Authorizations....Sales organization level

Hi all
I want to create the authorizations for the sales organization level. I have made the Sales Organization Object authorization relevant. After that i created an authorization object based on the Sales org object. I created a roles and created a profile based on the authorization object which i created. i assigned the role to the user.
Now when i execute my query in web it is saying that
'No Authorization (Or Everything is Filtered Out)'
On the top of the query execution it is giving me a message as
'You do not have authorizations for component 0CRM_OPMO_Q001'
Now i would like to know, when we create profile in the role, do we need to add any other authorization objects apart from the one which we created. If so, what options do i need to give.
And second when we create a test user for the authorizations testing, what roles we need to give him, one would be the one which we generated. And what are the other roles the user will have.
Please help
answers would be rewarded
regards
vijaykumar

If sounds like you have another authorization object
"checked" on the infocube/ODS.
To check this, you have two options.
(1)RSSMQ, with the user id. Execute the query, then back up (using the green arrow). One page on the back up operation with give you what authorization objects are checked.
(2) Go to transaction: RSSM and enter the infoprovider. Uncheck the authorizations you don't want to have verified.
Also, you on the variable for the authorization object (query) you must enter a value here if you do not have an "*" object.
Cheers!
/smw

Similar Messages

  • Merging two company codes at sales organization levels

    Hello Guru's,
    I am working on a complex project,  the client wants to merge two company codes at sales organization level.  Will anyone guide me the procedure to do it.
    Regards,
    PV

    One Sales Organization can be assigned to only One Company Code.
    One Company Code can have several Sales Organization assigned to it.
    Hence, it is not possible to merge two Company Code to one Sales Organization.
    Regards,
    Rajesh Banak

  • Benefit or drawback to define plant at sales organization level

    at the time of creation of sales organization i have define plant at sales organization level.
    there is another setup in IMG and that is "Assign sales organization - Distribution Channel - Plant".
    what is the purpose of plant at sales organization level and what impact will occure if i assign plant on sales organization -distribution channel - Plant level. ?
    kindly assit me that what will be better should i define plant at the time of creation sales organization of should i use IMG setup "Assign sales organization - Distribution Channel - Plant". ?

    Hi there,
    When maintaining the material master, you extend the material to the sales org / distribution channel. If plant is not assigned to sales org / distribution channel, system will not allow you to extend the material to the sales org. That is the implication here.
    Also when raising the sales org, you raise it with respect to a sales area in VA01. When you enter a material in Va01, system will throw an error that plant isnot defined for the sales area is it is not assigned to sales org / dist channel.
    When defining the sales org you assign a plant there meaning that the sales org can be fulfilled by that plant. You can ofourse change the plant proposed by the system. Again when you change the plant, system will throw an error if it is not assigned to sales org / dist channel.
    Regards,
    Sivanand

  • DIR Authorization by Organizational Level

    Hi fellows!
    I would like to know if it is possible restrict access of DIR by organizational levels?
    Example: I need that if User A from plant 1234, creates a DIR type AAA number 0001, the User B from plant 4567 shouldn't have to access this DIR type AAA number 0001. I want that the users only can access the DIRs created by the plant which they have access.
    In the master roles of DMS I didn't find any object to help me in this scenario. I dont want to use the ACL to restrict the access of the documents. I want that this restriction has to be done by authorizations rules as in other areas.
    Can someone help me with some idea or case about this?
    Best Regards!
    Daniel
    Edited by: D Quintal on Nov 25, 2010 5:43 PM

    Hi Daniel,
    Its quite possible to achieve your requirement.
    There is a field called 'Authorization group' in a DIR if you have observed.This enables you to restrict authorization at Document level in addition to authorizations at Document Type and Status level.Suggest you create Authorization Groups like Plant1234,Plant4567 and so on with the help of your ABAPer.Now assign the required users to these Authorization groups.
    Once implemented,whenever a DIR is created and specific Authorization group is assigned, only those users part of this Authorization group will be able to process/access this DIR.Hope this addresses your requirement.
    For details on implementing Authorization group in DMS,refer link,
    http://wiki.sdn.sap.com/wiki/display/PLM/UsingAuthorizationGroupfieldin+DMS
    Regards,
    Pradeepkumar Haragoldavar

  • Check access of Sale organization

    Dear Expert,
          Is it possible to check user sales organization level access when i am execute the Z report.
         Thankx,
    Denish Patel

