Authorization or roles assign?
Hi All,
I have installed Xi 3.0 on windows server 2003.but my users are getting this error not able to create a product. Its says "You
are not authorized to view the requested resource 403 forbidden".
What all the authorizations and roles i need to set for every user.
Regards,
Rohit
Error: HTTP 403 Forbidden
Description: The server understood the request, but is refusing to fulfill it
Possible Tips:
Path sap/xi/engine not active
HTTP 403 during cache refresh of the adapter framework - Refer SAP Note -751856
Because of Inactive Services in ICF Go to SICF transaction and activate the services. Refer SAP Note -517484
Error in RWB/Message Monitoring- because of J2EE roles Refer SAP Note -796726
Error in SOAP Adapter - "403 Forbidden" from the adapter's servlet. Because of the URL is incorrect or the adapter is not correctly deployed.
<i>From
/people/krishna.moorthyp/blog/2006/07/23/http-errors-in-xi
Regards,
Prateek
Similar Messages
-
Authorization for Role Assignment
Dear Experts,
I have a scenario whereby a user is able to assign a set of roles to end-users but should not be allowed to do so for himself. I could only think of assigning user groups to the person's authorization which restrict him to assign roles to end-users from specific user groups. However, this is not desirable in our scenario as this means we need to maintain user groups for the entire organization (which is a huge organization). I would like to enquire if anybody has implemented similar requirements via standard/alternative means. Any suggestion and advice is appreciated. Thanks.Louis,
I think this is a standard security and authorizations question, and not really HR specific. You are correct in that the standard way to achieve this is with user groups. However, it doesn't have to be as onerous as you are thinking. The usual way of achieving this, of having an authorizations administrator or user administrator who can manage standard end-users but not him- or herself is to assign just that user to a group, typically called SUPER, and not worry about assigning groups to all the other end-users (or at least, not for this purpose). You might also put all other high-power basis users, like the system administrator and any other security administrators, into this SUPER group, since you don't want anyone other than the super-superuser to manage them. Then, you assign the user administrator role the S_USER_GRP authorization with the usual activities for user group ranges 0-SUPEQ and SUPES-Z. This allows the role to manage users in all user groups except SUPER.
I would also only allow this role to work with authorization profiles starting with the standard T, and role names in the pattern Z. Then make sure that this role itself is not in the Z* customer namespace, but instead in the Y* customer namespace, and this way you prevent the user administrator from getting through a loophole and being able to create or modify non-SUPER users and simply assign them to the User Administrator role as a way of bypassing the above restriction.
You should also not allow the User Administrator role to directly modify roles or profiles, only to create users and assign them to existing roles in the Z namespace.
I trust that this helps.
--Matt -
Transport roles and analysis authorization with user assigned
Hi expert,
I face with this problem transport roles and analysis authorization with user assigned. When I have created a transport request to move the roles and analysis authorization from development system to test system. I couldnu2019t maintain the user assigned, after transport I have to assigned manually all of user or create a program to fill AGR_USER table or there are other way.
Thanks for your time,
LuisHi,
In role administration, you have the following options for transporting roles:
You can download the roles from one system and upload them into another
You can import the role from a remote system using RFC
You can transport the roles with the transport function.
Role upload loads all role data, including authorization data from a file into the SAP system. The user assignments for the role and the generated profiles for the role are exceptions in this case.
Transporting Roles with the Role Transport Function
1. Start the role administration function by choosing Tools ® Administration ® User Maintenance ® Role Administration ® Roles (transaction PFCG).
2. Enter the role to be transported and choose Transport Role.
The Mass Transport of Roles screen appears. You can control the default settings for the options Also transport single roles for composite roles and Also transport generated profiles for roles using Customizing switches (see Role Administration Functions in the section Functions of the Utilities Menu).
You should not change the authorizations profiles of the role after you have included the role in a transport request. If you need to change the profiles or generate them for the first time, transport the entire role again afterwards.
For more information go thrpugh the below link
http://help.sap.com/saphelp_nw70/helpdata/EN/6d/7c8cfd410ea040aadf92e1f78107a4/content.htm
Regards,
Marasa. -
Background job fails for BDC profile creation and role assignment
Hi Experts,
I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
Below is the process of job
1. ZMIS_AUTH_OBJECT_CREATE
Variant : auth-create
2. ZMIS_AUTH_ASSIGN_TO_ROLE
Variant : auth-assign
The problem is in second program, runs in foreground but fails in background.
