Authorization object in procurement that checks user role
Hi Experts,
Please let me know if we have any standard authorization objects in the transactions PO or PR that checks the SAP User role. Authorization check can be done by sap role, we are not botherd checking on company code, purchase group and so on, Is there any standard procedure to find out that or any function module available to check that by passing user role. << removed >>
Cheers
Mohan
Edited by: Rob Burbank on Feb 19, 2010 12:24 PM
easiest way to find all authorization objects is to execute SU24.
There you enter the transaction code for which you want find the authorization objects.
Similar Messages
-
Check user role/authorization during Web report run-time?
Hello again,
I ran into a problem. I need to check <b>user's authorization during webtemplate execution (run-time)</b>. I want to have a possibility to allow in one web template extra functionality (through template menu) to key users. Normal users, who are running same report, should not have this extra menu visible.
Is it possible to check user authorizations or roles during web-template run-time?
Thank you!
VitaliyHi Harinam,
From my logic your are right.
The restriction is in two new roles (Requestor and Approver role).
But ->
If I assign my approver role the selection possiblities of the request types during the AR creation is restricted and the AR search function does not work.
If I assign my requestor role the restriction of the request type is not there, but the AR search function works again. :-(
If I assign the original approver role of sap I have the same behavoiur for the AR search.
Both new roles are a 1:1 copy of the SAP standard roles - > Exception, ristriction on request type 'Execption Approval' is not displ.
I have execute ST01 now. If I try to open the log, the system syst "No records that correspond to these search criteria".
But I have found something else.
The problem appears only if I search for Process ID "Access Request Approval Workflow".
If I select other Process ID such as "Control Assignment Approval Workflow" or "Fire Fighter Log Report Review Workflow", everything works fine.
Very strange!
BR
Melanie -
Error in LIME Query-Authorization object C_Lime_Loc cannot be checked..
hi,
I am very new to SAP Basis. i am facing the subject mentioned error in one of the user in a client when i run MM03 T.code.Su53 is showing Successful.
Temporaily ,I have provided the user with Profile SAP_ALL along with roles specified for the user and things are working fine.
i have tried assigning this object to all the Roles in the user but still in vain. Request some guidance to resolve this problem and thus removing the SAP_ALL profile to the concern user.Thanks in advance.
Edited by: Selva kannan on May 5, 2008 2:13 PMHi,
Heartly thanks for your feedback.
Actally the error reads: Error in Lime Query:Authrization object C_Lime_Loc cannot be checked.
SU53 is displaying last authorization is successful.
i have already added the object C_LIME_Loc to all the roles and checked the T.code MM03 without SAP_ALL profile.but failed.
I had compared the t.code su24 output in the user once with SAP_ALL profile and once without SAP_ALL and found both has same(identical) checked value. need help as i can feel that there is some authrization in SAP_ALL which is missing in my roles. how do i detect this....how do i check the objects in SAP_ALL related to this error. -
Authorization object not to allow certain user to enter sloc PO
Dear All,
i have manage to go su21 to create under mm purchasing authorization object called Y_BEST_LOC with Acty and LGORT field. other than that i have insert check item under program RM06ENHI. after that i go to su24 to assign the transaction code check for me21 and me22. under field value for me21, my new object i want to assign value (interval) = $LGORT, but don;t know how so i leave it blank.
Come to user profile i adding this object into the authorization to check, and put in only allow for 0001 and 0002 location. But the user still can save the PO when choose 0004 without error. I want to know missing step that should be done to prevent certain user to order under 0004 storage location.
Kindly suggest and guide me. thanks in advance
Regards
AishahME21/ME21N doesn't even check if the material is extended to the storage location entered in the PO. I don't think what you did is enough to restrict users per storage location, you need to find a user exit or BAdi and do the authorization check in the your custom code
AUTHORITY-CHECK OBJECT 'Y_BEST_LOC'
ID 'ACTVT' FIELD '01' "Create
ID 'LGORT' FIELD '0002'. "Storage Location 0002
IF SY-SUBRC = 0.
" User has authorization
ELSE.
message 'Not authorized for storage location' type E
ENDIF.
You may have to use the following Business Add-in (TCode SE18)
ME_CHECK_ALL_ITEMS : Run Through Items Again in the Event of Changes in EKKO -
Authorization Object for Sale Organization check
Hello all,
I have create a Z Report.Now the requirement is that only certain users belonging to a particular Sales Organization can run that report.
Which standard Authorization Objects can be used for this case.
regards,
Ujjwal KumarP577815 wrote:>
> Hey,
> Thanx for your reply....)
