Authorization object to lock the SOLAR 02 config structure

Similar Messages

• What FM retrieve inner authorization object BBP_ROLE using the user's role

  Hi Experts!
  Do you know what Function Module can be use to retreive the inner authorization object BBP_ROLE using the user's role
  e.g. BUYER : YT:PU:XXXX:BUYERROLE
  Object       : BBP_ROLE      SRM: User function / Role
  field name : BBP_ROLE      SRM: User function / Role
  Activities
  Sel      Activity      Text
  x       EMP             Employee
  x       OPP             Operational Purchaser
  ......etc
  Thanks!

  Hi
  Execute Txn S_BCE_68001414 in debug mode, and figure out how system takes the inner authorizations through the flow of this program
  Regards
  Virender Singh

• Lock Object (Not locking the table)

  Hi Guys
  I have a custom table ZDRAD same like standard table DRAD with an additional 'DATE' field . ZDRAD's Key fields are same like DRAD . I have created a lock object 'EZDRAD' where I put name = 'ZDRAD' (Custom table) and mode = 'EXCLUSIVE CUMULATIVE' . Now I want to lock the table(Whole table) before modifying/Inserting/deleting the records in se38. Please check the code below and suggest me if I am passing wrong values to the lock object Function module.
  Code
  TABLES : ZDRAD.
  CALL FUNCTION 'ENQUEUE_EZDRAD'
  EXPORTING
     MODE_ZDRAD           = 'E'
     MANDT                = SY-MANDT
     DOKAR                = ' '
     DOKNR                = ' '
     DOKVR                = ' '
     DOKTL                = ' '
     DOKOB                = ' '
     OBZAE                = 0
     OBJKY                = ' '
     X_DOKAR              = ' '
     X_DOKNR              = ' '
     X_DOKVR              = ' '
     X_DOKTL              = ' '
     X_DOKOB              = ' '
     X_OBZAE              = ' '
     X_OBJKY              = ' '
     _SCOPE               = '2'
     _WAIT                = 'X'
     _COLLECT             = ' '
  EXCEPTIONS
     FOREIGN_LOCK         = 1
     SYSTEM_FAILURE       = 2
     OTHERS               = 3
  *IF SY-SUBRC <> 0.
  MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
          WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
  *ENDIF.
  IF SY-SUBRC = 0.
  ZDRAD table is locked.
      P_L_LOCK_STAT = 'X'.
      EXIT.
    ELSE.
  ZDRAD table is not locked
      CLEAR P_L_LOCK_STAT .
    ENDIF.

  Hi Kanthimathi
  That is numeric field . Please suggest me how can i check the lock.

• The scope of the customer-specific authorization object

  Dears,
  Could someone please feedback about the scope of the customer-specific authorization object; e.g. if we are to create a customer-specific authorization object to replace authorization object P_ORGIN in the HR module, to be able to add an extra authorization field to the newly created authorization object, the scope of the newly create authorization object (which will have a new validation code generated by report RPUACG00) will be the whole ERP system ? 
  The worry is caused by the fact that P_ORGIN is already used in several authorization roles granted to users in the different ERP modules (i.e. FI, SD, MM, CS), so the replacement would affect these modules.
  Thanks.
  Reda

  Hello Reddy,
  We are about to implement the HCM module (We are now in the testing
  phase), on the same client as that of our SAP ERP implementation.
  We need to authorize on the personnel number grouped by 'Payroll Area'
  in transactions PA30, PA40
  In authorization object P_ORGIN, the field VDSK1 is already used to
  authorize on an attribute : cost center (organizational key) for each
  organizational unit, so we can't configure it to authorize on other
  fields from info type 0001 (e.g. Payroll Area).
  We need to continue using the conventional / general authorization and
  not the structural authorization, to stay in compliance with our
  authorization schema already implemented in our FI, MM, SD & CS modules.
  ( Also, as per thread : Steps for creating structural authorization profile using trans. OOSP
  the structural authorization cannot be used to authorize on Payroll Area.)
  We need to go through the HR module implementation without any changes
  in the ABAP code.
  So, the last way out is the custom-specific authorization object, and as I mentioned before, the authorization object P_ORGIN was already used in other ERP modules; e.g. FI, MM, SD & CS,
  ( Note : I haven't started yet implementing this solution.)
  Thanks.
  Reda

• Authorization OBject for Delete and Lock indicator in PO function.

