Authorization Restriction at Vendor level

Similar Messages

• Organization level authorization restrictions

  Hello All,
  Please can you let me know
  1) f it is possible to org level authorization restrictions for CLM documents and master data without any development?
  - E.g. while creating suppliers the user should only be able to create for the Company assigned to the user id?
  2) What is the significance of the company and organization unit fields in the user account information page?
  Regards,
  Subramaniam Iyer

  Hi ,
  Could you share about your solution ? I think I have face the same problem as yours.

• Currency vs Account group restriction for vendor master

  Dear All,
  Is it possible to restrict the user from using inr for Import vendors account group and other currencies for domestic vendor account group in standard????

  Hi,
              Through authorization object F_LFA1_GRP (Vendor: Account Group Authorization ) field - KTOKK (Vendor account group) you can restrict user to create particular type vendor i.e Import Vendor or Domestic Vendor etc. Pls refer below screenshot...
  As k your Basis user to restrict as per account group ....Through PFCG transaction..
  Regards
  Abhishek Tiwari

• Authorization for limited vendor for user in FBL1n

  Hi,
  I have certain user in my company, to whom, i want to give t-code FBL1N access. But for some vendors only.
  Please let me know, how it can be done.

  Hi Durga
  As far as I see I can suggest you 2 options:
  1. You can create a validation with sets for users and vendors. This way you can restrict to only the t-codes you want the restriction to apply
  2. You can co-ordinate with BASIS to restrict using authorization object F_BKPF_BEK. You have to assign authorization group to vendors and give authorization to users for specific authorization groups. In this case, you cannot restrict only to FBL1N. The restriction would be applicable to all the transaction codes for the users where vendors are impacted.
  Regards
  Sowmya

• Authorization at Folder Tab level

  Hello Experts
                               I have design a form which has lots of folder tabs , but now i want authorization at folder tab level, so that only authorized user has access to those tab, while unauthorize user is not able to see content inside the tab
  ex
  user1 - Full authorization
  user2 - No authorization on tab level
  Is it possible
  Plz suggest

  Hi,
  Yes u can write a small logic like that, for a specific user some folders will not be avaliable, for that i suggest u create a new UDT with some cols like user name, and folder item UID to restrict, so that the end user admin can update this table with the required folder item ID and user code as the users can change in the future,
  So u can have a logic like
  If loggedInUser = restrictedUser Then
  msgbox("Not authorized to view this information")
  bubbleevent = false
  End If
  U need to execute this logic in the item click event.
  Hope this helps,
  Vasu Natari.

• Authorization Check on Multiprovider level

  hi,
  We have following requirement.
  1. we have two groups accessing the same reports (A and B).
  2. When user from A view the report, he should only see the data from A. Similar for B, he should only see data from B.
  3. We also provide ad-hoc query creation in production through Query Designer.
  We thought of creating authorization relevant object and include it in query. But the problem is, if they dont include the authorization object in the query, then data will not be filtered and we will get data security issue. We dont have any problem with Canned queries (deliverd by developers). but while creating ad-hoc query, they might remove the authorization relevant field. Hence, this type of authorization may not work for us.
  Option 2:
  1. While loading the data split the data and load into seperate cubes. That is Cube-A and Cube-B.
  2. Apply info provider level security to Cube-A and Cube-B (based on PFCG security roles)
  3. Create a multiprovider on top of Cube-A and Cube-B
  4. Expose this mutliprovider for ad-hoc and other quries.
  But i am not sure about following things.
  1. Lets say A tries to access the report created on this multiprovider.
  2. As the multiprovider splits the query to Cube-A and Cube-B, will he gets authorization failed error on Cube-B? Or whether multiprovider just ignores data from Cube-B and shows only Cube-A data?
  3. Or, will it ignore the authorization at Cube-B and shows all the data?
  4. if this model works from authorization perspective, what are the drawbacks we have with this approach.
  Please let me know your thoughts on this design and also suggest if you have any other solution.
  regards
  Raghavendra

