Barcodes and authorization objects

Similar Messages

• Problem while loading texts and authorization objects file in RAR

  Hi all,
         i am getting internet explorer error while loading the texts and authorization objects text files in RAR .actually we uploaded rule file before this,does this step causes any error ?if so how to resolve this error.do i need to remove all rules/risks and then load text and authorization files? is there any shortcut to renove all risks generated in one shot? please reply me soon to resolve this.
  Thanks,
  Joseph.

  Hi Joseph,
  Please make sure to convert both the files in UTF-8 encoding format and then try to upload the files again. This should resolve the issue and if not then please paste the logs here.
  Regards
  Harleen

• Role creation and authorization objects in sap

  Hi
  i want to know the full relationship between  creation of roles , authorization objects ,authorizations in web as abap
  Please explain the process in detail the use of PFCG and all its options and how to create Z roles

  Although, It would be a very long document to explain the query, I have briefed you on the concept. I hope it leads you well.
  - Roles are nothing but a container for authorizations. A role represents a specific part of an employeeu2019s job.
  - The R/3 authorization concept permits the assignment of either general and/or finely detailed user authorizations. These assignments can reach down to transactions, field and field value level.
  For e.g. If a user wants to create a PO we can restrict him on:
  u2022     Activity : Create/Change/Display
  u2022     Org elements like Company Code, Plant, Purchase Organization etc
  u2022     Document type etc.
  - Authorization objects are grouped in an object class such as Materials Management: Master Data (MM_G). Each Object Class may have several authorization objects and within each object we can have several authorizations (max. up to 99).
  - Fields :The permissible values for the fields constitute the authorization. For e.g. ACTVT (Activity) is a field with permissible values of 01 (Create), 02 (Change) & (03 Display) for the object M_MATE_CHG (Material Master: Batches/Trading Units). Value * for field BEGRU signifies all possible values.
  - An authorization allows you to carry out an R/3 task based on a set of field values in an authorization object. By themselves authorizations do not exist and they only have a meaning inside a profile
  - Authorizations are contained within profiles and these profiles are assigned to users manually or automatically via role assignment. When you assign the field values for all the authorization objects and save system will auto generate a profile name.
  - Authorization check are included in the transactions source code in standard SAP R/3.A user may carry out an action if the authorization check is successful for each field in the object.
  Edited by: Subramaniam Iyer on Nov 27, 2008 12:08 PM

• 0Orgunit(hierarchy) and authorization object display getcell error in Webi

  Hello,
           We are facing with GetCellData error in WebI to SAP BEx Query.
           This works perfectly fine in Bex for a particular test user who has access to particular org unit value.
           But in Webi we are getting this Getcelldata error.
          Tried all the options and message as recommended in sdn group.
          mdxtest returns no value.
          looked at all below messages but no luck.
  GetCellData error in WebI to SAP BEx Query
  Re: SAP BO WebI Report on top of BI Bex Query with Authorization Variable
  in the rsecadmin, we get the same error like mentioned in below message
  Hierarchy Authorization doesn't work for MDX but works for BEx Query.
  Is any authorization required for this user to execute and view the authorized values in Webi?
  or we have to assign any authorization ?(0BI_ALL is not assigned).
  Please find below screenshots of BEx query auth log or Webi auth log (differences)
  Bex auth log:
  The Following Attributes Are Authorized and Thus Are Visible
  0BBPPURGRPX
  0BBPPURORGX
  0BBP_BUYID
  0BBP_ISCOMP
  0BUS_AREA
  0COMP_CODE
  0CO_MST_AR
  0CRMSALGRPX
  0CRMSALOFFX
  0CRMSALORGX
  0CRMSRVTGRP
  0CRM_SALGRP
  0CRM_SALOFF
  0CRM_SALORG
  0CRM_SRVORG
  0LEAVERS
  0LOGSYS
  0MAST_CCTR
  0PERS_AREA
  0PERS_SAREA
  0PLANT
  0PURCH_ORG
  0PUR_GROUP
  0SALESORG
  0SALES_GRP
  0SALES_OFF
  This above log is missing for mdxtest auth log.
  Is this the issue?
  Any quick reponse or help really appreciated.
  Regards,
  Ravi
  Edited by: Ravi Gadicherla on Feb 28, 2010 5:36 PM

