Authorizations for transactions MIR6/MIR4
Hi All,
Need help to setup a security rights for transactions MIR6/MIR4.
Here is the situation:
We have setup an user profiles which allow the users to access
transaction mir6 (provide a list of Invoide Documents(BELNR)which will
lead into transaction MIR4, but we only want this group of users have
the ability to Held the document NO POSTING RIGHTS. I have set user with role:
MM_RELEASE_INVOICE users can access
Please advice on how to go around with this security problem.
Thanks in advance.
Srii...
Hi,
one possible solution (though not tested personally) is via
badi INVOICE_UPDATE and method CHANGE_AT_SAVE.
Within this method you can do something like:
CHECK sy-tcode = 'MIR4' OR sy-tcode = 'MIR6'.
* Get OK-CODE of the main window
CONSTANTS: c_okcode(17) TYPE c VALUE '(SAPLMR1M)OK-CODE'.
FIELD-SYMBOLS: <fs_okcode> TYPE ANY.
ASSIGN (c_okcode) TO <fs_okcode>.
DATA: l_okcode LIKE sy-ucomm.
CLEAR l_okcode.
l_okcode = <fs_okcode>.
* Read user authorizations with FM
* SUSR_USER_AUTH_FOR_OBJ_GET
IF USER NOT ALLOWED.
* Do not allow posting
CASE sy-ucomm.
WHEN 'BU'.
CLEAR <fs_okcode>.
MESSAGE e061(zxxx) RAISING error_with_message.
ENDCASE.
ENDIF.
Best regards.
Edited by: Pablo Casamayor on Oct 31, 2008 7:51 PM
Similar Messages
-
Authorizations for transactions MIR6/MIR4/MIR7
Dear Reader
Need help to setup a security rights for transactions mir6/mir4/mir7.
Here is the situation:
We have setup an AP user profiles which allow the users to access
transaction mir6 (provide a list of outstanding PARK document)which will
lead into transaction MIR4, but we only want this group of users have
the ability to park/view the document NO POSTING RIGHTS. I have set the
security on object M_RECH_WRK to 3 (display only) than it will cause the
the other problem which is the user can not access transaction MIR7, BUT
if I grant access 77 (pre-enter) to object M_RECH_WRK than the users can
access transaction MIR7 AND HE HAS RIGHTS TO POST IN TRANSACTION MIR4.
Please advice on how to go around with this security problem.
Thanks in advance.
Regards
TonyHave you got answer to this question, can you try to restrict the user based on authority object "F_BKPF_KOA", Its being checked while trying to post.
-
Cancel a SD invoice error message "no authorization for transaction FB08"
Hi Gurus,
I am trying to cancel a SD invoice and am receiving the error message " no authorization for transaction FB08" is coming. Never has this happened in past, i have checked all the security authorizations also and they are in place. Accounting document status is showing as not cleared. Also, as per my understanding cancellation of invoice happens through VF11 which does not calls FB08. Please point out reasons as to why this could be happening and the possible solution thereof.
regards
Anmol PareekHi Anmol
Once you got the error screen, immediately after that goto T code SU53 and expand all link. Take the screen shot and send it to your BASIS team to provide you proper access.
Yes you are correct cancellation is done through VF11 but sometime some programs internally calls other T codes.
take help of your basis team. -
Authorization for transaction VL09
Hi Experts,
I have a requirement to get authorization for transaction VL09 for specific user based on document type of the delivery. Please let me know is there any specific enhancement point or user exit to add authorization group for this.
Thanks,
Karthikeyan.Hi,
Please check the below ...
Enhancement
V50S0001 User Exits for Delivery Processing
Business Add-in
DELIVERY_ADDR_SAP Address Change in Delivery Processing
DELIVERY_PUBLISH Announcement of delivery data during database update
Regards,
Srini. -
Maintenance of Authorization for transactions in CRM 5.0.
Hi Experts .
We are using CRM 5.0 with PCUI.
TheBusiness requirement is to maintain authorization for own transactions.the users who is involved in transactions should only be authorized to Open & see the transactions.Other users who are not involved in partner function like "Assigned to" & "Account responsible " should not be able to open & see the transactions like Activity .Lead , Opportunity ,Sales orders.& Service orders.System should give error message saying no authorizations.
We tried with below authorization objects to achieve this
CRM_ORD_OP (your own documents)
- CRM_ORD_LP (organization levels)
- CRM_ORD_PR (transaction type)
- CRM_ORD_OE (sales area/service Org).
- CRM_ORD_RL
- CRM_ORD_RS
But still system allows to open transaction belong to others.
Is there any alternative to control this.
Helpful answers would be rewarded max points.
Thanks in Advance.