  Hiii
  I'm using sap 5.0. I'm notice that we can set the authorization object to control the user from make a action for delete/Lock indicator in purchase order so that we can prevent the 'unpredictable user' from do the deletion on item PO item.
  it also help me to authorize the selected user to perform delete or lock action.

  Hi,
  To prevent deletion or locking in specifically may not be controlled thro authorisation but changing the PO can be controlled.For this the authorisation objects M_BEST_BSA, M_BEST_EKG,M_BEST_EKO,M_BEST_WRK  may be looked into .Here against Activity there is option like create,change ,delete,print etc which if suitably assigned can restrict the users for certain activity.Try with your basis team in this objects.
  Dhruba

• FM that retrieve the inner authorization object BBP_ROLE using user's role

  Hi Experts!
  Do you know what Function Module can be use to retreive the inner authorization object BBP_ROLE using the user's role
  e.g. BUYER : YT:PU:XXXX:BUYERROLE
  Object       : BBP_ROLE      SRM: User function / Role
  field name : BBP_ROLE      SRM: User function / Role
  Activities
  Sel      Activity      Text
  x       EMP             Employee
  x       OPP             Operational Purchaser
  ......etc
  Thanks!

  Hi
  Execute Txn S_BCE_68001414 in debug mode, and figure out how system takes the inner authorizations through the flow of this program
  Regards
  Virender Singh

• Intervals not working in Creating the Authorization Object

  Hi All,
    I am currently working on Authorization.We have created the Z Authorization object by using the TCODE RSECADMIN.After clicking the maintaince button, the set of Info Objects are displayed. I have entered the hardcoded values for employee responsible Info Object.
  For Example
  Employee responsible No = 10 to 20.
  I have created the Role by using the TCODE PFCG.I have given my created Z Authorization object and assigned the User.
  After doing this,I am checking for the specific User. After running the query, for the particular user, the data is displaying for the Info object "Employee responsible =10." For Other Values ie) 11 to 20. is not displaying in the report.
  Can you please guide me how to solve this issue.
  Thanks,
  Ram.

  Dear Siva,
  We also had the same issue. Its a program bug, as suggested by SAP applied following note to resolve the issue.
  Note 1247549 - Message Brain A174 when you execute an input-ready query
  hope it helps...
  regards,
  Raju

• Authorization Object for "Install" button in the Business Content

  Hi..
  Is there an Authorization Object which controls the "Install" button in the
  RSA1 -> Business Content tab
  I want to restrict developers to Install business content in BW Quality client and BW Production client.
  If a developer clicks the "Install" button, in the Business Content, it should say, "You do not have authorization for the Administrator Workbench Object".
  Is there any Authorization Object for this?
  Thanks,
  Sai.

  Its better you go for SE16 and type table name TOBJT, and try to serach for required auth object.

• HR custom authorization objects

  Is it possible to have more than one custom HR authorization object active at the same time? For example if I need 2 custom variations of P_ORGINCON (I  have some very complex requirements),  is that possible, or am I limited to just 1? Having more than 1 seems to present a problem when I run RPUACG00 to generate include MPAUTCON. It overlys the code generated fo the first cusom object with code for the second object, therefore only allowing cgenerated code to exist for 1 of the objects.
  And one additional question - when I create a custom HR object (one which contains infotype, subtype, persg, persk etc), am  I limitied to only using fields from PA0001 in that object?  If I include some other field that does not exist on PA0001, when I run RPUACG00 it gives me the error "Field xxx is not allowed  in authorization object Z_xxx".
  Many thanks,
      Mike

  One example of a  requiremnet I have is for a manager to have 3 different types  of authority based on when a position was in his org structure. So if a position is currently in his org structure he might have WRITE access to their infotype 2,6,8... for positions that were in his org strucure between 1 and 60 days ago (but are not in his structure as of today) he might have WRITE access to their infotype 2 and 6 and READ access to other infotypes, and for people that were in his structure 61-9999 days ago, he might have only READ  access to all the position's infotype data.
  I was thinking of using 3 disctinct HR authorization objects to cover each of these 3 scenarios, but ran into the issue mentioned above with the generation program RPUACG00.