> Actly new to abap thats y not much idea.Instead of your Auth Obj,can i use V_KNA1_VKO.
Hello,
But V_KNA1_VKO also has these params:
VTWEG Distribution Channel
SPART Division
V_VBRK_VKO also has only Sales Org(VKORG). I think that suits your req.
But before deciding on the Auth. Obj please read the documentation & check that it suits your req.
BR,
Suhas -
Update the authorization object value for more than 1000 role
I need to remove one of the activity value (06) from authorization object S_SCD0.
I do a search and found out that there are more than 1000 roles which having the activity value = 06 for authorization object S_SCD0.
However, I don't think I can create a SCAT script to update all these 1000 roles and I believe its going to be a very tedious if I am going to manually change it one-by-one. Hence, I am wondering is there any standard program/function which I can use to automate the above changes for all these 1000 over roles.
Kindly advise.
ThanksDirect update the table is the easiest way, but should be discourage for the obvious reason.
Should take a step back, take a long term view, when you need to update 1000 roles, maybe a role redesign might be needed. For example, if you can change the role model to derive role model, once update to the parent role will take care of all the child role.
Thanks,
Lye -
Checking user roles in FI Module
Hi,
Please let me know the points to be considered while checking the security and authorization in FI modules based on a user role.
Thanks,
SrideviHi,
While defining the security roles, as a first step Composite roles, Single Roles are created. Transaction codes are attached to Single roles. A group of Single roles are attached to a Composite roles.
Based of Business requirements / Orgnaization structure in the Company in the sense VP. Finance / Controller / Sr.Manager / Manager etc., the composite roles and single roles are assigned to the positions. For example Vice President Finance will have full authorization to all composite roles.
Some of the users require only display authorization, in which case a role is created only incorporating transaction codes which display documents.
Thanks
Murali. -
Authorization object to display BSP check boxes
Hello,
I'm trying to find the authorization object so as to display the BSP check boxes. Because I can display BSP properly (I've BSP_APPL) but not the BSP check boxes. The user having all the autorizations, can see the cheks boxes ok.
Please, can you help me?
Thank youI'ts not a authorization object, just portal authorization. I'm going to open a new thread.
-
One or more Object are missing in the User Role
How to assign/add Objects to the User Role?
Thank you in advanceI dont understand exactly what you want to say...r u talking about how to generates roles..
Pls visit the PFCG transaction enter the role name
now goto change mode and maitain the values..or the object..
From the SAP menu you can switch on the technical names for ur reference.
Regards
Prakhar -
Authorization Object for BPs that works like CRM_ORD_LP (via Org Model)
Hello Community,
we have the requirement to restrict users to create BPs for specifc sales organizations only. I know there is CRM_BP_SA, this works perfectly but has the disadvantage that the Sales Org ID needs to be maintained in the PFCG role. As the IDs are different on D, Q and P we have to maintain PFCG roles on all these systems.
To avoid this we need something like the object CRM_ORD_LP for Business Partners, to derive the users sales org from the organizational model assignment of the user.
I don't think that there is a standard object for that, did anyone of you implement something like that?
Thanks for your answers,
Fabian
Edited by: Fabian Nothacker on Jan 28, 2010 4:41 PMFabian, I have two suggestions.
One:
If possible keep the same Sales Org ID changing it
In SPRO, CRM->Master Data->Organizational Management->Maintain number ranges
Select subgroup 01$$ and select "Number range maintenance" . Here you can change the intervals.
Second:
You might think about creating your on authority object.
To do this, basically you have to:
Creating a new auth. object at SU21 tx, adding parameters fields
Implement BADI CRM_ORDER_AUTH_CHECK , methods CRM_ORDER_ADD_AUTH_CHECK e CRM_RFW_CALL_AUTHORITY.
Adding the new object for your pfcg profile.
Godo luck,
Lalas
Edited by: Laercio P. Azevedo on Feb 1, 2010 9:51 PM -
How to check user role/profile
Dear all,
I'm finding function module to get a list of profile/role of user. Would you please suggest me on this?
Btw, if you have any other advise please feel free to let me know.
Thanks in advance.
PeersitI've just found the related threads on this site.
User Profile Details
Re: User Profile Details
User Wise Authorization/profile report needed
User Wise Authorization/profile report needed
Have a good day. -
Hello Experts,
We make use of Authority checks in our applications which require User authorization .
For example Sales application makes use of Standard authorization object 'V_VBAK_VKO' .
