Authorization on cost center !

Similar Messages

• Why authorization for cost center groups does not worked ?

  hello all,
  I would like to give authorization for a CO report (S_ALR_87013625) based on authorization values : cost center groups.
  But, unfortunately, it doesn't work. I get a message : No authorization for x of x read records.
  Is it only possible to give authorization on standard hierarchy and cost center ?
  Please, help me
  Thanks and best regards

  hi,
  Run the su53 transaction.See what authorization was missing

• Authorization for cost center in migo transaction

  Dear Experts,
  I need to restrict the user by the cost center assigned to him in the migo transaction,
  i tried with these objects A_S_KOSTL, K_CSKS  and K_CCA. As per forum threads I  also maintained the  check in su24 , but still authorization is not happening.
  please let me know how to do it, is there any user exits to achieve .
  waiting for ur help.
  Thanks & regards,
  Reena...

  Reena,
  You can do teh followign , apart from others :
  1. Ask the business owner the values for teh objects...ofcourse explain to them what the objects are in plain lainguage.
  2. Then populate the values "accordingly"
  OR
  1.As an earlier post...trace teh user --on ST01 - here  again - you can give eiither wide access and trace teh path and then restrict ..or restriced acces and then each time a road block is hit ..analysi s and assign.
  BUT DONOT maintian SU24 to restrict acces !!

• Authorization for cost center

  Hello,
  SAP IP , old authorization concept.
  Cost center and controlling area are compaunding objects and authorizatiin relevant
  There is an authorization object that includes :
  hierarchy node (of cc)
  cost center
  0COSTCENTE  Cost Center
  0TCTAUTHH     Authorization for hierarchy
  Shall I unclude controlling area as well?
  Thanks

  Yes. Because authorizing cost center 1000 might grant access to cc 1000 in two or more controling areas.
  Regards,
  Marc
  SAP NetWeaver RIG

• Authorization on cost center group

  Dear all,
  I have to set up authorizations for reports (e. g. S_ALR_87013611) based on the cost center group (means the user should only see data of cost centers which belong to the cost center group he is authorized for).
  I think this should be possible via the authorization object K_CCA (field RESPAREA) but it just worked for entries in 'Cost Center' and 'Authoriz.Hier.' but not for 'Cost Center Group' (that's what I would need).
  Has anyone an idea how to solve this?
  We are running ECC 6.0.
  Thanks in advance!
  Regards
  Harald

  Hi,
  The relevant authorisation objects are as follows:
  K_CSKS_SET:  This will allow display/change/creation of groups based on activity selected.
  K_CCA:  This is a general authorisation object (relevant activites should be 0003, 3027, 3029).  You are  obviously trying to run a report.  For running a report the relevant authorisation object is K_REPO_CCA, which sadly does not have cost center group as a selection, only cost center values and ranges.
  However, K_CCA will work, if the cost center group that you have entered in the authorisation is also present in the standard hierarchy.  Can you test this, enter a cost center group from the standard hierarchy and not just any group that you have created seperately.  The authorisation should get restricted to that group.
  Cheers.

• Authorisation to post to document type n authorisation to post to cost cent

  Hi
  I have two questions-
  1. I want that to a particular document type some user group should not have authorisation to post. I know in document type we have one field called authorisation group, but i dont know how to create such group.
  2. one user working at a particular plant say plant A should have authorisation to use certain cost centers only.
  Please guide.
  Thanks
  Sweta

  HI,
  1: you can use authorization groups for that purpose, see F1-help for this field in T-Code OBA7 (doc.type maintenance in customizing. See also the link to "authorization objects" in this F1-help. Nevertheless you need the knowledge of somebody who is familair with the SAP authorization concept, role creation,...
  2: see SAPNET-note 370082 how to create user authorization for cost center (groups).
  Best regards, Christian

• BW Analysis authorization issue on cost center range

  Hello BIW security experts
  I have a problem where I created an analysis authorization on a cost center range and it looks like the interval is not working. The report is just a list of cost centers (demo to users to prove that analysis authorizations work in order to skip 2 managerial cost centers.
  . Cost centers are numeric. Example:  2000100. In the drop down list they appear as such.
  . I want to have the following cost center range: 1000000 to 1000771, 1000773 to 2000771, 2000773 to 9999999.
  Thereofore 1000772  and 2000772 should not appear in the list.
  . In the analysis authorization I have put the 3 ranges above on 3 separate lines. 'BT' is the operator. The cost centers have been selected from the drop down list.
  Results:  I get only 1 record from the report....  2000772. (which is one I want to exclude..
  Steps tried to debug:
  . When I put a list of cost centers in the analysis authorization on separate line with the 'EQ' operator, then the report works.
  . I tried putting ' ' delimiters since cost center is a char field but it fails.
  . I tried adding leading and trailing zeros to fill up the char(10) but no luck.
  . I tried creating a hierarchy with the interval and put it in the hierachy auth. tab and it does not work either. It gives the same number of records than the first step.
  . A hierarchy with single values work.
  I do not know what else to try..
  Thanks.
  YB.

