Authorization Role for S_ALR_87099918

Similar Messages

• How to create authorization role for just displaying query prefix Q and X.

  Hi Expert,
  I hope someone can help me on how to create authorization role for just displaying and executing  BEX  Queries prefix Q and X. I'm currently using SAP BI 7.1.
  Actually, I already created one role called : Z_FORINDO_ONLYDISPLAY_QX
  where I only put in the Authorization Component (in the Role Maintenance - Tcode 'pfcg'):
  -->Manually Business Information Warehouse
      --> Manually Business Explorer - Components
  Activity : Display, Execute, Enter, Include, Assign
  InfoArea : *
  InfoCube : *
  Name(ID) of a reporting component : *
  Type of a reporting component : Calculated key figure, Restricted key figure, Template structure
      --> Manually Business Explorer - Components
  Activity : Display, Execute
  InfoArea : *
  InfoCube : *
  Name(ID) of a reporting component : Q* , X*
  Type of a reporting component : Query
  But, the problem is I still can make changes on that queries (Q* and X*). Even, I still can run query with prefix Z. I use S_RS_RREPU Tamplete for Query Display and execution.
  Please assist. Very much appreciate your help. Thanks.
  Edited by: nadiyah salleh on Mar 18, 2008 11:22 AM

  Question close. This issue has been resolved.

• Required Authorization Role for E-commerce manager

  Hi ,
  Could you please tell me required Authorization Role for E-commerce manager and catalog administartor?
  Thanks.
  Regards,
  PV

  SAP_CRM_ECO_ISA_WU_B2B_FULL           CRM-ECO: ISA Internet User (Full Document Authorization)             ISA_B2B_FULL
  SAP_CRM_ISA_UA_SUPERUSER              Internet Sales User Administration Authorizations                              Superuser
  *SAP_CRM_ISA_WEBSHOP_MANAGER     *    Authorizations for the Internet Sales Web shop Manager         Webshop Manager
  SAP_CRM_ECO_ISA_WU_B2C                  Internet User for B2C

• Help Required in Authorization Roles for Workbooks

  Hi All,
  In our project, we have a requirement of creating a role for users with below authorizations.
  1.     Can display and execute the workbooks in the role menu.
  2.     Can create copy workbooks ( Save as) in the role menu.
  3.     Can not delete the original and the copy workbooks from role menu.
  We are using an authorization object S_RS_FOLD with u2018FALSEu2019 for restricting the user from deleting workbooks.
  We also need to add one more object S_USER_AGR (without u2018Deleteu2019 property) to give the authorization of creating copy workbooks in the role menu.
  Object S_RS_FOLD this is working fine without S_USER_AGR. But after adding S_USER_AGR (without delete property), user is again able to delete the workbooks.
  So how can we achieve both the functionalities where user can not delete the workbook but can create copy workbooks in the role menu.
  Thanks,
  Sachin

  Re: Adding report (query & workbook, templates) in roles
  Go through this thread.
  And in our Project we have created one role for accessing workbooks. in that end user can access the work book but saved one and user cannot resave or delete the work book.
  we have added Auth objects S_TCODE and S_GUI.
  in S_TCODE we have added RRMX and in S_GUI we have given 60(IMPORT) access to the users.
  So that they can just share the workbook. nothing else can be done.
  Try like this. Hope this would help you.

• What authorization-roles for user login (java stack)

  Hello SAP-Fans ,
  which authorization role needs to be assigned to the users for logging into a java-stack on port 50.000?
  We always get the error-message: "Error 403 forbidden, You are not authorized to view the requested resource."
  I know this is a beginner's question. Java is completely new to us.
  Thanks in advance
  Danny Winn

  Hi Danny,
  Welcome to SDN,
  Logon to the portal with the user Administrator, go to User Administartion and create a user for yourself by assigning Super Admin Role.
  portal Url must be http://<host.fqdn>:50XX0/irj/portal where XX is the system number in this case 00.
  You will able to see at the user admin tab all the SAP standard roles.
  regards
  Juan
  Please reward with points if helpful

• Authorization roles for release strategy FRGSX

  Hi guys,
  we are using R/3 4.7. We are going to implement release strategy for Purchase orders in our company .
  We have customized different release groups, for several release strategies and release codes, without implementing any workflow.
  We have a problem on authorization roles because we assigned for each combination of release group and release code a authorization role but it is not sufficient to restrict the role for users because we don't take into consideration the release strategy.
  We had a look on the system but we didn't find any object related to release strategy (techical name FRGSX).
  Could you someone help me?
  Thanks in advance
  Vir

