Authorization Object parameters error

In my program, I used Authorization object M_MATE_VKO
My program checked using
VKORG , ACTVT = "03" , VTWEG = '*'
My User had been assigned with M1 - M7 (M1 to M7) for VTWEG.
User not authorized, SU53 shows it required "*" for VTWEG
Now, I modified the checks to
VKORG , ACTVT = "03" , VTWEG = " "
VTWEG is now a BLANK.
User still not authorized, SU53 shows it required "-" for VTWEG (hyphen is this case)
What should I do to allow "No checks" on VTWEG?
Should I just used only VKORG and ACTVT with the objects which state 3 parameters?
How do I code in order to allow User with the appropriate authorization to pass thru?
Thanks
bye

Hi,
If you don't want to check a value against VTWEG either take it out of the statement or use VTWEG = DUMMY.
Regards,
Nick

Similar Messages

Upload Document Authorization Object

I try to set the authorization for uploading a document onto the report via the Portal website.
However, I can't find any proper authorization object for this purpose. (I tried the authorization object 'S_RS_ADMWB', but it is not workable)
May you all help me in this issue? It will be highly appreciated if you also give me details of authorization object parameters?

Hello,
Mash recently reported a similar error here :
when i try to upload oracle authorization objects getting errors
obviously, we can't see the attached file
Cheers,
Diego.

Error in ME21N : Authorization Object does not match EFB PID

Hello All
In one of our client we are getting the error as "Authorization Object does not match EFB PID" while executing Tcode ME21N. I have checked in User parameters EFB is not maintained but i am not sure if this is the reason for this error. if this is the case then can somebody tell me what value should i enter against EFB in user parameter. i have tried entering X but in Vain.
Also would like to know where one can see EFB parameter value in SPRO.
It is urgent.
regards
Yogesh

Hello Yogesh,
Here is the path:
SPRO --> Material Management > Purchasing > Authorisation Management > Define function authorisations for buyers > function authorisations for buyers
Regards
Arif Mansuri

BI authorization objects not appearing in RAR, error while generating role

Hi
I am facing certain problems relating to integration of BI module version 7 with GRC Access Controls version 5.3 and support package 06. I am describing the problems in details below:
(a) In Risk Analysis and Remediation (RAR) component, I am creating Functions and
      Risks for Business Intelligence (BI) module. For that I have downloaded the
      descriptive text and authorization object data from BI development system and
      uploaded the same in RAR. Then I have created 2 Function Ids DBI1 (having action
      RSA1) and DBI2 (having actions RSA11, RSA12, RSA13, RSA14, RSA15) and 1
      Risk Id for BI (having Function Ids DBI1 and DBI2) in RAR. But when I checked
      the permission tabs of the Function Ids DBI1 and DBI2, I could not find any
      authorization objects for the actions in them.
(b) In Enterprise Role Management (ERM), when I am trying to create a Role TEST-BI
       in DBI 100 and I put the BI transaction codes in authorization data , I get the
       authorization objects . Risk analysis is also being done successfully. But at the time
       of Role generation in background mode , it is giving an error message :
       Error generating role TEST-BI for system DBI 100: Unable to interpret * as a number.
       I am thus unable to generate any role in DBI 100.
(c) In Compliance User Provisioning (CUP), I have imported a standard role from DBI
      100. Then I have added Functional Area, Business Process, Subprocess and
      Criticality Level to this role in CUP. But when I try to assign this Role to an user, it
       gives an error Error creating request. But requests are getting created and roles are
       being assigned to users in ECC development systems using the same Initiator, CAD, stage
       and path.
Can anyone please help me ?

-

Error while generation of the Authorization object (

Hi Gurus,
I have created a Authorization object Z_CCTR3 for 0costcenter authorization.
but getting following error while generation of the Authorization object (type is Flat authorization)
"Error occurred when reading the data from DataStore object Z_CCTR3"
Any inputs will helpful...
Sonal.....

