Authorization object for full authorization for PP consultant

Similar Messages

• BW 3.5 which authorization objects available rssm (checks for infoprovider)

  Hi all,
  How does SAP generates the list of authorization objects in RSSM when you enter a specific infoprovider (checks for infoprovider)? Are only the authorization object related to this infoprovider listed?
  Is there any documentation about the purpose in RSSM for the button 'update check status (Authorization objects, infoprovider).
  thanks for your help.

  Based on which criteria?
  Is there somwhere detailed documentation available about the RSSM part in BW authorizations? It seems hard to find any...
  Thanks,

• Authorization Object to Control access for ContactData in Dispute Managmt

  Hello Experts,
  Do you know which Authorization Object is necessary to use to be able to control Contact Data available in Dispute Management? Any hint will be much appreciated.
  I want to have greyed out the contact data fields (contact person, e-mail, phone and fax number) in change mode.
  Thanks in advance.
  Best Regards,
  Vanessa.

  Hi Ravi,
  Thank you very much for your reply, but I have done this already.
  Transaction is UDM_DISPUTE but they are so many authorization objects available and none of them seems to be related to contact data. Please kindly check within transaction the part of the screen that I am talking about.
  Also check the list of objects in SU24 to Transaction UDM_DISPUTE. Do you know which one is related to 'contact data' part of the screen?
  I need to know which authorization object valid to Transaction UDM_DISPUTE is the one related to contact data. Any other idea?
  Thanks in advance.
  Best Regards,
  Vanessa Barth.

• Cannot modify an authorization object in pfcg role for a business role

  Hi Experts,
  I have created two z pfcg roles from the standard business role CRM_UIU_SRV_PROFESSIONAL  lets say by names zagent and zmanager. My requirement is actually to map these two pfcg roles two a service professional agent and service professional manager custom business roles respectively( I have created these custome business roles from standard business role servicepro) . I have identified an authorization object by name CRM_CO_SE which is basically used to check whether the user is authorized to create service contract transactions. So, in the agent pfcg role, I need to de activate or deselect this particular authorization object so that the agent will not be able to create service contract. (This is not a real time requirement, but an internal assignment). When I change this object in the pfcg by deselecting 'Allow' check box and try to generate, it is not getting generated. I have selected all the options from the 'Expert mode for the profile generation' and still the traffic indicator for that authorization object is yellow.  Am I doing anything wrong?
  Please help me.
  Thanks
  Ajith C

  Hi Leon,
  Thanks for helping me, I have restricted the unauthorized user from creating a new order by disabling the 'New' button by checking the business role in  the code. The pfcg configuration, I am skipping it for now.  I have one mnore requirement. When one clicks on any items in the search result for the Service Contracts, it opens the details of that service contract with an 'edit' button. I can disable this button using do_output_preparation method for the some business roles. However, I want to disable this after checking a condition. The condition is that, edit button should be active, only if that service order was created by the employee who has currently logged on. I am relatively new to CRM and I could not figure how I can check it during run time. Could any one please help me with this?
  Thanks,
  Ajith

• Authorization object with no authorization field

  Hi Experts,
  I have created authorization object with no field checking.
  This is possible? Because i want to create this auth object for conversion only, and its not needed field checking.
  Please advice.

  Hi
  See this and do accordingly
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  Regards
  Anji

• Once again stylish script for full width for SeaMonkey 1.1.17 won't install.

  Stylish show as Loaded  but the script Adobe Jive Forums - Force full browser width doesn't show up in global styles.
  I've go to site looking for it clicked on load for link for other Mozilla Products. it appears to load something then say it can't find installer script. I had a hard time getting it to update with 1.1.16 looks like it would load information in profile folder so it wouldn't have to be reinstalled  everytime there is an update.

  find your chrome folder. don't know how it would go on a mac, but on a windows system it's something like:
  C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\du66l5gw.default\chrome
  from there open the file:userContent.css
  with straight ascii text editor (no fancy formatting! MUST be clean text only!)
  add the following:
  #jive-wrapper {
  width:100% !important;
  background-color: #ffffff !important;
  background-image: none !important;
  if that doesn't work, i'm out of ideas except to say switch to standard firefox.
  dave

• Authorization object for  Notification Disconnect button

  Hi Group
  Do We have any authorization object which control
  Notification Disconnect button in IW32 Order Header screen

  Refer below screen shot.
  While trying to remove order assignment from notification, above shown error message has come. Hope, this is what you are expecting both in assignment as well as removal of assignment.
  Check your roles & assignment of appropriate field values in those roles. If you are not comfortable in PFCG, discuss with Basis consultants.
  Check Authorization Object I_VORG_MEL as well for the previously mentioned values.

