Authorizations for BW reportings and BW BPS

Similar Messages

• Authorization for material type and material views

  Hello all,
  I would need to restrict a user group, in creation (MM01) and modification of material master, based of type material and material views.
  The authorization, for each user should be:
  - view, modify and create of all views, except accounting (B) for type material ZFER;
  - view, modify and create of all views for type material ZOFF.
  I tried to create 2 roles in PFCG with the following authorization objects:
  1) M_MATE_MAR (Material Master: Material Types)  ACTVT = *, BEGRU = ZFER and M_MATE_STA (Maintenance Statuses) ACTVT = *, STATM = A,C, D, E, F, G,K, L, P, Q, S, V, X, Z (excluding B)
  2) ) M_MATE_MAR  ACTVT = *, BEGRU = ZFER and M_MATE_STA ACTVT = *, STATM = B
  but the effect is to be authorized, to all view for material type ZFER and ZOFF.
  I have already updated the authorization group of the type materials (OMS2).
  Is there a solution for this problem?
  (component version SAP ECC 6.0)
  Thanks.
  Regards,
  Luca

  I tried to create 2 roles in PFCG with the following authorization objects: 1) M_MATE_MAR (Material Master: Material Types) ACTVT = *, BEGRU = ZFER and M_MATE_STA (Maintenance Statuses) ACTVT = *, STATM = A,C, D, E, F, G,K, L, P, Q, S, V, X, Z (excluding B) 2) ) M_MATE_MAR ACTVT = *, BEGRU = ZFER and M_MATE_STA ACTVT = *, STATM = B
  - Are both these roles assigned to the same user? then your purpose is not solved, It is more or less like giving full authorization.
  - One role should be
  M_MATE_MAR (Material Master: Material Types) ACTVT = *, BEGRU = ZFER and M_MATE_STA (Maintenance Statuses) ACTVT = *, STATM = A,C, D, E, F, G,K, L, P, Q, S, V, X, Z (excluding B) for view, modify and create of all views, except accounting (B) for type material ZFER. This should be assigned to one user
  - Second role should be
  M_MATE_MAR ACTVT = *, BEGRU = ZOFF and M_MATE_STA ACTVT = *, STATM = * for view, modify and create of all views for type material ZOFF. This role should be assigned to the second user.
  Regards,
  Subbu

• Authorization for "Select Layout and Print"

  I am using Business One 8.8 PL 18.  The option under the File menu for "Select Layout and Print" is available for super-users and some other users.  We want it to be available for all users.  What authorization setting controls this function?  Thanks.
  Marcia

  Under "General" section, assign "Full Authorization" rights to "Print Layout Designer"
  George

• Authorization for order type and activity

  Dear all,
  is it possible to set the authorization in PS, that allow changes only for specific order types?
  Scenario:
  A user is allowed to display order type PS01.
  But he is also allowed to create/change/display the order type PS02.
  In transaction CN22 there is only the authorization object C_AFKO_AWK, which has the values for plant and order type, but the activity is missing. So if the user gets both order types and also transactions CN22 and CN23, he can change both order types.
  Is there a solution for this problem?
  Thank you!
  Regards,
  Stefan

  I tried to create 2 roles in PFCG with the following authorization objects: 1) M_MATE_MAR (Material Master: Material Types) ACTVT = *, BEGRU = ZFER and M_MATE_STA (Maintenance Statuses) ACTVT = *, STATM = A,C, D, E, F, G,K, L, P, Q, S, V, X, Z (excluding B) 2) ) M_MATE_MAR ACTVT = *, BEGRU = ZFER and M_MATE_STA ACTVT = *, STATM = B
  - Are both these roles assigned to the same user? then your purpose is not solved, It is more or less like giving full authorization.
  - One role should be
  M_MATE_MAR (Material Master: Material Types) ACTVT = *, BEGRU = ZFER and M_MATE_STA (Maintenance Statuses) ACTVT = *, STATM = A,C, D, E, F, G,K, L, P, Q, S, V, X, Z (excluding B) for view, modify and create of all views, except accounting (B) for type material ZFER. This should be assigned to one user
  - Second role should be
  M_MATE_MAR ACTVT = *, BEGRU = ZOFF and M_MATE_STA ACTVT = *, STATM = * for view, modify and create of all views for type material ZOFF. This role should be assigned to the second user.
  Regards,
  Subbu

• Releasing authorization for maintenance order and permit.

