Authorization restriction for BP transaction

Similar Messages

• Authorization restriction for Goods issue against an Order

  Hello All,
  We have a situation wherein the user is able to issue goods using tcode MIGO by choosing Goods issue --> Others and mentioning an order number that belongs to another plant in the account assignment tab and issues a material which belongs another plant.
  For eg we have material A that has been created for plant 1. The user issues the material (movement type 261)and the account is assigned to an order which has been created for plant 2.
  I could not find any authorization object that restricts this.
  I checked the objects M_MSEG_BWA and M_MSEG_WWA and he has authorizations only for plant 1 and all movement types.
  Any pointers to restrict this access will be appreciated.
  Thanks & Regards,
  Subramaniam Iyer

  Hi,
  MIGO transaction by default restricted with Plant.  If you say that the user A is having access to only Plant 1 & 3, but not for 2, please check the below authorization objects does not have any manual objects inserted into the Role and restricted with the value only in organization field.
  M_MSEG_LGO
  M_MSEG_WMB
  M_MSEG_WWA
  M_MSEG_WWE
  This issue may occur because if the objects are maintained manually in the role.  If so, when you check in the organization field, it may not be showing the value which are manually added into the manual object.
  Also, please check the other roles are assigned to the user.  If any of the other roles assigned to the user having any of the above objects with * value, this may provide the user to do the Goods movement for any plant.
  To check the issue, please go to SUIM and check the user under "Roles by Complex Selection Criteria" and make sure that you are checking the objects for the particular user.  This should be able to identify whether the user is getting access from any other roles assigned to the user.
  Regards
  Anandm

• Authorization object for parameter transactions

  Hi all,
  I'm trying to restrict transaction VL10h for shipping point,this transaction is a parameter transaction and is not controlled by an authorization object directly.when I run a trace , transaction Vl10x shows up. The authorization object that is being checked is V_LIKP_VST.
  Note : The requirement is when the user executes transaction VL10h he/she should be able to display only those shipping points they are authorized to.
  Please advice.
  Thanks,
  Mohan.

  Hi Mohan,
  For transaction VL10H you can specify values for the following fields in authorization object V_LIKP_VST:
  -Activity:
  01     Create or generate
  02     Change
  03     Display
  04     Print, edit messages
  18     Deliveries from coll. proc.
  24     Archive
  25     Reload
  85     Reverse
  -Shipping point: Here you must set the restriction for each group of users that are allowed for the maintenance of the shipping points that are used for delivery processing.
  You can restrict the access through these fields.
  Regards,
  Leandro

• Authorization restriction for material group field in MM02 for user role

  Dear All,
               My client wants to restrict 'material group' field usage in MM02 for certain users.
               How to achieve this task?
               Kindly advice
  Thanks &Regards
  Thangavel Ganesh

  Hi all ,
  You can use authorization object advised by AKPT MM. For related transactions , you can benefit from MM Related Authorization Objects - How to Find out & Assign , thanks to Sudeep A
  Regards.
  M.Ozgur Unal

• Authorizations: restrictions for InfoObjects and InfoProvider

  Hi Gurus,
  I am trying to define authorizations via RSECADMIN in 7.0 for a specific InfoObject and specific InfoProviders. The situation is: I want user USER1 to see only Company 4360 on Cube 'XXXXX', but he must be able to see all the Companies in all the other Cubes.
  I have used in RSECADMIN the icon "InfoCube Authorizations" to introduce the single Cube and corresponding single values for my Company, but it seems that the system use this restriction for all the Cubes.
  Please help me.
  Ciao.
  Riccardo.

  Problem solved.

• How do i find authorization object for a transaction code?

  Hi SD Guru's
  I need to find the authorization object for both standard & Z transactions.
  How can i find this?
  Regards
  Ravi

  Hi,
  check the coding with SE38 for "authority-check" and you will get the objects or set a breakpoint on statement "authority-check" while you execute the transaction.
  Regards,
  Andreas

• Create Display Authorization Profile for SAP Transaction SPRO (IMG).

  Dear All,
  In my current implementation project there is an requirement to create display authorization profile for SPRO. I have tried a lot but was not able to do so.
  Any one is having an experience in creating display profile for SPRO (IMG) ? If any one has worked on this issue then please guide me.
  Thanks,
  Avinash

  Hi
  This is security related question. I am not security expert.
  But you can check this, Include the following authorization objects in the profile and assign this profile to the target user.
  S_IMG_ACTV
  S_PROJECT
  S_PROJ_AUT
  S_PRO_AUTH
  and assign activity = 03 (Display).
  Hoipe it helps.
  regards
  Srinivas

• Authorization restriction for CRM 2007

  Dear Experts,
  We are in process of defining the authorization matrix for CRM 2007 for end users who will be using Web UI.
  Here my requirement is the service orders created by USER1 should not be displayed by USER2 and vice-versa when they do a search in both Web UI and GUI in Tx CRMD_ORDER for service orders.
  Please let me know how can I acheive this and what is the auth. object for the same.
  Thanks & Regards,
  Sharath

