Authorization objects for EA-PS after upgrade

Hi,
We are upgrading from ERP 4.6c to ECC 6.0 (IS-PS 462 to EA-PS 6.00).
On preliminary tests we have found that we need to add a few authorization objects to the users, but we want to minimize that.
We opted to deactivate BAdi implementation "FMBS_ADDON_AUTH_FI" and to mark the two checks inside IMG "Activate Old Authorization Check"
Although we have found authorization issues with objects:
F_FICA_FTR and
F_FICA_FCD
Is there a list of Objects that we need to add to the roles that I can review? or maybe an OSS Note or SDN article about this?
Best regards,
Nelson

Hi, I have been studying this, and I have found that the error message I saw yesterday definitely speaks to the problem I have been having. 
I created a test role with one transaction, then went into SU24 for that transaction and made a new auth check with display 03.  After I updated that role in PFCG (maintaining the new authorization), I went back to SU24, changed that new auth check by removing 03.
When I went back into the role in expert mode, the maintained authorization was gone and replaced with a new standard authorization with no values.
My concern is that wherever the authorization checks are coming from, their construction is corrupt!  I'm not even sure that the original auth checks are OK -- if they had values that were later taken out, I am concerned that they will cause this error I am seeing.
I'm getting ready to upload the auth check tables from QA back to the Sandbox, but I'm not sure that will solve the problem if there is another cause for this.  Is there some other setting/selection that someone must have clicked on that is now causing this problem?  I still don't have a clear answer on that, and I would love to know.
Thanks,
Ed

Similar Messages

  • Authorization Object for Z Tcodes

    Dear SAP Guru's
    how to find authorization object for Z tcodes
    e.g. in our orgnisation we have created report ZSR( Sales Register)  and we want to restrict user for Plant & sales office
    so where i can get authorization object.
    kindly help
    Thanks
    Paramanand

    Hi,
    Goto T.Code "SUIM".
    Click on "Roles".
    Click on "By Transaction Assignment".
    Enter your T.Code here i.e. "ZSR".
    Click on Execute or Press F8.
    You will identify the role assigned to it.
    Copy that role.
    Goto T.Code "PFCG".
    Paste that role here.
    Click on Display.
    Goto "Authorisations" tab.
    click on "Display Authorization data".
    Goto Utilities-->Technical names on in menu bar.
    Here you can see the authorization object assigned for this T.Code.
    But in general all the Z transactions will be in S_TCODE authorization object.
    Also,goto that T.Code.
    Immediately after this enter,"/nSU53" T.Code.
    Regards,
    Krishna.

  • Authorization object for Object services

    Hello together,
    I want to know if there is an authorization object for Generic object services functionilty especially the WF options like WF overview, start WF, Archieve WF..............................
    My understanding is any user who has access to a particular Business object, can user GOS to view WF stuff..................Is my understanding correct or should we have extra functions.....................
    Regards

    Check authorization objects S_OC_ROLE and, for recent releases, S_GOS_ATT.
    Regards,
    Raymond

  • Authorization object for plant on selection-screen

    Hi All,
    I need to cehck the authorization object for plant on sleection screen..the palnt is select-options.
    I have written the code
    Declaration of local constants.
      CONSTANTS : lc_i(1)  TYPE c VALUE 'I',
                  lc_eq(2) TYPE c VALUE 'EQ'.
      REFRESH : r_werks.
      LOOP AT s_werks.
        IF s_werks-low IS NOT INITIAL.
          AUTHORITY-CHECK OBJECT 'M_MATE_WRK'                "Check if the user has autorization for the plant.
                               ID 'ACTVT' FIELD '03'
                               ID 'WERKS' FIELD s_werks-low.
          IF sy-subrc NE 0.
            r_werks-sign   = lc_i.
            r_werks-option = lc_eq.
            r_werks-low    = s_werks-low.
            APPEND r_werks.
          ENDIF.
        ENDIF.
      ENDLOOP.
      LOOP AT s_werks.
        IF s_werks-high IS NOT INITIAL.
          AUTHORITY-CHECK OBJECT 'M_MATE_WRK'                "Check if the user has autorization for the plant.
                               ID 'ACTVT' FIELD '03'
                               ID 'WERKS' FIELD s_werks-high.
          IF sy-subrc NE 0.
            r_werks-sign   = lc_i.
            r_werks-option = lc_eq.
            r_werks-low    = s_werks-high.
            APPEND r_werks.
          ENDIF.
        ENDIF.
      ENDLOOP.
    My doubt is will the authorization will check the plants in between 1001 and 2001..suppose i have pplants 1001,1002,1003,1004,2001..Now will the above code will check for all the plants or only 1001 and 2001 if i specify in the select-options.
    Regards,
    raj

