Authorization profile description

hi experts,
In tcode su01, we have authorization profile and its description for a user.
I have a report in which authorization profile has been displayed. I need the authorization profile description next to it. I found the field PTEXT in table USR11 has got the description. However i dont have any relation (key) between USR11 and (usr01, 03, 04). Kindly suggest me some idea to get the description.
Thanks in advance.
Senthil

hi Senthil,
Check
UST04                          User masters
UST10C                         User master: Composite profiles
UST10S                         User master: Single profiles
UST12                          User master: Authorizations
USTUD                          Students
Regards,
Santosh

Similar Messages

ISE Authorization Profile Question

Hi,
We are implementing ISE at a university and using dynamic VLAN allocation to segment the traffic into vlans of a manageable size - we do not want to use geographically based vlans for a number of reasons. However there is one scenario which I am struggling with.
A number of students will be living in university owned houses which are not directly connected to the university network. In these houses an ISP will provide an ADSL circuit. These ADSL circuits will be aggregated back at the university data centre and will connect down one piece of wire to the university network. I haven't completed my testing yet but the general theory is that we can use multi-auth to allow them on to the network and apply appropriate access restrictions (these restrictions will differ from those applied to those applied when they connect "on campus") . However, in order to do this, I will need to create an authorization policy based on where they are coming from (ie what switch and what port). I can see how I can use Identity Groups to identify which switch the traffic is coming from but for the life of me I have no idea how I would identify the port.
Anyone have any ideas how I might achieve my goal?
Thanks
Alan

Hi
Cisco ISE allows for a wide range of variables within authorization policies to ensure that only authorized users can access the appropriate resources when they access the network. The initial release of Cisco ISE supports only RADIUS-governed access to the internal network and its resources. The authorization policy result is Cisco ISE assigning an authorization profile that might also involve a downloadable ACL specifying traffic management on the network policy enforcement device. The downloadable ACL specifies the RADIUS attributes that are returned during authentication and that define the user access privileges granted once authenticated by Cisco ISE.
An authorization profile acts as a container where a number of specific permissions allow access to a set of network services. The authorization profile is where you define a set of permissions to be granted for a network access request and can include:
• A profile name
• A profile description
• An associated DACL
• An associated VLAN
• An associated SGACL
• Any number of other dictionary-based attributes

How to create and allocate authorization profiles?

How to create and allocate authorization profiles? please issue step by step and usage of TC:PFCG.

Hi Srinivas,
I would like to try to explain how to create an authorization profile.
1. you have to create a user with the Tcode SU01 at first
2. run Tcode /nPFCG.
3. enter a name for the role (naming convention is here very important) which you want to create and then click on "create Role".
4. enter a short description for the role and then click on Authorization tab.
5. now you are required to save the role. Click on it and continue.
6. click on the tab "change authorization data" and select the authorization template what you need.
7.change the authorization field value.
8.click on button "Generate".
9.click on button Back
10. click on Tab user to assign the role to the user which you created in step one
11.click on button User comparison and then complete comparison
Hope this helps

How to get all authorization objects for a certain authorization profile

Hi ABAP experts,
I have the following problem: for a certain authorization profile of a role (created with transaction PFCG) I would like to get all contained authorization objects: e.g. for the contained object PLOG I would like to know/read all corresponding parameter values.
So:
- where are these values stored (dictionary table)?
- is there already a FM or a report to read all authoriation values for a certain authorization profile?
Thanks in advance.
Best regards,
Oliver

Hi,
check the following it might useful for you:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c
if helpful reward points are appreciated

Query related to Authorization profile.