  Hi,
      Here is the log of MDXtest:
  Buffering the Authorization Data  
    Buffering for InfoProvider 0PA_C01 and Users HRTEST93  
  InfoObject Properties Defined
  Reading of Directly Assigned Authorizations
  Direct Assignment Does Not Include Universal Authorization 0BI_ALL
  Reading the Indirect Assignments with Authorization Object S_RS_AUTH
  Does user have OBI_ALL?
  No, the User Does Not Have Universal Authorizion 0BI_ALL
  Negative Entry in SU53 Result of Failed Check for 0BI_ALL
  Indirect assignments found; no universal authorization
  Regards,
  Ravikanth

• F9K3 and authorization object in su24

  Hello,
  We want to add authorization object F_KNA1_BUK to new role for check in F9K3 transaction.
  The problem is it is not being checked. I tried to debug and stop on authority-check but it's not stopping on this object.
  But the object is showned in transaction SU24 - as CHECK / NO.
  So it should be checked during F9K3 transaction run, correct?
  Anyone knows what we're missing here ?
  Thank You in advance for help,
  Best regards,
  Artur

  Hi,
  What appears in SU24 is not a reliable indicator of what is actually checked.  It may be that F_KNA1_BUK is checked at some point depending on either how the tx is used or what menu options are used but I wouldn't bet my house on it.
  Cheers

• TCT* Info objects and Authorization objects

  When defining an authorisation object do I need to include TCT* info objects as fields in the authorisation object and if so why and which ones are required - if this is different for different scenario could someone elaborate? Thanks

  Hi,
  yes... you need to include the TCT fields as you would like to restrict the users based on the infoproviders and the time duration.
  Since in any organozation you have many type of users like the super users who can access anything...end users who have access to areas related to them only and may be some other kind as well.
  Suppose if a user is beloging to FICO department and he is only suppose to use the reports based on GL cubes then you will create an authorization object where you will give the values for authorization relavent objects like company codes,sales org and additionally you will maintain the value for the cube in 0TCAIPROV field.
  when you assign the user to this object he will only see the data in the queries based on the FICO cube and that too for the company codes specified in the authorization object.
  Now if there is another user who can see the data for all the company codes and all the areas but only for certain duration then you will create a new authorization object where you will not give any values for any object but will keep it as * but will maintain 0TCAVALID objects and give the validity period here.
  Thanks
  Ajeet

• Tcode and authorization objects

  hi gurus,
  i am confused :
  if in a role i have all the authorizations for one authorization object (for example S_TRANSPRT) but i don't have the tcode (for example stms) used by this authorization object in the list of tcodes will the users have access to this tcode ??
  thank you.

  Ideally, if in a role autorization is not provided for STMS, then the user id will not allow to use transaction code STMS.
  However, if SAP_All is provided, in that case, user will have access to all Transaction Codes.
  Regards,
  Rajesh Banka

• BI authorization objects not appearing in RAR, error while generating role

  Hi
  I am facing certain problems relating to integration of BI module version 7 with GRC Access Controls version 5.3 and support package 06. I am describing the problems in details below:
  (a)  In Risk Analysis and Remediation (RAR) component, I am creating Functions and
        Risks for Business Intelligence (BI) module. For that I have downloaded the
        descriptive text and authorization object data from BI development system and
        uploaded the same in RAR. Then I have created 2 Function Ids DBI1 (having action
        RSA1) and DBI2 (having actions RSA11, RSA12, RSA13, RSA14, RSA15) and 1
        Risk Id for BI (having Function Ids DBI1 and DBI2) in RAR. But when I checked
        the permission tabs of the Function Ids DBI1 and DBI2, I could not find any
        authorization objects for the actions in them.
  (b)  In Enterprise Role Management (ERM), when I am trying to create a Role TEST-BI
         in DBI 100 and I put the  BI transaction codes in authorization data , I get the
         authorization objects . Risk analysis is also being done successfully. But at the time
         of Role generation in background mode , it is giving an error message :
         Error generating role TEST-BI for system DBI 100: Unable to interpret * as a number.
         I am thus unable to generate any role in DBI 100.
  (c)  In Compliance User Provisioning (CUP), I have imported a standard role from DBI
        100. Then I have added Functional Area, Business Process, Subprocess  and
        Criticality Level to this role in CUP. But when I try to assign this Role to an user, it
         gives an error Error creating request. But requests are getting created and roles are
         being assigned to users in ECC development  systems using the same Initiator, CAD, stage
         and path.
  Can anyone please help me ?

  -

• Authorization Object Related To Movement Type

  Hi,
  I meet one problem, one user want to check which user can use MB1A t-code with movement type 201 and 202, but I know there are some authorization object related to movement type and I want to use suim with mb1a t-code and authorization object to check the user, but I don't know the authorization object about movement type in MB1A t-code, does anyone can help?