    Hi Raj
    First no need to LOOP AT s_werks and check s_werks-high as it will always be present only once in the table s_werks.
    Do this
    SELECT werks FROM t001w INTO li_werks
    WHERE werks IN s_werks.
    LOOP AT li_werks.
    *check your authority thing here and fill the range
    ENDLOOP.
    Pushpraj

  • Authorization Object for Marketing Attributes

    Hi Experts,
    We are working with CRM 2007 and use in BP Marketing Attributes. Does someone know if there are any authorization objects for Marketing Attributes? We would like to restrict some of users to see some Attribute sets!
    Thank you in advance,
    Roula

    Hi Roula,
    Thank you so much for awarding points.
    Please note that in Transaction PFCG you have to assign the appropriate three digit attribute set key under the authorization group BGKRL to the authorization object C_KLAH_BKL for assigning attribute sets and to the authorization object C_KLAH_BKP for editing attribute sets.
    Please have a look at the Note in the bottom of the page at the following link for further information.
    http://help.sap.com/saphelp_crm60/helpdata/en/46/3517cc86e01421e10000000a1553f6/frameset.htm
    Regards,
    Deepak

  • Authorization object  for PLANNING PLANT

    Hi all,
    My client has different Planning plant & Production plant.
    If I need to give access to GR for order (MB31), how do I know the authorization object for the Planning plant.
    User should be given access to MB31 to the Planning plant & NOT to the Production plannt.
    Any idea where we could find the authoriz. objects for a particular field?
    Pls advise.

    Goods Receipt for Production Order: Movement Type            M_MSEG_BWF
    Goods Receipt for Production Order: Plant                    M_MSEG_WWF
    these are the authorisation objects with activities as  ACTVT and WERKS
    Maintaine the values for ACTVT  as
    01 Create or generate,
    02  Change
    03 Display
    04 Print, edit messages
    and maintaine the values WERKS   (ur plants 4 which u want to give authorisations)
    and BWAR ( movement types 4 which u want to give authorisations)

  • Kindly tell me authorization object for MRP type

    Hi friends,
    Kind tell me what is the authorization object for MRP type in material master.
    Your help is considered more important.
    thanks in advance
    willaims

    Hi Willaim,
    There is no standard authorization object for MRP type.
    Regards,
    Alexander

  • Kindly give authorization object for mrp type in material master

    Hi friends,
    Kind tell me what is the authorization object for MRP type in material master.
    Your help is considered more important.
    thanks in advance
    willaims

    hi,
    check your authorisation objects here:
    Go to PFCG --> Environment (at menu bar) --> authorization objects --> Display...
    Here see for MRP and MM for material managament in the tree structure...
    Regards
    Priyanka.P

  • Mandatory Authorization object for the BO user

    Dear All
    I am facing some problem for the BO user.
    can you let me know what are mandatory Authorization object for BO user to run the dashboard without error.
    Fast reply appreciate.
    Thanks
    Haji

    Dear All
    i am working for Analysis Authorization.
    i included Analysis Authorisation object  to the user.
    S_RS_AUTH  BI Analysis Authorizations in Role.
    when i checked in the BW side its working fine.
    when i checked the user in the BO side.
    filter values are coming correct, but the values in the column are not showing.
    its throwing an error.
    kindly help me to solve this issue.
    Thanks
    Haji

  • Authorization object for delivery block

    Hi ,
    How do I check the authorization object for any field? I specifically need one for delivery block.
    Please help.
    Thanks,
    Shailaja

    Hi,
    If your looking to put a delivery level block or its removal then i guess you explore it through userexit mv45afzz
    Regards,
    Saurabh

  • Authorization objects for  transaction, one to view, and one to maintain

    Hi all,
    My requrement is to create two authorization objects for  transaction, one to view, and one to maintain.
    I know how to create objetcs vai sm21, but i donot know how to crate objects with activity codes.
    Please suggest how to create object where i can asign activity codes.
    regards
    manish