• Authorization Objects for pricing conditions in Sales Order

  Hi All,
  In transaction VA03, we should restrict some users not to see pricing conditions tab in header and item level and net value on overview screen.
  Is there anyone who knows how to do it? I wii be very glad if you help me.
  Best Regards.

  Hi,
  i have not done this exact limitation before, but I hope this method will help.You can look up the list of all authorization objects linked to the tcode in transaction SU22.
  You can also get this by doing a user trace in ST01; and displaying the pricing condition.
  once you have a rough idea, you can do a trial and error with the values inside these objects and see which one  works.
  Regards,
  Soumya

• Creation of Authorization Object

  Dear All,
  Can anyone of you guide me on how to create Authorization Object?
  My Knowledge on this concept:-
  1) Mark required object as Authorization Relevant
  2) Use of T-code RSSM
  3) Select marked Authorization Object
  4) Assign fields to it, for authorization.
  thats all i know.
  There are few more additional settings we need to do for it.
  Request you to provide with step by step procedure for the same.
  Thanks & Rgds,
  Anup

  hi
  To create an authorization object:
  1) Execute transaction SU21
  2) Double-click an Object Class to select a class that should contain
  your new auth object
  3) Click on CREATE (F5)
  4) (If creating custom field) - Click the 'Field Maintenance' button -->
  Click on CREATE (Shift+F1)
  5) Enter the Name for the New Authorization field and the corresponding
  Data Element and SAVE
  6) Confirm the Change Request data for the new Authorization Field
  7) Go back two screens (F3-->F3)
  8) Enter the Authorization field name and document the object:
  9) SAVE and ACTIVATE the documentation
  10) Save the new Authorization Object
  11) Confirm the change request data for the Authorization Object and
  EXIT SU21
  12) Finally, the SAP_ALL profile must be re-generated
  the following link will be helpful
  http://209.85.175.104/search?q=cache:BigTSV4_olEJ:www.gingle.com/glenaccess%255CsdnAuthorizationObjectsimple.docHowtocreatauthorisation+object&hl=en&ct=clnk&cd=10&gl=in
  http://aroundsap.blogspot.com/2008/02/sap-bw-70bi-70-new-authorization.html
  Use of T-code RSSM
  Through BIW Authorizations (TCode RSSM)
  Authorization check log. This gives information on
  missing authorizations for reading data.

• Authorization object M_MATE_MAR "Material Master - Material Types" in MM01

  Hi,
  We in CPS Energy are implementing VIrsa SOD conflicts on the roles that are in place in current SAP 4.6C version. The authorization object M_MATE_MAR is used by MM01(Creation of Material Master) transaction code & used at mutiple roles. We have restricted this authorization object by Material Type Authorization Group (BEGRU)as WMS1 & given activity a 01, 02 & 03 in a role. The same authorization object is used in Common roles also for displaying that is using transaction code MM03 (Display Material) but the activity & authorization group are ''. This '' is taking precedence over the the authorization object given in the other role.
  Please let us know how to put a control on this authorization object which is used widely by large number of users.
  Maintained Material Master: Material Types                              T-D119010802
  Activity                       01, 02, 03                                             ACTVT
  Authorization group          WMS1                                              BEGRU
  Any help is really appreciated
  Thanks
  Sree

  Hi Sree, your role with MM03 in it should not have * for actvt if it is only a display role.
  As it is a display role actvt 03 would be more suitable.  That way you could have display for all auth groups, but create and change/MM01&2 would be restricted to WMS1 (and any other materials with a blank auth group)

• Authorization Object Related To Movement Type

  Hi,
  I meet one problem, one user want to check which user can use MB1A t-code with movement type 201 and 202, but I know there are some authorization object related to movement type and I want to use suim with mb1a t-code and authorization object to check the user, but I don't know the authorization object about movement type in MB1A t-code, does anyone can help?