  Hi,
  If the user is restricted to an infoprovider in the role then it works perfectly with out any security leak.If the user tries to acess any other infoprovider then authorisation chk works and throws an error message "No authorisation".
  As we do not have control at the query designer level to restrict the user by an authorisation variable(considering adhoc queries) better to restrict the user with infoprovider restriction at role level.
  1. Lets say A tries to access the report created on this multiprovider.
  User A will be able to view the data from the infoprovider A only.
  2. As the multiprovider splits the query to Cube-A and Cube-B, will he gets authorization failed error on Cube-B? Or whether multiprovider just ignores data from Cube-B and shows only Cube-A data?
  Multiprovider does not know or able to differentiate A and B its just physical stucture formed by the combination of fields from infoprovider A and B. If the user tries to access the fields from Infoprovider B then he will get an authorisation error as he is not authorised to Cube B.
  3. Or, will it ignore the authorization at Cube-B and shows all the data?
  Authorisation check will happen as per the infoprovider restriction assigned to the user in the role so it does not show the other values.
  4. if this model works from authorization perspective, what are the drawbacks we have with this approach.
  The user should be well aware of the fields from A and B, if any of the filed is used for which he is not authorised then it gives an error.If the multiprovider has large number of objects then its slightly difficult for the user to remember the fields from which infoprovider to use and not to use.
  Also if u have logically split the data into two infoproviders then why do you need multiprovider ? Let A work on A and B on B. So no complexity of multiprovider.
  Let me know if i miss anything.
  Regards

• MIRO Error- No amount authorization for customers/vendors in company code

  Hi Friends,
  While creating Invoice (MIRO), when I enter amount at Header level, I faced below error.
  No amount authorization for customers/vendors in company code  XXX.
  Message no. F5155
  Please help to know how to rectify this.
  Regards, RAMAN.

  HI
  My problem  is not solved please guide me
  No amount authorization for customers/vendors in company code xxxx
  Message no. F5155
  Diagnosis
  No amount authorization for customer/vendor line items has been specified in company code xxxx for the user group to which you are assigned.
  Provided that you are not explicitly assigned to a user group, the amount authorization to the group blank (" ") is valid.
  Procedure
  If you entered the correct company code, initiate the maintenance of tables T043 (user groups) and/or T043T (company code authorizations).
  Regards
  Krishna

• How to Restrict the node level in account hierarchy

  Hi experts,
  I want to restrict the node level in account hierarchy. I attached one example. in that if i click 6000 node again it want to show error message. for one parent node i want to create only two child node. Further if i create means it want to show error msgs and not allow to create the node..
  Regards,
  gopi

  Hi ,
  The component is bp_hier, and method is onnew_node.
  IF lv_tree->is_locked( ) = abap_false.
       lv_tree->lock( ).
     ENDIF.
     CHECK lv_tree->is_locked( ) = abap_true.
     lv_index = typed_context->accounthierarchy->selected_index.
     lv_tree_node = typed_context->accounthierarchy->get_node_by_index( lv_index ).
  *key = lv_tree_node->node_key.
    CALL METHOD lv_api->get_node_parent
       EXPORTING
         iv_node_key        = key
       IMPORTING
         ev_parent_node_key = lv_paent_key
  *      ev_tree_guid       =
  *   lv_parent = lv_tree_node->parent_entity.
  *    typed_context->accounthierarchy->parent_entity.
  CALL METHOD lv_tree_node->get_children
     receiving
       rt_children = rt_child.
     CHECK lv_tree_node IS BOUND.
     lv_tree_node->is_leaf = abap_false.
     TRY.
         lv_proxy_node ?= lv_tree_node.
         TRY.
             lv_object ?= lv_proxy_node->bo.
           CATCH cx_sy_move_cast_error.
             lv_mixed_node ?= lv_proxy_node->bo.
             lv_object ?= lv_mixed_node->if_bsp_wd_ext_property_access~get_model_node( ).
         ENDTRY.
         lv_object_name = lv_object->get_name( ).
         IF lv_object_name = 'BuilHierarchyNode'.
           lv_relation_name = 'BuilHNodeRel'.
         ELSEIF lv_object_name = 'BuilHierarchyHeader'.
           lv_relation_name = 'BuilHeaderNodeRel'.
         ELSE.
           RETURN.
         ENDIF.
         lv_tree_node->get_children( ).
         lv_object = lv_object->create_related_entity( lv_relation_name ).
         lv_child_node = lv_proxy_node->node_factory->get_proxy(
             iv_bo = lv_object
             iv_proxy_type = 'CL_BP_HIER_HIERARCHYTREEV_CN05'
             iv_parent_proxy = lv_tree_node ).
         lv_tree_node->expand_node( ).
         typed_context->accounthierarchy->refresh( ).
         typed_context->accounthierarchy->deselect_all( ).
         lv_child_node->selected = abap_true.
         lv_child_node->is_leaf  = abap_true.
  *accounthierarchy
  *      selectedhierarchynode
         lv_col_wrap = typed_context->selectedhierarchynode->get_collection_wrapper( ).
         lv_col_wrap->clear( ).
  This is the code.
  i wrote . but its not getting.

