Authorization object to control BOM usage ?
Hi ,
Through which authorization object we can control the authorization for BOM usage ?
We have to control authorizations for CS01 through BOM usage Production , PM ,Sales BOM etc...
regards,
madhu kiran
Hi,
The Authorization Object: C_STUE_BER
BOM Usage - STLAN
Generally it will be given as *.
You can restrict the authorizations based on the Usage.
Hope thi helps..
Regards,
Siva
Similar Messages
-
Authorization Object to Control access for ContactData in Dispute Managmt
Hello Experts,
Do you know which Authorization Object is necessary to use to be able to control Contact Data available in Dispute Management? Any hint will be much appreciated.
I want to have greyed out the contact data fields (contact person, e-mail, phone and fax number) in change mode.
Thanks in advance.
Best Regards,
Vanessa.Hi Ravi,
Thank you very much for your reply, but I have done this already.
Transaction is UDM_DISPUTE but they are so many authorization objects available and none of them seems to be related to contact data. Please kindly check within transaction the part of the screen that I am talking about.
Also check the list of objects in SU24 to Transaction UDM_DISPUTE. Do you know which one is related to 'contact data' part of the screen?
I need to know which authorization object valid to Transaction UDM_DISPUTE is the one related to contact data. Any other idea?
Thanks in advance.
Best Regards,
Vanessa Barth. -
Authorization object to control transaction visibility in a Territory
Hi All ,
We have a requirement where visibility to business transactions should be controlled through the territory structure .
A user should be able to view ( Display only ) all transactions created in the system but should be able to to view as well as edit all those transactions that are created in his territory or a territory under his .
Please let me know if anyone has implemented this functionality and used a standard Auth object like CRM_ORD_TE .
Thanks in advance.Hi,
Please see the online documentation for the setting up of authorizations:
http://help.sap.com/saphelp_crm70/helpdata/en/e9/b29a39e7aee372e10000000a11402f/frameset.htm
The section 'Examples for the Authorization Assignment' contains a specific example for how to maintain territory object CRM_ORD_TE.
When setting this up, keep in mind that before object CRM_ORD_TE is checked, first objects CRM_ORD_OP and then CRM_ORD_LP are checked, so authorization must not be granted to the user in these objects first, before the territory object is checked. This is outlined in the Process Flow section of the documentation.
Hope this helps.
Best Regards
Gavin -
Authorization object to control plant code in ME54N
Dear All,
Problem: Restrict user "PURAUTALL" userid to release PR's in ME54N for plants "5350" & "5360" only but should be allowed to create/change/display PR's for all other plants including 5350 & 5360.
Analysis: Object M_BANF_FRG is used to control releasing PR's using release codes but how to link up plant codes
Setup:
PURAUTALL userid has access to create/change/display PR's for all plants - M_BANF_WRK is *
PURAUTALL userid has role same as user id but does not contain object M_BANF_FRG in PFCG
Kindly provide suitable solution &/or process to create object M_BANF_FRG in PFCG.
Thx & Reg
BhushanHi Julius,
Thx for replying, actually we havent tried any options because it seems to be a release strategy issue. As of now, thinking to create the object M_BANF_FRG in PFCG and then linking release codes.
But before that business needs to decide to create new release strategies / codes based on plant as characteristics.
If this correct, if any other way out pls help.
Thx
Bhushan -
Authorization object for ML81N
Hi
I am trying to know what is the authorization object that controls :
when going to transaction ML81N and you click on the colorful icon on the right (configuration) it opens the table settings window
what is the authorization object for the administrator button
regardswell.......to be honest, i did my research based on some intuition and some research
I know that the settings could be changed not only for the transaction you mentioned, but i remember that i was taught that this could be changed for Sales order transactions too, which suggests that this is not bound to a specific transaction but more on a "generic plane"
whenver it is system wide settings, the first think i check for (just a habit) is on S_ADMI_FCD, earlier experiences taught me a lot on the importance of this object, make sure that you never have a * for this object (at least that is my personal learning and opinion)
Good luck for the future -
PS Network Authorization Objects?
Hi,
I want to assign authorization for a perticular Network of a perticular WBS in a PS project.
BUt all the standard object i have checked dose not serve the purpose.
What is the standard procedure for doing that? Any object you know can be useful to me?
C_AFVG_APL PS: Work Center for Network Activities and Activity Elements
C_AFVG_TYP PS: Activity types for network act. and activity elements
C_AFKO_DIS Network: MRP Group (Plant) and Transaction Type
C_AFKO_ACT Activities on network header levelHi Hussain,
The authorization object related to wbs in a ps project are
*)C_PRPS_ART you can use this object to control who can access WBS elements in the PS depending on the project type,
*)C_PRPS_KOK you can use this object to control who can access WBS elements in the PS depending on the controlling area assigned to them,
*)C_PRPS_KST you can use this object to control who can access WBS elements in the PS depending on the responsible cost center for the WBS elements,
*)C_PRPS_PRC you can use this object to control who can access WBS elements in the PS depending upon the profit center ,
*)C_PRPS_USR This authorization object is intended as a "master" for you to copy from when you create your own company-specific authorization objects for WBS elements, activities and activity elements.