  Go to SU24, enter the transaction code and press execute.
  Here you can see the all authorization object whose are used for the transaction code MB1C.
  Regards
  Dev

• Authorization object - dump on field type due to character

  Hi all,
  As i have created an Authorization object
  AUTHORITY-CHECK OBJECT 'YINF_BYTE'
                          ID 'Y_BYTE_CON' FIELD lv_byte_count.
  While creating the authorization field ('Y_BYTE_CON' ), the data type I defined is ABAP_MSIZE.Similarly the type of the variable('LV_BYTE_COUNT)  i am passing to the authorization object
  is of the same type (i.e.,ABAP_MSIZE).
  I am getting an syntax error 'LV_BYTE_COUNT must be a Character type field',Please help me out in resolving this.
  Thanks in advance,
  Ram
  Edited by: Julius Bussche on Feb 20, 2009 9:19 AM
  Please use meaningfull subject titles

  Hi Chinmaya,
  Which data type i need to go with ABAPTYPE..? is it the variable i am passing to the authorization object or the authorization field i need to change as ABAPTYPE..?
  Plz advice me.
  Thanks,
  Ram

• Authorization object of a query

  Hi All,
  How can we check the authorization objects of a particular query?
  Means... I have one query.
  I have to find out the authorization objects of this query.
  Where can we find the authorization objects of this query?
  How can we find out the authorization objects for a query?
  Please tell me...  
  Thanks
  Krishna.

  Authorizations for the Query Definition
  http://help.sap.com/saphelp_nw04/helpdata/en/80/1a68a7e07211d2acb80000e829fbfe/frameset.htm
  Setting Up Reporting Authorizations
  Creating an authorization object
         1.      In the SAP Easy Access initial screen of the SAP Business Information Warehouse, choose the path SAP Menu ® Business Explorer ® Authorizations ® Reporting Authorization Objects.
         2.      Choose Authorization Object ® Create. Give the authorization object a technical name and a regular name. Save your entries.
         3.      On the right-hand side of the screen, an overview of all the InfoObjects that are authorization-relevant is displayed.
  Only those characteristics that have been flagged as authorization-relevant previously in the InfoObject maintenance screen can be assigned as fields for an authorization object. See also: Creating InfoObjects: Characteristics
         4.      Assign the InfoObject fields to the authorization object:
  ¡        Select the characteristics for which you want an authorization check of the selection conditions to be carried out.
  ¡        Select the InfoObject key figure (1KYFNM) if you want to restrict the authorization to a single key figure.
  ¡        Select the InfoObject (0TCTAUTHH) if you want to check authorizations for a hierarchy.
  ¡        Include the authorization field activity (ACTVT) in the authorization object if you want to check authorizations for documents.
         5.      Save your entries.
         6.      Go back to the initial screen of the authorization maintenance.
         7.      Choose Check for InfoProviders ® Display to get a list of the InfoProviders that contain the InfoObjects that you selected and are therefore subject to an authorization check (where-used list). In the change mode you can exclude individual InfoProviders from the authorization check for this authorization object by removing the flag.
  Authorization object:           S_RSRSAREA
  Name:                   Sales area
  Fields:                         DIVISION, CUSTGROUP, 1KYFNM
  Creating authorizations
  Authorizations are created and maintained in the role maintenance screens.
         1.      Choose Authorizations ® Roles ® Change.
         2.      Specify the roles that you want to change and choose Change. This takes you to the role maintenance screen.
         3.      On the Authorizations tabstrip, choose the Expert mode for generating profiles option.
         4.      Choose the Enter Authorization Objects Manually option, and specify the objects that you require. Choose Enter. The authorization object is added to the role.
         5.      Choose Generate.
  http://help.sap.com/saphelp_nw04/helpdata/en/a0/48f438f3422f2ce10000000a114084/content.htm
  Hope it helps
  regards
  Bala