Authorization Object (RSSM) restriction in PFCG

Similar Messages

• Transporting authorization object (RSSM)

  Hi,
  I am having problem transporting my BW Custom authorization object over to the Quality system.
  I have successfully transported the table contents RSSTOBJDIR to the Quality system. However, when I search for the authorization object in RSSM in Quality after the transport , it complained saying u201Cobject is not available. Create?u201D
  How can I transport the authorization object?
  Thanks for your time.
  Regards,
  Raja

  Yes you can transport an authorization object.
  It should give you an option to create a TR which creation of the auth obj in RSSM. If you have not done that then try to make a small change and see if it requests you to create a TR. If still you are not able to do it, then try adding the objec of typr R3TR - SUSO and give your authorization object name in SE03.
  Regards,
  Gaurav

• BW Authorization Object to restrict Transporting Requests

  Hi...
  In our BW systems, all the developers are given the profile SAP_ALL. So, the developers have the access to transport their objects from BW Development(BWD) client to BW Quality(BWQ) Client and from BWQ to BW Production client (BWP).
  I want to restrict the developers to do the transports. What is the authorization object used to restrict the users to transport requests?
  Any documentation how to do that?
  Thanks,
  Sai.

  It can be done with the authorization objects S_TRANSPRT and S_CTS_ADMI.
  S_TRANSPRT creating transport request and S_CTS_ADMI for moving transport request.
  I would like to work on that project where I can get SAP_ALL access..:)
  Check the documentation.
  http://help.sap.com/saphelp_nw04/helpdata/en/8d/45ef39521e3314e10000000a11402f/content.htm
  Thanks.

• Authorization object to restrict a particular customer code in a sales org

  Hi,
  I have a requirement whereby a sap user who is assigned to Sales organization A needs to access a particular customer from sales organization B. However the sap user has no access to sales organization B. However the requirement is such that the sap user cannot be given access to all the customers in Sales organization B. He must only access one particular customer from Sales organization B and not all the customers in Sales organization B.
  The problem here is if we give the sap user access to Sales organization B, then the sap user can access all the customers in Sales organization B. So how can we give access only to a particular customer in the Sales organization B?
  Is there any authorization object which can accomplish this?

  Hi.
  You can use The Authorization object
  <b>V_KNA1_VKO</b>
  Tcode for Authorization objects: SU21
  Tcode for Authorization FIELDS: SU20
  Statement to perform Auth. Check  AUTHORITY-CHECK(See F1 HELP)
  <b>Reward if Helpful</b>

• ARQ: What is the authorization object to restrict system selection while creating a request???

  Hi All,
  I am trying to know how I can restrict a requester to select specific system only while creating a request.
  I could find aut. object GRAC_ROLEP in role "XXX_requester". There is field GRAC_SYSID in this object wherein
  I can specify the connector name. Initially, it was having "*" value and then I changed it to specific
  connector. I sychronized the roles/users data and tried to raise a request. However, I still find all the
  connectors defined including LDAP!
  May I know how I can show only "required" connectors while creating a request?
  Regards,
  Faisal

  Dear Faisal,
  use GRAC_SYS and restrict GRAC_SYSID to the systems you want to display.
  Regards,
  Alessandro

• Authorization object for print preview

  Hi
  I am looking for the authorization object to restrict print of the document.
  Please help me.
  Regards
  Raju

  You can restrict with this object S_SPO_ACT (Spool: Actions)below mention activity
  ATTR     Change order attributes
  AUTH     Change authorization field
  BASE     Visibility
  COMP     Use as components of composite request
  DELE     Delete
  DISP     Display contents
  DOWN     Download
  EDIT     Change contents (currently only for composite requests)
  PRNT     Print once
  REDI     Divert to same printer type
  REPR     Print several copies
  SEND     Send to SAPoffice
  USER     Change owner
  You can restrict device name & type under the object  S_SPO_DEV(Device authorizations)
  You can restrict  Restriction on Maximum Number of Pages  under this object S_SPO_PAGE(Restriction on Maximum Number of Pages)

• Authorization Object for Event

  Hi,
  Could you please let me know if there is an authorization object for restricting based on Event name.
  Like a User should be access only one Event in SM64. Remaining Events should not be accessable.
  Thanks,
  Sai.