  Hi,experts,
  We have two different user id say "X" and Y.We want to block releasing authorization of maintenance order and permit for user id "X" and give the same to user id "Y",How we can do it in SAP?Please,give some suggestions on this.Thanks in advance.
  rgds
  rajib

  Hiii
  You can create two seperate Authorization role using PFCG transaction code. Assign it to particular users & control the authorization. Use Following procedure.
  1. Transaction code PFCG will take you on screen role creation screen.
  2. Give authorization for IW32 transaction code in that block authorization according to business transaction for BFRE. This business operation is made for order release.
  For permit there is seperate option is available for permits also.
  If you have any issue, pl. be free to ask question.
  Regards

• Authorization for Basic dates and Forecast dates

  Hello colleagues,
  My customer requires is to have separate authorizations for using Basic dates and Forecast dates within WBS Element, Network and Milestone.
  Iv'e noticed that the rellevant autorization object to have this separation is C_PROJ_TCD ; field: PSARG ; activity: 111 & 112. However I wonder if this is relevant to all related objects  in the project or only to the Project definition object.
  If the answer is only to PD I will be glad to have an idea how to controll it within the other objects .
  Thanks in advance
  Best Regards,
  Nir
  Edited by: Nir Horvitz on Nov 23, 2010 10:32 AM
  Edited by: Nir Horvitz on Nov 23, 2010 10:41 AM

  It is for all the objects... but you can not control it on basis of only that auth object.
  For network,
  use object :
  C_AFKO_ACT
  and activity 22 Display dates
  for Project def and WBS, use
  C_PROJ_KOK, C_PROJ_PRC, C_PROJ_VNR
  C_PRPS_KOK, C_PRPR_PRC, C_PRPS_VNR
  Regards,
  Amol Sarode

• System Status Authorizations for Marketing Plans and Campaigns

  Hi Experts,
  We are using the Standard System Statuses on the Marketing Planner like the Created , Released, Approved, Finished, Locked and Rejected. My requirement is to limit the access to the Users for these Statuses. For Example :
  User 1 will have access to Created.
  User 2 will have access to Aproved.
  User 3 will have access to Aproved,Released, Create
  How do I set the Authorizations for the System status based on the User? I tried creating Authorization Keys under Status Profiles, but I am not clear on where to assign them.
  Please guide me.
  Thanks in Advance.

  Hi ,
  Thanks for your input. I am planning to go with your second option to go with assigning the Authorization objects at the Marketing Plan and also at the Campaign level . My only concern here is will we be able to assign status specific authorizations here ?
  The Authorization objects given are for change, create etc. There are no status specific authorization  objects mentioned.   My requirement is the person who creates the MP should have access to release it and only the approver should be able to see the approved status and change the status o approved.
  Do you suggest using Authorization keys and assigning them ?If so where do we define the restictions on the Authorization keys like
  Authorization Group 1 has authorization to Create , modify  a MP and can only   View / Change the  statuses to Create and Release.
  Authorization Group 2 has access to Modify and has access to change the  statuses to Aproved.
  Is there any way this can be achieved ? Please let me know if I am going in the right direction.
  Regards,
  Pooja

• How set authorizations for sales reports and other reports in SAPB1

  Hi, I'm currently working in SAP Business One Version 8.82
  The issue I'm facing is that I want to set it up so that certain users cannot see other users' sales information.  I know that I can turn on or off the Sales Analysis Report for various users for instance, but what I really want specifically is this.  Suppose we have 3 different teams: Team A consists of (Angie, Angela, and Anita the manager), Team B consists of (Bob, Barbara, and Ben the manager), Team C consists of (Cat, Charlie, and Courtney the manager).  I would like to make it so that everyone can view the individual sales order documents of everyone else (in case a customer calls and needs information, but the salesperson who created that document isn't there); however, Angie should only see her own orders when she does a Sales Analysis while Anita, the manager of Team A, should see the the orders of Angie, Angela, and herself of course.
  To summarize, I'd like to see the following
  1.  Each salesperson can lookup and view any sales order.
  2.  Each salesperson can run an sales report to view all his/her own open sales orders.
  3.  Each manager can run a sales report on his/her subordinates, but not on the other managers or their subordinates.
  4.  The boss or other people working in corporate are able to run a report on all open sales orders.
  What's the best way to approach this?  Is it best if I create my own report?  I haven't created any reports from scratch yet, so I'm not sure exactly how that works.  I'd like to be able to group the salespeople up by location if possible.  The sales analysis report doesn't really do that, but it is useful.  I just don't want everyone to be able to see the numbers on their peers.
  Thank you I appreciate any help or advice.

