Authorization object in MV45AFZZ not working

Similar Messages

• Authorization objects in RAR not updated

  Hi everyone,
  i'm facing an issue with RAR (GRC 5.3, SP10): i've just imported the authorization objects from SAP (SE38 -> /VIRSA/ZCC_DOWNLOAD_SAPOBJ -> saved in UTF8 format), but when i look the  function in the rule architet the authorization objects setting are not the same:
  Example: in SAP the transaction F-04 needs the auth obj  F_BKPF_BLA/BUK/KOA (i use transaction SU22 to check the auth obj) and the export file has the same settings:
  F-04     F_BKPF_BLA     ACTVT          
  F-04     F_BKPF_BLA     BRGRU          
  F-04     F_BKPF_BUK     ACTVT     01     
  F-04     F_BKPF_BUK     BUKRS     $BUKRS     
  F-04     F_BKPF_KOA     ACTVT          
  F-04     F_BKPF_KOA     KOART     $KOART     
  In RAR the transaction F-04 is in the function AP01, AR01, AR02, GL01. The transaction has different settings in every function: in AP01 there is only F_BKPF_KOA in status active, in AR01 there are F_BKPF_BUK and KOA in status active,...
  I re-generated all the rules, but the settings are still the same.
  I think the settings must be the same.
  Am i right?
  Thanks in advance!
  Luigi

  Luigi,
    The function has all the associated auth objects, right? All the auth objects/permissions may not be enabled in the function. As you are using standard SAP ruleset, SAP has determined that the combination of F-04 and associated enabled auth objects create violation when assigned with another set of tcodes and auth objects. You can always enable all the auth objects if that is what makes sense as per your business.
  Can you go through the RAR config guide to get an understanding on this?
  Regards,
  Alpesh

• This page contains some SWF objects that may not work properly...

  Hello Guys
  I bought this menu made by f-source into my page:
  http://beta.asphalt-driveway-sealing.com/, it's working fine except I got this message each time I am opening my file with dreamweaver CS4: 'this page contains some SWF objects that may not work properly in the most recent versions of Internet Explorer. Dreamweaver cannot  convert them to the new SWF markups. Please delete each of them and insert again' and what I did but still got this message
  the developer told me that: "I previous versions of Dreamweaver you could disable the Active
  Content Converter http://f-source.com/before_insert/
  In CS4 there is no such option."
  Please let me know what can I do then.
  Many Thanks, T&T

  Hi
  CS4 uses a 'nested' type of object code to insert swf/flv files, which is more compliant than previous code. Obviously the f-source extension is not cs4 compliant if it is changing this, (the message indicates it is doing so) and is something you should pursue via there support department. However even though it is giving you this message it should still work on live pages.
  PZ
  www.pziecina.com

• Person responsible based Authorization in Projects is not working for me

  Hi,
  Does 'Person responsible' based authorization for WBSE works for the WBS element only, or for the hierarchically sub-ordinate non-WBS objects (meaning Networks, Activities, Materials etc) as well?
  Details:
  (Authorization objects: C_PROJ_VNR and C_PRPS_VNR)
  -- User1 is assigned with role TESTROLE1. This role has the Project manager based WBS & project authorization objects, with person number 101.
  -- User2 is assigned with role TESTROLE2. This role has the Project manager based WBS & project authorization objects, with person number 102.
  Following sample project is created by a super-user:
  PROJ123 (Details: person responsible - 101)
    WBS-1 (Details: person responsible - 101)
      WBS-1/1 (Details: person responsible - 101)
        NETWORK1
        ACTIVITY11
        MATERIAL111
        MATERIAL112
      WBS-1/2 (Details: person responsible - 102)
        NETWORK2
        ACTIVITY21
        MATERIAL211
        MATERIAL212
  Now the requirement of super-user is that WBS-1/1 and its subordinate elements (Activities, Materials etc) should be editable only by User1. And similarly, WBS-1/2 and its subordinate elements should be editable by User2 only.
  My issue:
  Although WBS-1/1 is not accessible to User2, BUT User2 can edit the subordinate elements (NETWORK1, ACTIVITY11, MATERIAL111, MATERIAL112) of WBS-1/1. I do not want User2 to have edit access to subordinate elements of WBS-1/1.
  Above issue is with User1 for WBS-1/2 as well.
  Hope I am clear in explaining my issue. Can anyone please help me understand the standard authorization concept of Person responsible based roles. I suspect that I am going wrong somewhere but I am not able to identify the problem.
  I want to allow access of a part of project to one user, and another part to some other user. And I do not want to go for an ABAP option if I can do above using basis authorizations.
  (Above mentioned problem is not just with part of projects, but with a complete project as well.)
  Hope to see some quick replies. Thanks in anticipation.