Code which i have written in my second program
***BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
***Generation of Profile created
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14 .
Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
Regards,
ChetanHi Praveen,
Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
To achieve this i have written two programs
1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
"" Creation of Authorization Object
CALL FUNCTION 'ZAUTHOBJ'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
g_authname_001 = 'ZDUMMY_MIS'
g_targetauth_002 = wa_tab-auth
g_authtxt_003 = wa_tab-short_desc
g_authtxtmd_004 = wa_tab-med_desc
marked_04_005 = 'X'
g_authtxt_006 = wa_tab-short_desc
g_authtxtmd_007 = wa_tab-med_desc
tctiobjnm_04_008 = 'ZBUS_UNIT'
g_authtxt_009 = wa_tab-short_desc
g_authtxtmd_010 = wa_tab-med_desc
marked_05_011 = ''
opt_01_012 = 'EQ'
low_01_013 = wa_tab-bu
g_authtxt_014 = wa_tab-short_desc
g_authtxtmd_015 = wa_tab-med_desc
marked_04_016 = 'X'
g_authtxt_017 = wa_tab-short_desc
g_authtxtmd_018 = wa_tab-med_desc
tctiobjnm_04_019 = 'ZCONTRCT'
g_authtxt_020 = wa_tab-short_desc
g_authtxtmd_021 = wa_tab-med_desc
marked_05_022 = ''
opt_01_023 = 'EQ'
low_01_024 = lv_contract
g_authtxt_025 = wa_tab-short_desc
g_authtxtmd_026 = wa_tab-med_desc
g_authtxt_027 = wa_tab-short_desc
g_authtxtmd_028 = wa_tab-med_desc
g_authname_029 = wa_tab-auth
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
"" Creation of role
LOOP AT it_role INTO wa_role.
CLEAR wa_text.
wa_text-text = wa_role-desc.
wa_text-langu = 'E'.
APPEND wa_text TO it_text.
wa_jobrole-agr_name = wa_role-role_name.
wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
wa_method-usmethod = 'CHANGE'.
CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
EXPORTING
jobrole = wa_jobrole
parent = wa_parentrole
method = wa_method
TABLES
* RETURN =
shorttext = it_text
* LONGTEXT =
* MENU_NODES =
* MENU_TEXTS =.
ENDLOOP.
2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
""*BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message .
COMMIT WORK AND WAIT.
""*Generation of Profile created
LOOP AT it_role INTO wa_role.
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDLOOP.
For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
Regards,
Chetan -
Security-role and security-role-assignment not working in WL7.0
Hello all..
Some EJB components that worked fine in WebLogic 6.1 no longer work in
WL7.0. It has to do with the security-role and security-role-assignment
descriptor elements no longer allowing anonymous users to be included in the
authorization for a bean.
For example, in WL6.1 placing these items in ejb-jar.xml:
<assembly-descriptor>
<security-role>
<role-name>Employees</role-name>
</security-role>
<method-permission>
<role-name>Employees</role-name>
<method>
<ejb-name>CustomerEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
<security-role-assignment>
<role-name>Employees</role-name>
<principal-name>guest</principal-name>
<principal-name>system</principal-name>
</security-role-assignment>
worked fine for clients creating their context using a simple
InitialContext() constructor without specifying SECURITY_PRINCIPAL or
SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
the security-role-assignment element above told WebLogic that "guest" was in
the Employees role for purposes of this EJB archive.
Worked in WL6.1, no longer works in WL7.0. Client receives typical
permission exception:
java.rmi.AccessException: Security violation: insufficient permission to
access method 'create'
If I explicity connect as "system" things are fine, or I can create a new
user in the default realm in WebLogic, put a matching <principal-name>
element in the section above, and connect as that user. Note that if I leave
off the <security-role> section completely, or set the required role name to
"everyone", the anonymous access works fine. Apparently the anonymous user
is a member of "everyone" behind the scenes even though "everyone" does not
appear in the realm list of groups or roles.
So, my question boils down to this: Is there a "magic" username in WL7 like
"guest" was in WL6.1 that can be mapped to the required role name, or must
every client connection use a true weblogic-created user with appropriate
role assignments used to map it to the required role name.
-Greg
P.S. Note that none of the EJB examples provided with WL used
<security-role>..
Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.comBelow are the screen shots for PFCG:
-
Hi everyone,
I am trying to assign different roles to different users for GRC - Risk Management 10.0; however it seems like standard roles don't have any affect on type of activity. I have maintained various levels of roles (e.g. risk owner, risk expert, risk manager, etc) using PFCG and assigned almost every role to the users; but it doesn't give them the authorization to create or edit anything, they can only display.
The only workaround for this was assigning a role with the authorization object GRFN_USER (with 02 Change value enabled) or assigning SAP_GRC_FN_ALL (Power user role which also contains object GRFN_USER). However this would allow users to do "anything" they want which obviously isn't what I seek.
I have tried changing customization options such as Maintain Custom Agent Determination Rules and Maintain Entity Role Assignment, it hasn't solved anything so far.
I urgently require your assistance on this issue. Thank you.
Regards,
SeckinHi,
I 'm facing same kind of problem.
Case 1:
I tried with:
Assigning users to group (abap role) which didn't worked.
Assigning UME Role to group (abap role) which worked. Then i assigned the user to the UME Role, but the user is not getting the backend authorizations.
Assigning the portal role to the group (abap role), then when i assiged a user to the abap role from R/3 automatically the user is getting the portal role.
How can i do the same from portal?
Case2:
While distributing the portal roles to the ABAP system (System Administrator -> Permissions -> SAP Authorizations), the status is showing as "Role transfer compleated". but when i checked from the R/3 transaction WP3R, there are no portal roles.
Why are the portal roles not getting transfered even though the status is green?
Mr.Chowdary -
ABAP centered role assignment not working
I have been trying to implement ABAP centered role assignment for our users but not really having much luck in gettng it to work. I've been trying to make sense of it by using [the help guide|http://help.sap.com/saphelp_nwmobile71/helpdata/en/d2/3e3842b23d690de10000000a155106/frameset.htm] but I must be doing someting wrong. Here are the steps that take.
1. Create a single ABAP role - A single role with no menu or authorizatons
2. Create a UME Group - I name the group exactly the same as the ABAP single role from the previous step
3. Assign UME Group to Portal Role
4. Assign mapped user to ABAP role
Supposedly the ABAP role assingment is supposed to reflect through to the UME group membership so the portal user then sees the associated portal tab.
Can you enlighten me?
Thanks in advanceHi,
I 'm facing same kind of problem.
Case 1:
I tried with:
Assigning users to group (abap role) which didn't worked.
Assigning UME Role to group (abap role) which worked. Then i assigned the user to the UME Role, but the user is not getting the backend authorizations.
Assigning the portal role to the group (abap role), then when i assiged a user to the abap role from R/3 automatically the user is getting the portal role.
How can i do the same from portal?
Case2:
While distributing the portal roles to the ABAP system (System Administrator -> Permissions -> SAP Authorizations), the status is showing as "Role transfer compleated". but when i checked from the R/3 transaction WP3R, there are no portal roles.
Why are the portal roles not getting transfered even though the status is green?
Mr.Chowdary -
Srm User interface - change settings : Error in role assignment
Hi Gurus,
Users are facing issue when they are changing settings in the SRM user interface site .
Go to SRM user interface SIte --> Change my settings --> change date format or decimal format .
When they save it --> Gets an error - error in role assignment .
What can be the issue. It's same in Dev and qa .
Waiting for your reply.
Points will be rewared .
Thanks
Munish KumarHello Munish,
Laurent Burtaire wrote:
If you do a where-used for message number i gave you, you will find two message calls in methods from /SAPSRM/CL_PDO_MO_USER_ACCOUNT class.
Put a break-point to check if one of them is done. Problem cannot be due to missing authorization as there is no data in SU53 for concerned user.
Regards.
Laurent. -
Role assignment to users (Change documents)
Hi
I was looking through the change documents for users and here i came across "START_REPORT" under the Transaction column along with SU01 and PFCG. I was not quite sure about what this "STATUS_REPORT" was all about. I was wondering if this is a program. It certainly is not a batch coz we dont run batches here. I am trying to track down this change to the user but STATUS_REPORT is leading me nowhere....
Any ideas?
raviHi ravi
Could you please explain the problem once more ?
If you want to see the changes in the profiles of the user(which i take as one example of change documents) then you can use the transaction SUIM and there it'll give you options for change documents as below:
1) For users
2) For role assignment
3) For Roles
4) For profiles
5) For authorizations
and then you can choose the option you want.