  Hi,
  1.  Each salesperson can lookup and view any sales order.
  Answer:
  Create own report by using query and save under query manager and the assign for all group. So that all sales person can run this query  and can get sales order detail.
  2.  Each salesperson can run an sales report to view all his/her own open sales orders.
  Answer:
  Create individual query ( add condition in where clause slpname = 'XXX') for each sales person and save it under query manager and assign to particular user group
  3.  Each manager can run a sales report on his/her subordinates, but not on the other managers or their subordinates.
  Answer:
  Create query for only particular team (  condition is slpname = XXX OR YYY OR ZZZ) and save under query manager. Make schedule report on this and send it to only particular manger
  Same way create for another manager and schedule report.
  4.  The boss or other people working in corporate are able to run a report on all open sales orders
  Answer.
  Create query for all sales person and schedule report to big boss.
  Hope you can get an idea.
  Let me know if you need sales report ( advice required field)
  Thanks & Regards,
  Nagarajan

• Authorization for "Support Team" and "Message processor"

  Dear colleagues.
  In message edit screen in CRM_DNO_MONITOR I want to prohibit changes for "Support team" and "Message processor" fields for been cnahged.
  I didnot find any authorizatiopn object,
  Is it possible?
  Regards
  Vladimir Kogan

  One way to achieve this is via partner dermination customizing. If you go to IMG then your can find something called Define Partner Determination Procedure under CRM -> Basic Functions. Here locate the relevant partner procedure, select it and double click on "Partner Functions in Procedure". Here you can for each partner function define if it is changeable after determination (flag/unflag the field called changeable).

• Basic parameters to define the grouping for the Items and the BPs in SAPB1

  Dear Friends,
  What should be the basic parameters to define the grouping for the Items and the Business partners in SAP B1?
  What will be the case when the client wants to classify the sales revenues various categories?

  Hi
  What should be the basic parameters to define the grouping for the Items and the Business partners in SAP B1?
  For items:
  Raw Material.
  Capital Goods
  Finished Item
  Semi Finished Item.
  Conusmables
  Stationary .........etc
  or .
  Metal.
  Rubber
  Wooden.....etc
  Bsuiness Partner
  Foreign or domestic.
  Region wise e.g South,North,East,West.
  State wise  e.g MH,KT,DELHI,GOA....ETC
  What will be the case when the client wants to classify the sales revenues various categories?
  SIMILARLY
  Foreign Revenue, Doomestic Revenue, Region Wise Revenue, State wise, Or Territory wise.......etc
  I hope this clarifies you
  Ashish Gupte

• Authorization for Variants, Views and Folders

  Hi SDN'ers,
  How can you manage the edit restrictions on a variant, view and folders? I mean how can you make sure certain users dont change or delete a variant for example? This has to do with authorizations and the role where you publish it in.. but i don't know the full details about it.
  Thanks.

  The easiest way to discover what's being checked is to perform the actions you mention with a user that has sufficient authorizations, while tracing the user with ST01 (here you can perform a trace on authorizations, except for all the query display authorizations wich you can check with rsecadmin).
  In this way you can see exactly wich objects and values are being checked and thus you should be able to discover the objects and values that you need (if available).
  Regards,
  Jesse

• Remove authorization for Tcode: ME21 and ME22 from certain users

  Hi Guys,
  I'm new to BASIS.
  My requirement is to: Remove authorization to Tcodes ME21/ME22 from a list of users.
  How do I acheive this? We run on SAP 4.0B version.
  Hoping to get this resolved as soon as possible.
  Thanks
  SAPUser

  dear friend,
  1.
  run SU01
  goto Information-Information system
  select node Roles-By Transaction Assignment
  type ME21, ME22
  execute report
  see the roles displayed
  2.
  then find user who have these roles (usually company uses z-roles copied from standard)
  just highlight the role and hit user assignment (Cntrl-Shift-F9)
  you see all users who have this role. that means they are able to run these transactions.
  3.
  let's remove the role(s) we found.
  open second session, run SU01 type one of the user , goto Roles tab and delete the particular role you found.
  save user and test it (ask hem/her to log in sap and run ME21 and ME22). if needed adjust it again (may be another role to be deleted)
  say, fix completely one user/test it and then do the same things for other. test them.
  good luck!

• Maintaining the authorizations for parent role and derived role

  Hi Experts,
  Kindly advice me the Pro and cons of the parent role and derived role.. below is the scenario
  Currently  we have created the 700 role in  our regionally organization and we want to dervie the roles for each country
  1 ) we want to do the Auth field (activity level) settings in parent role and Org levels  in the derived role  .
  2)  But one my collegue says do the default  Auth filed ( activity values) common to every country in the parent role and diff activity one in the derived role .
  please advice me wat will be the best scenario for mantaining the authorizations filed values like (activity level  one)