    You can use the Authority Object V_VBAK_VKO.
    Like:
          AUTHORITY-CHECK OBJECT 'V_VBAK_VKO'   
               ID 'VKORG' FIELD VBAK-VKORG      
               ID 'VTWEG' FIELD VBAK-VTWEG      
               ID 'SPART' FIELD VBAK-SPART      
               ID 'ACTVT' FIELD DUMMY.       
    Regards,
    Naimesh Patel

  • PM Organization Units Authorization on User Level

    Hello experts,
    Is there a way to add authorization for an organization unit (i.e. Planning Plant) on a user (SU01) level and not on a authorization objects (PFCG) level?
    For example,
    I would like to create the following Role (profile):
    ZPM_AUT_EQM_EQUIPMENT_DISPLAY
    This role should be able to display equipment from the Plant Maintenance module.
    However our problem is, we would like to create authorization levels with organizational units for each user:
    For example:
    User jsmith has ZPM_AUT_EQM_EQUIPMENT_DISPLAY assigned but can only display equipment from Planning Plant SL01.
    We know we can create this authorization creating several roles, like:
    ZPM_AUT_EQM_EQUIPMENT_DISPLAY_SL01
    ZPM_AUT_EQM_EQUIPMENT_DISPLAY_SJ01
    ZPM_AUT_EQM_EQUIPMENT_DISPLAY_AG01
    but our idea is not create several roles, but to assign the Planning Plant authorization on a user level and leave just one role so we would only need ZPM_AUT_EQM_EQUIPMENT_DISPLAY.
    Is there a way to do this?
    Thank you in advanced for your replies.
    Best regards,
    Fernando Montenegro

    Hi ,
    Could you share about your solution ? I think I have face the same problem as yours.

  • Organization Units Authorization on user level

    Hello experts,
    Is there a way to add authorization for an organization unit (i.e. Company Code) on a user (SU01) level and not on a authorization objects (PFCG) level?
    For example,
    I would like to create the following Role (profile):
    ZFI_AP_REPORT_DISPLAY
    This role should be able to display AP report from the Financial module.
    However our problem is, we would like to create authorization levels with organizational units for each user:
    For example:
    User Anson has ZFI_AP_REPORT_DISPLAY assigned but can only display Report from Company Code 3202.
    We know we can create this authorization creating several roles, like:
    ZFI_AP_REPORT_DISPLAY_3201
    ZFI_AP_REPORT_DISPLAY _3202
    ZFI_AP_REPORT_DISPLAY_3203
    but our idea is not create several roles, but to assign the Company Code authorization on a user level and leave just one role so we would only need ZFI_AP_REPORT_DISPLAY.
    Is there a way to do this?
    Thank you in advanced for your replies.
    Christine Tseng

    I agree with Jurjen.  There is no point creating a "new" authorisation concept for a few transactions.  If you use standard authorisation objects for the check in your custom tcodes then you will likely have very little work to do if you assign those tcodes to existing roles.
    Even using a custom auth object & creating the variants will take up no more time than doing something like repeating the variable functionality in BI or messing about with PIDs in the UMR (which I definitely do not recommend).  By sticking with the standard concept you ensure consistency, making it much easier to support and/or handover if you move on from the role.

  • Authorization Object for Sale Organization check

    Hello all,
    I have create a Z Report.Now the requirement is that only certain users belonging to a particular Sales Organization can run that report.
    Which standard Authorization Objects can be used for this case.
    regards,
    Ujjwal Kumar

    P577815 wrote:>
    > Hey,
    > Thanx for your reply....)
    > Actly new to abap thats y not much idea.Instead of your Auth Obj,can i use V_KNA1_VKO.
    Hello,
    But V_KNA1_VKO also has these params:
    VTWEG      Distribution Channel
    SPART      Division
    V_VBRK_VKO also has only Sales Org(VKORG). I think that suits your req.
    But before deciding on the Auth. Obj please read the documentation & check that it suits your req.
    BR,
    Suhas

  • Authorization restriction at Sales Office level

    Dear Gurus,
    I need to restrict the user for all the sales transactions on the Sales Office level.
    I mean the specific user should be able to create a sales order for the customer who comes under the Sales Office assigned to the user. User should view the sales order and invoice list for a specific sales office in VA05, VF04 also this is VF05N.
    I tried to add the sales office field in std authorization object V_VBAK_VKO and did it but after completion of consistency check also the user was able to create a sales order for a customer belongs to the sales office other than assigned one.
    For me it is mandatory to restrict the transactions and reports of SD at sales office level.
    Please tell me if there is any way complete this restriction. Or to restrict the user from viewing the sales documents which are not created by himself only.
    Your suggestions are also welcome. please suggest me.
    regards,
    Sanjay

    Hi,
    Check the below link, it might fix your issue.
    Re: how to restrict the Report based on sales office
    Br, Sats.

