Authorization Object used in Infoset

We have a authorization object that is working with our InfoProviders, but now we have added a Infoset to our Data Model, and the authorization object is not working with the Infoset. The Infoset was added to the Role, but the user is being allowed to see all values of the authorizatin object. The user is not being limited to the specific value which is associated with the user in that Role...
Anyone have any ideas?
I have tried RSSM but I am unable to add the Authorization Object to an Infoset with this transaction.

Hi,
InfoSets are protected by the authorization object <b>S_RS_ISET</b>. This authorization object protects the InfoSet by the InfoArea. Addtional protection includes the activity and protecting the InfoSet at definition time as well as access to the data. A reporting user will need activity 03 with access to look at the data. The following fields are in <b>S_RS_ISET</b>:
InfoArea: InfoArea user should access
InfoSet: InfoSet user should access.
Activity: For a reporting user, should be display (03).
Subobject: For a reporting user, should be 'DATA'.
The fields for this object are similar to S_RS_ICUBE and S_RS_ODSO. They all
access by InfoArea, activity (display), and access to the data.
This is coming from the TBW40 course.
regards,
Raymond Baggen
Uphantis bv

Similar Messages

Report to check authorization object used in customized programs

Hi Guys,
An auditor came and he raised a question to us, he asked whether all of our customized transactions and programs are maintained with authorization checks? The question is how can we check what authorization objects are used for our customized programs and transaction codes? The developer did not maintain the objects used for that program in SU24 table. Is there a program or a report to show us all the authorization object used for a customised program or transaction? Example : T-code MIGO we can check in SU24 table for all the authorization object used. How do we check for customized tcodes? Please advise. Thanks!
Edited by: Jarod Tan on Nov 25, 2010 9:42 AM

Note that some programs are built in such a way that no (visible) auth check is necessary, or even desired at all.
To determine the necessity of an auth check, you should check that starting it has an entry point (tcode, rfc, service) which is appropriately restricted. The rest (whether and where and how a further check is evaluated) is entirely dependent to what the program actually does.
Well designed applications generally have centralized functions and methods, and the checks are in there or a "base check" they use.
Others again use the same in UI programming to determine the visibility of functions, to make the application more intuitive for the user. This on it's own is however not a sufficient auth check to rely on.
Code review is an art form!
Cheers,
Julius

Need authorization object for relaese of Invoice to accounting

Dear Folks,
Could you please let me know the authorization object which is available in standard SAP which restricts users from release of invoice to accounting and should have authorization to change the invoice....Pls don't forward generic reply's...tried with available authorization objects using tcode SU24...for tcode VF02.
Regards,
Kishore

Hi,
See the program :   MV60AF0V_VBRK_BEARBEITEN
Freigabe für Buchhaltung ( Accounting for release)
ENHANCEMENT 65 OIC_SDP_SAPMV60A.    "active version
*Coding for Invoice Approval Process.             "SDP-BILLING
    IF TVFK-OIINVAPP EQ CHARX.
      PERFORM RELE_AUTH_CHECK.
    ENDIF.
ENDENHANCEMENT.
Here incorporate your Z authorisation object or you can use any of the standard one.
So that it will check the authorisation object before posting the same.
Hope this will resolve your problem.
regards,

Authorization Object for Workbook

Hi...
I have a ENDUSER role. The users assigned to this role, can only display and execute queries. (S_RS_COMP & S_RS_COMP1 are given activities 'Display(03), Execute(16) and Enter, Include & Assign (22)'.
But, the users now, cannot build Workbooks out of queries. Is there a way, where I can allow the user assigned to ENDUSER role, to build Workbooks.
I found an authorization object S_RS_WKBK, which is relevant to this, but its says obselete (do not use). So, am unable to use it.
Can anyone say me the Authorization Object used for allowing Users to create and save their workbooks?
Thanks,
Sai.

Hi Sai,
For saving workbooks in Favorites you need:
S_GUI
S_BDS_DS
For saving workbooks in Roles you need:
S_USER_AGR
S_USER_TCD
Best regards,
Eugene

Add new authorization object for production order creation/change/display

As mentioned. I definded new authorization object using "Production scheduler" (Field Name : FEVOR) by SU20. then use SU21/SU24 to add authorization object for some transaction code such as COOIS. use PFCG maintain new role and assign a fixed production scheduler value and assgin transaction code COOIS to this role. create new user ID and assign to that role.
logon system with new ID, run COOIS. but system don't check new authorization object(production scheduler). who can tell me why it is and how i can add new new authorization object for standard transaction code?
Thanks.
Kevin.WU

Hi,
there is an icon of generation. just click there in PFCG and also in su21.
then add this object in new role.
Assign this role to user id
while assigning the role also there is a generation.
Please take a help of BASIS consultant also as this is entire a BASIS process.
Regards
Amit parkhi

BW Authorization Object to restrict Transporting Requests

Hi...
In our BW systems, all the developers are given the profile SAP_ALL. So, the developers have the access to transport their objects from BW Development(BWD) client to BW Quality(BWQ) Client and from BWQ to BW Production client (BWP).
I want to restrict the developers to do the transports. What is the authorization object used to restrict the users to transport requests?
Any documentation how to do that?
Thanks,
Sai.