Hi Professionals,
Please help me out as I'm not a BASIS consultant but PP.....
We've created Users profile and assigned them profiles that contain a particular bunch of Transaction codes module wise.
Now we want to to create and assign such a Authorization profile to Users which will contain all Display transaction codes either related to all modules OR that particular module only say PP, MM, FI, CO etc.....
For example
MM03- Display material master
CS03- Display material BOM
CR03- Display work center
ME53N- Display Purchase requisition etc.
Is there any standard profile for that that are already provided by SAP? If it's there, how do we know that are related to what module?
Suppose if we assign such profiles, what will be implications related to future and user discipline?
Thanks & Regards,
Abu Arbab

Hi Abu, don't worry about being a PP consultant, most of us here are not Basis either, rather we focus on security.
There are no standard roles delivered by SAP which give this. There are standard SAP display roles but none will include all the display transactions for a module.
What you should do is get each functional team to list the dispay transactions which are used by the business processes which they have configured. There is no point in creating a display role with 500 transactions if the business processes only requires 30 transactions. Access is more usually required for business processes rather than module so you would often need to combine your modular display roles to cover a single process.
By building the roles to include the transactions you use rather than are available, you also avoid one of the mistakes often seen with using standard SAP roles - users having wider authorisations than they require to perform their job.

Profile description is not visible from Application which the LDT file has.

Experts,
I am running into strange issue.
Dev created a LDT file for a profile and requested to upload it through a one-off patch.
The profile got updated into the DB for all the 3 languages - US, KO and AR.
However the description is not visible for US when tried to verify from the Forms.
Further analysis gave a tip that the description is NULL only for US and exists for other 2 Langs (KO and AR).
SQL> select PROFILE_OPTION_NAME, DESCRIPTION, LANGUAGE, LAST_UPDATE_DATE, LAST_UPDATED_BY, CREATED_BY, CREATION_DATE
2 from fnd_profile_options_tl where
3 profile_option_name='INL_ITEM_CATEGORY_SET';
PROFILE_OPTION_NAME DESCRIPTION LA LAST_UPDAT LAST_UPDATED_BY CREATED_BY CREATION_D
INL_ITEM_CATEGORY_SET {Category Set to determine the items that will be AR 09-NOV-12              122        122 11-JUL-11
                          LCM trackedØ³ÙÙ
                                         Ø§Ù
Ù Ø³ÙÙ
      Ø§Ù
Ù Ø³ÙÙ
      Ø§Ù
Ù Ø³Ù}
INL_ITEM_CATEGORY_SET {Category Set to determine the items that will be KO 09-NOV-12              122        122 11-JUL-11
                          LCM trackedâ
                                      ¦'+++ '+++ '+++ '+++ '+++ '+++ '+++ '++
                          +Ã
INL_ITEM_CATEGORY_SET                                                                            US 12-MAR-12             *2330*        122 11-JUL-11
SQL>
Also identified the Last Updated By is from FND User - "PROCESS_OPS"
SQL> select USER_ID, USER_NAME from fnd_user where USER_ID in (122, 2330);
   USER_ID            USER_NAME
       122               ORACLE12.2.0
      2330              PROCESS_OPS
SQL>
What could be the reason behind this change?
Why the profile description only for US Lang is not getting updated whereas for other languages it got updated by FND User - "ORACLE12.2.0"?
It clearly shows on 09-Nov-12 there were some changes happened and that to by User_ID 122 which updated for KO and AR.
For some reason the same was not applied for US Lang.

HI Hussein,
I am waiting for your update only.
We have requested Dev to chek the same got to know that,Yes, when tried with CUSTOM_MODE=FORCE, it is working fine.
But they are insisting on how the other Langs got updated and why it would not update for US alone.
Just check the Profile from FND_PROFILE_OPTIONS about the profile details and found below.
SQL> select APPLICATION_ID, PROFILE_OPTION_ID, LAST_UPDATE_DATE, LAST_UPDATED_BY, CREATION_DATE, CREATED_BY
2 from fnd_profile_options where PROFILE_OPTION_NAME='INL_ITEM_CATEGORY_SET';
APPLICATION_ID PROFILE_OPTION_ID LAST_UPDATE_DATE LAST_UPDATED_BY
CREATION_DATE CREATED_BY
9004 1011555 12-MAR-12 2330
11-JUL-11 122
SQL>
For some reason the TL got lastupdate_date and 09-NOV-12 and the same is not reflecting in FND_PROFILE_OPTIONS.
Please advise.

