Authorizations for MX_GROUP members
Hi all,
I create a group (MX_GROUP) in IDM via job from a distribution list in LDAP and assign all members of the DL also to this group in IDM. Now I want to say that all members of this group should get some technical roles from a special business role but doesn't work.
I could see the group as member of the business role, but the group members doesn't get the technical roles from the business role. Who could help?
BR Anja
Hi,
Best way is to use a service \admin user to read all emails of all (or a set of) mailboxes, but first you would have to setup permission to all mailboxes using :
1. Exchange Application Impersonation
OR
2. Delegate Access (where u grant Full Access permission for a single service account to all mailboxes)
Please have a look into:
http://kb.infobridge.com/KnowledgebaseArticle10370.aspx
http://www.codetwo.com/kb/how-to-set-impersonation-rights-manually/
https://support.software.dell.com/kb/SOL81894
This way you would have to keep only one credential to access all mailboxes using EWS.
There is a little difference in setting up ExchangeService (EWS) object for both methods. Using delegate permission you can setup more granular permission (ie. to one or many or all mailbox folders), while using impersonation, there is no choice, the impersonated
user has all folders access to target mailbox.
Also, impersonation is setup only once, while, in the case of Delegated permission, for any new mailbox user, you would have to run
Add-MailboxPermission “[email protected]” –User “AdminUSer” –AccessRights FullAccess
to grant the permission.
Hope this helps.
Regards,
Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM)
www.HostingController.com
Similar Messages
-
Hello,
I'm doing my internship at a litte Telekom company. I'm investigating how they can use MS SharePoint as their central place to put projectinformation. Now i've been thinking what happends when i do the following:
Make one document library
Add 2 groups to the Active Directory, group "A" with all the employees and group "B" with only four people working on a project. When i add a document to the document library and set the authorizations for the document as
follows:
Group B: Read/Write
Group A: Read
Does the people from group B still be able to edit the document, because they are also in group A?
I don't have a test environment to test this myself.
Why i want to know this? The company want's one place to place all their documents with projectinformation. This information is about different projects. You only wan't that people can change the specific document when they are working on the specific project
where the document belongs to.You get the union of permissions, so if one group allows access and the other not, you will get the union of both and therefore access. Of course, you can break security settings per library/folder or document, and specify new settings,
if you need too.
Kind regards,
Margriet Bruggeman
Lois & Clark IT Services
web site: http://www.loisandclark.eu
blog: http://www.sharepointdragons.com -
Authorization for specific business scenario or business step in solar01
Dear all,
we have an issue regarding solution manager blueprinting management restricting an access to specific nodes. Our goar is to have several substructures devided by modules like: FI, SD, PS and etc. And each team member according his position in a company should have an access only to his substructure and all the related documentation below that. Saying an access means a change mode not a display access.
Please find the steps have been performed during the configuration of project below:
All the configuration around system landscape has been done properly.
A new project for solution was created in solar_project_admin.
A correct logical componens has been assigned.
All the required users have assigned as a team members of a project.
At the projec. team member tab a box has been checked in for: restrict changes to nodes in project to assigned team members.
A proposed structure of nodes has been created within Tx solar02.
The right team members have assigned to specific node. So that only they suppose to have a change permission within that nodes. All others read only access.
Every user has sap_solar01_all role assigned to him. We have tryed assigning varios roles according to http://help.sap.com/saphelp_sm310/helpdata/en/db/a1033b2a98f46ae10000000a11402f/content.htm
However as a result we are having a change permission allowed for every node within the structure. Like FI responsible member can access to any node from a tree. And he can make a change for SD related documentation.
Please assist regarding this issue.
Kind regards,
P.S.
I found a thread with a similar problem which was solved by activating a checkbox which is already activated in our system and actually doesn't solve that problem for us.
Authorization for specific business scenarios in Solar01/02
Edited by: Artjoms Nikulins on Mar 11, 2010 3:37 PMHi
As far my knowldege goes this is not possible to do within same project or making the same.
You can have project specific access given to member but you cannot go module wise authorization.
Ofcourse there satellite system authorization will be different but not in solman.
In addition check this security guide
https://websmp104.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000075728&_OBJECT=011000358700007187872005E
Hope it ans ur query.
Regards
Prakhar
Edited by: Prakhar Saxena on Mar 12, 2010 3:22 AM -
"Low-level" authorizations for accessing BW reports - add users to role
Using the advice in Topic "Low-level" authorizations for accessing BW reports, I have been able to publish a query to a role that has 3 test users and each user gets the same query but with different data, as determined in the tables.