It can be done with the authorization objects S_TRANSPRT and S_CTS_ADMI.
S_TRANSPRT creating transport request and S_CTS_ADMI for moving transport request.
I would like to work on that project where I can get SAP_ALL access..:)
Check the documentation.
http://help.sap.com/saphelp_nw04/helpdata/en/8d/45ef39521e3314e10000000a11402f/content.htm
Thanks.

Authorization object & Business operation for issue permit & reject permit

Hi all,
I have created a new notification type (copied from PM) and have assigned tasks to the notification. In this notification i wanted to use the icons issue permit and reject permit for certain users (but not for all). So i need to provide the business operations to the basis guy to attach it for the specified roles.
I am not able to find these business operations.
Any help on the above would be highly appreciated.
Thanks and regards,
Santosh.

Hi,
Pls check authorization object used to control the assign or issue a particular permit
Object: I_SOGEN
Sorry u can not control the authorization bcoz above object not works for notification also there is no business operation in notification to control the approval or rejection of permit.
U have to use the user status by which u can control the approval or rejection of permit.
Regards
Sunil
Edited by: sunil gupta on Jan 28, 2010 6:40 PM

PFCG - Alteration the 'authorization objects' of a profile.

Good Morning My Friends,
I have a profile created in PFCG, I want to change your authorization objects, using a BADI or function.
Does anyone know which function to use?
I've tried a lot and found nothing.
This is an example of what I want to do.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Original profile.
Profile Name: Profile_Deivison
Object :.......... S_DEVELOP
Auth :.............. T-TD55048100
Field :.............. ACTVT
Value :............ 01, 02, 03, 06, 07
Modification of authorization objects of the profile (fictitious example).
called function to change the profile.
CALL FUNCTION 'CHANGES_OBJECT_AUTHORIZATION_PROFILE' "" "" This function does not exist
EXPORTING
name_profile = 'Profile_Deivison'
object = 'S_DEVELOP'
auth = 'T-TD55048100'
field = 'ACTVT'
value = '01, 06, 07 '
Results function.
Profile Name: Profile_Deivison
Object :.......... S_DEVELOP
Auth :.............. T-TD55048100
Field :.............. ACTVT
Value :............ 01, 06, 07
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
I thank.
Edited by: Deivison.Lana on Jul 7, 2011 9:55 AM

Thanks for the help.
but from what I saw during the discussion was not found a solution, that with reference to 'Change Authorization Objects'.
Edited by: Deivison.Lana on Jul 7, 2011 4:33 PM

How to use CRM authorization object.

Hi All,
I have a specific requirement to restrict user while he/she tries to save a record. It appears that if that restrictions are implemented the save logic for an entity has to be changed because there are some validation regarding relationship management in SAP system. SO I need to bypass that validation to allow some users of specific(Marketting) role to save the entity record bypassing that validation. here I am planning to use the CRM authorization objects. But dont know how to use these and which authorization object to refer.
Please let me know if you guys have any idea.
Regards,
Bikramjit.

Hi Bikramjit.,
You might need to create a Custom authorization object and then use it. Else you can create one Z table and maintain the User ID of all users. The mainatin one field with flag and set it to X for the user that are aloowed to save the transaction.
Also once you maintain the table, generate the table maintenance so that it becomes easier for future use.
Hope this helps

How to use Standard Authorization Object 'M_MATE_WRK' in SE38?

Hi all,
We have developed one program which calculates the commercial price of the material
and update the same in the material master.
Now we want to implement authorization checks at Plant Level.
For this purpose I am Using 'M_MATE_WRK' which is standard authorization object.
But in my Program when I am checking for it, its giving the sy-subrc value as 0.
This indicates that either it is successful or the object is not active for this particular program. In my case I know that its the second case only.
So now somewhere i need to 'Check' this object for this particular Program.
I have checked SU22 , SU24 but couldn't figure out where should i do the respective setting.
I am working on ECC 6.0
Please help me on this.
Bare with me if i am asking a silly question.

