Authorization Object for role creation for query display?

Similar Messages

• Authorization Object And Roles For  Functional Consultant

  Dear Expert,
  What kind of respective Authorization Object And Roles would be provided to  Functional Consultant (FI,MM, SD, PM, PS, CO, HR )at the time of implementation ?
  Thanx in advance
  Pavel

  Thanks Juan,
  We now already have it here and in the NW IDM forum a few times as well...
  Cheers,
  Julius

• BW 3.5 which authorization objects available rssm (checks for infoprovider)

  Hi all,
  How does SAP generates the list of authorization objects in RSSM when you enter a specific infoprovider (checks for infoprovider)? Are only the authorization object related to this infoprovider listed?
  Is there any documentation about the purpose in RSSM for the button 'update check status (Authorization objects, infoprovider).
  thanks for your help.

  Based on which criteria?
  Is there somwhere detailed documentation available about the RSSM part in BW authorizations? It seems hard to find any...
  Thanks,

• Authorization Object to Control access for ContactData in Dispute Managmt

  Hello Experts,
  Do you know which Authorization Object is necessary to use to be able to control Contact Data available in Dispute Management? Any hint will be much appreciated.
  I want to have greyed out the contact data fields (contact person, e-mail, phone and fax number) in change mode.
  Thanks in advance.
  Best Regards,
  Vanessa.

  Hi Ravi,
  Thank you very much for your reply, but I have done this already.
  Transaction is UDM_DISPUTE but they are so many authorization objects available and none of them seems to be related to contact data. Please kindly check within transaction the part of the screen that I am talking about.
  Also check the list of objects in SU24 to Transaction UDM_DISPUTE. Do you know which one is related to 'contact data' part of the screen?
  I need to know which authorization object valid to Transaction UDM_DISPUTE is the one related to contact data. Any other idea?
  Thanks in advance.
  Best Regards,
  Vanessa Barth.

• Role Creation for CMS

  Hi Steve,
  We use ant scripts to create domain and assign roles. But some how the scripts for role is incomplete.
  Can you let me know, where the roles like 'Anonymous' and others should be specified in newly created domain. I mean where do we assign roles and privileges inside domain folders?
  Cheers,
  Lakshmi

  Hi
  > i need to create a ROLE only for  Plant Maintenence (only Plant maintenence  authorization).......
  Search the roles for this module & make copy of this roles to zroles.After the zrole was created assign this new roles to that user.
  Search the role by writing plant,maint & check which are related to plant maintenence & copy that role.
  Again check all the transaction which are going to use in the module PM.Create a new role & assign this transaction in this role.this is another way to create the user with authorization only for PM.
  For more details about PM modules transaction check the following link
  http://www.sap-img.com/sap-pm.htm

• Role creation for Plant maintenence

  Hi Folks ,
  i need to create a ROLE only for  Plant Maintenence (only Plant maintenence  authorization).......
  regards
  sathish

  Hi
  > i need to create a ROLE only for  Plant Maintenence (only Plant maintenence  authorization).......
  Search the roles for this module & make copy of this roles to zroles.After the zrole was created assign this new roles to that user.
  Search the role by writing plant,maint & check which are related to plant maintenence & copy that role.
  Again check all the transaction which are going to use in the module PM.Create a new role & assign this transaction in this role.this is another way to create the user with authorization only for PM.
  For more details about PM modules transaction check the following link
  http://www.sap-img.com/sap-pm.htm

• Open Authorization Objects in role after role Transport

  Hi All,
  I have transported a R/3 (ECC6, support) role from Dev to QA and Dev (Multiple clients). After transport, Role has authorization tab with status (green) but when i display authorization data i found one new open authorization object (yellow).
  I already have generated profile before tranporting. Role is also okay in  Dev other clients (We have multiple clients in Dev) with status green and no open authorizations (yellow)
  Any feedback/suggestions ?
  Thanks in advance
  Khasim.

