Authorization Restrictions for user

Similar Messages

• How add Authorization check for user with assigened role for t.code-MIR4

  Hi All,
  Regarding authorization how to check authorizations check for user whith assigned roles for the t.code MIR4  using ABAP.
  In Detail:2)     All users are allowed to go to MIR4(invoice number), But ONLY for users with role: MM_RELEASE_INVOICE can proceed to do the posting.
  suggest me...
  Thanks,
  srii..

  Hi Sri ,
  first u need to find out  in which user rules u are using this object , after that if u want to restrict users then remove create/change values from that object values .
  make use of Tcode SUIM to find out all roles which are using this Object.
  or
  ask ur basis guy to remove authorizations to create/change....
  regards
  Prabhu

• Failed to activate authorization check for user SAPSYS

  Hi Experts
  I am trying to run the sdcc, it was throwing time_out error. i have increased the work process runtime. now
  i am getting a error Failed to activate authorization check for user SAPSYS.
  Please help me to solve this issue.
  Regards
  Venkat

  Hi, Mr. Joe Bo.
  Thanx for your reply. We are using ECC6 (HP Unix with Oracle)
  Basis Patch - 15, Kernel 159
  I have seen the the note but it's showing ccms method defination settings, but for my case we are yet to go live we have not made any settings from sap they are planning to run a session for the go live. When i am running sdcc i am getting a error in the system log "Failed to activate authorization check for user SAPSYS"
  Thanks & Regards
  Venkatesan J

• Authorization restriction for Goods issue against an Order

  Hello All,
  We have a situation wherein the user is able to issue goods using tcode MIGO by choosing Goods issue --> Others and mentioning an order number that belongs to another plant in the account assignment tab and issues a material which belongs another plant.
  For eg we have material A that has been created for plant 1. The user issues the material (movement type 261)and the account is assigned to an order which has been created for plant 2.
  I could not find any authorization object that restricts this.
  I checked the objects M_MSEG_BWA and M_MSEG_WWA and he has authorizations only for plant 1 and all movement types.
  Any pointers to restrict this access will be appreciated.
  Thanks & Regards,
  Subramaniam Iyer

  Hi,
  MIGO transaction by default restricted with Plant.  If you say that the user A is having access to only Plant 1 & 3, but not for 2, please check the below authorization objects does not have any manual objects inserted into the Role and restricted with the value only in organization field.
  M_MSEG_LGO
  M_MSEG_WMB
  M_MSEG_WWA
  M_MSEG_WWE
  This issue may occur because if the objects are maintained manually in the role.  If so, when you check in the organization field, it may not be showing the value which are manually added into the manual object.
  Also, please check the other roles are assigned to the user.  If any of the other roles assigned to the user having any of the above objects with * value, this may provide the user to do the Goods movement for any plant.
  To check the issue, please go to SUIM and check the user under "Roles by Complex Selection Criteria" and make sure that you are checking the objects for the particular user.  This should be able to identify whether the user is getting access from any other roles assigned to the user.
  Regards
  Anandm

• Ad-hoc Authorization restricting the user

  Hi All,
  The users needs to be restricted from Ad-hoc broadcasting the reports using the Bex Broadcasting Wizard.
  where can i restrict the broadcast using Authorization restrictions in the user profile?
  Can i restrict the user by deactivating Broadcast Tab in  the menu ?
  suggest me the feasible solutions.
  Thanks,
  Mike

  Hello Mike,
  Do you got the solution for the same? Kindly let me know the details as We have same issue at our location
  Thanks in Advance.
  Regards:Gaurav

• Authorization restriction for IK34

  Dear Experts,
  We want to restrict user from entering one plant reading from another in t-code ik34. Currently user can enter measurement document of all plant. We want to restrict the user plant wise. Our basis consultant is trying with authorization group(i_begrp). But not getting the desired result. Please suggest how to restrict it.
  Regards,
  Shivang

  When I had this issue a while back, we found that you cannot restrict on plant for measurement documents.
  One way to restrict it is to tie the measuring pionts to an authorization group. You can classify each authorization group into each plant. Then maintain these authorization groups in the measuring point in IK01 or IK02. These measuring points would be tied to the measurement documents and should show up in the trace.
  I would also ask if the restriction is really required. Would it do that much damage if a person is able to touch other measurement documents. Some may say yes, others no.
  Hope this helps.