*)C_PRPS_VNR You can use this authorization object to control who has access to the WBS elements in the Project System depending on the person responsible for the project ("project manager").
The best way to search for authorization object as i prefer is the use the tcode SUIM.
Hussain,One thing which i want to mention here is when u give this authorization object to any user plz check the authorization field also.where u r able to restrict a user for view/display,change, create etc.. -
Authorization object for Notification Disconnect button
Hi Group
Do We have any authorization object which control
Notification Disconnect button in IW32 Order Header screenRefer below screen shot.
While trying to remove order assignment from notification, above shown error message has come. Hope, this is what you are expecting both in assignment as well as removal of assignment.
Check your roles & assignment of appropriate field values in those roles. If you are not comfortable in PFCG, discuss with Basis consultants.
Check Authorization Object I_VORG_MEL as well for the previously mentioned values. -
Authorization Object - Availability Check in Sales Order
Hi,
Restriction is required for availability check (i.e. button 'check item availability') in sales order for a given user.
Is there authorization object to control the same ?
Regards,
RSHello RS,
Availability check is controller by FM AVAILABILITY_CHECK_CONTROLLER and there is no authority check in it. As per previous reply you can add additional checks in user exit EXIT_SAPLATPC_001 which is called before an atp is run.
Thanks
Amber -
Authorization OBject for Delete and Lock indicator in PO function.
Hiii
I'm using sap 5.0. I'm notice that we can set the authorization object to control the user from make a action for delete/Lock indicator in purchase order so that we can prevent the 'unpredictable user' from do the deletion on item PO item.
it also help me to authorize the selected user to perform delete or lock action.Hi,
To prevent deletion or locking in specifically may not be controlled thro authorisation but changing the PO can be controlled.For this the authorisation objects M_BEST_BSA, M_BEST_EKG,M_BEST_EKO,M_BEST_WRK may be looked into .Here against Activity there is option like create,change ,delete,print etc which if suitably assigned can restrict the users for certain activity.Try with your basis team in this objects.
Dhruba -
Authorization Object for "Install" button in the Business Content
Hi..
Is there an Authorization Object which controls the "Install" button in the
RSA1 -> Business Content tab
I want to restrict developers to Install business content in BW Quality client and BW Production client.
If a developer clicks the "Install" button, in the Business Content, it should say, "You do not have authorization for the Administrator Workbench Object".
Is there any Authorization Object for this?
Thanks,
Sai.Its better you go for SE16 and type table name TOBJT, and try to serach for required auth object.
-
Hello,
I have total 6 usages in BOM (CS02)
we have created the bom with usage "2"
my client wants no one will authorize for to change this bom which is having usage "2"
Please suggest..
Thanx & regards,
NileshHi
You can block create Roles for the persons. First role contains all bom usage except 2. Second role contains only bom usage 2. Assign this 2 roles to user and provide authorization for first role to change all bom usage except 2. For second role provide to display only.
First role
C_STUE_BER - ACTVT - 02
STLAN - 1,3,4,5,6
STLTY - M
Second role
C_STUE_BER - ACTVT - 03
STLAN - 2
STLTY - M
Try this -
Authorization Object for Purchase order Message control
Hi ,
Is there any stadard authoriztion object to control the print and print preview options for Message control .
I am requied to control the print and print preview options for purchase order messages for certain users depeding on there authorizaion.
Thanks in advane.Hi,
When you click on the 'print preview' button on ME22N/ME23N the system
makes an authority check on transaction ME9F activity 04. The current
logic forces the print preview functionality to be accessed ONLY by the
users who print. Therefore, only users that have authorization to use
ME9F are authorized to use the Print Preview button in ME22N/ME23N.
Kindly try the authorization objects M_BEST_EKG, M_BEST_BSA and
M_BEST_EKO = 04.
You can
also have a look the user exit
EXIT_SAPLMEDRUCK_001 in enhancement LMEDR001 for print program
SAPLMEDRUCK.
INCLUDE ZXM01U04
you can create own coding for all possible AUTHORITY-CHECK.
