorisation object no upload or download should be allowed.
  Can you please tell me how to deal with this ? how do we check the above condition ??
  Many thanks ,
  Hemant

  hi,
  This is not a single step process.
  First of all you have to create a field for authorization for server directories from su20 and then create authorization object from su21.then define a role from pfcg with this authorization object and assign this role to user profile from su01 with values defined.
  Then you have to call this authorization object in your program at selection screen.

• Authorization Object for Material Type

  Hi All,
  Is it possible to restrict the user from creating the material master based on Material Type. If yes then what is the authorization object for the same.
  Regards
  Mahendra

  Dear Mahendra,
  You can definitely restrict a end-user to only particular Material Type thru Authorizations.
  Authorization Object: M_MATE_MAR
  This can be done thru authorization management. Consult your Basis person or follow this:
  SU01 - Enter the user Id & select display button. Now click on the Roles Tab & note down the role assigned to this user Id.
  Go to T-Code - PFCG - enter the Role name & select the change icon.
  Click on the Authorizations tab page. & then Click on Change Authorization Data.
  Now expand the menu tree of Materials Management: Master Data & further expand the menu tree of Material Master: Material Types. Now click on the change icon next to Authorization Group & select the required Material Type that you want to authorize the end-user.
  This is how you can give authorizations only for a particular Material Type. 
  Hope this helps.. .
  Give point if useful...
  Thanks,
  Jignesh Mehta
  Mumbai

• Authorization object for "add approver" in contracts

  Hello, Experts,
    I am looking for authorization object for adding approver in contracts.
  But without adding authorization for changing contracts.
    Regards,
      Rami Kleiman - HP

  1. you can try to restrict  the authorization object ( Manager Role-- /SAPSRM/MANAGER) for contracts to display ( remove the change).
  2. you can also change the personalization object key "BBP_WFL_SECURITY" to None ( but i, think this will affect all the objects like shopping carts purchase orders etc..)
  Thanks
  velu

• Authorization object for item level

  Hi,
  Is there an authorization object for item categories for business transactions.
  Actually our need is that partners at item level should edit the documents. Authorization objects CRM_ORD_OP and CRM_ORD_PR are not success this need.
  Regards.

  Thanks!
  I added with full authorization and still do not get any roles displayed. 
  Any other ideas?

• Authorization Object for Ibase

  Hi all,
    I am developing PCUI, and one of the requirement is based on login user from portal, the PCUI view for Ibase / Installed Bases should be View Only.
    Can this be restricted via authorization object, by giving the 'Display' right to the role, instead of full authorization?
    My basis inform me that he couldn't find the authorization object for Installed Bases. But I doubt it. Can any expert give me a guide?
    ** for launching the PCUI ~ Ibase, application is COMM_IBASE
  regards,
  Ginnie.

  Hi,
  Check out the object
  IB_IBASE      AAAB     Authorization Object for Installed Base
  Rakesh

• Change authorization object in a derived role

  Hi Gurus,
  What's happen if someone has added a new authorization object in a derived role?
  He has only changed some derived role, not the parent role, he added manually a new value in the authorization field. The parent role didn't changed.
  <u>Note:</u>The field was not an organizationnal field, it was S_DATASET.
  What do you think about this ?
  Thanks
  Hery-zo

  Do i understand this right??? do functional teams have access to PFCG to create roles???
  If so that is your real problem, as that shoudl never been doen that way. You are completely right functional consultants have no clue about how roles should be build. advise:
  1 take away the access to PFCG in ALL systems for anybody other than security consultants administrators.
  2 ask all functional teams to describe the roles points to be adressed:
     A TRX in every role
     B all wanted restrictions on every TRX (described functionally)
     C orglevels on which restrictions should be build.
     D Test process for every TRX in every role (both positive and negative)
     E  check all roles against table USOBT and look for manually added objects,  
         if they can not give a good reason for adding these REMOVE them.
  3 retest all roles based on point 2D, ask the funcxtional consultants to assist where needed. Adjust roels during testing where needed, but create a good auditable record for every change.
  4 Update USOBT_C (use TRX SU24) for all changes you apply during testing
  5 check your roles for the corrected TRX after this change and update the other roels involved as well.
  6 ONLY allow roles that have followed the above process to go to Production.
  The above steps are the only way to create a secure SAP Production system for you!

• Need Authorization Object for SE11

  Dear All,
                 I have created role in PFCG and created user in su01.
                 I need authorization object for se11 and sm30.
  With Regards,
  Baskaran

  Hi,
  For the Authorization Object for any Tcode goto SE93 Enter the Tcode and press display
  S_DEVELOP
  Cheers
  Ram

• Authorization object for Accout assignment category

  Dear all
  Can you please suggest a suitable authorization object for account assignment category so that I can control Users using ME21N and ME51N transactions specific to certain account assignment categories using Roles specific to them.
  Thank you

  HI
  The following link will help you.
  http://help.sap.com/erp2005_ehp_04/helpdata/EN/f0/ca3a20260211d28a430000e829fbbd/frameset.htm
  Kind Regards
  Chen