Hello everybody,
my problem is solved.For the UDConnect, whatever DATA SOURCES you create gets registered in a FUNCTION MODULE which has a capacity of only 99 enties, so to increase it implement the SAP NOTE 876340 - UDC Error available on SERVICE MARKET PLACE.
This problem occurs with BW version 3.5 level 17 or below.
Regards,
Priyanka
Edited by: Priyanka Joshi on Jun 10, 2008 11:03 AM

0Orgunit(hierarchy) and authorization object display getcell error in Webi

Hello,
         We are facing with GetCellData error in WebI to SAP BEx Query.
         This works perfectly fine in Bex for a particular test user who has access to particular org unit value.
         But in Webi we are getting this Getcelldata error.
        Tried all the options and message as recommended in sdn group.
        mdxtest returns no value.
        looked at all below messages but no luck.
GetCellData error in WebI to SAP BEx Query
Re: SAP BO WebI Report on top of BI Bex Query with Authorization Variable
in the rsecadmin, we get the same error like mentioned in below message
Hierarchy Authorization doesn't work for MDX but works for BEx Query.
Is any authorization required for this user to execute and view the authorized values in Webi?
or we have to assign any authorization ?(0BI_ALL is not assigned).
Please find below screenshots of BEx query auth log or Webi auth log (differences)
Bex auth log:
The Following Attributes Are Authorized and Thus Are Visible
0BBPPURGRPX
0BBPPURORGX
0BBP_BUYID
0BBP_ISCOMP
0BUS_AREA
0COMP_CODE
0CO_MST_AR
0CRMSALGRPX
0CRMSALOFFX
0CRMSALORGX
0CRMSRVTGRP
0CRM_SALGRP
0CRM_SALOFF
0CRM_SALORG
0CRM_SRVORG
0LEAVERS
0LOGSYS
0MAST_CCTR
0PERS_AREA
0PERS_SAREA
0PLANT
0PURCH_ORG
0PUR_GROUP
0SALESORG
0SALES_GRP
0SALES_OFF
This above log is missing for mdxtest auth log.
Is this the issue?
Any quick reponse or help really appreciated.
Regards,
Ravi
Edited by: Ravi Gadicherla on Feb 28, 2010 5:36 PM

Hi,
    Here is the log of MDXtest:
Buffering the Authorization Data
Buffering for InfoProvider 0PA_C01 and Users HRTEST93
InfoObject Properties Defined
Reading of Directly Assigned Authorizations
Direct Assignment Does Not Include Universal Authorization 0BI_ALL
Reading the Indirect Assignments with Authorization Object S_RS_AUTH
Does user have OBI_ALL?
No, the User Does Not Have Universal Authorizion 0BI_ALL
Negative Entry in SU53 Result of Failed Check for 0BI_ALL
Indirect assignments found; no universal authorization
Regards,
Ravikanth

Error in Deleting Authorization Object

Hi,
I am trying to delete the authorization object in tcode RSSM, and I am getting following error:
Could not delete profile RSR_00006165 from the DUMMY user master
Message no. RSSBR063
Your input will be appreciated and points will be awarded for helpful answers to resolve this.
Thanks in advance,
Steve

Hi Steve,
All your roles which are depending on the specified authorization object should be free with AUTh.OBJ and then try to reomve the master data from the auth.obj and then delete the auth.obj, now it will allow you to delete the auth.obj
Regards
Sarath

Error in Transport of Authorization Object

Hi,
I have created a authorization object in my development and transported it to testing. In the transport log I can see that it was succesfully imported but I am not able to see the Authorization object in SU21 of testing system but I tried to see that Authorization object through SUIM and able to see that object.
I tried to create a sample role and assign this authorization object manually to that role but not able to do that.
Can any one help me in this issue.