  Thanks for the inputs Sreenivas.
  Are you aware of any authorization objects which can restrict access to Networks, Activities, Material components and Milestones, using 'Person responsible' or any other suitable field? I hope you got what I am looking for.
  Restricting WBSE based on 'Person responsible' without restricting sub-ordinate elements is not much useful according to me. It helps only with simple project structures (having only WBSE) and nothing much. Right?
  Thanks again

• Authorization object CRM_ORD_OE is not woring in Production but in DEV

  Hi,
  In CRM system authorization object for sales office is working fine in DEV and Quality but not working in PRD.
  What will be the necessary steps to identify the mistake to trace the above mentioned issue?
  Thanks..
  Pranab

  Hi Alex,
  I had that option in front of me ( we actually tried it also with no result ). But before that I would like to know, why this might have happened. Why there is difference between standard menu on both servers?
  Regards,
  Shamish

• RE-FX Object link is not working

  Hi Gurus
  I have added the object VICNCN (Screen Number: 500) in DC10 for a document type. Now i can link Real Estate Contract with a DIR in Object Link tab. When i double click the Real Estate Contract number in Object Link tab then the system will open the transaction RECN. So i hope the DIR is attached to that number.
  But when go to transaction RECN and select the menu Extras--> Document Management then the system prompts a message to create a New Record.  Suppose if click "Yes" then it shows a error "Model Not Found". Actually the Real Contract Number has already been linked in Object Link Tab in CV01N. But it is not working properly.
  Can anyone please help me to fix this issue.
  Regards
  Vasim Raja. R

  HI Nayeem,
  Please maintain Authorization group 1 in Maintain screen for Object Link :
  Maintain 1 in Auth. field. Then go to RECN, Extras, Document Management there u will find Creation of document from RECN.
  Regards
  Jayanth

• Object Level security not working on OBIEE 11g 11.1.1.7

  Hi,
  I am experiencing problems with object level security applied on application role in 11.1.1.7 version. If i create a user and assign that user to a application role and give that application role permission to Access Answers in Manage previleges, it is not working. If i directly add a user to permission list in Manage previleges section then user is able to access the answers. I added that application role in "Access to Answers" section in Manage previleges section. Permission for Authenticated users is denied.
  We recently upgraded from 11.1.1.5 to 11.1.1.7. Please can someone confirm if it a bug in 11.1.1.7 or it is because of the upgrade process.
  Regards,
  Sandeep

  Hello Sandeep,
  I have just verified the below scenario as you said but didnt find any issue.
  I have just created a User, Group and Applictaion Role under default authentication provider . Assigned user under group and group under newly created application role and provided access to answers for new application role under manage privilages and I am able see it.
  This might not be a 11.1.1.7 bug check it from upgrade end.
  Regards,
  Srikanth

• Restricted Backflush Authorisation Object C_BFLS_L  is NOT working!

  Hi,
  We are using the IS-MILL version of SAP 4.7. We are trying to restrict the authorisation of users for Tcode MFBF only to a few. As suggested in the SPRO help files we tried useing the 'Authorisation Object' [bC_BFLS_L]</b> Restricted Backflush but it is giving an error message <b>"This object is out-of-date and is no longer checked from Release 4.6A".</b>
  KINDLY ADVISE ON WHICH AUTHORISATION OBJECT IS TO BE USED and also HOW TO RESTRICT USAGE OF MFBF ONLY TO A FEW USERS if this does not work!
  <u>With Best Regards,</u>
  <b>V.NAGARAJ,</b>

  Hi Enrico,
  Thanks a ton for your advice. We did check the authorisation object mentioned by you <b>(C_BFLS)</b>. But the following message is displayed -<b> "This object is out of date and is no longer checked from 4.6A"</b>. KINDLY ADVISE, PLEASE!