Regards,
Basavaraj PatilHello
in order to check authority object CRM_ORD_OE,
CRM_ORD_OP and CRM_ORD_LP must not give authority. Please see
online documentation for detailed information:
http://help.sap.com/saphelp_crm40/helpdata/en/e9/
b29a39e7aee372e10000000a11402f/frameset.htm
Under the chapter 'Process Flow of Authorization Check in Business
Transactions' you will find detailed explanations.
I hope that I could be of help with that information.
Gerhard -
Authorization for transaction created in se80
Hi all , i have created few transaction in se80 , now i want my transaction to run only if the person authorised for that is using that , means authorization for these transactions so can i do this in this way, pls reply if anyone know the procedure
Hi Ado,
You also have disable other Auth. Objects (CRM_ORD_LP CRM_ORD_OP,CRM_ORD_TE), because they work together.
Please, see screenshot under Business Transaction ->Authorization Check in Business Transactions -> Process Flow of the Authorization Check in Business Transactions:
http://help.sap.com/saphelp_crm70/helpdata/EN/f6/57fa3ab5573919e10000000a114084/frameset.htm
Regards,
Vadim. -
Authorization for transaction types in webui
Hi,
we would like to set authorizations to create and edit only certain transaction types for some users.
I tried with object CRM_ORD_PR
activity 01,02
transaction type Z1,Z2
but on the webui all the transaction types are still available...
what's wrong?
Thanks, AdoHi Ado,
You also have disable other Auth. Objects (CRM_ORD_LP CRM_ORD_OP,CRM_ORD_TE), because they work together.
Please, see screenshot under Business Transaction ->Authorization Check in Business Transactions -> Process Flow of the Authorization Check in Business Transactions:
http://help.sap.com/saphelp_crm70/helpdata/EN/f6/57fa3ab5573919e10000000a114084/frameset.htm
Regards,
Vadim. -
Authorization for transaction SE11 & SE12
Hi experts,
I need to assign authorization to SE12, but not to SE11. I did find the authorization objects for SE12 & SE11 & found S_DEVELOP is marked to be checked in both from SU24.
In my Role the activity is set as change, display.
But I am able to access both SE11 & SE12.
Could you let me know where is the control to exclude access to SE11 & only grant SE12?
Thanks,
Pri>
Anne Pri wrote:
> Could you let me know where is the control to exclude access to SE11 & only grant SE12?
>
> Thanks,
> Pri
Hi Pri,
The way I read your question it sounds like you want to not give access to the full transaction of SE11 and only to SE12.
The authorization object that controls that is S_TCODE.
Most likely you have the value * in the field TCODE.
What you need to do is to create a range that excludes the transaction(s) you do not want.
As example:
from 0* to SE10
from SE12 to Z*
However, there are many more transactions that you should not hand out to developers.
Just some transactions as example
SU01 User management
SCC4 Client maintenance
SCC8 Client deletion
I would also like to point out that it is a wiser way of working to give access to functions that should be accessed, rather than to take away authorizations of functions that should not be accessed.
Best regards
Fredrik -
Authorization for Transaction in BDC
Dear All,
We are facing a problem in our implementation. We have developed a Custom Program an in that we are using a BDC of Transaction FB60. However, the requirement is that if the user wants to run T.Code FB60 from SAP GUI straightaway; he/she should be stopped doing it. But if he/she uses that Custom Program (Z-Program), it should not stop them.
Does anybody have the idea as to how the Authorization strategy can be devised for this kind of issue?
Thanks,
Shalin ShahHi Shalin,
Don't assign user the transaction code FB60 (S_TCODE should not have FB60). This will prevent the user to run the FB60 directly, however, you will have to add the required authorization objects manually so that the BDC program runs. (a quick authorization trace (ST01) would give you the auth objects checked)
SU24 for FB60 : these should be added manually to user's roles.
F_BKPF_BEK
F_BKPF_BES
F_BKPF_BLA
F_BKPF_BUK
F_BKPF_GSB
F_BKPF_KOA
F_FAGL_SEG
Cheers !!
Zaheer -
Missing authorization for transaction VC/2 (Sales summary)
Hi Expert,
I am running transaction VC/2, but I get the message VB500 "the list is incomplete due to missing authorizations".
Via transaction SU53, I see that it is object M_INFO_MCB with auth. field MCINF which is missing.
Do you know what this object field is about?
Thank you.
Kind regards,
LindaHi,
First goto SUIM T.Code.
click on "Authorisation Objects".
Select "Authorization Objects by Complex Selection Criteria".
Enter "M_INFO_MCB" as "Authorization object".
Execute.
It shows that this is related to "Evaluation: Evaluation Structure".
The path is:
SPRO>Logistics General>Logistics Information system(LIS)>Flexible Analyses>Select layout reports for evaluation structures.
Maintain values here.
Save.
Regards,
Krishna. -
Hi All
I have an issue with authorization.