If I can help in some other way then kindly let me know.
Cheers -
I am adding roles to positions using indirect role assignment, when adding the role to the position I am prompted to carry out a reconcilliation of indirect user assignments, receive message 'Indirect user assignments ok' so then I've run PFUD. When I check both the role and the user I cannot see the role attached to the user, but the role is listed in the 'Relationships' in PP01.
A new organisation structure has been created, when I click on the drop down at the 'change agent assignment' the old organisation structure is displayed. Any suggestions please how I can select the new organisation structure?
ThanksHello Anthea,
to pass on a role from a position to a SAP user id I would suggest the following.
Go to transaction SA38 and run report RHPROFL0.
Some notes on the report and report selections.
The report can be used to eveluate and assign roles from HR objects to SAP users. The report starts reading at a given HR object along an evaluation path. It then updates the SAP user found with authorisation roles.
Selections:
You have assigned the roles to a position therefore you should select object type S.
Then put the position number in the Object ID.
The key date is hopefully self explaining.
The evaluation path might have defaulted to PROFL0. That would be the correct one.
The program has a test mode. I suggest you run the test mode first. It will tell you what the program would change in an actual run.
In the next selection box - "Generate authorization profiles"
You might leave the ticks in the boxes:
- Standard authorizations
- PD authorizations
That will generate profiles if they aren't generated yet.
Next selection box - "Delete manually maintained authorisation profiles"
Leave the tick boxes blank if you have any direct assigned roles.
If you tick the boxes all roles and profiles directly assigned to SAP user ids will be deleted.
In section "New Users"
There is a tick box "Generate".
If that box is ticked the report will create new SAP user IDs for all occupied positions with roles but without SAP user ID on the Employee record.
You might leave that box unticked for the moment.
I suggest to create the application log --> Last tick box on the selection screen.
Some general comments at the end.
The report RHPROFL0 might be scheduled in production systems if indirect role assignments are used. Depending on your needs make sure that the deletion of manual assigned profiles is activated or deactivated.
If you do not enter an object id, the report will run for all object ids.
A further note on the indirect setup.
If roles should be passed on from a Position to a SAP user id, it is important, that the following conditions are fulfilled.
The Position is valid/active as of the report key date.
The position has a holder at key date.
The holder has an assignment of a valid SAP user ID at key date. Infotype 0105 subtype 0001 for object type P.
The Roles on the position are valid at the key date.
I hope that helps solving your issue.
Best regards
Karsten -
User-id / Roles assigned in Solution Manager system
Hi Friends,
I need an information regarding following:
User-id / Roles assigned in SOLMAN Dev system
SM59 Destinations in Solman dev system & user-id/pwd used for connecting to Satellite systems
User-id/ Roles assigned in Satellite systems - EG: ECC , PI , SCM ,BW for SOLMAN Related User-ids
SM59 Destinations in Satellite systems & which user-id /pwd is used for connecting to Solman dev system
Kindly suggest me how I can get all the above information.
Thanks & Regards,
Solman StarterAll users are created in SOLMAN_SETUP with the proper authorizations, just follow the guided procedure. In LMDB, you can set up the RFC connections to your satellite systems after you pushed the system information with RZ70 / SLD data supplier.
-
Status of roles assigned in SU01
Hi All, Need help to understand the status of a role and effect of user comparison on it... in SU01 assignment to a ID....Cases as below:
1.Role assigned to the ID has expired....The color of the role I have noticed becomes red...why is it so? is it because the role had a new profile generated since the time role got expired in that user? or is it just because role has got expired and so it becomes red in SU01?
And are roles and corresponding profiles which got expired removed from the ID automatically or just both role&profile left as it is with only the role turned red giving the text (User comparison required)...
