Authorization Object for HR Reports
Hi All,
I have to restrict the users based on Company Code so that the users can only access the data for which they authorized from the standard HR reports.
Please suggest the authorization object.
With Regards
Akshat
Hi Akshat,
For HR perspective its best to use P_ORGIN Authorization Object which gives you flexibility at following level:
INFTY: Infotype Number
SUBTY: Subtype Number
AUTHC: Authorization Level
WERKS: Personnel Area
PERSG: Employee Group
PERSK: Employee Subgroup
VDSK1: Organizational Key
You can consult functional consultant for its parameters and further help.
Hope this helps.
Regards,
Naveen
Similar Messages
-
Create authorization check for a report
Hi,
I need to create an authorization check for a report. It means that I need to restrict the usage of the report to couple of users ( 'USER1' and 'USER2' ). How can I do that? I did read through a lot of threads regarding this piece got a bit confused and stuck while creating the authorization object.
Say the report name is ZHR_TIMEABC.
Can anyone explain how to create an authorization object and how are they tied to the object and call them in the abap code?
Thanks in advance,
VGHi,
Thanks. Here is my understanding, S_C_FUNCT calls a system generated function module to make an authority check. So, if different users say USER1 and USER2 have different authroization levels, defined in their user profile, just adding this piece code will take care of authroization check for the program OR do I need to take care of something else?
If so, when do we need to create the authorization objects using SU20 and assign the group and follo this process? When do we use this approach ( lot of threads on authority check have mentioned this procedure)?
Your inputs will be helpful to understand this concept.
Thanks,
VG -
Custom Authorization Object for HR
Hi,
As per our Company's internal needs I have created a Custom Authorization Object for HR named ZP_ORGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORGIN) and made it Check/Maintain for transaction PA30 in SU24.
I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
Everything looks fine, but when I execute the transaction & do a trace on it, the object ZP_ORGIN is never checked (for a user having this object in his/her User Master). Only P_ORGIN object is checked instead.
I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked.
Your help will be appreciated.
Thanks,
Mandeep VirkHi,
I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
Everything looks fine, but when I execute the transaction the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
We've ran the report RPUACG00 also which is mentioned in this thread.
We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked
but still it is taking the P_ORGIN object. -
HR Authorization : Custom Authorization Object for P_ORGIN
Hi,
I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
Everything looks fine, but when I execute the transaction the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
We've ran the report RPUACG00 also which is mentioned in this thread.
We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
but still it is taking the P_ORGIN objectOnline Help
<a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/d9/64141c0774194593da29f3cb813f1b/frameset.htm">P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context)</a> -
Adding authorization object for "Function Group"s ?
Is it possible to add any authorization object for any function group ?
We have an issue i.e. whenever user "XYZ" is getting some Windows Excel related error whenever trying call an excel report from BW server. System log related to "XYZ" user shows that -> User "XYZ" has no RFC authorization for the function group "ABCD". The RFC authorization object is S_RFC.
Function Group you can check through SE37->GoTO->Display Function Group
Now is it possible to add authorization for any "Function Group" ?You give authorisation for all function groups by giving auth object S_RFC a * value in field RFC_NAME
However I do not recommend this as giving wide access to RFC's can bypass a lot of the security you have implemented for the users.
In this case, add only the function group that the user requires in this instance into S_RFC -
Authorization Object for Transaction Code
Hi,
Is there a report I can execute to give me the list of authorization object for this transaction code?
Thanks.Check Transaction SU24
Alternatively you can go to SE16-- enter the table name TSTCA, then enter the T CODE, you will get the object related to that T Code.
Reward points.. -
How to find out Authorization Object for Plant
Hi,
I have to implement an Authorization check for Plant in My Report Program.
Is there any transaction which can help me to find out Authorization Object for any field like Material and plant?
Thanks,
MamtaUsing SU21 u can create Authorisation Object.