  Dear babu,
  If I understood your request, you want that, only one user will be able to access the document. If you want to do that, this is the answer:
  At tcode PFCG you shoud set:
  First you must set what type of document will be avaible to the user, in this case Z020.
  CRM_ORD_PR: PR_TYPE 'Z020',ACTVT '*'
  Next you must set which activities they will be able to do (notice, you must set the same field in the previsou object(
  CRM_ACT: ACTVT u2018*u2019
  And then you set which partner function or partner category are able to access the document, here is the main point !
  In this example I set that only users who has Partner Category (not partner function) Employee Responsible (std partner category 0008) are able to access the document
  CRM_ORD_OP: ACTVT '', PARTN_FCT '', PARTN_FCTT '0008'
  Here you can notice again field ACTVT, here you will set what user are able to do, "*" means everything, "1" = create, "2" = modify, etc. (I can see the list at PFCG, adding the auth. object to the PFCG profile).
  I notice only std partner function or partner category works with this object. I sent a message to sap support, and they confirm that, so if your user has Z partner funcition or category it is not possible to do that.
  Summary, your user must be present in the partner list of the document, and they must have a partner function or partner category std. It is possible to set together both values PARTN_FCT  and PARTN_FCTT, but I think it is not necessary.
  The easy way to do that is, user who will be able to access the document, must be the employee responsible.
  This help is very usefull
  http://help.sap.com/saphelp_crm60/helpdata/en/4a/b9f63a8ab2c745e10000000a114084/frameset.htm
  Regards,
  Lalas
  ps.: As you should know, only one partner function must have partner category Employee Responsible, in the partner det. procedure, otherwise, you will get error message in your application.

• Security authorization restrication for IW32 transaction

  Hi,
  The client requirement is to not allow to change any field for an order. I run the trace for each and every changes and i didnu2019t locate any sort of related object to restrict for not allowing them to modify the fields like "changed and saved the entries in Mn.wk.ctr and Func. Loc".
  For Example: Run IW32 - > Order number - > hit enter - > it will take to next screen and the order status will be REL.
  In that status system is populating all the fields of that screen with changed mode, it mean that allows user to change any field under that status and save the changes.
  Let me know is there a way from security end to restrict it? if so that will helps alot for the requirement of the client.
  Kindly help us.
  Thanks & Regards
  SV

  Prakash,
  In my query i have given with an example that when a order is in status REL then system is allowing to modify any field under that screen.
  I will try with the given soultions, please let me know if you find any other alternative soultion.'
  thanks alot for each and everyone for giving the right suggestions.
  SV

• Restricting the authorization Object for B2B Transactions

  Hi All
  we are facing the problem in the ISA b2b app, actually the scenario is as below.
  we have various transaction types like b2b sales,Peoplesoft order,Request for Order change, RMA ,Request for Quotation(RFQ) and metel order.
  As per the requirement, The client wants only a few functionalities for a particular user.
  Example:
  Transaction Type Authorization
  PeopleSoft order View only View only
  B2B:Req. OrderCh x x
  B2B: Req. RMA
  B2B: Req. Quote x x
  Metel Order x
  For b2b sales transaction a lower level employee would only be able to view the order and he should be restricted to make any changes. Is there a posibility to restrict in this manner? This is Urgent. Please respond immediately. Thanking you in anticipation.
  Message was edited by:
  Sunil Kumar

  >
  Viral741 wrote:
  > Hi All
  >
  > I have a requirement in SAP Security to restrict the authorization object S_ALV_LAYO to a particular set of users.
  >
  > Background:
  >
  > We use composite roles which is shared accross all areas(Finace,marketing,work managment).Now the requirement is for from Work managment to restrict S_ALV_LAYO so that user cant change default layout and can create user specific layout,but other areas are not ready for this.So please let me know if there is any way i can restrict this auth object only for work managment area only.
  >
  > Thanks,
  >
  > Nitesh
  Nitesh,
  Remove access to S_ALV_LAYO for general users and give access to F_IT_ALV instead.  Keep S_ALV_LAYO for the users who will be maintaining the default layout.
  Good Luck!

• Authorization restriction for Transaction PK13N

  Hi @ all
  My colleagues and I are responsible for the authorizations in our system.
  Since few days we test the Kanban functions in SAP.
  In abovementioned transaction are two buttons "To Empty" and "To Full".
  Does anybody know if there is a possibility to restrict some users for these buttons?
  Thanks @ all!!
  Greets Kristin

  Hi Kristin,
  The "Save to Empty" and "Save to Full" buttons are screen elements and can't be restricted with the authorization objects.
  Further, below are the authorization object that are checked with PK13N transaction code:
  C_KANBAN     PP KANBAN Processing
  C_TCLA_BKA     Authorization for Class Types
  CPE_SETTIN     Commodity Pricing Engine: General Settings
  You can imply restriction on any of these.
  If you with to show/remove one of these buttons, you can achieve this with screen variants using SHD0 transaction code.
  Hope this helps.
  Regards,
  Raghu