2.Role assigned to a ID with validity start date set as some date in future. Have seen that in this case too role becomes red after a day!! PFCG_TIME_DEPENDENCY runs..But why is it so??Why does it turn red?Hi,
Role assigned to the ID has expired. the color of the role becomes red. This is because each role assigned to the user has a validity end period. once this date is crossed, the user will not have authorization to objects contained in the role. You can check more details in AGR_USERS table. there you will find that each role attached to a user has a start and end date. -
Regarding Authorizations and Roles
Hi All,
Can anyone explain me about Authorizations and Roles ,in detail.
regards,
AliLinks for Learning about Authorizations:
http://help.sap.com/saphelp_nw70/helpdata/en/44/599b3c494d8e15e10000000a114084/frameset.htm
http://help.sap.com/saphelp_bw33/helpdata/en/be/076f3b6c980c3be10000000a11402f/content.htm
http://help.sap.com/bp_biv235/BI_EN/documentation/Authorization_BW_Proj.pdf
http://help.sap.com/saphelp_nw04/helpdata/en/e3/e60138fede083de10000009b38f8cf/frameset.htm
Links to learn about Roles:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
http://www.bwexpertonline.com/archive/Volume_04_(2006)/Issue_10_(Nov_and_Dec)/V4I10A2.cfm?session=
Assign points if helpful,
Venkat -
Role assignment to user in child system
Hi,
We have a CUA with role assignment in SCUM defined as global. There is any way of assigning roles to users in child system when CUA system is not available? There is any way to allow roles assignement in both Parent and child systems?
Many thanks for your help!!
RaquelOne way would be to temporarily delete the CUA assignment in the child and then maintain locally, but you will need to attach it again... and decide whether you want the CUA master to know about what you have done.
Plan B on older Support Packs is to take a look at the correction instructions of [SAP Note 1504495|https://service.sap.com/sap/support/notes/1504495] but for this you need full access () to the S_USER objects, in which case you could detatch the CUA anyway.
However as a temporary workaround in Test systems it could have been usefull.
Plan C: Allow reference user assignments locally and authorize the role indirectly. Via the available authorizations of and access to the reference users you can then contain the scenario. Works fine for me if the concept of reference users is understood.
However in most cases you should do it via the CUA and will end up doing this anyway via the CUA - that is what you have a CUA for. So... logon to your CUA in the morning, give the SAPGui scheme a nice bright colour and administrate the users and role assignments there. This is a small price to pay compared to not having a CUA or IdM...
Cheers,
Julius -
HR-ORG - Indirect Role Assignment
Hello
We are designing the role & security strategy in a new implementation project. The best security strategy seems to be an indirect role assignment via SAP organizational structure. We've looked for some information about that, but we have some doubts about it (we have downloaded "HR-ORG - Indirect Role Assignment" and "User & Roles" files from SAPNet).
The organizational structure will have a lot of leaves named "explotacion". Every leaf will have a different company code, sales organization, sector and so on... On the other hand, it's a requirement that a user obtains automatically its roles when its moved through organizational structure.
Our plan consists in create several primary roles (for example, sales manager). Then we will create a lot of derivate roles which will inherit all authorizations from the parent role. However, it shouldn't inherit organization field values... Then, when this role is assigned to a position, this role should obtain all organizational field values (company code, sector, ...) from our organizational structure.
Is it possible? How can we do that?
Best regards,As mentioned previously, the indirect role assignment may work in this case since it assigns complete roles to positions rather than inheriting the properties of that position.
Structural authorisations however, do have specific authorisation values assigned directly to the organisational positions.
I have not had much experience in implementing these but that maybe worth a look.
Simon
Maybe you are looking for
-
Batch is being Generate two Record for Same Vendor in Payable
Gusy, (Oracle Payable) We have entered six validate invoice with same site,vendor,Payment mod and currency as well but when we see batch in payment window ,it is being show two record insted of one transaction ,howerver system should show one record.
-
Unable to edit images in Preview
I think this has been an ongoing issue based on forums, but still cannot find an answer. I am trying to resize an image and I get: The document "_____" could not be saved. I have tried save as, duplicate, etc... no luck. Anyone have any success in
-
Sending data tablenode to excel sheet
Hi, Can u please tell the step by step procedure for SENDING THE DATA FROM WDTABLENODE TO EXCEL SHEET and send me a related docs Thanks.
-
Object oriented ALV with zebra layout
Hello all, couldn't find anything regarding the above mentioned topic via search function so here my question: How can I get a zebra layout while using the method cl_salv_table=>factory and further steps. Can someone post some example coding? Thanks!
-
Spell check doesn't work on shared documents
We have four computers (Mac) running CS6 (multiple licenses) and sharing documents via a server. Beginning with CS3, we were not able to spell check a document multiple times. Now, with CS6, three computers cannot spell check ANY shared documents. On