Is there a way to look up the users and e-mail addresses from a table and associate them to the role? We have several hundred e-mail recipients that will not need BW access, but only need an e-mail with a static report that contains data on their own territories.Hi!
i think programatically it might be complex. You got to maintain a seperate variant of report per user and use this variant to send mail. that means you need to maintain a variant and a Broadcast setting per user. once maintained you can use it any number of times the values will be recalculated everytime.
with regards
ashwin
<i>PS n: Assigning point to the helpful answers is the way of saying thanks in SDN. you can assign points by clicking on the appropriate radio button displayed next to the answers for your question. yellow for 2, green for 6 points(2)and blue for 10 points and to close the question and marked as problem solved. closing the threads which has a solution will help the members to deal with open issues with out wasting time on problems which has a solution and also to the people who encounter the same porblem in future. This is just to give you information as you are a new user.</i> -
Insufficent authorization for sales document 2321.....
hi gurus,
i have got a issue in credit card sales scenario .in this case while i am releasing the invoice to accounting i m getting this error
insufficent authorization for sales document 2321.....
message: no:-V/032
procedure:check the authorization amount in the payment card plan and repeat autorization or reauthorize at a later time
i have checked the sales order there payment card amount is authorized n the sales order showing green signal and card authororization is sucessful and before that preauthorization was also there but final authorization is done.after that delivery also done. but while doing invoice releasing to accounting i am getting above issue.anybody plz help me no guess please need solution
regards,
DebeshThis link is applicable to you
[Read This Before Closing your Threads|Read This Before Closing your Threads;
As indicated therein, please dont add any such unwanted letters or characters just to close the thread. You can just click the Answered button. If you really want to show that you respect forum members time, better try to develop the habit of updating the forum properly if your issue is resolved.
thanks
G. Lakshmipathi -
Problem with Authorization for Planning folder
Hi an having a problem with providing authorization for a planning folder
i am getting the following error when i test it with test user
Error while calling up RFC
Message no. UPC202
Diagnosis
You have selected a function, to execute this the system must set up an RFC connection to another SAP System. However, setting up this connection was not successful. The following internal error message was generated:
"You do not have authorization for InfoCube ZT_MR_T "
Procedure
Inform the system administrator.
we are not pulling the data from any other server, all the data is on the sif any one has faced the same issue let me know.
Regards,
AbrahamCalling Thru Trans code: BPS0 in ECC 6
getting this error:
Error while calling up RFC
Message No. UPC202
Diagnosis
You have selected a function, to execute this the system must set up an RFC connection to another SAP System. However, setting up this connection was not successful. The following internal error message was generated:
"An error occurred during the receipt of a complex parameter."
after i check in bw trans code:st22
Following this error message:
Category Internal Kernel Error
Runtime Errors PARAMETER_CONVERSION_ERROR
Application Component BC-MID-RFC
Short text
An error occurred during the receipt of a complex parameter.
What happened?
During a remote function call, an error occurred while converting
a complex parameter.
What can you do?
Note which actions and input led to the error.
For further help in handling the problem, contact your SAP administrator
You can use the ABAP dump analysis transaction ST22 to view and manage
termination messages, in particular for long term reference.
Error analysis
An error occurred during the conversion of a complex parameter. -
Problem with Authorization for BW BPS planning Folder
Hi an having a problem with providing authorization for a planning folder
i am getting the following error when i test it with test user
Error while calling up RFC
Message no. UPC202
Diagnosis
You have selected a function, to execute this the system must set up an RFC connection to another SAP System. However, setting up this connection was not successful. The following internal error message was generated:
"You do not have authorization for InfoCube ZT_MR_T "
Procedure
Inform the system administrator.
if any one has faced the same issue let me know.
Regards,
AbrahamHI ,
I Checked it out we dont have that cube in our system.
Regards,
Abraham -
Authorization for opening & Closing posting periods - OB52
Hi,
Is there any way to set authorization for opening & closing of posting periods in OB52?
My scenario:
I have 2 company codes - A & B assigned to 2 different posting period variant - say PPA & PPB.
The user belonging to CoCd A should not be able to open/close posting period of CoCd B and vice versa.
Is this possible through any authorization settings?
Request your help on this.
Regards,
SrideviHi Sridevi
Please go through the following:
You can assign authorization groups for permitted posting periods. This means that, for example, some posting periods can only be opened for particular users within monthly or annual closing. You can only assign the authorization group at document header level and it only affects period 1. The authorization object is called F_BKPF_BUP (Accounting document: Authorizations for posting periods). Read the corresponding chapter on "User maintenance" in the "Assigning authorizations" topic.
"User maintenance"
Due to the modular authorization concept of the system, you can define authorization profiles which are tailored to the workplace of your employees. You can, for example, assign authorization to a workplace in the Accounts Receivable, Accounts Payable or General Ledger Accounting areas.