The ABAP command AUTHORITY-CHECK is used for performing authorizaton checks in programs.
check f1 help on AUTHORITY-CHECK for the syntax.
check these links
link:[http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c;jsessionid=(J2EE3417500)ID1605942050DB11298929682009193279End] -
Authorization Object for Z Tcodes
Dear SAP Guru's
how to find authorization object for Z tcodes
e.g. in our orgnisation we have created report ZSR( Sales Register) and we want to restrict user for Plant & sales office
so where i can get authorization object.
kindly help
Thanks
ParamanandHi,
Goto T.Code "SUIM".
Click on "Roles".
Click on "By Transaction Assignment".
Enter your T.Code here i.e. "ZSR".
Click on Execute or Press F8.
You will identify the role assigned to it.
Copy that role.
Goto T.Code "PFCG".
Paste that role here.
Click on Display.
Goto "Authorisations" tab.
click on "Display Authorization data".
Goto Utilities-->Technical names on in menu bar.
Here you can see the authorization object assigned for this T.Code.
But in general all the Z transactions will be in S_TCODE authorization object.
Also,goto that T.Code.
Immediately after this enter,"/nSU53" T.Code.
Regards,
Krishna. -
Authorization Object for Cost center
Hi Experts;
We are using SRM 7, classic scenario.
We are copying SRM tcode: BBP_BW_SC4 to a Z report and modify it. The users will be given the access to display the status of thier SC.
How can I restrict the user from displaying the SC of other department's? Is there an authorization object for cost center in SRM? is there any other away to restrict the users from displaying SC related to other depts.
Appreciate your helpby the way, why are you not using the standard SAP powl queries? they anyways restrict you from viewing others SCs except your team
any ways, if you are copying that report this BBP_BW_SC4, then change this
PARAMETERS pa_coce TYPE kostl OBLIGATORY DEFAULT lv_costcenter.
to
PARAMETERS pa_coce TYPE kostl OBLIGATORY DEFAULT lv_costcenter no-display.
Edited by: Soumyaprakash Mishra on Jan 31, 2012 3:48 PM -
Authorization Objects for GL, AP, and PCA
Hi,
What is the difference in:
1. Authorization Objects
2. Facility Objects
3. Profit Center Objects
Where can I find the above objects related to:
1. GL
2. AP
3. PCA (Profit Center Accounting)
Please give me the answer, I will assign points to you.
Thanks in advance.Hi,
1) Make the characterstics like Company code, Controlling Area, Proficenter ..etc as authorization relevent (RSA1)
2) Create the Respective Authorization objects for each of the above Characterstics (RSSM).
3) And assign the Cubes and ODS es to the Authorization Object RSSM
4) Create and use the Authorization variables on the above characterstics in reports
5) maitain the access for all users through the roles by including and maintaining the AOs (created in step 2)
With rgds,
Anil Kumar Sharma .P -
Authorization object for Object services
Hello together,
I want to know if there is an authorization object for Generic object services functionilty especially the WF options like WF overview, start WF, Archieve WF..............................
My understanding is any user who has access to a particular Business object, can user GOS to view WF stuff..................Is my understanding correct or should we have extra functions.....................
RegardsCheck authorization objects S_OC_ROLE and, for recent releases, S_GOS_ATT.
Regards,
Raymond -
Authorization object for plant on selection-screen
Hi All,
I need to cehck the authorization object for plant on sleection screen..the palnt is select-options.
I have written the code
Declaration of local constants.
CONSTANTS : lc_i(1) TYPE c VALUE 'I',
lc_eq(2) TYPE c VALUE 'EQ'.
REFRESH : r_werks.
LOOP AT s_werks.
IF s_werks-low IS NOT INITIAL.
AUTHORITY-CHECK OBJECT 'M_MATE_WRK' "Check if the user has autorization for the plant.
ID 'ACTVT' FIELD '03'
ID 'WERKS' FIELD s_werks-low.
IF sy-subrc NE 0.
r_werks-sign = lc_i.
r_werks-option = lc_eq.
r_werks-low = s_werks-low.
APPEND r_werks.
ENDIF.
ENDIF.
ENDLOOP.