  Hi Sai,
  Check this link:
  http://help.sap.com/saphelp_nw04/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/frameset.htm
  Bye
  Dinesh

• Authorization object for sales tax code (MWSKZ) in FB60

  HI, there is a FI tcode FB60 in FI module. The requirement is that user wants to restrict some users to enter only few sales tax codes from among the list. For example if there are 30 tax codes, then user should be authorised to enter only 5 tax codes from the list. In standard authorization, there doesn't exist an authorization object to restrict tax codes. Kindly tell me the process of making authorization object for this task.
  I have made one authorization object. I think i need to call this object somewhere in user exit of FB60. Is this the way of doing this?? Kindly if someone have done this, mention down the procedure of making authorization object and how to implement it. Thanks

  Hi,
  Instead of creating a authorization obejct and assigning it to the tax code, it will be easy to write the code in a user exit to check whether the tax code is applicable for the user. Suppose if the user enters a non-applicable tax code, you can throw an error.
  Do u want to restrict the number of entries in F4 help for tax code for a particular user?
  Cheers
  ~Niranjan

• Authorization Objects for GL, AP, and PCA

  Hi,
  What is the difference in:
  1. Authorization Objects
  2. Facility Objects
  3. Profit Center Objects
  Where can I find the above objects related to:
  1. GL
  2. AP
  3. PCA (Profit Center Accounting)
  Please give me the answer, I will assign points to you.
  Thanks in advance.

  Hi,
  1) Make the characterstics like Company code, Controlling Area, Proficenter ..etc as authorization relevent (RSA1)
  2) Create the Respective Authorization objects for each of the above Characterstics (RSSM).
  3) And assign the Cubes and ODS es to the Authorization Object RSSM
  4) Create and use the Authorization variables on the above characterstics in reports
  5) maitain the access for all users through the roles by including and maintaining the AOs (created in step 2)
  With rgds,
  Anil Kumar Sharma .P

• Authorization Object for 0TCTBISBOBJ - restriction field too short in PFCG

  Dear all,
  I created an authorization object (TA: RSSM) with the InfoObject 0TCTBISBOBJ and 1KYFNM. When I restrict my authorization object in TA: PFCG, I can only type in 11 letters for InfoObject 0TCTBISBOBJ but I need 12 because of a bad naming convention. Working with more than one asterisk (*) in this field is not working!
  Does anyone know how to manage this problem?
  Thanks in advance
  F. L.

  Martin,
  It is not possible to restrict this in CRM.  The person, organization, and group influences the type of address for the business partner.  There are no user exits available in CRM 4.0 that are at the point to perform an authorization check on this value.
  I had to unfortuantely debug and read much of BUPA_DIALOG_JOEL before reaching this conclusion.  The only way to achieve this would be to write a custom front-end to the BP transaction or PCUI screens for business partners.
  Hope this answers your question,
  Stephen

• Cannot modify an authorization object in pfcg role for a business role

  Hi Experts,
  I have created two z pfcg roles from the standard business role CRM_UIU_SRV_PROFESSIONAL  lets say by names zagent and zmanager. My requirement is actually to map these two pfcg roles two a service professional agent and service professional manager custom business roles respectively( I have created these custome business roles from standard business role servicepro) . I have identified an authorization object by name CRM_CO_SE which is basically used to check whether the user is authorized to create service contract transactions. So, in the agent pfcg role, I need to de activate or deselect this particular authorization object so that the agent will not be able to create service contract. (This is not a real time requirement, but an internal assignment). When I change this object in the pfcg by deselecting 'Allow' check box and try to generate, it is not getting generated. I have selected all the options from the 'Expert mode for the profile generation' and still the traffic indicator for that authorization object is yellow.  Am I doing anything wrong?
  Please help me.
  Thanks
  Ajith C

  Hi Leon,
  Thanks for helping me, I have restricted the unauthorized user from creating a new order by disabling the 'New' button by checking the business role in  the code. The pfcg configuration, I am skipping it for now.  I have one mnore requirement. When one clicks on any items in the search result for the Service Contracts, it opens the details of that service contract with an 'edit' button. I can disable this button using do_output_preparation method for the some business roles. However, I want to disable this after checking a condition. The condition is that, edit button should be active, only if that service order was created by the employee who has currently logged on. I am relatively new to CRM and I could not figure how I can check it during run time. Could any one please help me with this?
  Thanks,
  Ajith