By assigning authorizations you define which business-related objects your employees are allowed to process and which editing functions are allowed.
In the following activities for authorization management, you must carry out the following for employees who are to work with the system:
Assign authorizations
The authorizations are assigned by specifying permitted values for the pre-defined objects.
Define profiles
In the SAP system, authorizations are grouped together in workplace profiles. Therefore one or more profiles must be allocated to the individual employee in the master record.
I hope this helps.
Regards
Kavitha -
Authorizations for materials and material groups
Hello experts,
Is it possible to limit the authorization to make purchase requerisiton of some materials or material groups depending on the user?
I heard that it is possible be able to update some materials using the authorization M_MATE_MAT and including them in the material master, material group and user. But this also works for the creation of purchasing documents (PR,PO,RFQ,...)? Do I have to include this authorization for all the materials? If they do not have I understand that works for every people.
Thanks in advance for your help
Best regards,Hi Madii,
actually Authorization works at the object level, i.s if you have provided the authorization for the user to makePR with certain Material Grp, then if you dont define that grp in the PO role, but still user will get the authorization from the PR role.
why you want to allow the user to make the PR of certain Mtrl Grp for which he should not be making the PO.
or let a different Body take care of the other mtrl Grp.
Hope it helps.
Regards,
Yawar Khan -
Authorization for certain warehouse in stock transfer
I'm trying to create an authorization for stock transfer when To Warehouse equals a certain value. Is there a way to do it?
Hi,
How could I do it with an approval procedure?
You can create approval stages and template by using query
Is it with a query?
Yes
Will it be similar to a formatted search?
Yes
Try this query for row level with only one item.
Select Distinct 'True' FROM OWTR T0 inner join WTR1 T1 on T0.docentry = T1.docentry
Where $[$23.5.0] = 'ExScrap'
Note: Replace Exscrap with your warehouse name.
Thanks & Regards,
Nagarajan -
Cancel a SD invoice error message "no authorization for transaction FB08"
Hi Gurus,
I am trying to cancel a SD invoice and am receiving the error message " no authorization for transaction FB08" is coming. Never has this happened in past, i have checked all the security authorizations also and they are in place. Accounting document status is showing as not cleared. Also, as per my understanding cancellation of invoice happens through VF11 which does not calls FB08. Please point out reasons as to why this could be happening and the possible solution thereof.
regards
Anmol PareekHi Anmol
Once you got the error screen, immediately after that goto T code SU53 and expand all link. Take the screen shot and send it to your BASIS team to provide you proper access.
Yes you are correct cancellation is done through VF11 but sometime some programs internally calls other T codes.
take help of your basis team. -
BW report authorization for restrict cost center
dear all,
i have problem on BW report authorization for restrict cost center.....when i execute the query, after selection screen, appear error message 'you cannot change zv_cctr for characteristic 0COSTCENTER during query'.
note : zv_cctr is variable restriction for costcenter, type processing = customer exit.
below the customer exit :
WHEN 'ZV_CCTR'.
IF i_step = 2.
DATA : gt_mstuidvscc TYPE TABLE OF ztbw_mstuidvscc,
gs_mstuidvscc TYPE ztbw_mstuidvscc,
wa_final2(10) TYPE c.
SELECT * FROM ztbw_mstuidvscc INTO CORRESPONDING FIELDS OF TABLE gt_mstuidvscc
WHERE userid = 'sy-uname'.
LOOP AT gt_mstuidvscc INTO gs_mstuidvscc.
wa_final2 = gs_mstuidvscc-kostl.
l_s_range-opt = 'EQ'.
l_s_range-high = wa_final2.
APPEND l_s_range TO e_t_range.
ENDLOOP.
ENDIF.
Regards,
Tonyi defined variable as ready for input and mandatory.
regards,
Tony -
How to set authorization for BW Workspace in backend and Portal ?
Hello Expert,
I have developed one BW Workspace in development environment . I have some query regarding BW workspace authorization for access in portal . Some of the queries are as follows:
1) How many composite provider we can build up inside of one workspace that we can go by Tcode ---RSWSPW ?
2) After activating the workspace it shows in RSWSPW ,but this workspace/composite provider will be available in Info Area(in RSA1) or some area else from where we can see this ?
3) Now our requirement is like that -- we have to provide some workspace for SD power user ,Finace Power user & Marketing Power users, in this situation how can we put authorization in bw workspace like SD power user should not see the FI Power user's & Marketing Power user's Workspace rather than his own workspace ?
4) In our requirement, we are going to produce some bex query on top of bw worksapce composite provider . For creating this query ,we searched provider by puting provider name directly in serach option , but is there any option to search the bw worksapce related composite provider by putting info area name in query search ?