  I will try to answer both your queries here:
  "my collegue says they are some NON ORG values different from each country ..suggest us to maintain all the default values in Parent role and auth with diff values needs to be maintained in derived role (child role).. "
  The only set of values which should/can be different in a child role (when compared with its parent) will be the org level values. So if this filed is NON_ORG you will not be able to maintain it directly inside the child roles.....this is the basic principle of derived role conceptu2026 that the only item you will directly maintain in a child role are the org levels(which will come as u2018organisational levelsu2019 in the upper tab in the auth data of a role).
  All NON_ORG fields inside a child role is acquired from the parent role. You should never change the values of any such fields (non-org fields) in the child role. these changes will get lost the next time you run the parent child inheritance from u201Cgenerate derived roleu201D function in your parent role.
  Coming to the second question on how to run the program, you just need to enter the technical name of the field you want to convert (tech names like BUKRS, WERKS etc u2026 figure out the name of the concerned field you have in hand)u2026.executeu2026 you will that the field will now onwards appear as an org level value in all roles in the system and not just as a field inside the auth objectsu2026.I would suggest you take one field and try running it in ur dev or  sandbox..see how the field changes in your roles.... the change can always be reverted by using PFCG_ORGFIELD_delete. ... you will understand it better....
  Soumya

• Authorization object for "set TECO" and "undo TECO"

  We want to control the authorization for "set TECO" and "undo TECO",but we can't find relevant Authorization object. Is there any Authorization object  for these two functions? If there's no Authorization object for them ,then how can we achieve the same result? Thank you very much!

  Hi,
  Under one user ID the auth object B_USERSTAT will have the authorization key in which user will be responsible to change the TECO user status.
  One user will not have any authorization key under B_USERSTAT Auth_Object.
  Hope it's will give you help.
  Regards,
  Vishal Kr. Sharma

• Authorizations for user db2 sid after systemcopy  with DB2 V9.7 on AIX

  Hello,
  I made a homogenous systemcopy from the system PRD to ENT with an redirected restore. I had the following system environment:
  AIX 5.3 TL10 SP1
  DB2 V9.7 (without any fixpack)
  After the restore and the recovery were finished, I was able to start the database manager and to activate the database.
  I tried to execute a script for cleanup some tables according to the systemcopy guide but I got the following SQL messages:
  SQL0551N, SQL0552N for the user db2ent. I checked the authorization for this user and got the following information:
  db2 => get authorizations
  Administrative Authorizations for Current User
  Direct SYSADM authority                    = NO
  Direct SYSCTRL authority                   = NO
  Direct SYSMAINT authority                  = NO
  Direct DBADM authority                     = NO
  Direct CREATETAB authority                 = NO
  Direct BINDADD authority                   = NO
  Direct CONNECT authority                   = NO
  Direct CREATE_NOT_FENC authority           = NO
  Direct IMPLICIT_SCHEMA authority           = NO
  Direct LOAD authority                      = NO
  Direct QUIESCE_CONNECT authority           = NO
  Direct CREATE_EXTERNAL_ROUTINE authority   = NO
  Direct SYSMON authority                    = NO
  Indirect SYSADM authority                  = YES
  Indirect SYSCTRL authority                 = NO
  Indirect SYSMAINT authority                = NO
  Indirect DBADM authority                   = NO
  Indirect CREATETAB authority               = NO
  Indirect BINDADD authority                 = NO
  Indirect CONNECT authority                 = NO
  Indirect CREATE_NOT_FENC authority         = NO
  Indirect IMPLICIT_SCHEMA authority         = NO
  Indirect LOAD authority                    = NO
  Indirect QUIESCE_CONNECT authority         = NO
  Indirect CREATE_EXTERNAL_ROUTINE authority = NO
  Indirect SYSMON authority                  = NO
  db2 =>
  The user db2ent was/is in the group dbentadm and the group dbentadm is configured as SYSADM:
  SYSADM group name                        (SYSADM_GROUP) = DBENTADM
  SYSCTRL group name                      (SYSCTRL_GROUP) = DBENTCTL
  SYSMAINT group name                    (SYSMAINT_GROUP) = DBENTMNT
  The only solution was to grant the authorizations with an other user to db2ent.
  For the restore I created an new instance with the following command (as user root):
  /db2/ENT/db2_software/instance/db2icrt -a SERVER_ENCRYPT -s ESE -u db2ent db2ent
  I set the correct DBM configuration and created an empty database as user db2ent with the following command
  db2 create db ENT on /db2/ENT
  The restore was executed with db2 -tvf restore_prd.clp as user db2ent.
  Is there a bug in the db2 software or is there any other solution? I did not changed the environment for the user db2ent.
  The authorization concept has been changed in DB2 V9.7
  http://www-01.ibm.com/support/docview.wss?uid=swg21385801
  Kind regards,
  Christian

  Hello All,
  I finished restore using redirect method, but i did not know about this security issue.
  Now I tried creating db2<oldsid> user and tried granting dbadm secadm priv.
  but i get this error
  db2 => GRANT DBADM to USER DB2P60
  DB21034E  The command was processed as an SQL statement because it was not a
  valid Command Line Processor command.  During SQL processing it returned:
  SQL0707N  The name "DBADM" cannot be used because the specified identifier is
  reserved for system use.  SQLSTATE=42939
  Please help me.
  I need a solution at the earliest possible.
  Thanks,
  Sree