  Good morning
  Here it is from RSECVAL
  ZCC_TEST     0COSTCENTER                    I       BT        1000000                                                      1000771
  ZCC_TEST     0COSTCENTER                    I       BT        1000773                                                      2000771
  ZCC_TEST     0COSTCENTER                    I       BT        2000773                                                      9999999
  ZCC_TEST     0COSTCENTER                    I       EQ        #
  ZCC_TEST     0COSTCENTER                    I       EQ        :
  ZCC_TEST     0INFOPROV                         I       CP        *
  ZCC_TEST     0TCAACTVT                        I       EQ        03
  ZCC_TEST     0TCAIPROV                         I       CP        *
  ZCC_TEST     0TCAKYFNM                       I       CP        *
  Thank you for your help.

• BI-IP Authorizations: Accessing own Cost Center only

  Hi,
  We are currently implementing BI-IP in our company. We have created the ready-input templates and we are prepared for roll-out.
  There is still one concern though which I haven't resolved. I am currently looking for an AUTHORIZATION that will let users access their respective COST CENTERS only. For example, if I am part of the Marketing Group, then I will only be able to access the budget of my respective cost center.
  Can anyone lead me to the right AUTHORIZATION OBJECT in BI-IP to implement this restriction.
  Your reply is much appreciated. Thanks.
  Regards,
  Ramon

  Hi Ramon,
  authorizations for transaction data in BI (and therefore in BI-IP) are not based on authorization objects. You have to make the cost center InfoObject authorization relevant and then create so called Analysis Authorizations for it. Please see the online help:
  http://help.sap.com/saphelp_nw70/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm
  BTW, you can upload the cost center authorizations from SAP R/3 or ERP.
  http://help.sap.com/saphelp_nw70/helpdata/en/59/fd8b41b5b3b45fe10000000a1550b0/frameset.htm
  Regards,
  Marc
  SAP NetWeaver RIG

• BW report authorization for restrict cost center

  dear all,
  i have problem on BW report authorization for restrict cost center.....when i execute the query, after selection screen, appear error message 'you cannot change zv_cctr for characteristic 0COSTCENTER during query'.
  note : zv_cctr is variable restriction for costcenter, type processing = customer exit.
  below the customer exit :
  WHEN 'ZV_CCTR'.
      IF i_step = 2.
        DATA : gt_mstuidvscc TYPE TABLE OF  ztbw_mstuidvscc,
               gs_mstuidvscc TYPE  ztbw_mstuidvscc,
               wa_final2(10) TYPE c.
        SELECT * FROM ztbw_mstuidvscc INTO CORRESPONDING FIELDS OF TABLE gt_mstuidvscc
          WHERE userid = 'sy-uname'.
        LOOP AT gt_mstuidvscc INTO gs_mstuidvscc.
          wa_final2 = gs_mstuidvscc-kostl.
          l_s_range-opt = 'EQ'.
          l_s_range-high = wa_final2.
          APPEND l_s_range TO e_t_range.
        ENDLOOP.
      ENDIF.
  Regards,
  Tony

  i defined variable as ready for input and mandatory.
  regards,
  Tony

• Cost Center Authorization

  Dear Friends / Experts
  We have around 10 HR (BW/BO) reports. All are woking fine. Now the users wants to restrict the report based on cost center.
  Hence, I have created one DSO with relevent information and extracted the data from ECC ( Used id, Cost Center belonging, Etc....).  Created one customer exit variable and lookedup this used cost center data in CMOD. This is perfectly working.
  My Doubts
  1) This logic no where related with authorization. Do i still need to consider authorization object and handle further ?
  2) If the Logged in user not available in the DSO, i am not able to edit the query in BO-Webi .
  Can anybody advise ?. Good advise awarded with points.
  Regards
  Saravanan Raju

  1) This logic no where related with authorization. Do i still need to consider authorization object and handle further ?
  The concept of authorization is only similar, instead of a DSO, you use a Z*COST time-dependent authorization-relavent IObject & start to set the time-intervals for access. I assume the DSO concept, although is a quick fix is not a long term solution, as there needs to be loads, corrections at irregular time intervals & this needs to reflect on the BEx. This holds okay for lesser # of users, but you might never estimate the size, as the business would consider adding more in months to come. As rightly said, you need not have an authoriztion object to handle, but if you make cost center object's customer exit to refer this using a SSO-details (like sy-uname), this will restrict entries & authorization based on this field in your BEx. But still you need to work on the DSO concept & try to migrate towards a authroization-releavant IOBject for good sakes, as there is a possiblity the data is exposed -or- completely not avalialbe even for testing & you need to add the same set of ccenters repeatedly for all users again & again, month-on-month, issues like that.
  2) If the Logged in user not available in the DSO, i am not able to edit the query in BO-Webi .
  Yes, as stated above, this is the drawbacks in this model. Hope it helps.