5) In another senerio, we gone to create BO AA OLAP report on top of bw workspace composite provider but in source option we cant see the provider ,infact we could not search the composite provider in search option in source selection ---- do i need to navigate any step in compostie provider to make it enable for BO AA OLAP creation on top of composite provider ?
Expecting and appreciating your guidence and suggestion asap .
Thanks & Regards,
Surajit PalHello Expert,
Do you have any idea regarding below questionaries about BW Workspace ?
1) How many composite provider we can build up inside of one workspace that we can go by Tcode ---RSWSPW ?
2) After activating the workspace it shows in RSWSPW ,but this workspace/composite provider will be available in Info Area(in RSA1) or some area else from where we can see this ?
3) Now our requirement is like that -- we have to provide some workspace for SD power user ,Finace Power user & Marketing Power users, in this situation how can we put authorization in bw workspace like SD power user should not see the FI Power user's & Marketing Power user's Workspace rather than his own workspace ?
4) In our requirement, we are going to produce some bex query on top of bw worksapce composite provider . For creating this query ,we searched provider by puting provider name directly in serach option , but is there any option to search the bw worksapce related composite provider by putting info area name in query search ?
5) In another senerio, we gone to create BO AA OLAP report on top of bw workspace composite provider but in source option we cant see the provider ,infact we could not search the composite provider in search option in source selection ---- do i need to navigate any step in compostie provider to make it enable for BO AA OLAP creation on top of composite provider .
Appreciating your early responds and thanks in advance .
Regards,
Surajit -
Hi Gurus,
While executing the program S_ALR_87013105 (Detailed Reports
For Sales Order : Plan/Actual Comparison ) system showing the selection log.
"Have no authorization for the report/table 7KU6_001 and 7KU6_002".
But for the user the authorization check through SU53 was successful.
Pl can any one suggest on this issue.
Thanks in advance,
VijayHi,
Contact your basis consultant to provide the missing authorisation. This is one of the authorisation object.
Regards,
Sankar -
Problem wih analysis authorization for two scenarios on same data provider
Dear all,
I am looking for a solution on the following authorization scenario (using the new analysis authorization). Unfortunately everything that I tried did not work out as expected:
User A is allowed to manually access query 1 (based on cube A) with authorization on all sites A-Z
The same user A shall get an email distribution automatically (derivation of the filter in the query out of the authorization) for query 2, which is as well based on cube A, but this time the authorization shall be limited only to site A.
As both queries are based on the same infoobject (0PLANT) and the same infoprovider (0TCAIPROV) I always get the result for all sites A-Z. The 0TCAACTVT is in both cases 03 (display), so I have no chance to distinguish between reporting and email distribution.
Probably the only chance would be to derive the values for the email distribution scenario not from the authorization directly, but using a customer exit to fill the filter - but I would prefer a "standard" solution...
Any ideas??
Thanks,
AndreasDear Andreas,
Before give you an alternative for you problem, Iu2019d like to comment the combining authorization concept:
http://help.sap.com/saphelp_nw70/helpdata/EN/46/98cd87f37d19ace10000000a11466f/frameset.htm
For this reason I suggest you which combing restriction through authorization and query filter. For query 2 try to use in 0PLANT characteristic the single value u201Csite Au201D, this restriction give you only authorization for see this value.
Otherwise, you have to use customer exit.
I hope that alternative help you to find a solution,
Luis
Maybe you are looking for
-
I can not view attachments in html email
I am currently having a problem with Outlook 2011, basically when I send emails from windows, when I receive an email in HTML I can not see any attachments if you receive in plain text if I can see them. Someone had this problem before?
-
How do you save customized drum kits as a usable choice in the drum kit setting selection menu
i've loaded samples from my own personal sound banks into the Drag & Drop Samples Kit and i would like to be able to save them as a customized drum kit so that i can select that particular kit when i compose songs in Logic.
-
What is raise form_trigger_failure
db and dev 10g rel2 hi all , could you please tell me about the functionality of this statement ? what can i do with it ? i searched the online help , and i found just one page ,and got nothing from it , and there is nothing in the documentation . th
-
Didnt send me the instructions on how to reset your security information in my mail
Yesterday i bought a $15 itunes card and i redeemed it. When i try to buy gems in clash of clan iphone game they asked me to answer 2 security questions but i forgot the anwers so i click on 'Forgot your answers? Send reset security info email to s••
-
Location for ALL versions of FlashPlayer downloads
I support a wide variety of devices and am looking for a resource on adobe.com that provides links to ALL versions of FlashPlayer, not just the installer for the device I happen to be using at the time to browse adobe.com. Does this resource exist?