• Authorization restriction for Transaction PK13N

  Hi @ all
  My colleagues and I are responsible for the authorizations in our system.
  Since few days we test the Kanban functions in SAP.
  In abovementioned transaction are two buttons "To Empty" and "To Full".
  Does anybody know if there is a possibility to restrict some users for these buttons?
  Thanks @ all!!
  Greets Kristin

  Hi Kristin,
  The "Save to Empty" and "Save to Full" buttons are screen elements and can't be restricted with the authorization objects.
  Further, below are the authorization object that are checked with PK13N transaction code:
  C_KANBAN     PP KANBAN Processing
  C_TCLA_BKA     Authorization for Class Types
  CPE_SETTIN     Commodity Pricing Engine: General Settings
  You can imply restriction on any of these.
  If you with to show/remove one of these buttons, you can achieve this with screen variants using SHD0 transaction code.
  Hope this helps.
  Regards,
  Raghu

• Authorizations: restrictions for InfoObjects and InfoProvider

  Hi Gurus,
  I am trying to define authorizations via RSECADMIN in 7.0 for a specific InfoObject and specific InfoProviders. The situation is: I want user USER1 to see only Company 4360 on Cube 'XXXXX', but he must be able to see all the Companies in all the other Cubes.
  I have used in RSECADMIN the icon "InfoCube Authorizations" to introduce the single Cube and corresponding single values for my Company, but it seems that the system use this restriction for all the Cubes.
  Please help me.
  Ciao.
  Riccardo.

  Problem solved.

• Restriction for users NOT to viewa particular table/Infotype..

  Hi All,
  We have a requirement where employee's salary details need to be uploaded into the SAP HR database.
  But in our scenario, someof our consultants have Production login and can access SE16 Tcode to view the database table entries.
  Now since we need to upload the salary details into an Infotype, this infotype should not be made accssable to the consultant logins. In the meanwhile, the logins should not be restricted to user SE16 Tcode.
  Hence can we put a restriction, so that these consultants can not view the particular infotype which as salary details?
  They should be given access to browse SE16. But at the same time, they should not be allowed to browse PAXXXXX Infotype which contains SALARY details..
  How to handle this kind of problems????
  Regards
  Pavan

  Hi All,
  I have got a response from another user as follows. But can anyone explain me how exactly move ahead....???
  We have recently dealt with a similar scenario.
  What we have done is we have used the authorization object S_DEVELOP with OBJTYPE TABL(means table access).
  Unfortunately we could not find a way to exclude one or several tables from selection.
  Thus we have given two intervals to OBJNAME field.
  First interval starts from the very first table in the system /1CN/AMFSAPH1FDT (please check your system for this) to the table just before the one we are trying to restrict (P593R).
  Second interval starts from the first table after the restricted one (PABASN) to the last table in the system(ZZXXX) (please check your system for this).
  In the solution above we had restricted access to all PAXXXX tables.
  Regards
  Pavan

• Authorization scheme for users stored in a database table?

  Hello!
  I'm trying to find out how to make an authorization scheme for database users.
  I first made an authentication scheme for my current application, I named it "Authentication for database accounts", and the scheme type is "Database Accounts".
  A word of explanation:_
  I have a table in my database, named "USERS". Inside this table, I have the following columns:
  - USERID (NUMBER)
  - USERNAME (VARCHAR2(50))
  - PASSWORD (VARCHAR2(50))
  - EMAIL (VARCHAR2(200))
  For this question, I'll take an example user. The username is USER and the password is USER. Email and UserID don't matter here, but let's just say the UserID is 1.
  What I want:_
  When you go to the application, and you are requested to log in (page 101), then I want a user to be able to log in with the data that has been stored in the USERS table.
  So, on the login page, the user will enter USER as username, and USER as password. The authorization scheme then needs to check whether or not this username and password match the data in the USERS table. If it does, then it must sign the user in with the credentials the user entered (those being USER and USER).
  I also want the UserID to be stored somewhere in the application (if possible, in an application item).
  How do I do this? I've never made an authorization scheme before... I'm not too good with PL/SQL either, but I'm working on that part.
  Any help is greatly appreciated.

  I'm trying to find out how to make an authorization scheme for database users. I think there may be some confusion here. An authorization scheme gives the user access to different parts of an Apex Application. Database users are the users that you use to login to the database, for example with sqlplus.
  From the rest of your post it sounds like you need a custom authentication scheme to validate users against a custom table. For this you need to create a custom authentication scheme and select use my custom function to authenticate. Exactly how you set up the authentication scheme depends on the version of Apex you are using. But an example of validate user function you could use is given below:
  function validate_login (
     p_username   in   varchar2
  , p_password   in   varchar2) return boolean
  is
  v_result varchar2(1);
  begin
  select null into v_result
  from USERS
  where userid = p_username
  and password = p_password;
  return true;
  when no_data_found then return false;
  end validate_login;Once the user has successfully logged on the userid will be in the APP_USER apex substitution string.
  And for Application Express Account Credentials, does this mean an admin must make each new user by hand?If you using Apex account credentials the user details are stored within the Apex tables. You can create users using the Apex admin application or by using the APEX_UTIL.create_user api.
  Rod West