Hi Martin,
Thanks for the reply
Yes I forgot to transport Authorization class. I have done that now and able to access the Authorization object.
Can you please let me know the complete process whether we have to transport only Authorization class...
Then the Authorization object will be transported on its own..
Thanks in advance

Regardig Authorization object

Hi All,
I would like to know the step by step creation of authorization object...
Iam able to create the authorization class and objects using SU21 for a ztable fields..
And am not getting how to use this in ABAP program.
I know using Authority-check we can do this...
Here Iam not understanding to whom we are checking the authorization..and how...
And also is this necessary to create a role in pfcg and assign it to user...
if so what is the necessary to create a role...
and what is the link between SU21 and pfcg...
how this is affecting...
can any one help me...out of this...
thanks and regards
raghu

Hai Phani
Go through this
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
go through report
TABLES: TOBJT.
DATA: OBJECT1 LIKE USR12-OBJCT,
OBJECT2 LIKE USR12-OBJCT,
OBJECT3 LIKE USR12-OBJCT,
AUTH1 LIKE USR12-AUTH,
AUTH2 LIKE USR12-AUTH,
AUTH3 LIKE USR12-AUTH,
IND LIKE SY-INDEX,
FLAG TYPE I.
DATA: BEGIN OF INTTAB OCCURS 30,
OBJECT LIKE USR12-OBJCT,
AUTH LIKE USR12-AUTH,
END OF INTTAB.
DATA: BEGIN OF INTTAB2 OCCURS 30,
OBJECT LIKE USR12-OBJCT,
AUTH LIKE USR12-AUTH,
EXPL LIKE TOBJT-TTEXT,
END OF INTTAB2.
DATA: BEGIN OF TABSET OCCURS 30,
SFIELD LIKE TOBJ-FIEL1,
VON(18),
BIS(18),
END OF TABSET.
*read up the authorizations from the user buffer
CALL 'ANALYSE_USERBUFFER'
ID 'AUTHS' FIELD INTTAB-SYS.
*filter out the multipy authorizatios of the same object
SORT INTTAB BY OBJECT.
DO.
IF SY-INDEX = 1.
OBJECT1 = ''. AUTH1 = ''.
READ TABLE INTTAB INDEX 1.
OBJECT2 = INTTAB-OBJECT .AUTH2 = INTTAB-AUTH.
READ TABLE INTTAB INDEX 2.
OBJECT3 = INTTAB-OBJECT.AUTH3 = INTTAB-AUTH.
ELSE.
OBJECT1 = OBJECT2. AUTH1 = AUTH2.
READ TABLE INTTAB INDEX SY-INDEX.
OBJECT2 = INTTAB-OBJECT .AUTH2 = INTTAB-AUTH.
IND = SY-INDEX + 1.
READ TABLE INTTAB INDEX IND.
IF SY-SUBRC = 0.
OBJECT3 = INTTAB-OBJECT.AUTH3 = INTTAB-AUTH.
ELSE.
OBJECT3 = ''. AUTH3 = ''.
IF OBJECT2 = OBJECT1 OR OBJECT2 = OBJECT3.
INTTAB2-OBJECT = OBJECT2.
INTTAB2-AUTH = AUTH2.
SELECT SINGLE * FROM TOBJT
WHERE LANGU = SY-LANGU
AND OBJECT = OBJECT2.
INTTAB2-EXPL = TOBJT-TTEXT.
ENDIF.
EXIT.
ENDIF.
ENDIF.
IF OBJECT2 = OBJECT1 OR OBJECT2 = OBJECT3.
INTTAB2-OBJECT = OBJECT2.
INTTAB2-AUTH = AUTH2.
SELECT SINGLE * FROM TOBJT
WHERE LANGU = SY-LANGU
AND OBJECT = OBJECT2.
INTTAB2-EXPL = TOBJT-TTEXT.
APPEND INTTAB2.
ENDIF.
ENDDO.
SORT INTTAB2 BY OBJECT AUTH.
*display the authorization and description, the objects, fields and
*field values
FLAG = 0. OBJECT1 = ''.