AUTHORITY-CHECK OBJECT 'V_VBAK_VKO'
ID 'VKORG' FIELD VBAK-VKORG
ID 'VTWEG' FIELD VBAK-VTWEG
ID 'SPART' FIELD VBAK-SPART
ID 'ACTVT' FIELD DA_ACTVT.
The above check is a combination of Business fields like Sales org(VBAK-VKORG) etc and Type of a Activity (DA_ACTVT)
for example '01' for create and '02' for change .
My requirement is to have pure activity based check .
Can we use the same check without Business fields and have only the Activity type . for example
AUTHORITY-CHECK OBJECT 'ZOBJ'
ID 'ACTVT' FIELD '02'.
Syntactically seems to correct .
Is this a correct usage ?
Thanks and Regards,
Ravish.Hi,
Ya u can do do, but its not a good option atleast one field u should maintain in Authorization check.
e.g.
AUTHORITY-CHECK OBJECT 'ZOBJ'
ID 'VKORG' FIELD wa_VBAK-VKORG
ID 'ACTVT' FIELD '02'.
But there is no harm w/o field also u can create.
Regards
Arbind -
Authorization object assignment on USERS
Hi,
i have to maintain authorization objects in transaction types and users in our company, such that the executives (management of all org. units) of the company are able to see all the transactions including activities within the whole company.
on the other hand the employees (<b>not executives</b>, belonging to a specific org unit) should be able to see ONLY the transactions belonging to his org. unit
useful info is avlbl at: http://help.sap.com/saphelp_crm50/helpdata/en/26/99973915e69238e10000000a11402f/frameset.htm
but where and how are these authorization objects assigned?
Kindly help, thnx, all answers appreciated.
Jacob.hi Jacob,
Look at <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/81/0e0f61b566dc44bbb4055b3ccd25be/frameset.htm">Identity Management</a> maybe it helps you.
Regards.
Manuel -
What User authorization objects needed for connecting to SAP from xMII?
We eneter a SAP user and password for connecting to SAP from xMII to retrieve the metadata of the incoming IDocs.
When I specify a user with SAP_ALL user profiles, the IDocs are received properly in xMII. If I specify a user with privileges to run only certain transactions, IDocs are not received in xMII.
What user authorization objects are needed for this user to connect to SAP from xMII?
Thanks,
SaraSam,
I turned on the SAP System trace for this user and figured out the following auth. objects are required for receiving IDocs in xMII:
C_TCLA_BKA
S_RFC
S_CTS_ADMI
B_ALE_MAST
S_IDOCDEFT
The following auth. object is required for making JCO call to SAP from xMII:
C_AFRU_AWK
Thanks,
Sara -
Authorization Object for data downloading from application server
Hi friends ,
My program downloads and uploads data from the application server .
My requirement is ,
Authorization checks should be performed on the Server directories to ensure that the user has access to read and write to the directory. It should check the s_dataset authorisation object for this.. If a user does not have the s_dataset authorisation object no upload or download should be allowed.
Can you please tell me how to deal with this ? how do we check the above condition ??
Many thanks ,
Hemanthi,
This is not a single step process.
First of all you have to create a field for authorization for server directories from su20 and then create authorization object from su21.then define a role from pfcg with this authorization object and assign this role to user profile from su01 with values defined.
Then you have to call this authorization object in your program at selection screen.
Maybe you are looking for
-
How to create the ini file for java programms
hi all, I have one problem that is ... In my project I am using the JDBC connection ... in this I am connecting different connections (means differenet usernames and passwords)... for this evrey time I have to change the username and password in the
-
On top of that, I was told by the customer service rep I was chatting with to act fast before the sale ends. Only to have the price go down!
-
Planned delivery cost Issue in MIRO
Hi Folks We have an issue with Delivery cost condition while doing MIRO. We recently changed pricing procedure and added a condition for fuel surcharge. We moved these changes to SAP PRD system. When user adds additional line item (e.g. 0020) on a pu
-
Am getting error error when am using wm_concat funcation.
hi all am getting error error when am using wm_concat funcation. SQL> DECLARE 2 ex VARCHAR2(200); 3 BEGIN 4 SELECT wm_concat(ename) INTO EX FROM EMP WHERE deptno=30; 5 DBMS_OUTPUT.PUT_LINE(EX); 6 END; 7 8 . SQL> SQL> / DECLARE ERROR at line 1: ORA-06
-
IPhoto 9.1: Nothing Short of Perverse!
Such an absolutely stupid set of options of mailing pics from within the new iPhoto '11! Anyway... Just one genuine problem (not just an annoyance): When I set up the iPhoto mail program to utilize my existing e-mail server... after clicking "Send",