• Authorization restriction for CRM 2007

  Dear Experts,
  We are in process of defining the authorization matrix for CRM 2007 for end users who will be using Web UI.
  Here my requirement is the service orders created by USER1 should not be displayed by USER2 and vice-versa when they do a search in both Web UI and GUI in Tx CRMD_ORDER for service orders.
  Please let me know how can I acheive this and what is the auth. object for the same.
  Thanks & Regards,
  Sharath

  Dear babu,
  If I understood your request, you want that, only one user will be able to access the document. If you want to do that, this is the answer:
  At tcode PFCG you shoud set:
  First you must set what type of document will be avaible to the user, in this case Z020.
  CRM_ORD_PR: PR_TYPE 'Z020',ACTVT '*'
  Next you must set which activities they will be able to do (notice, you must set the same field in the previsou object(
  CRM_ACT: ACTVT u2018*u2019
  And then you set which partner function or partner category are able to access the document, here is the main point !
  In this example I set that only users who has Partner Category (not partner function) Employee Responsible (std partner category 0008) are able to access the document
  CRM_ORD_OP: ACTVT '', PARTN_FCT '', PARTN_FCTT '0008'
  Here you can notice again field ACTVT, here you will set what user are able to do, "*" means everything, "1" = create, "2" = modify, etc. (I can see the list at PFCG, adding the auth. object to the PFCG profile).
  I notice only std partner function or partner category works with this object. I sent a message to sap support, and they confirm that, so if your user has Z partner funcition or category it is not possible to do that.
  Summary, your user must be present in the partner list of the document, and they must have a partner function or partner category std. It is possible to set together both values PARTN_FCT  and PARTN_FCTT, but I think it is not necessary.
  The easy way to do that is, user who will be able to access the document, must be the employee responsible.
  This help is very usefull
  http://help.sap.com/saphelp_crm60/helpdata/en/4a/b9f63a8ab2c745e10000000a114084/frameset.htm
  Regards,
  Lalas
  ps.: As you should know, only one partner function must have partner category Employee Responsible, in the partner det. procedure, otherwise, you will get error message in your application.

• F4 / Help restriction for user ?

  I have checked all the threads, not having suitable solution
  I am looking for user to be restricted F4/help option, how this is possible.
  I want to give user only the transactional entries for given tcodes and the same user never to get F4/Help option display.
  Please help
  Thank you in advance
  Srihari

  Hi Srihari,
  I think your request is quite peculiar. I don't know any customizing, nor user exit, to restrict all these helps. For F1/F4, you could do a modification of the standard HELP_START function module, but I don't advise it as it is a central basis tool. For listbox fields, I only see the solution below.
  Probably your best chance would be to use GuiXT (via transaction and screen variants of the SHD0 transaction) to redesign these screens, you can attach the transaction variants to a group of users.
  There are also 2 other input helps that you might like to disable: input field history and SET/GET parameters.
  What for, by the way?
  BR
  Sandra

• How to set restriction for user in sap

  Hi,
      I have created a user,now i need to restrict the user to work only for 8 hrs per day.HOw can i set timing for the user.Kindly help out regarding this.
  Regards
  sekar

  Sekar,
  If you use external authetnication for users when they logon to SAP, then you can control the times they can logon and which days of week (if required). For example, it is possible to use Active Directory authentication to authenticate users to SAP application via SNC or using a custom login module in WebAS Java, and in AD you can set times when logons are allowed. This might be what you are looking for ?
  If you want to log somebody off SAP when they have been using it for a period of time, then this can be dangerous if they are in the middle of a complex transaction when they are logged off. Also, I don't think this functionality is included in SAP product. If you don't want somebody to use SAP at certain times of day, then it might be better to force a screen saver at workstation instead, if this is what you want.
  Regards,
  Tim

• Authorization restriction for material group field in MM02 for user role

  Dear All,
               My client wants to restrict 'material group' field usage in MM02 for certain users.
               How to achieve this task?
               Kindly advice
  Thanks &Regards
  Thangavel Ganesh

  Hi all ,
  You can use authorization object advised by AKPT MM. For related transactions , you can benefit from MM Related Authorization Objects - How to Find out & Assign , thanks to Sudeep A
  Regards.
  M.Ozgur Unal

• Authorization restriction for Goods issue . others radio button in migo tcode

  Hello All,
  We have a situation wherein the user is able to issue goods using tcode MIGO by choosing Goods issue --> Others and  the movement type 201
  the above mentioning details i need to block the others tab only for specific user ids i have checked the MIGO objects But its not worked
  please give me solution for block the others button on the drop down box
  please find the attachment of screen shot its helpful to sort out the issue
  Best Regards
  suresh

  Dear Anandan,
  Please use trace t.code ST01 to fix the issue.
  You can restrict the movement type using the authorization object M_MSEG_BWA.
  If you can provide the step by step screens where you want to exactly restrict we can fix it.
  Regards,
  Venkatesh