  This happens when PFUD runs at the same time as you are generating the role. Refer to this note: 355030 - Loss of authorizations after profile generation. Another remote reason could be if your source (DEV) and target (QA) systems use different characters sets. (Note #535554).
  If it is the former case, re-transporting your role may just be the solution for you. Just re-generate the role in DEV and initiate a new transport.
  Hope this helps.
  Ashutosh

• Copying values of a singular authorization object between roles?

  Suppose I have an authorization object assigned to a role and its fields hold a large amount of data (say S_TCODE with a lot of transaction codes specified via ranges). Suppose further that I want to have this same object with this same data in another role. The other objects of the two roles are different and I'd rather not type the large amount of data into the authorization object again.
  Is there a way to copy/paste just one authorization object between two roles?
  I know how to make a copy of an authorization object and its values within the same role, but I haven't found a way to copy between roles.
  ursa

  Hi Ursa,
  I havent come across any export object kinda thing...
  This may help you in practical situation...
  Let us consider your particular requirement related to s_tcode.
  for that go to suim -
  transactions -> executable for role .
  Give the role name get the list of transaction codes.
  Download into excel file. then copy from there and paste into your new role menu or in s_tcode object.
  Mostly we dont get that much list for other objects.
  One more thing you can do.
  click on display tab beside the object in your source role, you get the list window.
  type ctrl + Y and then copy the 7-8 lines and paste it in the object of new role.
  Cheers.
  Shamish
  Message was edited by:
          Shamish Lele

• Programmatically assigning Authorization Objects to roles

  Hi there,
  I have created an authorisation object with eight fields. The fields control which parts of my application are accessible to the user. (Each field is one category, each category has several subcategories).
  What I want to do is the following:
  There shall be a custom authorization dialog, wherein the system administrator can configure the access of the application for a specific user.
  In plain text: I want to develop an interface which makes it possible to assign authorisation objects with specific values to a user or to an already existing role.
  Is there any functionality, that allows me to perform this assignment and regenerate the users profile?
  I already discovered, that the table UST12 contains the connection between the authorization profile of a role and an authorization object, as well as the assigned values. Anyhow, just to write new values to that table has no affect to the authorization when calling "authority-check object" in an ABAP report.
  Does anyone know, whether there are standard functions in the ERP System, that support the changing of authorization objects and the regeneration of roles?
  Thank you very much,
  Gregor
  Edited by: Gregor Bender on Mar 11, 2008 8:41 AM

  >
  Gregor Bender wrote:
  > I already discovered, that the table UST12 contains the connection between the authorization profile of a role and an authorization object, as well as the assigned values.
  Nope, sorry, it's not the connection but only one of the many.... Roles and profiles are stored in quite a lot of different tables so manipulating one table directly will hardly ever get you the desired situation. It may even lead to problems due to inconsistencies.
  For mass regenerating profiles there's transaction SUPC.
  For manipulating the contents of roles/profiles have a look at scripting with SECATT or LSMW in combination with PFCG.
  If you want to write code to add objects to roles you have to look at least in tables AGR_1250, AG_1251 and AGR_1252. The UST* tables are updated when generating profiles and/or comparing users.

• New Authorization Object within Role

  hi everybody,
  does anyone know how can i get New Authorization Objects for any Role for the new release that did not exist in the same Role from former release?
  tables AGR_1250 and AGR_1251 do not show if object is new for this role. they only show if object is new itself.
  thanks a lot,
  javier rubio

  pandu,
  se54 is not related with this topic.
  thank you very much for your answer, very hepful

• Need data loader script for Buyer Creation for R12

  Hi ,
  Anybody has data loader script for Buyer creation in R12. Please copy paste one line in the reply on this message.
  Thanks

  Hi ,
  Anybody has data loader script for Buyer creation in R12. Please copy paste one line in the reply on this message.
  Thanks

• New role creation for display

  Hi,
  We want to create a role such that the users can see only the pricing but not the costing, for sales quotations and orders, for a particular distribution channel?
  Regards,
  Ajit

  Hi Ajit,
  If you wish to create a new Role, Use T. Code: PFCG.
  Once created assign the same role in to User's Profile Via T. Code: SU01.
  Here itself, in Authorization you may add T. Codes (for Display) and also define/ restrict User's view/ access to Sales Area data (i.e. Distribution Channel).
  Better to take help from Basis-Administrator as its purely Basis-job.
  Best Regards,
  Amit.