Actually basis people blocking Standard trnsaction 'MB1A' and i am using in my report through call Transaction in BDC and when i am excuting report Authorization Error coming.
Means i am not able to acess Transaction throuogh Report because its blocked by basis.
So, Is it basis issue or ABAP issue?
If basis issue please Provide me solution How basis Person can block Transaction Access directly but it should access through report.Check out the below notes:
[SAP Note# 358122|https://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=0000358122&nlang=E]
[SAP Note# 515130|https://websmp108.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=515130&_NLANG=E] -
Authorization for customized transaction
Hi,
In our system, developers create one transaction ZSIDUPDATE.
Whenever I (Basis Admin) hit this transaction, error "No Authorization for Transaction" is occurred. I don't understand why the error is for authorization for this customized transaction because I have SAP_ALL & SAP_NEW profile.
Can anybody give the solution?
Regards,
RajeshHello Rajesh,
Check the report behind ZSIDUPDATE. I suppose there must be some kind of code which will allow only certain user to execute it based on their user ids. Either the user ids will be hardcoded or else they are being picked up from some table. This is not a classical authorization error. You may set a trace also but debugging is best. it will crack it open in seconds.
Regards.
Ruchit. -
No authorization for company code in MRBR
Transaction MRBR is currently wide open. Anyone with authorization to this transaction can unblock invoices in any company code.
Standard security profiles can only restrict users at universal (*) or purchasing group level. We require control on company code.
OSS 399953 suggests creating validation rule (GGB0) to test user authorizations for transaction MRBR and authorization object F_BKPF_BUK.
Can anyone supply the validation coding to solve this security problem?
Is anyone familiar with this problem ? Do you have a solution ? also None standard SAP solutions are welcome
Thanks in advance
Greetings,
VincentHi Vincent
Another option could be to implement an authorization check in the BAdI MRM_RELEASE_CHECK - this is, of course not Standard.
The code could look somthing like this:
DATA: wa_rbkp_blocked TYPE mrm_tab_rbkp_blocked.
LOOP AT i_rbkp_blocked INTO wa_rbkp_blocked.
AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
ID 'BUKRS' FIELD wa_rbkp_blocked-bukrs
ID 'ACTVT' FIELD '02'.
IF sy-subrc EQ 0.
APPEND wa_rbkp_blocked TO e_rbkp_blocked.
CLEAR wa_rbkp_blocked.
ENDIF.
ENDLOOP.
Regards
Morten Nielsen -
Hi
I want to restrict authorization for transaction KO01 (Create Internal Order) by company code. IS it possible??
WHen I add this transaction in a role, SAP proposes controlling area for org. Structure restriction.
In our setup, we have single controlling area with many companies assigned to it. We want to create derived role for each CC by restricting it for I/O creation.
Is it possible??Hi Dev,
I have just gone throught this document . I hope it may answer your query.
Link: [KO01|http://help.sap.com/bp_blv1600/BL_US/Documentation/Scenarios/V1H_IMPL_EN_US.doc]
As we know we have tools to restrict the field use for particular log on by maintaining activties.For this purpose we use SU21 and SU20.I hope you will get some idea from the document i have send to you.
We can also check the activity code for the KO01 using database table TSTCA.
Please see point number 10 in the document.
Have a best day ahead. -
List of users who have authorization for a particular transaction?
Hi All,
Can anyone guide me how to know the list of users who have authorization for a particular transaction?
I need this to find out the list of authorizations that are obsolete ,when the particular trnsaction is obsolete in an Upgrade process.
Thanks in advance.we can get the list of users for a particular transaction as below.
get the tcode and place in AGR_TCODES and we get the list of roles .
loop the roles and pass each role to AGR_USERS and we get list of users for that role.
finally we got the list of users for that tcode.
Maybe you are looking for
-
Some questions about how to change scenes
i have something like the following: fxml (view/main/MainMenu.fxml): <Scene fx:controller="view.main.CtrlMainMenu" xmlns:fx="http://javafx.com/fxml" stylesheets="view/main/main.css"> <GridPane xmlns:fx="http://javafx.com/fxml" alignment="center"
-
Query user device affinity by user.
I am trying to set up a custom task in Service Manager to start a Remote Control session to a users primary computer. However, SCSM doesn't appear to import any of that data with it's CM connector. So I was looking into creating a query to the CM dat
-
Email Marketing List Filter by Opens
Hello, I want to refine a email list to remove anyone who has not opened an email campaign in the last 3 months. Is this possible? Any help would be greatly appreciated. Regards, Jonathan Clark
-
I have a dll wihtout source code. I do know the functions name and return type. How can I call the functions in this dll? Is JNI the only way to do it?
-
Hi Users, I am new to AR customer Interface. I loaded some sample data in the below tables and run the concurrent request customer interface.But no data has been inserted in the base tables. Interface tables I used for conversion are below mentioned.