• Restrict a t.code VK11 using Site as authorization object

  Hi all,
  We want to restrict VK11 t.code using Site as one of the authorizations. By default it has only Sales Org, Distr channel and division. I've added one more field for "Site" manually.
  We have defined specific values for Site in authorization objects. Still system does not restrict VK11 executed by  user as per site. It works with Sales org/Distr ch/Division. But it does not restrict Site-wise for that role.
  Please help.
  Regards,
  Ankush

  > I've never got past 'play dead' with such objects
  Yip, I know that feeling. It is like when you leave home for a long trip having packed everything you need, but you still have the feeling that you have forgotten something important behind and will kick yourself when you need it.
  > Can you please provide step by step instructions for that?
  There is no step-by-step procedure nor medication to take for it. You just have to wait for it to dawn on you...
  Enjoy the weekend and happy coding authority-checks,
  Julius
  ps: I heard that this feeling is also caused by the rising popularity of ABAP OO programming techniques, where the checks are often natively imbedded.

• Restricting the authorization Object for B2B Transactions

  Hi All
  we are facing the problem in the ISA b2b app, actually the scenario is as below.
  we have various transaction types like b2b sales,Peoplesoft order,Request for Order change, RMA ,Request for Quotation(RFQ) and metel order.
  As per the requirement, The client wants only a few functionalities for a particular user.
  Example:
  Transaction Type Authorization
  PeopleSoft order View only View only
  B2B:Req. OrderCh x x
  B2B: Req. RMA
  B2B: Req. Quote x x
  Metel Order x
  For b2b sales transaction a lower level employee would only be able to view the order and he should be restricted to make any changes. Is there a posibility to restrict in this manner? This is Urgent. Please respond immediately. Thanking you in anticipation.
  Message was edited by:
  Sunil Kumar

  >
  Viral741 wrote:
  > Hi All
  >
  > I have a requirement in SAP Security to restrict the authorization object S_ALV_LAYO to a particular set of users.
  >
  > Background:
  >
  > We use composite roles which is shared accross all areas(Finace,marketing,work managment).Now the requirement is for from Work managment to restrict S_ALV_LAYO so that user cant change default layout and can create user specific layout,but other areas are not ready for this.So please let me know if there is any way i can restrict this auth object only for work managment area only.
  >
  > Thanks,
  >
  > Nitesh
  Nitesh,
  Remove access to S_ALV_LAYO for general users and give access to F_IT_ALV instead.  Keep S_ALV_LAYO for the users who will be maintaining the default layout.
  Good Luck!

• Use of RSSM to create authorization objects

  I have a few questions on the way of using authorization objects via RSSM.
  First, i would like to know if there is a limit in the number of values used as a filter in the authorisation object.
  First, what is the quantity limit of values that we can use as filter? CC00000010, CC00000011, CC00000012, ..., n. In this case what would be the value of n. In our fonctionnal need, ranges of values would not be an option.
  My second question is in relation with the use of an authorization object composed of two characteristics. Is there a way to build a case in witch the authorization check return a positive answer to a logical OR between the two  characteristics?
  Example 2, lets say that you want to perform an authority check on the cost center OR on the profit centre. Is there a way to build the authorization object to make sure that there is no error messages when the user has the authorization for the cost center CC00000010 OR the profit center PF00000011.
  Best regards,
  Stéphane Beaudoin

  why would you use Pages when there are templates in iweb
  as for the URL question, that is determined by the host, not iweb which just writes the page. but I would not use tinyurl since it has become a favorite of phishers and other web nasties. it might be worth getting a domain name if you can find a good deal.
  i would search for some realtor sites to see the kinds of information they are giving and how they are laying it out. and make sure that all photos look really really good. nothing is more off putting on a house ad than crappy photos

• Restricting infoobject in query designer with authorization object

  Hi,
  We have to restrict CUSTOMER infoobject with a authorization object in query designer.
  How to do this task ? Request kindly suggest.

  thr RSSECADMIN tcode. Search with this key word you will get good docs & Wikis in SDN
  bhaskar