  • Authorization about crm sales Organization --division

    Hi, all
    I have a question about Authorization , In PFCG , I have used the authorization object CRM_ORD_OE,
    It can check the organization(  Distribution Channel, Sales Group, Sales Office,Sales Organization ID)
    but I can not find the object to check sales Organization --division.
    help,  please give me help , thx.
    Andy

    Hi,
    Check the following Authorization Objects For CRM:
    CRM_OPP (authorization object CRM transaction u2013 allowed organizational units) 
    SALES_ORG (sales organization) 
    SERVICE_OR (service organization) 
    DIS_CHANNE (distribution channel) 
    SALES_ORG (sales office) 
    SALES_GROU (sales group) 
    ACTVT

  • Basic Information about Organizational Level & Org. level value.

    Hello Experts,
      I am new to the field of SAP and security. I have the following questions:
    1. What is an organizational level & org. level value? What do they represent? How do they matter in PFCG?
    2. What is a derived role and what is its usage?
    I appreciate your help regarding this. If you could point me to some documentation regarding this that will be very helpful.
    Regards, Ben

    Ben,
    I am new to the field of SAP and security. I have the following questions:
    1. What is an organizational level & org. level value? What do they represent? How do they matter in PFCG?
    if you want to restrict on region vice (best use org level & values (plant,company code, sales org)
    In role u will notice them in red color
    2. What is a derived role and what is its usage?
    Derived role inherits menu struture and the function from the parent role. Derived role do not differ in their functionalities(identical menu & trans) but have different characterticts with regard to Org levels.
    Eg1; Master role
    PFCG -> role name -> create->menu->enter tcodes-.Auth tab->export mode->read old status and merge with new data->Pop for org levels (give a full access)->see to that everything is green->generate it.
    http://e-mory.blogspot.com/2007/12/sap-pfcg-create-role.html
    Eg2: Derived role
    pfcg->role name->create->in describtion  tab towards right  enter the master role name->Auth tab->export mode->read old status and merge with new data->you will get a pop for org levels (here you can restrict on plant lvel,purchasing group,company code....)
    ->let say for plant : 1000 ->generated / user comparssion
    Once the role is added to the user. User will be albe to see only those plant related details (1000) (i.e he will have access to only plant 1000)
    suppose if the user enters 2000,he will get a error message saying no access to 2000
    NOTE: Any changes to the role should be done in master role (like adding tcodes)
    .http://www.rssfeeddirectory.org/directory/items/346239.aspx
    https://cw.sdn.sap.com/cw/docs/DOC-12021
    http://help.sap.com/saphelp_wp/helpdata/en/1c/c38028816c11d396bc0000e82de14a/content.htm
    Re: Authorization error after transport
    Thanks,
    Sri

  • How to authorization sales office and sales group in VA21 and VA01 t-code

    I need to authorization sales office and sales group in va21,va22,va23 and va01, va02, va03 to control users access the sales order.
    I found some articles how to resolve this problem.I have created new authorization object Z_VBAK_ VKO, and add these fields to the object: VKORG: Sales Organization, VTWEG:Distribution Channel, SPART: Division, VKBUR:Sales Office, VKGRP: Sales Group, AUART:Sales Document Type, ACTVT:Activity
    I have add the object Z_VBAK_VKO to va01, va02, va03 in SU24 translation.
    I test the authorization , but fail, va01 and va02 do not check the authorization.
    Why? what can i do? please help me .
    thanks

    Dear Wu
    I think you are using the concept of Master Roles and Derived Roles.If ur using then create a master role and derived role for the authorisation group you want. And in the derived role assign the specifics to the respective logins ID. If you want to attach the authorisation to the T-Codes Va01 or VA21 etc then you have to use Exit.
    Correct me if i am wrong.
    Regards
    Jyotsana