    The Authorization Concept
    R/3 uses authorization objects to assign authorizations to users. An authorization object is a template for an authorization. For example, authorization object F_SKA1_BUK - G/L Account: Authorization for company codes requires the specification of two field values: Company Code and Activity. To allow a General Ledger supervisor to create a general ledger master record, he/she must be assigned an authorization to create (Activity 1) accounts for a specific company code (eg. Company Code 2000). Such an authorization is created using the object F_SKA1_BUK by assigning these field values and naming the authorization following an appropriate convention (eg. Z_SCC20001).
    Authorizations may be classified as general authorizations, organizational authorizations or functional authorizations. General authorizations specify the functions a user may perform. Authorization object F_SKA1_BUK has been assigned to the function for creating general ledger master records. The system checks for the useru2019s authorization to create general ledger accounts (Activity 1) in at least one company code. The system then checks whether the user is permitted to create accounts for the specified organizational unit (company code) and has the required functional authorizations. Authorizations in this case may restrict the user to certain Charts of Accounts. In addition, an authorization group may be defined in certain authorization objects to protect individual master records.
    Profiles relating to an organizational role (eg. General Ledger Supervisor) are defined consisting of a list of authorizations and other profiles. Such profiles are then assigned to users with that role and stored in their user master record along with other data (eg. password).
    Do check this link as well.
    http://articles.techrepublic.com.com/5100-10878_11-5110893.html

  • Maintain assignments of authorization objects for Z Webdynpros in SU24

    Hello experts,
    When we display the assignments of authorization objects for External Services -   Webdynpros in transaction SU24,  Z_webdynpros are not shown in the screen.
    We need to add more webdynpros in that table.
    I suposse that there must exist a way for updating that table with the Z webdynpros developed or some configuration is needed.
    Thanks in advance...
    Hector Longarte

    The Zwebdynpros I am talking about are Java Webdynpros in the SAP Portals, and the SAP ERP is onlyan ABAP stack.
    Is this configuration posible??

  • Custom Authorization Object for HR

    Hi,
    As per our Company's internal needs I have created a Custom Authorization Object for HR named ZP_ORGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORGIN) and made it Check/Maintain for transaction PA30 in SU24.
    I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
    Everything looks fine, but when I execute the transaction & do a trace on it, the object ZP_ORGIN is never checked (for a user having this object in his/her User Master). Only P_ORGIN object is checked instead.
    I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell  which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked.
    Your help will be appreciated.
    Thanks,
    Mandeep Virk

    Hi,
    I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
    I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
    Everything looks fine, but when I execute the transaction  the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
    We've ran the report RPUACG00 also which is mentioned in this thread.
    We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
    I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked
    but still it is taking the P_ORGIN object.

  • HR Authorization : Custom Authorization Object  for P_ORGIN

    Hi,
    I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
    I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
    Everything looks fine, but when I execute the transaction the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
    We've ran the report RPUACG00 also which is mentioned in this thread.
    We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
    but still it is taking the P_ORGIN object

    Online Help
    <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/d9/64141c0774194593da29f3cb813f1b/frameset.htm">P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context)</a>

  • Adding authorization object for "Function Group"s ?

    Is it possible to add any authorization object for any function group ?
    We have an issue i.e. whenever user "XYZ" is getting some Windows Excel related error whenever trying call an excel report from BW server. System log related to "XYZ" user shows that -> User "XYZ" has no RFC authorization for the function group "ABCD". The RFC authorization object is S_RFC.
    Function Group you can check through SE37->GoTO->Display Function Group
    Now is it possible to add authorization for any "Function Group" ?

    You give authorisation for all function groups by giving auth object S_RFC a * value in field RFC_NAME
    However I do not recommend this as giving wide access to RFC's can bypass a lot of the security you have implemented for the users.
    In this case, add only the function group that the user requires in this instance into S_RFC

Maybe you are looking for

  • Gmail standard will not load in Firefox 3.6.15

    Gmail standard view no longer loads in Firefox3.6.15. It worked until about three weeks ago, but now will only load in HTML

  • Help ! ITunes crashes everytime on gapless playback information

    Please, i don't know what to to. Everytime I open Itunes it says gapless playback information and goes on forever, it won't let me import a cd . It just crashes. It's version 7 the latest one. It didn't happen before until the upgrade how can i stop

  • Can't electronically sign?

    Hi I am trying to electronically sign a pdf file that says it allows signing in the permission details. The pen icon is there but the options to use it are grey. It's a long document and I'd really rather not print it all out just to sign it and then

  • ALV doesn't expand/collapse subtotals

    Hi everyone, I have an old ALV program in wich i made some changes. For example, added form USER_COMMAND so that when you double-click on a row, it makes a CALL TRANSACTION to the referenced document. But a problem emerged, and it didn't happended be

  • Service Requests and Collection Plans

    I'm experimenting here just a bit... and I wondered. Is it possible to map a Service Request Type to a Collection Plan. Seems logical functionality to me, but I couldn't find it anywhere...