ICC profile description is invalid

I loaded PSE 8 on my Dell M1530 running Vista. Whenever I try to start PS8 I get "could not initialize Photoshop because the ICC profile description is invalid" and the program quits. I've tried removing and reinstalling PSE8 and it still errors. Any idea what I can do?

There are three steps in installing a color profile in Windows. First they have to be in your system32 (or syswow whatever\spool\drivers\color folder. Then as you have done you run the install. But then you have to register the profile for the device type (display\printer\etc.).
I think placing the color space profiles has already been covered in another reply.
You have already reset preferences so PSE has rebuilt its cache of scripts and resources.
Switch the default monitor profile in Win color management applet to another to another one just to see if that solves your problem. PSE doesn't offer a choice of display profile so I imagine it uses your set default.
Also there are two profile version types. Version 4 trips uup some applications especially for printing. Version 2 should be used for displays and works best for printers as well.
These Win utilties will show the version type:
http://www.color.org/resource2.xalter get
ICC Profile Inspector - opens an ICC profiles and makes the contents readable
Profile Dump - an example utility built using SampleICC that reads profiles and checks them for conformance
In each you'll see the complete version number. In one of those two you have to switch thefile type to .icm or .icc. The other shows both.

How to make changes in Authorization profile?

Dear Guru's
In R/3 4.7 i used to change authorization profile in tcode SU02.where as in ecc 6.0 i dont find any change option it shows "Generated profile can only be displayed"
I want to remove the particular tcode from that authorization profile.please help.
Regards
AKI

Aki
In new SAP versions, they have replaced direct profile generation with Roles concept and all the new profiles are attached to the roles. Follow this link and read it completely and understand the concept.
http://help.sap.com/saphelp_bw21c/helpdata/en/52/6714b6439b11d1896f0000e8322d00/content.htm
You cannot change a profile directly, instead you will have to insert authorization from the existing profile into a new role and generate a new profile for that role.
Goto PFCG, create some new Z role. Save it, then goto authorizations tab, in the profile text box enter the profile name you want to edit authorization of. Goto change authorization Data. make the required changes. Then in the menu on top left hand side you will see a red and white ball press that and generate profile. Now you have a new role with required authorization. You can attach the role to required users.
Rahul

ISE - Authorization Profile issue

I'm running a trial of ISE and I'm attempting to create the authorization profile with the following settings:
Name: Posture_Remediation
Access Type: Access_Accept
Common Tools:
Posture Discovery, Enabled
Posture Discovery, ACL ACL-POSTURE-REDIRECT
The documentation says Common Tools, but in the screen shot it shows Common Tasks which is accurate to my install. Doc: http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bba10d.shtml#topic19
The issue is that I do not see a Posture Discovery option in the Common Tasks area. Can I add these the attributes using the Advanced Attributes settings or is there something I need to enable to display the Posture Discovery option within Common Tasks?
Any help would be appriceated.
Andrew

Hello Andrew,
As per your query i can suggest you-
Creating a New Authorization Policy
Use this procedure to create a new authorization policy.
To create a new authorization policy, complete the following steps:
Step 1 Choose Policy > Authorization > Standard.
Step 2 Click to select either Insert New Rule Above or Insert New Rule Below.
A new policy entry appears in the position you designated in the Standard panel of the Authorization Policy window.
Step 3 Enter values for the following authorization policy fields:
•Rule Name—You need to define a rule name for the new policy.
•Identity Groups—Choose a name for the identity group that you want associated with the policy.
–Click + ("plus" sign) next to the word "Any" to display a drop-down list of group choices, or choose Any for the policy for this identity group to include all users.
•Condition(s)—Choose the types of conditions or attributes for the identity group associated with the policy. Click + next to Condition(s) to display the following list of condition and attribute choices that you can configure:
–Select a Condition Name option from the drop-down list (Simple Conditions, Compound Conditions, or Time and Date Conditions) as needed.
–Select one of the Attribute options as needed. This displays a list of dictionaries that contain specific attributes related to the dictionary type.
When you select an attribute, you can define it as Equals, Not Equals, or Matches using a pull-down list of operator options, and select an AND or OR directive using a pull-down directive option.
For more information please refer to the link -
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_authz_polprfls.html