• Authorization for User Creation for Admin user

  Dear All,
  We have Cronacle 6.0.2.
  We have a requirement where in we want to create an admin user with all access to Redwood (in order to avoid using SYSJCS). We have and created an admin role with which our criteria is almost met. After assigning this admin role to our newly created admin user, everything work except user & role authorization. I am not able to create, delete or alter any user or role with this user.
  I have seen that we have the oracle system privileges related to user and role authorization (create user, alter role, etc), but when we are trying to assign the same to the admin user, its not allowing us to do so. We have tried the assignment using sysjcs from both RWE and from the shell using the SYJCS, RSI users.
  How can I achieve this? with which user?
  Any pointers on this would be highly appreciated.
  Thanks in advance for your help.
  Warm Regards
  Rajeet

  Hi Rajeet,
  This is because SYSJCS has the privileges to create users and roles in the database, but not the right to actually give out these privileges to other users.
  For that, you need a user with the DBA role in the database, or with the "create user" and "create role" privileges "with admin option". A user with the admin option on a privilege can hand out this privilege to other users.
  If you don't have any own users with these privileges yet, the SYSTEM user will work as well.
  Regards,
  Anton.

• Authorization S_RS_AUTH in role PFCG for Analyzer

  Hi folks,
  I have a doubt in PFCG role for BEx Analyzer workbooks.
  For restricting roles and authorizations, we are working with PFCG roles, and RSECADMIN authorizations, as we have many different users who have different authorizations.
  In that way, we have created a role in PFCG, it doesn't contain S_RS_AUTH in Production as authorizations are managed in RSECADMIN as I explained (lots of different users). When a user executes the workbook (RRMX), everything works fine.  However, if we execute those workbooks in Development system, without S_RS_AUTH in PFCG role, workbook doesn't show the selection screen, so it doesn't work.  If I add S_RS_AUTH in Development, workbooks (RRMX) works well, but we cannot restrict with different authorizations as we have so many that we do it through RSECADMIN.
  I was following this article: AUTHORIZATION FOR BI REPORTING - Business Intelligence (BusinessObjects) - SCN Wiki
  Does anyone know why it works in Production and no in Development? How can I do for making it work in Development without restricting S_RS_AUTH in the role?
  Thanks!

  Yes, it's the same patch level (recently upgraded indeed).
  Moreover, I've discover than even putting S_RS_AUTH, it doesn't work well. I mean, if I put * or 0BI_ALL, it works, if I put any other authorization for restricting, workbook doesn't work well (it doesn't show the selection screen pop-up)
  It's being a nasty problema as we cannot do tests.

• Role Creation for FSCM

  I have a developer/functional person who continually requests FI/FSCM transactions such as OBXI. Since he is supposed to be authorized for everything except HR transactions, I initially copied all of the SAP standard menu to this role and removed HR (thinking that this included all but HR and Z transactions). However, all of the transactions that he asks for donu2019t exist in any previous roles, SAP roles, or the SAP menu but the transactions definitely exist.
  My question: how, or where, is it possible to have all of these transactions that donu2019t exist in any SAP roles, the SAP menu, or SUIM? I would like to add all of these FI transactions in one transport.

  Hi,
  isn't OBXI a config transaction and is only accessible menuwise via SPRO?
  Not all transactions are available in the SAP standard menu. There are many transactions that only are bound to report and or configuration activites that does not fit into the standard menu.
  Config activities are included into SAP roles by ranges. in this case most likely OB*.
  Regards Fredrik