• Authorization issue with Company code/ Cost center combination

  Hi,
  I am currently trying to restrict user access by company code and cost center combination.
  We have roles defined for each user and I am trying to use the standard authorization object A_S_KOSTL in this role . It seems that since it is not a 'maintianed' object no activity can be assigned to this autorization object.
  currently the values are :
  company Code : 1110 , 1112, 1114
  Cost Center : *
  i am getting sy-subrc as 0 even when i test for company code : 1110 for a user with the above role.
  My code is :
  AUTHORITY-CHECK OBJECT 'A_S_KOSTL'
      ID 'BUKRS' FIELD '1110'.
  F sy-subrc EQ 0.
    AUTHORITY-CHECK OBJECT 'A_S_KOSTL'
    ID 'KOSTL' FIELD '*' .
    IF sy-subrc EQ 0.
      MESSAGE 'Success with KOSTL also' TYPE 'S'.
    ELSE.
        MESSAGE 'Success with BUKRS only' TYPE 'S'.
    ENDIF.
  ELSE.
        MESSAGE 'Failure' TYPE 'S'.
  ENDIF .
  I get a subrc NE 0 for the KOSTL part. The test passes for BUKRS.
  Please advise on how to proceed.
  Thanks and Regards
  Soumya

  Okay, I misread the "NE". Sorry.
  Have you done a syntax check on it?
  Also compare to:
  AUTHORITY-CHECK <object>
  ID 'KOSTL' '*'.
  I cannot confess to ever have done a "full" AUTHORITY-CHECK myself, but it is most likely the same as with DUMMY ->  you should not use the FIELD statement as '' value if the data element does not know what a '' is...
  Cheers,
  Julius

• Authorization: data level security by cost center to finance line items

  We have a business unit request requiring implementation of cost center data level security through FI transaction codes for financial line items.  Example requirement:  Cost center manager can execute FS10N GL account line item display, drill into the balance and only return those line items to which the cost center manager has access.   Cost center managers currently report their cost center expenses via cost center accounting report and through those reports are able to drill into the FI line items to display document and line item details.  Cost Center managers, due to their varied responsibilities, also have access to tcode FS10N, from which if they execute reports directly, can access data for cost centers which they are not responsible for.
  Our security team has stated that the determination of authorization objects which are checked at transaction code/program execution are not configurable.  We’ve found when debugging that it would be possible to implement user exits for additional authorization checks, but that in order for the authorization check to actually get called, the object must be set as ‘checked’ within SU22/SU24.
  Has anyone had a request to implement such cost center data level security for financial line items through Financial transaction codes?  If so, what steps were taken to be implemented?   Was this able to be accomplished via security configuration and PFCG security role updates or was custom code logic needed?  If custom  logic was needed, to what extent was this implemented (what tcodes/programs were included; how was the decision of what to include and exclude determined).   What was the duration of this effort?
  Has anyone had a request to implement such cost center data level security request for financial line items via Financial transaction codes and not implemented the request?  How was this communicated to the business that the request for data level security goes against SAP’s authorization design?
  Thank you in advance for your input,
  Becky Zick

  Hi Becky
  Have you tried with object K_REPO_CCA? You have available these fields to filter authorizations.
  I hope this helps you
  Regards
  Eduardo

• How to control cost center authorization when do ABSO/ABAA

  Dear :
  As our system organization structure is with mutiple profit center and
  cost centers, in order to avoid processing TCODE ABSO/ABAA with wrong
  input, we want to make authorization check with cost centers, as there
  is no standard authorization check and control in TCODE ABSO/ABSS , we
  want to know how could we realize the requirement
  to control the TCODE with cost center authorization check, thanks in
  advance.

  Hi,
  check SAPNET note 370082 + related notes + 698401 / 565436.
  Best regards, Christian

• Authorization Object for Cost center

  Hi Experts;
  We are using SRM 7, classic scenario.
  We are copying SRM tcode: BBP_BW_SC4 to a Z report and modify it. The users will be given the access to display  the status of thier SC.
  How can I restrict the user from displaying the SC of other department's? Is there an authorization object for cost center in SRM? is there any other away to restrict the users from displaying SC related to other depts.
  Appreciate your help

  by the way, why are you not using the standard SAP powl queries? they anyways restrict you from viewing others SCs except your team
  any ways, if you are copying that report this BBP_BW_SC4, then change this
  PARAMETERS pa_coce TYPE kostl OBLIGATORY DEFAULT lv_costcenter.
  to
  PARAMETERS pa_coce TYPE kostl OBLIGATORY DEFAULT lv_costcenter no-display.
  Edited by: Soumyaprakash Mishra on Jan 31, 2012 3:48 PM

• Auto maintenance of user cost center authorizations

  Greetings All,
  In NetWeaver 2004s we recently added cost center expense/commitment reporting in BI.  Now we want to automatically maintain user authorizations to determine which cost centers people have access to.  Can you please point me in the right direction?  Many thanks!
  Regards,
  Den

  If you have some data set from where you can evalulate which values to assign to which user, you can do it using 'Generation of Analysis Authorization' Concept.:
  http://help.sap.com/saphelp_nw04s/helpdata/en/59/fd8b41b5b3b45fe10000000a1550b0/content.htm