  • Sales order item category per sales organization

    Hi
    Sorry for the question, I am FI/CO expert, and since our SD expert left us, I am also the SD expert now.
    Can I define different item categories for the same sales order type for different sales orgs?
    VOV4 (IMG-sales and distrebution-sales-sales documents-sales document item-assign item categories) has no sales organization parameter.
    Thanks
    Ofer

    >
    Ofer Cohen wrote:
    > Can I define different item categories for the same sales order type for different sales orgs?
    > Ofer
    Yes, you can define different item categories (in t.code VOV7) and assign to same sales order types. The item category is determined by based on Sales document type + Item category group (from material master) + Item category usage + High level item category (check t.code VOV4).
    The item categories are not assigned to sales organization, but the sales document types are assigned to sales area. Check t.code VOV8, where the sales documents are defined and in t.code OVAZ, the sales documents are assigned to sales area (sales area = sales org + distribution channel + division).
    YOu can see the steps of configuration at SPRO -> Sales and distribtution ->Sales document header (related to sales document type) and then at -> Sales document item.
    Regards

  • TEMPLATE FOR ORGANIZATION LEVEL ROLE

    HI.
    I HAVE MYSAP ERP VER 5.1 . BUT I DONT HAVE HR OR IDM IN MY SYSTEM.
    I  CREATED A ROLE FOR TRANSACTION FK01 AND FK02. IN THE AUTHORIZATION OBJECTS PUT VALUES 01 AND 02 FOR ACTIVITIES FIELDS AND ORGANIZATION LEVEL WERE LEFT WITH BLANKS.
    I CREATED OTHER ROLE WITH THE SAME AUTHORIZATION OBJECTS CREATED MANUALLY WITH ORG LEVEL IVALUES IN THE AUTHORIZATION OBJECT AND NO VALUES IN ACTIVITIES FIELD
    THE OBJETIVE IS MERGE BOTH ROLES WITH ADDITIVE EFFECT IN A USER ACCOUNT TO REDUCE THE NUMBER OF DERIVED ROLES.
    BUT THIS DESIGN IS NOT WORKING PROPERLY. I NEED TO NOW WHY?

    Hi,
    As per your query you create a new role and assign to these objects value in the new one.
    Anil

  • Pricing procedure assignment to sales organization

    Hi Expert,
    One particular pricing procedure is defined and assigned to particular sales organization in table T683V. I have assigned same pricing procedure to another sales organization which is now reflecting in that table. When i am trying to create sales order for newly assigned sales organization, it is not showing condition types for that particular sales order in conditions tab for that particular material. Can you please tell me why this is happening & what would be the solution for this ?
    Thanks.

    Hi,
    In Sales & Distribution - Basic Functions - Pricing - Pricing Control - Define and Assign Pricing procedure,you can define your pricing procedure to Sales Organization,Distribution Channel and division level.You can't define on sales organization only.
    This question you should post in SD forum.
    BR,
    Praveen

Maybe you are looking for

  • How do I get the wireless upgrade on my Satellite 2450-201?

    I'm a total newbie to the wireless world. Currently have a main PC that a broadband connection. I have my Toshiba laptop for my uni work and need constant internet access which proves difficult with 5 in the family using the broadband connection on t

  • Time Machine Question (want to keep old back up and start a new one)

    Hello I have a MacBook Pro that I back up using Time Machine to a Segate External Harddrive.  I have several weeks worth of back ups stored using Time Machine.  Then I needed to have my system wiped clean due to overheating.  I just got it back and I

  • Displaying previous FLV cue point during scrubbing

    I have a single FLV that has 10 different scenes in it. I've been able to make a "credit" list for each scene by adding actionscript cue points in the FLV component, and displaying the info using dynamic text. It all works fine. Now I want the dynami

  • Mighty Mouse won't scroll up, only down

    I had this problem again tonight, but this time a restart didn't work. So I took the mouse and turned it upside down, and rolled with pressure the scroll ball on my mouse pad. I rolled in all directions, then plugged it back in. It worked. Which lead

  • Aperture plugin does not create keywords correctly on previews

    Keywording migration is different between previews and raw files. "Non-face" keywording works as expected for raw files, but not for Aperture preview JPEGs. The preview JPEG seems to suffer with keywords. The child, parent, and child/parent combo all