• Authorization restriction for bank details in FK03

  Hi,
  Please help me in restricting display of Bank details (payment transactions) in vendor master when we use transaction FK03 or XK03.
  Thanks,
  Nitish

  Hello Nitish,
  You can protect all general data (i.e. address data, payment transaction
  data, ...) with the authorization object F_LFA1_GEN. However, it is not
  possible to protect only bank data using authorization objects.
  As a workaround(!) for your requirement, you can do the following:
    1) Use the IMG Customizing tool (transaction SPRO) or transaction OB23
       directly to define Payment transactions data as "Suppress" within
       transaction FK03 and as "Display" within transaction XK03.
    2) The use of transaction XK03 should only be allowed to the managers,
       but not to the normal users who should use transaction FK03.
  Hope that helps,
  Jon

• Authorization restriction for Goods issue . others radio button in migo tcode

  Hello All,
  We have a situation wherein the user is able to issue goods using tcode MIGO by choosing Goods issue --> Others and  the movement type 201
  the above mentioning details i need to block the others tab only for specific user ids i have checked the MIGO objects But its not worked
  please give me solution for block the others button on the drop down box
  please find the attachment of screen shot its helpful to sort out the issue
  Best Regards
  suresh

  Dear Anandan,
  Please use trace t.code ST01 to fix the issue.
  You can restrict the movement type using the authorization object M_MSEG_BWA.
  If you can provide the step by step screens where you want to exactly restrict we can fix it.
  Regards,
  Venkatesh

• Authorization restriction for executing the ABAP queries

  Hi
  In ABAP queiries how the restriction can be done for where users should not execute /authorized
  of other plant or company code - Projects/ WBS/NWA and its related components. I tried the following methods but not working - seems something is missing .
  method 1) restricting based on the profit center ( free coding )
  AUTHORITY-CHECK OBJECT 'C_PRPS_PRC'
           ID 'PRCTR' FIELD PROJ-PRCTR
           ID 'PS_ACTVT' FIELD '02'.
  (or)
  method 2 -(free coding)
  *---Authorization for Company code entered by the users.
  *---This code will restrict users to see data for company
  *---codes which they are not authorized to.
  *---Select all the company codes based upon selection entered by the
  *---user
  SELECT bukrs
     FROM t001
     INTO TABLE li_bukrs
    WHERE bukrs IN z_bukrs.
  IF sy-subrc EQ 0.
  *---Clear Screen variable for Company code
     CLEAR z_bukrs.
     REFRESH z_bukrs.
  *---Filter and prepare Select options for Company code table to be
  *---passed to query. Table will only have values of company codes he is
  *---authorized to for display.
     LOOP AT li_bukrs INTO lwa_bukrs.
       AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
                         ID 'BUKRS' FIELD lwa_bukrs
                         ID 'ACTVT' FIELD '03'.
       IF sy-subrc = 0.
         z_bukrs-sign = 'I'.
         z_bukrs-option = 'EQ'.
         z_bukrs-low = lwa_bukrs.
         z_bukrs-high = space.
         APPEND z_bukrs.
       ELSE.
         lv_flag = 'X'.
       ENDIF.
     ENDLOOP.
  *---Give warning message to the user in case he is not authorized to see
  *---data for all the company codes that he has entered.
     IF lv_flag = 'X'.
       MESSAGE ID 'ZF_MSS_FNG' TYPE 'W' NUMBER '015'.
     ENDIF.
  ENDIF.
  Just make sure that Z_BUKRS field is available in selection tab.
  Also, declare below mentioned variables in INITIALIZATION.
  DATA: li_bukrs TYPE TABLE OF bukrs,
         lwa_bukrs TYPE bukrs,
         lv_flag TYPE c.
  Kindly help if there is missing anything on the above or is there any other alternative.
  Regards
  PP

  Hi,
  Kindly help if there is missing anything on the above or is there any other alternative.
  Carlos is right about the Authorization check.
  If you further wants to explore something extra, just visit these links:
  1. http://help.sap.com/saphelp_NW70EHP1core/helpdata/en/52/671449439b11d1896f0000e8322d00/frameset.htm
  2. http://help.sap.com/saphelp_wp/helpdata/en/52/67129f439b11d1896f0000e8322d00/content.htm
  3. http://help.sap.com/crmcg_en/5c/deaa74d3d411d3970a0000e82de14a/content.htm
  4. http://www.sap-img.com/bc042.htm
  May this information helps you.
  Regards.
  Deepak Sharma.

• Authorization Restriction for Object Changeability :

  Hi ,
  How to restrict users from using Object changeability in Production System if they are given access to RSA1, even though the system is completely closed , with Object changeability, the users can still create a new Info package and upload data ?
  I have gone through the SDN and SAP documentation, but I could not find any such references.
  Looking forward to your valuable input on this.
  Regards,
  Ahmed.

  Hi there,
  You have an authorization object named S_RS_ADMWB (Data Warehousing Workbench - Objects).
  You can with that object restrict the several activities (display, execute, create, etc.) for different Datawarehouse InfoObjects (InfoPackage, etc.).
  Try to restrict that to the users.
  Diogo.