LOOP AT INTTAB2.
IF OBJECT1 = INTTAB2-OBJECT.
WRITE: / INTTAB2-AUTH COLOR 2.
PERFORM FIELD_VALUES.
LOOP AT TABSET.
WRITE: / TABSET-SFIELD, TABSET-VON, TABSET-BIS.
ENDLOOP.
ELSE.
SKIP.
WRITE: / INTTAB2-OBJECT COLOR 3, INTTAB2-EXPL COLOR 3.
PERFORM FIELD_VALUES.
WRITE: / INTTAB2-AUTH COLOR 2.
LOOP AT TABSET.
WRITE: / TABSET-SFIELD, TABSET-VON, TABSET-BIS.
ENDLOOP.
ENDIF.
OBJECT1 = INTTAB2-OBJECT.
ENDLOOP.
FORM FIELD_VALUES *
retrieve the field values of an authorization *
FORM FIELD_VALUES.
TABLES: USR12.
FIELD-SYMBOLS .
DATA: INTFLAG TYPE I VALUE 0, OFF TYPE I, VTYP, LNG TYPE I,
CLNG(2), GLNG(2), FLDLNG TYPE I VALUE 10, SETFILL.
SELECT SINGLE * FROM USR12
WHERE AUTH = INTTAB2-AUTH
AND OBJCT = INTTAB2-OBJECT
AND AKTPS = 'A'.
SETFILL = 0.
REFRESH TABSET.
CLEAR TABSET.
OFF = 2.
ASSIGN USR12-VALS+OFF(1) TO .
WRITE TO VTYP.
WHILE VTYP <> ' ' AND OFF < USR12-LNG.
OFF = OFF + 1.
CASE VTYP.
WHEN 'F'.
OFF = OFF + 5.
ASSIGN USR12-VALS+OFF(2) TO .
WRITE TO CLNG.
LNG = CLNG.
IF LNG <= 0.
EXIT.
ENDIF.
OFF = OFF + 2.
ASSIGN USR12-VALS+OFF(FLDLNG) TO .
WRITE TO TABSET-SFIELD.
OFF = OFF + FLDLNG.
WHEN 'E'.
ASSIGN USR12-VALS+OFF(LNG) TO .
WRITE TO TABSET-VON.
IF TABSET-VON = SPACE.
TABSET-VON = ''' '''.
ENDIF.
APPEND TABSET.
SETFILL = SETFILL + 1.
TABSET-VON = SPACE.
TABSET-BIS = SPACE.
OFF = OFF + LNG.
WHEN 'G'.
ASSIGN USR12-VALS+OFF(2) TO .
WRITE TO CLNG.
GLNG = CLNG.
OFF = OFF + 2.
ASSIGN USR12-VALS+OFF(LNG) TO .
IF INTFLAG = 0.
WRITE TO TABSET-VON.
WRITE '*' TO TABSET-VON+GLNG.
ELSE.
WRITE TO TABSET-BIS.
WRITE '*' TO TABSET-BIS+GLNG.
INTFLAG = 0.
ENDIF.
APPEND TABSET.
SETFILL = SETFILL + 1.
TABSET-VON = SPACE.
TABSET-BIS = SPACE.
OFF = OFF + LNG.
WHEN 'V'.
INTFLAG = 1.
ASSIGN USR12-VALS+OFF(LNG) TO .
WRITE TO TABSET-VON.
IF TABSET-VON = SPACE.
TABSET-VON = ''' '''.
ENDIF.
OFF = OFF + LNG.
WHEN 'B'.
INTFLAG = 0.
ASSIGN USR12-VALS+OFF(LNG) TO .
WRITE TO TABSET-BIS.
IF TABSET-BIS = SPACE.
TABSET-BIS = ''' '''.
ENDIF.
APPEND TABSET.
SETFILL = SETFILL + 1.
TABSET-VON = SPACE.
TABSET-BIS = SPACE.
OFF = OFF + LNG.
ENDCASE.
ASSIGN USR12-VALS+OFF(1) TO .
WRITE TO VTYP.
ENDWHILE.
ENDFORM.
go through this link
http://www.thespot4sap.com/Articles/SAP_ABAP_Queries_Authorizations.asp
also go through this Document
AUTHORITY-CHECK OBJECT object
ID name1 FIELD f1
ID name2 FIELD f2
ID name10 FIELD f10.
Effect
Explanation of IDs:
object Field which contains the name of the object for which the authorization is to be checked.
name1 ... Fields which contain the names of the name10 authorization fields defined in the object.
f1 ... Fields which contain the values for which the f10 authorization is to be checked.
AUTHORITY-CHECK checks for one object whether the user has an authorization that contains all values of f (see SAP authorization concept).