LOOP AT s_werks.
IF s_werks-high IS NOT INITIAL.
AUTHORITY-CHECK OBJECT 'M_MATE_WRK' "Check if the user has autorization for the plant.
ID 'ACTVT' FIELD '03'
ID 'WERKS' FIELD s_werks-high.
IF sy-subrc NE 0.
r_werks-sign = lc_i.
r_werks-option = lc_eq.
r_werks-low = s_werks-high.
APPEND r_werks.
ENDIF.
ENDIF.
ENDLOOP.
My doubt is will the authorization will check the plants in between 1001 and 2001..suppose i have pplants 1001,1002,1003,1004,2001..Now will the above code will check for all the plants or only 1001 and 2001 if i specify in the select-options.
Regards,
rajHi Raj
First no need to LOOP AT s_werks and check s_werks-high as it will always be present only once in the table s_werks.
Do this
SELECT werks FROM t001w INTO li_werks
WHERE werks IN s_werks.
LOOP AT li_werks.
*check your authority thing here and fill the range
ENDLOOP.
Pushpraj -
Authorization Object for Marketing Attributes
Hi Experts,
We are working with CRM 2007 and use in BP Marketing Attributes. Does someone know if there are any authorization objects for Marketing Attributes? We would like to restrict some of users to see some Attribute sets!
Thank you in advance,
RoulaHi Roula,
Thank you so much for awarding points.
Please note that in Transaction PFCG you have to assign the appropriate three digit attribute set key under the authorization group BGKRL to the authorization object C_KLAH_BKL for assigning attribute sets and to the authorization object C_KLAH_BKP for editing attribute sets.
Please have a look at the Note in the bottom of the page at the following link for further information.
http://help.sap.com/saphelp_crm60/helpdata/en/46/3517cc86e01421e10000000a1553f6/frameset.htm
Regards,
Deepak -
Authorization object for PLANNING PLANT
Hi all,
My client has different Planning plant & Production plant.
If I need to give access to GR for order (MB31), how do I know the authorization object for the Planning plant.
User should be given access to MB31 to the Planning plant & NOT to the Production plannt.
Any idea where we could find the authoriz. objects for a particular field?
Pls advise.Goods Receipt for Production Order: Movement Type M_MSEG_BWF
Goods Receipt for Production Order: Plant M_MSEG_WWF
these are the authorisation objects with activities as ACTVT and WERKS
Maintaine the values for ACTVT as
01 Create or generate,
02 Change
03 Display
04 Print, edit messages
and maintaine the values WERKS (ur plants 4 which u want to give authorisations)
and BWAR ( movement types 4 which u want to give authorisations) -
Kindly tell me authorization object for MRP type
Hi friends,
Kind tell me what is the authorization object for MRP type in material master.
Your help is considered more important.
thanks in advance
willaimsHi Willaim,
There is no standard authorization object for MRP type.
Regards,
Alexander
Maybe you are looking for
-
How to run the ejb project in j2ee server
How to run the EJB project. I give like java conveterClient converterClient.jar here conveterClient is class file name and converterClient.jar is deployed file like wise i give some exception is come give some help pls friends
-
Hello, We can use stored procedure and function in many application. This reduce the time of coding same procedure and function at application label.And there are so many advanteges of stored procedure and functions. How to add user procedure or funt
-
Oracle Linux 5.7 / acroread 9.4.7 unable to print
I am unable to print from command line using acroread 9.4.7 unless -start n -end n is specified. The error that I recieve is stdin empty. the reports we are printing can contain any amount of pages. Thanks, Dave
-
Hi experts I'm doing BW transports to production.. I'm getting some errors, and along with those errors the information that packages Z_INFOOBJECT does not exist in prd system. I've checked SE80, and indeed that packages does not exist in prd 1) woul
-
Hi Sadly, AQ bridge to MSMQ doesn't currently exist. Does anybody know when Oracle will implement this feature? We have Windows CE mobile devices and data exchange is realized through MSMQ. Windows CE client on device, selfmade .NET app running on th