ISE Authorization profile

I am trying to create an authorization profile in ISE. My vlan for that profile is 50. When I try to add the Tag ID as 50 it is not allowing me to do so.
The message I am getting is : “Tag ID should contain only numerical value and in the range 0-31. How can the vlan be 0”. How to deal with this issue when my vlan ids are higher then 31.
I was wondering if anyone else had similar issue? Or am I missing anything.
Ds

BW Issues while generating authorization profiles RSSB_GENERATE_AUTH progm.

Hello,
We loaded ZTCADS02 hierarchy datastore authorization template with the following data fields mapping and along with the other authorization templates (ZTCADS01, DS03)
when I try to generate the authorization profiles using RSSB_GENERATE_AUTHORIZATIONS program, I am getting the following error
Hierarchy YES_BRANDS (version, key date 12/31/9999) does not exist Message no. RSSBR050
Here are the fields and field contents on ZTCADS02 datastore. Am I loading wrong data to any of the fields?? I tried couple of combinations for Hierarchy name (0TCTHIENM) but none of this helps me in successful generation of the profiles.
0TCTHIENM = YES_BRANDS/99991231//0BP_GRP
0TCTHIENM = YES_BRANDS
0TCTUSERNM     User                     CARLMGRN1
0TCTSYSID     BW System     SBC100
0TCTAUTH     Authorization (Tech)     ZBP_GRP
0TCTADTO     Validity, to                     99991231
0TCTIOBJNM     InfoObject                     0TCTAUTHH
0TCTHIENM     Hierarchy Name     YES_BRANDS
0TCTHIEVERS     Hierarchy Version     A
0TCTHIEDATE     Hierarch, Valid to     99991231
0TCTNIOBJNM     Node (InfoObject)     0BP_GRP
0TCTATYPE     Type of Authorizatn     2
0TCTOBJVERS     Object Version     A
0TCTADFROM     Validity, from     20061113
0TCTNODE     Nodes              454BA58E856300F6000000000A173125
0TCTACOMPM     Validity Period     1
0TCTTLEVEL     Hierarchy Level     9
0TCTNDEF     Default Value     Y
Infoobject to be checked is 0BP_GRP which is hierarchy check
ZBP_GRP is custom authorization object created by me with fields actvt, 0BP_GRP and 0TCTAUTHH fields via RSSM
All suggestions are really appreciated and promise to reward very good points,
for all good answers.
Regards
Sreeni

Issue is resolved. There was a problem with the data load.
Thanks
Sreeni

Create Display Authorization Profile for SAP Transaction SPRO (IMG).

Dear All,
In my current implementation project there is an requirement to create display authorization profile for SPRO. I have tried a lot but was not able to do so.
Any one is having an experience in creating display profile for SPRO (IMG) ? If any one has worked on this issue then please guide me.
Thanks,
Avinash

Hi
This is security related question. I am not security expert.
But you can check this, Include the following authorization objects in the profile and assign this profile to the target user.
S_IMG_ACTV
S_PROJECT
S_PROJ_AUT
S_PRO_AUTH
and assign activity = 03 (Display).
Hoipe it helps.
regards
Srinivas