You must specify all authorizations for an object and a also a value for each ID (or DUMMY ).
The system checks the values for the ID s by AND-ing them together, i.e. all values must be part of an authorization assigned to the user.
If a user has several authorizations for an object, the values are OR-ed together. This means that if the CHECK finds all the specified values in one authorization, the user can proceed. Only if none of the authorizations for a user contains all the required values is the user rejected.
If the return code SY-SUBRC = 0, the user has the required authorization and may continue.
The return code is modified to suit the different error scenarios. The return code values have the following meaning:
4 User has no authorization in the SAP System for such an action. If necessary, change the user master record.
8 Too many parameters (fields, values). Maximum allowed is 10.
12 Specified object not maintained in the user master record.
16 No profile entered in the user master record.
24 The field names of the check call do not match those of an authorization. Either the authorization or the call is incorrect.
28 Incorrect structure for user master record.
32 Incorrect structure for user master record.
36 Incorrect structure for user master record.
If the return code value is 8 or possibly 24, inform the person responsible for the program. If the return code value is 4, 12, 15 or 24, consult your system administrator if you think you should have the relevant authorization. In the case of errors 28 to 36, contact SAP, since authorizations have probably been destroyed.
Individual authorizations are assigned to users in their respective user profiles, i.e. they are grouped together in profiles which are stored in the user master record.
Note
Instead of ID name FIELD f , you can also write ID name DUMMY . This means that no check is performed for the field concerned.
The check can only be performed on CHAR fields. All other field types result in 'unauthorized'.
Example
Check whether the user is authorized for a particular plant. In this case, the following authorization object applies:
Table OBJ : Definition of authorization object
M_EINF_WRK
ACTVT
WERKS
Here, M_EINF_WRK is the object name, whilst ACTVT and WERKS are authorization fields. For example, a user with the authorizations
M_EINF_WRK_BERECH1
ACTVT 01-03
WERKS 0001-0003 .
can display and change plants within the Purchasing and Materials Management areas.
Such a user would thus pass the checks
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0002'
ID 'ACTVT' FIELD '02'.
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' DUMMY
ID 'ACTVT' FIELD '01':
but would fail the check
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0005'
ID 'ACTVT' FIELD '04'.
Thanks & regards
Sreenivasulu P