• Page Authorization Scheme OK button not working

  Hi All,
  I have a Page Level Authorization scheme, which makes a PL/SQL Function call to determine whether the logged in user should have access to the Page. This works well and displays an 'Access denied by Page security check' error message, but the OK Hyperlink that is displayed does not work as I would expect as I am not returned to the calling page.
  The pages in question are Popups and when I hover over the OK Hyperlink, the Javascript in the Taskbar shows javascript:window.history.go(-1). Is this the route of my problem, and is there any way around this when using Popup windows?
  Thanks,
  Mike

  Scott,
  Thanks for your response. Yes you have the sequence right: "User clicks on link to popup page from base page and the link is to a forbidden page"
  "The basic question is why would you ever show a link to a forbidden page to the user?"
  The main reason is time, ideally yes we would like to hide links to forbidden pages but it will take time to implement due to complexity of role combinations and number of pages. So for now, we are confident in our method for denying access to forbidden pages.
  The error message that is displayed on the forbidden page is set in the Authorization Scheme, but how do I alter the OK link? Isn't this generated 'behind the scenes'?
  Thanks,
  Mike

• Object based navigation not working in FPN

  Hi All,
  We are having issue with Object Based Navigation in FPN. 
  System details are, Central Portal 7.01 sp 06 and Child (SRM) Portal 7.01 SP 07.
  We are using the standard business package iView Check Status, which is working fine in Producer Portal and the same is not working in Central Portal.
  Kindly help us on this.
  Regards,
  Venkatesh K

  Hi Venkatesh,
  Before gettign into the isue there is some limitation given by sap on this reagrds of OBN with fpn:
  1.A content developer may create an OBN source iView to call the OBN service to run code that processes a number of target iViews and displays them for the user to choose from, during runtime, in a context menu accessible from the source iView.
  When in remote delta link mode, the federated portal network does not support this implementation of OBN, regardless or whether the source iView calling the OBN service was created in NetWeaver 7.1 or in NetWeaver 7.0 and then upgraded to 7.1.
  2.The user on the consumer side may have additional roles that the respective user on the producer does not have.
  Conversely, OBN does not search for targets in roles that the user has on the producer, which do not exist on the consumer.
  Note also: In remote role assignment mode all content editing is done on the producer, including the editingobject-based navigation, such as the removal and addition of implementations and changes in priority
  so as per your perspective issue can i clearly knwo abou the issue your getiing ,as it is working fine in Producer Portal and not in central portal right?
  Once check for the remote delta link which might help you to resolve your issue,Hope this information helps you or take near to the issue any more queries get back !
  Thanks&Regards
  AswinChandraGirmaji

• Hierarchy Authorization in free characteristics not working

  Hi,
  we found aproblem while running a query with authorization objects for a hierarchy node (0SALES_OFF).
  - Z_HPRODPIS (Hierarchy for sales offices) with fields:
  - 0SALES_OFF Sales Office
  - 0TCTAUTHH Authorization for hierarchy
    We create hierarchy authorization for nodes:
     - Type of authorization           2
     - Hierarchy level                    3
  We would like to have characteristic 0SALES_OFF in the free characteristics section when running the query.
  In this case we get an error "No authorizations", but after drill down in rows, hierarchy node members for 0SALES_OFF are displayed.
  Is this an usual behavior?
  We would not like to create several queries, if we could cover user requirements with one query with several characteristics as free characteristics (also 0SALES_OFF).
  Thanks, Tomaz

  Hi !
  have you tried restricting it with a variable?
  with regards
  ashwin

• OBJECT tag is not working in jsf

  Hello,
  I am trying to add an object tag in jsp page. it is working fine with html page but it is not recognize by the jsf.
  JDeveleoper is 12c
  Thank you.

  Hi Timo,
  I added the tag you mentioned nothing change the red line still there. But, I did something else and I do not know if this has any thing to do with the problem.
  What I did is:
  the tag is working fine in html page and here is the tag in html page:
  <DIV STYLE="position:absolute; top:100px; left:50px;">
  <table border=1 cellpadding="0">
     <tr><td> 
       <OBJECT classid=clsid:69A40DA3-4D42-11D0-86B0-0000C025864A height=75
              id=SigPlus1 name=SigPlus1
    <PARAM NAME="_Version" VALUE="131095">
    <PARAM NAME="_ExtentX" VALUE="4842">
    <PARAM NAME="_ExtentY" VALUE="1323">
    <PARAM NAME="_StockProps" VALUE="0">
              </OBJECT>
     </td></tr>
  </table>
  </DIV>
  <FORM id=FORM1 method=get name=FORM1>
  <p>
  <INPUT id=SignBtn name=SignBtn type=button value=Sign onclick=OnSign()>    
  <INPUT id=button1 name=ClearBtn type=button value=Clear onclick=OnClear()>   &nbsp
  <INPUT id=button2 name=Cancel type=button value=Cancel onclick=OnCancel()>    
  <INPUT id=submit1 name=Save type=submit value=Save onclick=OnSave()>    
  </p>
  As I mention before once I copy the previous tag into jsp page the red lines appears.  in jsp when I convert the word from uppercase to lower case the red lines disappeared and I am able to run the page but the tag is not functioning. the changed tag is:
  <div style="position:absolute; top:100px; left:50px;">
  <table border="1" cellpadding="0">
     <tr><td>  
       <object classid= "clsid:69A40DA3-4D42-11D0-86B0-0000C025864A" height="75"
              id="SigPlus1" name="SigPlus1">
    <param name="_Version" value="131095"/>
    <param name="_ExtentX" value="4842"/>
    <param name="_ExtentY" value="1323"/>
    <param name="_StockProps" value="0"/>
              </object>
     </td></tr>
  </table>
  </div>
  <p>
  <input id="SignBtn" name="SignBtn" type="button" value="Sign" onclick="OnSign()"/>    
  <input id="button1" name="ClearBtn" type="button" value="Clear" onclick="OnClear()"/>    
  <input id="button2" name="Cancel" type="button" value="Cancel" onclick="OnCancel()"/>    
  <input id="submit1" name="Save" type="submit" value="Save" onclick="OnSave()"/>    
  </p>