• Authorization object for ABC Indicator

  HI Experts,
  May we know what is the Authorization Object we can use for ABC Indicator in Equipment?
  Thanks,

  Hi bonsai,
  Sorry for delay response..
  Authorization keys which you can use to set up authorization checks when you manually set or delete a user status.
  After creating the status profile.create individula authorization key in the lower menu node  where u hv created the User status .
  Then assign the authorization key to the each status codes(Last column of the status profile).(Crete authorization key same as the status codes).
  Then maintain the authorization key value in the field BERSL where u want to give the authority for change /Delete user status.
  Regards
  Dhiren

• Authorization objects for  transaction, one to view, and one to maintain

  Hi all,
  My requrement is to create two authorization objects for  transaction, one to view, and one to maintain.
  I know how to create objetcs vai sm21, but i donot know how to crate objects with activity codes.
  Please suggest how to create object where i can asign activity codes.
  regards
  manish

  The Authorization Concept
  R/3 uses authorization objects to assign authorizations to users. An authorization object is a template for an authorization. For example, authorization object F_SKA1_BUK - G/L Account: Authorization for company codes requires the specification of two field values: Company Code and Activity. To allow a General Ledger supervisor to create a general ledger master record, he/she must be assigned an authorization to create (Activity 1) accounts for a specific company code (eg. Company Code 2000). Such an authorization is created using the object F_SKA1_BUK by assigning these field values and naming the authorization following an appropriate convention (eg. Z_SCC20001).
  Authorizations may be classified as general authorizations, organizational authorizations or functional authorizations. General authorizations specify the functions a user may perform. Authorization object F_SKA1_BUK has been assigned to the function for creating general ledger master records. The system checks for the useru2019s authorization to create general ledger accounts (Activity 1) in at least one company code. The system then checks whether the user is permitted to create accounts for the specified organizational unit (company code) and has the required functional authorizations. Authorizations in this case may restrict the user to certain Charts of Accounts. In addition, an authorization group may be defined in certain authorization objects to protect individual master records.
  Profiles relating to an organizational role (eg. General Ledger Supervisor) are defined consisting of a list of authorizations and other profiles. Such profiles are then assigned to users with that role and stored in their user master record along with other data (eg. password).
  Do check this link as well.
  http://articles.techrepublic.com.com/5100-10878_11-5110893.html

• Authorization object required for materail and vendor.

  Hi All,
  I have Z report where material and vendor are there on the selection screen.I need to put authorization check on materail and vendor. Can u plz suggest which authorization object I should use for this?
  thnks
  MSi

  On the other hand, assuming your program will run in a properly maintained SAP installation, I would always use standard authorisation objects as much as possible. Try finding a standard SAP report with similar selections and output and see how it is done there. Trace the execution via ST01 and see which objects are being checked.
  Also use the repository infosystem to browse the available standard objects. Talk to a functional and/or security expert to clarify your requirement regarding necessary authorization checks.
  Thomas

• Authorization Object for Sale Organization check

  Hello all,
  I have create a Z Report.Now the requirement is that only certain users belonging to a particular Sales Organization can run that report.
  Which standard Authorization Objects can be used for this case.
  regards,
  Ujjwal Kumar

  P577815 wrote:>
  > Hey,
  > Thanx for your reply....)
  > Actly new to abap thats y not much idea.Instead of your Auth Obj,can i use V_KNA1_VKO.
  Hello,
  But V_KNA1_VKO also has these params:
  VTWEG      Distribution Channel
  SPART      Division
  V_VBRK_VKO also has only Sales Org(VKORG). I think that suits your req.
  But before deciding on the Auth. Obj please read the documentation & check that it suits your req.
  BR,
  Suhas

• Authorization Object for role creation for query display?