  When assigning user authorization for PO release strategy each user is assigned to release group and release code. You cannot make a connection between specific release strategy to user.
  Pay attention that the authorization needed are also for change PO (ME22N) - meaning you can limit the users by all the authorization values of the ME22N objects.
  Use t.code SU24 to explore what auth. are checked in each transaction.
  Nir

• How to create a authorization role for new Multiprovider

  I have a new InfoCube and a new Multiprovider on top of that cube. I would like to find how to create a role for new New Multiprovider. Can someone please provide me the step by step procedure to do this.
  Thanks
  Arjun

  Hi,
  You can check if there is a log when creating virtual machines. Hyper-V event logs are stored in the Event Viewer under "Applications and Services Logs", "Microsoft", "Windows". If yes, you can create a event rule monitor for that.
  http://technet.microsoft.com/en-us/library/hh457593.aspx
  Niki Han
  TechNet Community Support

• Standard authorization role for CRM implementation team member

  Hello,
  We are starting SAP CRM implementation project (7.0) and I would like to avoid giving sap_all authorizations to functional consultants in development environment. Unfortunetly I can't find standard customizer profiles like the ones in ERP system exists.
  So the objective is to have quite broad role or profile with no restrictions in customization and functional area. However it's important not to have Basis authorizations in this role/profile. Hope that someone can give me a hint in this direction.
  Thnak you,
  Jahoo

  Hi,
  as soon as the implementation team member should also do developments my experience is that without SAP_ALL you will have much trouble. Therefore in our dev-system each consultant will have SAP_ALL authorization. Of course only in the DEV-System.
  Kind regards
  Manfred

• Authorization roles for Release Codes

  Hi,
  We have a requirement wherein the release codes for the PO release strategy are about 100. The roles are repeating itself i.e. Buyer, Manager, Director etc for different countries and other attributes. Is there any way by which we can reduce the authorisation roles.
  Regards,
  Mohit Sehgal

  If you have implemented the Work flow than you don't need the repeated code for manager or buyer etc.
  you can just define the oce code for each position and use them in release strategy and based onthe workflow with combination of HR org structure you can send them to appopriate manager
  e.g. you have 10 manager and each manage has 10 buyer
  so you create one manager relese code e.g. MG and one Buyer code BY
  now you have create many release strategy where you enter the MG code and BY code but you want send the PO for approval based ont he buyer
  so you have to set up the HR ord sturcture in the tcode PPOCE and create teh tree for the buyer code and manager relation ship
  now when you create the release strategy you will enter the purchase group in the release strategy which is assigned to the buyer code and based on the HR org structue it will find the appropriate manager whitout defining many manager code and buyer code.
  or if you don't have the workflwo than you have to create diff buyer code and manager code.

• Authorization Role for Vertex O Series

  We have implemented Vertex O Series and need to move the user role off SAP_ALL/SAP_NEW.
  Can any provide what roles they have assigned to the Vertex RFC user?
  Thanks

  Julius Bussche wrote:>
  > Hello Darlene,
  >
  > I dont know VERTEX, but would think that if they are installing and calling their own function module, then it is their responsibility. Who are the "end users" of this VERTEX application?
  >
  > If they are calling a SAP standard function module (BAPI), then it is a bit greyer. If it is SAP, then how could SAP possibly know how your system is configured or how VERTEX is calling it, or how much of the "interface" you want to use, to be able to deliver a role? For the same reason, how could VERTEX know all of that?
  >
  > My guess would be that you will be given a role which is close to SAP_ALL without a few transaction codes
  >
  > Most likely, you can save yourself a lot of time, hassle and risk by logging and building a role yourself.
  >
  > [Here is a usefull presentation on how to go about it|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a08fbe33-0501-0010-2d9c-fb37e9795fd9] and if you have any questions, feel free to ask them here at SDN.
  >
  > Kind regards,
  > Julius
  I can't agree more with Julius,  I would say that it is bordering on irresponsible for a company to produces a product interfacing with SAP and they haven't tested or will not provide adequate security information for that product.
  I was in a situation a while back with the SAP interface of a business process mapping tool called ARIS, however they had done their homework, just at the time was difficult to locate it in the documentation

• Authorization roles for display access to PD transactions

  Hi all,
  There is a requirement to create a new security role to allow display access to PD transactions :
  > Organisational and Staffing Display PPOSE,
  > Display Position PO13D,
  > Display Organisational Unit P010D
  With this role, display access needs to be restricted to view organisation units and positions within the line of business where the position with this security role sits, eg position is within Direct Sales and Service 55001641 therefore they can only view organisational structures that report through to this top org unit.
  Any inputs regarding this would be appreciated.
  Regards,
  Manasee

  Try with  object 'S_ENQUE' and ID 'S_ENQ_ACT'...
  Hope it helps!
  Bye,
  Roberto

• How add Authorization check for user with assigened role for t.code-MIR4

  Hi All,
  Regarding authorization how to check authorizations check for user whith assigned roles for the t.code MIR4  using ABAP.
  In Detail:2)     All users are allowed to go to MIR4(invoice number), But ONLY for users with role: MM_RELEASE_INVOICE can proceed to do the posting.
  suggest me...
  Thanks,
  srii..