• Object States panel not working in CS6, please help!

  I have InDesign CS6 installed (same license) on my work computer and home computer. The Object States panel works just fine at home. But at work the panel shows up, but it is always blank even though I have an object selected that has a State applied to it.
  I am thinking I need to uninstall/reinstall and hopefully it will work again.
  On a side note, when I save the file down to CS5 from CS6 and open in CS5, the Object States is now visible. I attached a photo. Top two images are screen grabs from file opened in CS6. Bottom two photos are same file opened in CS5. See how the Object States are visible in CS5 and not in CS6.

  Thjnis sort of problem is usually fixed by trashing the prefs. See Replace Your Preferences

• HR Object Mitigation does not works in CUP

  Hello,
  We are on GRC 5.3 SP07 and have position based security. Our mitigation controls are also position based (meaning thereby that we implement mitigation control at the position level, and not to the user occupying the position).
  Our CUP is also based for indirect provisioning at the position level and it works fine. The only problem is when the request comes in via CUP for roles and the role has some risks (in itself or in combination with other roles already attached to the position), and then even if the position is mitigated for that risk, the risk analysis in CUP still shows that risk (ie the tool cannot detect the mitigation applied at the position level) and because of this the request gets routed to the detour path.(the detour path is based on condition u201Cif SOD found u201C).Ideally the request should detect the risk at the position level and should neglect the resulting risk as it is already mitigated. But this does not happens.
  My question is this possible at all with CUP 5.3 or am I missing some configuration.
  For you reference,
  At the configuration part in CUP, for risk analysis I have checked the box for u201Cconsider mitigation controlsu201D
  The validity of both the roles and mitigation controls all end with 12/31/9999.
  Regards,
  Matt

  Venky,
  If the risk is mitigated at user level , the request does NOT goes to detour path. If the risk is mitigated at role level again it does NOT goes to detour path. This is because the tool is smart enough to catch user and role level mitigation from RAR. However if the risk is mitigated at HR Object level it still goes to detour path. This is probably because the CUP cannot catch the mitigation done at HR Object level done at RAR. Although ideally it should catch the mitigation applied at the position.
  Regards,
  Matt

• Authorization issue - Query is not working

  Hi All,
  I have creared an auth.object on zcomp_code. created a role and assigned to a particular user. I have included 20 comp.codes in this auth object. All is well except the query result
  I have 2 variables in the variable pop-up screen. 1 is FiscYear and 2nd is zcomp_code (auth.variable). If i execute by not giving any value to comp.code, its showing "no autho". If I pass values then its giving proper result. Per my understanding, without input to comp.code it should display what and all are authorised to that particular role/user. Please correct me if I am wrong. I would like to show the result even there is no input to comp.code. Could anyone please suggest any approach to do this. Your assistance highly appreciable.
  Note: the comp.code variable is of type auth. variable. optional, ready for input.
  Thank you in advance!!!
  Best Regards
  Venkat....

  Hi Venkatesh,
  Hope you did all necessary developments, however i guess there is something missing in assignment of authorization relevant obj. Please go through below link which has explained on possible errors for "No Authorization Error" during this type of development.
  http://wiki.scn.sap.com/wiki/display/BI/Characteristic+Value+Authorization++BI+7.0
  Hope this helps.
  Regards,
  Venu Gopal