  Hi,
  Can Anybody here tell me what is the Authorization object that we use for role creation for query display?
  I want to assign a role to the newly designed query! that query does not have any role so far!
  Pls suggest me
  Thanks,
  Ravi

  Hi,
  I could make the authorization tab green by entering the authorization object!
  But user tab still remains red as it is not allowing me to enter my username in the user tab!
  in the user tab  i am unable to enter my user name?
  Any suggestions?
  Thanks,
  Ravi

• Authorization Object is not working when report is modified.

  Hi BW Guru's
  We have Company Code as Authorization Object .and we have 3 company Codes (xxxx,yyyy,zzzz).where the users under Company code xxxx are not supposed to view company code yyyy,zzzz data etc.
  I modified an existing Report and transported to production.But the Authorization Object is not working for that report.The Report is defaultly displaying all the company codes data(xxxx,yyyy) for all the users.But for the other reports its(company code ) is working fine.
  What could be the problem?Is theproblem in transporting the objects.But i transported all the objects inluding auhorization object.
  Please send me the solution as it is very much urgent.
  The solution will be def. awarded with full points.
  Regards
  Sanjay

  hi Sanjay,
  please don't post the same question again, check and response back from your previous thread
  Re: Authorization Object is not working when report is Modified.
  hope this helps.
  would be nice if you reward for helpful answers to all of your previous postings, e.g
  docs related to RRI

• Association of authorization group with authorization object

  Dear Colleagues,
  We are using ECC 6.0 system. There is a transaction EMMAC2 where in the user would pick the case categories & view/make changes as required in the cases.
  However, we would like to have a user to pick only those case categories for which he/she is authorized & view/change the data.
  This EMMAC2 is controlled by authorization object B_EMMA_CAS & this authorization object has field BRGRU (Authorization Group) along with ACTVT (activity).
  We would like to control this via authorization groups
  We would like to create authorizations groups based on case categories & those authorization groups would be assigned in this BRGRU field.
  Meaning, the end result should be such that, when that new authorization group is added in BRGRU field & that role is assigned to an end user, the user should be able to see data only for those case categories for which the new authorization group has been created
  If I use SE54 to create authorization group, it automatically associates itself with authorization object S_TABU_DIS & this does not solve my purpose.
  But we would like to create a new authorization group & associate it with authorization object B_EMMA_CAS.
  Can someone please let me know the steps on how to achieve it or any other method to achieve it(for above underlined text)?
  Does a developer or functional consultant also need to be involved in this?
  PS: I tried to search in Google & our forums but could not get any answers

  Dear Aninda,
  Thanks for the help.
  I created an auth group via SE16 in table TBRG & associated to B_EMMA_CAS
  A case category was then assigned to this auth group
  We tested it - below are the results:-
  1. The user is allowed to 'change' and 'display' the case for the case category for which the user is authorized: this works as per requirement.
  2. The user is not allowed to 'change' case for the case category for which the user is not authorized: this works as per requirement.
  3. However, he is able to 'display' cases for the case category for which the user is not authorized: this we do not want.
  If I remove activty 03 (display), then the user is unable to display the case for the case category for which the user is  authorized.
  How to resolve this?

• Creation of a new Authorization object

  Hi ,
  I need to create a new Authorization group and add three existing tables to it.
  Kindly suggest a way.
  Regards.

  Authorization Field
  Smallest unit in an authorization object. An authorization field either represents data, such as a key field in a database table, or activities, such as Read or Create. Activities are specified as identifiers, which are stored in the database table TACT and the customer-specific table TACTZ.
  Maintenance using transaction SU20.
  Authorization Object
  Repository object that forms the basis for authorizations. An authorization object comprises up to 10 authorization fields. The combination of authorization fields, which represent data and activities, is used for authorization assignment and to check authorizations. Authorization objects are grouped together in authorization classes.
  Maintenance using transaction SU21.
  Authorization
  Enter in the user master record or part of an authorization profile. An authorization comprises complete or generic values for the authorization fields in an authorization object. The combination determines the activities with which a user can access certain data.
  Maintenance in transaction SU03 or generation from transaction PFCG (profile generator for role maintenance).
  Authorization Profile
  Grouping of several individual authorizations or further authorization profiles. Can be entered in the user master record instead of individual authorizations. An authorization can be assigned to authorization profiles as often as you wish.
  Maintenance in transaction SU02 or generation from transaction PFCG (profile generator for role maintenance).