BR
Nadia Orlandi -
How to control the authorization of IM05 through authorization object
Now we want to control the authorization of IM05 through authorization object C_PRPS_USR, but C_PRPS_USR is not assigned to tcode im05.How can we assign authorization object C_PRPS_USR to tcode im05? OR do we have any other method to obtain the same result?
write a factory method that controls the number of instances for you:
import java.util.List;
import java.util.Arrays;
public class Bar
private static final int MAX_BARS = 5;
private static int numBars = 0;
private int id;
public static void main(String [] args)
try
int numBars = ((args.length > 0) ? Integer.parseInt(args[0]) : MAX_BARS+1);
Bar [] bars = new Bar[numBars];
for (int i = 0; i < bars.length; ++i)
bars[i] = Bar.create();
System.out.println(Arrays.asList(bars));
catch (Exception e)
e.printStackTrace();
private Bar() { this.id = numBars++; }
public String toString() { return "I am bar number " + this.id; }
public static Bar create()
Bar nextBar = null;
if (numBars < MAX_BARS)
nextBar = new Bar();
return nextBar;
}% -
Hi All,
I have an authorization object with following fields.
ACTVT = 02
WERKS = 1001
RANGE_FROM = 0
RANGE_TO = 999,999.00
I want to validate whether the user enters a value in between these two RANGE_FROM and RANGE_TO. How can i achieve this.
Also is there any way by which i can read the values maintained in the profile of the user for this authorization object. If this is possible then i can read the RANGE_FROM And RANGE_TO and then put a logic to validate.
Please let me know if any of the ways are possible.
ThanksHi Pankaj,
This is an example taken from the SAP Documentation:
Here, M_EINF_WRK is the object name, whilst ACTVT andWERKS are authorization fields. For example, a user with theauthorizations
M_EINF_WRK_BERECH1
ACTVT 01-03
WERKS 0001-0003 .
can display and change plants within the Purchasing and MaterialsManagement areas.
Such a user would thus pass the checks
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0002'
ID 'ACTVT' FIELD '02'.
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' DUMMY
ID 'ACTVT' FIELD '01':
but would fail the check
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0005'
ID 'ACTVT' FIELD '04'.
Hope it helps.
Regards,
Gilberto Li -
Org Level Roles / Authorization Object Roles
Hi board,
I have heard of the concept to use roles with "Organizational Values" only and no other authorization values contained. Similar the idea to exclude special authorization objects from common roles and combine them in dedicated special ones to prevent accidential "double usage".
The first may help to control the overall number of roles coming up after deriving single/composite roles for many levels.
My questions are:
- Is it technically feasible (for a large-scale company)?
- What is your experience?
- Drawbacks?
Kind regards and many thanks for your help,
RichardRichard Hösl wrote:
> Hi there,
>
> that was fast, amazing. Thanks a lot and my appologies for not finding the other thread from the beginning. I can see drawbacks, nevertheless it is still temptating due to the fact that derivation for over 30 countries will produce a huge number of roles. Not from the system performance point of view, just to handle this amount will be painful.
>
> Given the assumtion that it is not a good idea to use "Org Value Roles", are you deriving on on composite or on single level?
>
> Kind regards,
>
> Richard
Hi Richard,
It is a very tempting approach, but completely wrecks the standard auth concept and unless you are 100% tight on controlling it, can get very messy.
A good way of looking at it is that you have 2 roles - one contains transactions & the other one a big bucket of authorisations which support those transactions. That bucket invariably contains more authorisations than the transactions require. Given that it is at the authorisation object level that the important security is provided, this method has it's drawbacks........
If you have organisational complexity then you should look elsewhere to simplify.
By consolidating your roles (e.g. if we take a risk based design approach, typically around 80% of an accountants role will be the same anywhere in the business) and building at a higher level, you need to create fewer variants (which you might be able to use derived roles for).
Put the effort in the design stage and it will pay dividends later on down the line.
Building at a higher level than task also forces the business to look at roles and responsibilities and to standardise as much as possible.
Cheers
Alex
Maybe you are looking for
-
Printer prints but display says Communication lost (device - control panel); Turn off then on.
HP Color LaserJet CM3530fs The printer is printing when asked to do so by a computer but the display says: Error Communication lost (device <-> control panel); Turn off then on. The orange attention light is illuminated and the display is always lit
-
hi guys sorry if my question is repeated but I can't use Ctrl+Alt+T to launch terminal. i use gnome 3. thank you Last edited by Hossan (2011-11-01 12:39:49)
-
Migration Assistant w/ a Firewire cable
Can I do Migration Assistant w/ a Firewire from one mac to the other?
-
Hi, How can we dynamically set the properties of the ui elements in wed dynpro abap?
-
IChat quits after about 10 seconds of chat
I believe I may have a router problem, but I've disabled DHCP and not sure what else to do. Here is the error log: Date/Time: 2009-04-26 19:51:21.578 -0500 OS Version: 10.5.6 (Build 9G55) Report Version: 4 iChat Connection Log: 2009-04-26 19:50:49 -0