Authorization object on Promotion Type ( WAK1)

Dear Gurus,
This my first question.
I want to know, How to put AUTHORIZATION OBJECT on Promotion type in t code WAK1.
I want , a user let say would not create Promotion order other then ( RC10). How can i do it.
Please help.
Best Regards
sachin chauhan

Hi,
Are you telling me that you have a z auth, object built with SU21? If it's true, you can insert in SE38 with the push 'Pattern' and option AUTHORITY CHECK. The system insert it. After, set the parameters as variables and if the return code isn't zero (you don't have auth) you must set an error message, for instance in LIPW4F58:
*... Auth check movemnt. plant
authority-check object 'M_MSEG_WWA'
           id 'ACTVT' field '01'
           id 'WERKS' field mseg-werks.
if sy-subrc eq 4.
    message e199 with mseg-werks.
endif.
Remember set the object in PFCG, and check that in case of rejection of auth. the tcode SU53 works right.
I hope this helps you
Eduardo

Details about authorization Object

Please help ,i had two fields ex sales org & distribution chanel and i have to write a code for authorization , is the authorization object which i wrote is right or not.
I know that we can use at max of 10 fields , but say vkorg / vtweg is used 5 times with different variable name in same prog how to make sure that this code will work for authorization check on VKORG/ VTWEG can anybody please explain me in step's
AUTHORITY-CHECK
          OBJECT 'Z_zzlau'
          ID 'VKORG' FIELD 'S_VKORG'
          ID 'VTWEG' FIELD 'S_VTWEG'
          ID 'ACTVT' FIELD '02'
          ID 'ACTVT' FIELD '03'
          ID 'ACTVT' FIELD '70'.
Thanks

Hi,
ACTVT field is used for checking the create /display / change authorizations.
after creation of the activity group , add it to the user profiles which need authorizations.
01-create 02-change 03-display
AUTHORITY-CHECK
OBJECT 'Z_zzlau'
ID 'VKORG' FIELD 'S_VKORG'
ID 'VTWEG' FIELD 'S_VTWEG'
ID 'ACTVT' FIELD '02'
ID 'ACTVT' FIELD '03'
ID 'ACTVT' FIELD '70'.
if you are checking authorizations with the selection screen parameters then change your code like below:(if change is required)
AUTHORITY-CHECK
OBJECT 'Z_ZZLAU'
ID 'VKORG' FIELD S_VKORG
ID 'VTWEG' FIELD S_VTWEG
ID 'ACTVT' FIELD '02'.
and also check SAP help on this :
AUTHORITY-CHECK
Basic form
AUTHORITY-CHECK OBJECT object
    ID name1 FIELD f1
    ID name2 FIELD f2
    ID name10 FIELD f10.
Effect
Explanation of IDs:
object
Field which contains the name of the object for which the authorization is to be checked.
name1 ...
Fields which contain the names of the
name10
authorization fields defined in the object.
f1 ...
Fields which contain the values for which the
f10
authorization is to be checked.
AUTHORITY-CHECK checks for one object whether the user has an authorization that contains all values of f (see SAP authorization concept).
You must specify all authorizations for an object and a also a value for each ID (or DUMMY).
The system checks the values for the IDs by AND-ing them together, i.e. all values must be part of an authorization assigned to the user.
If a user has several authorizations for an object, the values are OR-ed together. This means that if the CHECK finds all the specified values in one authorization, the user can proceed. Only if none of the authorizations for a user contains all the required values is the user rejected.
If the return code value in SY-SUBRC is 0, the user has the required authorization and may continue.
The return code value changes according to the different error scenarios. The return code values have the following meaning:
4
User has no authorization in the SAP System for such an action. If necessary, change the user master record.
8
Too many parameters (fields, values). Maximum allowed is 10.
12
Specified object not maintained in the user master record.
16
No profile entered in the user master record.
24
The field names of the check call do not match those of an authorization. Either the authorization or the call is incorrect.
28
Incorrect structure for user master record.
32
Incorrect structure for user master record.
36
Incorrect structure for user master record.
If the return code value is 8 or 24, inform the person responsible for the program. If the return code value is 4, 12, 16 or 24, consult your system administrator if you think you should have the relevant authorization. In the case of errors 28 to 36, contact SAP because authorizations have probably been destroyed.
Individual authorizations are assigned to users in their respective user profiles, i.e. they are grouped together in profiles which are stored in the user master record.
Note
Instead of ID name FIELD f, you can also write ID name DUMMY. This means that no check is performed for the field concerned.
The check can only be performed on CHAR fields. All other field types result in 'unauthorized'.
Example
Check whether the user is authorized for a particular plant. In this case, the following authorization object applies:
Table OBJ: Definition of authorization object
M_EINF_WRK
   ACTVT
   WERKS
Here, M_EINF_WRK is the object name, whilst ACTVT and WERKS are authorization fields. For example, a user with the authorizations
M_EINF_WRK_BERECH1
   ACTVT 01-03
   WERKS 0001-0003 .
can display and change plants within the Purchasing and Materials Management areas.
Such a user would thus pass the checks
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
    ID 'WERKS' FIELD '0002'
    ID 'ACTVT' FIELD '02'.
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
    ID 'WERKS' DUMMY
    ID 'ACTVT' FIELD '01':
but would fail the check
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
    ID 'WERKS' FIELD '0005'
    ID 'ACTVT' FIELD '04'.
To suppress unnecessary authorization checks or to carry out checks before the user has entered all the values, use DUMMY - as in this example. You can confirm the authorization later with another AUTHORITY-CHECK.
Regards
Appana