Hello All,
The Problem is resolved now.
Actually it was the first case only.
When i created the new user id and checked i realized that its working fine and there was
some mistake while checking previously.
Anyways thanks for ur reply.

Use the authorization object while creating RFC

Hi All,
I'm able to create a RFC, can login from one sap system to another sap system and use the following FM. Here my concern is how to make the RFC more secure, i mean any user can access the target system with my login. Meanwhile came across a authorization object text box in the LOGON and SECURE tab while creating RFC.
so please put on light on how to authenticate the specific user to logon using the RFC.
Thanks in Advance.
Regards
Lalitkumar.

Hi Lalit,
Usually for RFC connection will be done with the, user type   system user type (means,they should not be able to login to system thru GUI)
2. Even if the user know the login id / password, he should have auth to create RFC like (SM59 and related auth objects)
and even for remote connection also we have different auth to restrict
3. These type of authorization will be given to basis guys only.
4. Logon/Security
             Lang-En
             Client-` client no
             user- user
             Password - bw password.
Here you will be specfying the user id ( system type) / password for connecting from one system to another.
and in next tab you can do Test connection.
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a08fbe33-0501-0010-2d9c-fb37e9795fd9
Thanks,
Sri

USE Standard Authorization object in Z Program

Hi Experts,
I have already checked other threads regarding this but could not resolve my problem.
I have created a Z program to update Material Master. I need to use the Authorization object M_MATE_STA in my program for performing authorization check. Please help me how can I do that?
Thanks

hI,
   below is a similar code...
CONSTANTS: lc_authobj TYPE char15 VALUE 'F_BKPF_BUK',
AUTHORITY-CHECK OBJECT lc_authobj
           ID lc_id_bukrs FIELD v_bukrs
           ID lc_id_actvt FIELD lc_activity.
IF sy-subrc NE 0.
ENDIF.
Amol

Restrict a t.code VK11 using Site as authorization object

Hi all,
We want to restrict VK11 t.code using Site as one of the authorizations. By default it has only Sales Org, Distr channel and division. I've added one more field for "Site" manually.
We have defined specific values for Site in authorization objects. Still system does not restrict VK11 executed by user as per site. It works with Sales org/Distr ch/Division. But it does not restrict Site-wise for that role.
Please help.
Regards,
Ankush

> I've never got past 'play dead' with such objects
Yip, I know that feeling. It is like when you leave home for a long trip having packed everything you need, but you still have the feeling that you have forgotten something important behind and will kick yourself when you need it.
> Can you please provide step by step instructions for that?
There is no step-by-step procedure nor medication to take for it. You just have to wait for it to dawn on you...
Enjoy the weekend and happy coding authority-checks,
Julius
ps: I heard that this feeling is also caused by the rising popularity of ABAP OO programming techniques, where the checks are often natively imbedded.

Is it possible to use a multiply authorization objects to one infocube?

Hello!
BPS-BW implementation required to use security on several CHAR including hierarchies for one infocube. What the right way to implement this requirement?
I created (RSSM) several authorization objects: one per CHAR, and assigned it to infocube. Then I created a role and included the craeted objects. But cube data didn't display in a queries or planing folders. But, when I created the auth object for the required CHARs and assigned it to role the cube data displayed accordance setted values.
What's wrong?

Hi,
I think u have checked the check box for authorization relevant in the maintanance screen of chraracteristics ,thats the reason.
Regards-
Siddhu

Use of RSSM to create authorization objects

I have a few questions on the way of using authorization objects via RSSM.
First, i would like to know if there is a limit in the number of values used as a filter in the authorisation object.
First, what is the quantity limit of values that we can use as filter? CC00000010, CC00000011, CC00000012, ..., n. In this case what would be the value of n. In our fonctionnal need, ranges of values would not be an option.
My second question is in relation with the use of an authorization object composed of two characteristics. Is there a way to build a case in witch the authorization check return a positive answer to a logical OR between the two characteristics?
Example 2, lets say that you want to perform an authority check on the cost center OR on the profit centre. Is there a way to build the authorization object to make sure that there is no error messages when the user has the authorization for the cost center CC00000010 OR the profit center PF00000011.
Best regards,
Stéphane Beaudoin

why would you use Pages when there are templates in iweb
as for the URL question, that is determined by the host, not iweb which just writes the page. but I would not use tinyurl since it has become a favorite of phishers and other web nasties. it might be worth getting a domain name if you can find a good deal.
i would search for some realtor sites to see the kinds of information they are giving and how they are laying it out. and make sure that all photos look really really good. nothing is more off putting on a house ad than crappy photos

Authorization Object used in Infoset

Similar Messages

Maybe you are looking for