Talent Management (EhP4) - cannot find structural authorization profiles

Hi All, 
I have looked in 3 different SAP ECC6.0 EhP4 system for the Talent Management structural authorization profiles stated in the IMG documentation and on the help.sap.com website. The profiles are: 
TMS_PROFILE 
TMS_ALL 
TMS_MAN_PROF 
There are also several "sub" profiles for TMS_PROFILE. 
To take an example from help.sap.com on their Authorizations page (http://help.sap.com/erp2005_ehp_04/helpdata/en/7b/6f92413c3a2e7be10000000a1550b0/content.htm ), the SAP_TMC_SUPER_TALENT_MANA_SPEC clearly indicates the TMS_ALL structural authorization profile is in the standard system: 
Authorizations for talent management superusers 
For more information, see Talent Management Superuser. 
The structural authorization profile TMS_ALL is also available as a template for the Talent Management Superuser. 
For more information, see Customizing for Talent Management and Talent Development under Basic Settings ® Authorizations in Talent Management ® Define Structural Authorizations. 
So... does anybody know anything about these and where I can find them? Do they require some form of activation outside of the standard switch activations for Talent Management? I've looked in several tcodes (SU01,PCFG, OOSP etc) for them but no luck. 
Any help gratefully received and points will be awarded for helpful answers and solutions! 
Best regards, 
Luke

Hey Luke:
Could you do me a favor and look in client 000 (the SAP delivered client)? You generally need a basis person for this activity, and I can't find one now on my own end to confirm my theory. However I'm pretty sure if you went to OOSP in client 000, you'd see those profiles. They were either never copied over from 000 or your security friends deleted all the profiles that are SAP delivered in the clients you're looking at.
I could talk for a super boring amount of time about the security concept of "SAP delivers too much access with their roles so we don't use them" that a good number of security teams use - but that's a story for a different day.
Take a peek in 000 and let me know what you see. If they're there, you can always have your basis chums copy them over to your clients that you want them in (presumably your security config client).
Thanks,
Chris

Steps for creating structural authorization profile using trans. OOSP

Dears,
Could someone please guide to the steps for creating a structural authorization profile using transaction OOSP, to authorize on the HR Payroll Area.
Thanks.
Reda

Hi,
There are comprehensive guidelines on help.sap.com for creation of structural authorizations: http://help.sap.com/saphelp_erp2004/helpdata/en/34/49ba3b3bf00152e10000000a114084/content.htm
However, please bear in mind that you cannot limit access to certain payroll area with structural authorization. For that you should use standard PA authorization object (you can use field organizational key to store Payroll Area VDSK1 in IT0001):
P_ORGIN http://help.sap.com/erp2005_ehp_02/helpdata/en/3e/b8b83b5b831f3be10000000a114084/content.htm
Cheers

How to activate authorization profile in ERP 6.0

Hi,
Could you give me a hint please.
In ERP 6.0 system, I copied a authorization profile from &_SAP_ALL_13, and changed it.(saved successfully)
But clicking activation, message "Unable to activate, authorizations missing: ..." is shown in pop-up.
What happend in this process.
In R/3 46C system, such a message is not shown.
authorization profile activation process changed in ERP 6.0?
I did following actions;
T-CD: SU02
- Profile: &_SAP_ALL_13 / With any options off -> Create work area for profiles
- -> Copy Profile
- Copy profile From &_SAP_ALL_13 To Z_SAP_ALL_13 -> Execute
T-CD: SU02
- Profile: Z_SAP_ALL_13 / With any options off -> Create work area for profiles
- change some objects in the profile (include delete line) -> Save -> Activate
regards,
Katsumi

Dear Katsumi,
Go to change authorization data and check weather every node is in green.If not expand every node and check anything in yellow or red that should come in green.Then generate that profile Shift+F5.
Now after generating your profile make sure to click on User Comparison.
Also there might be a possibility that user must not be having enough authorization.In that case :
From the user login wherever this message authorization faliure is coming type /nsu53 and see for missing authorization.
Now go to your login(considering that you have full authorization) use tcode PFCG and role in which use tcode is residing.Add manually the missing object which reflects on the SU53.Again generate and make user comparision.
Now come back to user login and again try .If that is still not coming repeat the above 2 steps.
Regards,
Ashutosh
Edited by: ashutosh singh on Aug 13, 2008 7:53 AM
Edited by: ashutosh singh on Aug 13, 2008 7:54 AM

Authorization profile description

Similar Messages

Maybe you are looking for