  Hi Sri ,
  first u need to find out  in which user rules u are using this object , after that if u want to restrict users then remove create/change values from that object values .
  make use of Tcode SUIM to find out all roles which are using this Object.
  or
  ask ur basis guy to remove authorizations to create/change....
  regards
  Prabhu

• Transport Release frequency for Authorization Roles

  Hi,
  At my present customer all system changes are transported via release management. The current frequency of releases is 2 times a year. This includes SAP support packages, customizing, abap AND authorization roles.
  Now I would like to establish a different, quicker release 'speed' for authorization roles only (f.i. once a week).
  I already motivated my request with many reasons (role changes can be considered as master data changes; the lack of speed leeds to insecure 'workarounds'; role management issues are 'redesigned' to user management issues; etc.) but what I am still looking for are reference documents, best practices, audit reports in which the same advise is described.
  Could you please help me with my quest?
  Thank you!
  Kind regards,
  Lodewijk

  Hi Lodewijk,
  I agree, that is is useful to define a specific schedule for transporting roles in oposite to the schedule for updating the software, however, I do not have a document described some best practise. Anyway, the following link may help you to convince the management, that you can setup a process including 4-eyes checks on the transports:
  [TMS Quality Assurance|http://help.sap.com/saphelp_nw70ehp2/helpdata/en/9c/a544c6c57111d2b438006094b9ea64/frameset.htm]
  Using this process you would accept transports only which cointains roles (R3TR ACGR...).
  Kind regards
  Frank

• Authorizations & Business roles for ITSM

  Dears,
  i would like to ask whoever implemented an ITSM as a service desk for an IT organization, after setup the Organizational Structure (Organizational Model) and setup the Organizational Unit  (Sold To Part) and Org. Object (Support team).
  what is the best approach to give Authorizations & Business roles for :
  1) new employee joined the company as an End User (Requester).
  2) new employee joined the company as one of the IT Help desk (Dispatcher, Processor....etc.)
  Regards,
  Yazeed

  HI Shikha,
  i hope you are assigning the Role to the Position cretaed in your org model.
  That is by navigating thru
  GO TO-DETAIL OBJECT-ENHANCED DETIAL DESCRIPTION-By creating new infotype for Business Role
  here one can assign the Business Role with the position.
  In case you are not assigning by above mentioned way. Try to do so. Hope this will help.
  Vijayata

• Authorization check for caller assignment to J2EE security role

  Dears experts, in the default.trc logs in, my Enterprise Portal NW2004s, appear this error:
  #1.#0018714E4A14005E000027E1000057B8000441BB7EF2FC03#1198173451524#com.sap.engine.services.security.roles.SecurityRoleReference#sap.com/irj#com.sap.engine.services.security.roles.SecurityRoleReference#Guest#2126####46ce8210aefd11dcc68f0018714e4a14#Thread[Thread-59,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authorization check for caller assignment to J2EE security role [ : ] referencing J2EE security role [ : ].#5#ACCESS.ERROR#service.jms.default.authorization#administrators#SAP-J2EE-Engine#administrators#
  #1.#0018714E4A14005E000027E5000057B8000441BB7F8BDC21#1198173461543#com.sap.engine.services.security.roles.SecurityRoleImpl#sap.com/irj#com.sap.engine.services.security.roles.SecurityRoleImpl#Guest#2127####46ce8210aefd11dcc68f0018714e4a14#Thread[Thread-59,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authorization check for caller assignment to J2EE security role [ :
  Any idea about it?
  Thanks friends

  Hi Holger,
  Thanks for the tip, it could be the case, I just checked and we are on Patch 0 for JEECOR as you can see here below:
  sap.com/SAP-JEECOR   7.00 SP13 (1000.7.00.13.0.20070907082334)  20071028144036 
  sap.com/SAP-JEE          7.00 SP13 (1000.7.00.13.2.20071026143730)  20071203150628 
  Will inform some people internally to patch to atleast 3 to check if it still occures.
  Anyway, Thanks again..
  Benjamin Houttuin