• Authorization check for vendor bank details

  Hallo.
  Is it possible for certain users who have the authorization for creating vendor master data not to have access to their bank details?
  Thanks in advance.

  Hi Anna,
  A vendor master record will contain the following (as you might be knowing)
  vendor details
  tax details
  Bank details
  Account data
  payment data
  and the purchasing data
  Hence by default if a user has authorization to create vendor master , he will have access to their bank detail.
  Thanks,
  Janani
  award points if helpful

• How can I restrict a vendor with certain value limit?

  Hi Gururs,
  How can I restrict a vendor with certain value limit?.
  Scenario is like this
  If my company was decided to purchase goods from a particular vendor upto Rs.1000, if cross the rs.1000 limit don't allow the Posting the PO and get the Message as warning/error.
  Give the configuration setting's and T.codes
  Thanks and regards
  G.N.Rao

  Hi
  Go to T.Code oms4 and then select the material status BP (Blocked for purchasing)
  Click on Details
  In that under Purchasing select the option A= Warning or B=Error
  Click on Save
  Thus by doing this no further purchasing function for that material can be done. So the PO can not be issued
  So as and when the value limit reaches see that purchasing option is blocked
  So no further PO are generated in the future
  I hope this helps you out
  If found useful reward accordingly
  Thanks
  pavan

• Authorization at profit center level

  Dear All,
  In FI Module we have a requirement of Authorization at Profit Center
  Level.
  For Example : in FB50 transaction we want to allow some users to enter
  only for "1001" profit center.
  We have tried the following :
  We have create authorization object for PRCTR - Profit Center field and
  assing that object manualy to role. But it is not working. After assigning this authoization object, profit center also comes in "Organization Level". But at transaction level no effect.
  Thanks  in adanace,
  Nirav

  Hi Nirav,
  You will only invoke additional authorisation checks if the code for the transaction is changed to include the relevant AUTHORITY-CHECK code + subsequent logic.
  From memory for FB50 you will need to look into an appropriate user exit or enhancement point to code this additional check.  Alternatively you could use an alternative control such as random sampling for those users.

• Ad-hoc Authorization restricting the user

  Hi All,
  The users needs to be restricted from Ad-hoc broadcasting the reports using the Bex Broadcasting Wizard.
  where can i restrict the broadcast using Authorization restrictions in the user profile?
  Can i restrict the user by deactivating Broadcast Tab in  the menu ?
  suggest me the feasible solutions.
  Thanks,
  Mike

  Hello Mike,
  Do you got the solution for the same? Kindly let me know the details as We have same issue at our location
  Thanks in Advance.
  Regards:Gaurav

• How we can show authorization object  at infoprovider  level

  hi all
  how we can show authorization object at infoprovider level..
  shalini

  S_RS_ICUBE:
            Auth objects for working with Infocubes and their sub-objects. For example,
            protecting users who can define the Infocube, applying update rules, and
            looking at the data in the Infocube.
  In order to execute any query, u must have access to R_RS_ICUBE and S_RS_COMP. S_RS_COMP is
  a powerful object that enables u to make choices on how to secure.

• How DMR can be maintained for MATERIAL AND VENDOR LEVEL

  Hi,
  For now we implemented the DMR only at material level, but now we want to know if it is possible to implement the same at material and vendor level, because some material are provided by different vendors and we want to apply a different DMR for each vendor (or only apply the DMR for one specific vendor).
  The DMR that we created on the system is just to complete the inspection protocol every 10 material good receipts and skip it the other ones.
  Please, Could you provide us the correct way to perform this DMR at material and vendor level?
  regards
  mohan

  ok

• Filters at record level and filters restrictions at cell level

  Hello Crystal Report friends:
  We are aware that we can apply filters globally (record Level). We need to add additional filters(Restrictions) at cell level.How do we apply filters at a cell Level?
  Regards,
  Joe Gonzales

  And along with what Ian said be careful when exporting also, some suppressed fields may export even though you have supressed them, so you are not removing the data, just hiding it. If the user has rights to edit the report they could "unhide" the info.
  Depending on the version of CR you are using depends on the output, our export formats tend to change on how they work and what is exported etc.
  There are Various DB tools from SAP Enterprise that has the ability to do row level filtering if that is an option for you.
  Don