Authorization object for running a report in background

Good day experts,
I tried running a report in background, I choose immediately so that it doesn't have to be scheduled. But when I checked it in my own jobs, It remains at scheduled status. When I tried it on my admin account, It works and with status finished. It seems to be an authorization problem. What object could I be missing with my user account? I tried S_TCODE SMX and SP02 but still not working.
Thanks in advance!

Hi karshbax,
What you're looking for is authorization object S_BTCH_JOB. You need authorization for field JOBACTION = RELE.
In future use transaction SU53. It shows last error authorization error, so if this is authorization problem then after try of manual releasing of job you'll find in SU53 precise info what went wrong.
Best Regards
Marcin Cholewczuk

About authorization object

Hi basis guys........
i am not able to give print request.its showing authorization error
"no authorization for LOCAL PRINTER" and "output could not be issued"
i checked su53 screen. and i assigned that activity in authorization object.
even then its showing authorization problem.
Is there any object to add to get printing ?
and what is "s_gui" object ? is that works?
Please tell me your suggestions
Regards........nagendra.

Hi
Check whether for the user a printer is assigned or not. Only the printer which is assigned to the user in SU01 can be used by the user.
What u can try is assign the Local Printer in default printer for that particular user.
Also if you have assigned the authorization object that was missing then there should not be a problem.
Regards
Sumit Jain
[reward with points if the answer is useful]

Authorization Objects for pricing conditions in Sales Order

Hi All,
In transaction VA03, we should restrict some users not to see pricing conditions tab in header and item level and net value on overview screen.
Is there anyone who knows how to do it? I wii be very glad if you help me.
Best Regards.

Hi,
i have not done this exact limitation before, but I hope this method will help.You can look up the list of all authorization objects linked to the tcode in transaction SU22.
You can also get this by doing a user trace in ST01; and displaying the pricing condition.
once you have a rough idea, you can do a trial and error with the values inside these objects and see which one works.
Regards,
Soumya

BP Authorization Object

Hi,
I have the necessary CRM authorizations to create Business Partners of type person in roles such as employee, contact person, general using the BP transaction.
I have now activated the role 'Internet User'. While I can see this role in the 'Create in Role' dropdown on the BP creation screen, I cannot create a BP of type person in this role.
I get the error message: "You are not authorized to maintain user data".
Are there any additional authorizations that I require to be able to assign this role to a business partner?
Thank you,

But you could assign different values of B_BUPA_FDG authorization object for different authorization profiles. For example:
Profile 1: B_BUPA_FDG
Values:    FLDGR= FLDGR1 (Defined in IMG)
           ACTVT= Display
Profile 2: B_BUPA_FDG
Values:    FLDGR= FLDGR1 (Defined in IMG)
           ACTVT= Change
User Group 1 -> Profile1
User Group 2 -> Profile2
However probably the best solution for your requirements will be the GuiXT Tool.
You can find more information about this tool in <a href="http://www.synactive.com">http://www.synactive.com</a>. You will be able to assign different scripts to different user groups.
Message was edited by: Javier Merino Vivar

Authorization Object parameters error

Similar Messages

Maybe you are looking for