  Go to SU24, enter the transaction code and press execute.
  Here you can see the all authorization object whose are used for the transaction code MB1C.
  Regards
  Dev

• Wanted: Dictionary-/ Metadatatable for the Mapping of the (old,3.5.) Authorization Object to the (Auth.relevant) InfoObject

  Hi,
  I am looking for the concrete BW's dictionary-/ metadatatable(s)
  which contain/describe the
  Mapping of the (old,3.5.) Authorization Object to the (Auth.relevant) InfoObject
  of  the transaction "RSSM-Authorization for Reporting"
  For example:
  I got 3.5 Auth.Object ZCOMP_CODE and want to know to which   (Auth.relevant) InfoObject
  this is mapped, basically what's in the usage of this Authorization Object.
  ThanXs
  Martin

  Hi,
  As of now, your authorizations still in 3.x. so please check the below tables.
  RSSBAUTHGEN - it holds info provider and authorization object
  RSSBAUTHGENERATD - it have user name and info provider
  RSSBAUTHTRACE
  RSSBAUTHTRUSER
  RSSBAUTVAL
  RSSAUTHHIER
  RSSAUTHHIERNODE
  Coming to 7.x , Above mentioned T code kumar is enough to handle authorization concepts.
  There is best document about 3.x and 7.x comparison on Google.
  please search for it by using search term "An Expert Guide to new SAP BW Security Features"
  Written by Marc Bernard
  Thanks

• Authorization objects in web dynpro ABAP and SU24 transaction

  Hi,
  I have created a new authorization object to check a storage location for certain activities. I have added the authorization object in a specific web dynpro ABAP and I have created a new role in PFCG for my web dynpro ABAP.
  The organization level for storage location is not recognized in PFCG. Someone told me I have to maintain my authorization object in SU24 as it is done for transaction.
  I wanted to maintain my web dynpro in SU24 but I found no way to do that.
  It seems that we can maintain authorization for TADIR service and in those services there is R3TR WDYA but when I use the search help for  OBJ_NAME I don't find may web dynpro ABAP. I suppose I have to create a TADIR service for my web dynpro ABAP or something like that but I don't know how to do ?
  Does anybody  know how to deal with specific authorization in web dynpro ABAP and t ohave the organizational level recognized in PFCG.
  Thanks for your help,
  Emmanuel

  Hi,
  Please RUN the function module as "AUTH_TRACE_WRITE_USOBHASH" with following parameter
  R3TR
  "custom webdynpro application"
  SERVICE TYPE and Service can be kept blank
  after this try  SU24 it will be available in SU24 list.
  Thanks & regards

• Table Name - For Authorization objects and fields.

  Hi
  Could any  one let me Know In which Table Authorization Objects and Authorization fields are stored.
  Thanks N Regards.
  Priya

  hi,
  TOBJ ---> Authorisation Objects
  Refer to the link.
  http://saptechnicalinfo.blogspot.com/2008/07/sap-authorization-objects-tables.html
  Regards
  Sumit Agarwal

• Authorization objects for  transaction, one to view, and one to maintain

  Hi all,
  My requrement is to create two authorization objects for  transaction, one to view, and one to maintain.
  I know how to create objetcs vai sm21, but i donot know how to crate objects with activity codes.
  Please suggest how to create object where i can asign activity codes.
  regards
  manish

  The Authorization Concept
  R/3 uses authorization objects to assign authorizations to users. An authorization object is a template for an authorization. For example, authorization object F_SKA1_BUK - G/L Account: Authorization for company codes requires the specification of two field values: Company Code and Activity. To allow a General Ledger supervisor to create a general ledger master record, he/she must be assigned an authorization to create (Activity 1) accounts for a specific company code (eg. Company Code 2000). Such an authorization is created using the object F_SKA1_BUK by assigning these field values and naming the authorization following an appropriate convention (eg. Z_SCC20001).
  Authorizations may be classified as general authorizations, organizational authorizations or functional authorizations. General authorizations specify the functions a user may perform. Authorization object F_SKA1_BUK has been assigned to the function for creating general ledger master records. The system checks for the useru2019s authorization to create general ledger accounts (Activity 1) in at least one company code. The system then checks whether the user is permitted to create accounts for the specified organizational unit (company code) and has the required functional authorizations. Authorizations in this case may restrict the user to certain Charts of Accounts. In addition, an authorization group may be defined in certain authorization objects to protect individual master records.
  Profiles relating to an organizational role (eg. General Ledger Supervisor) are defined consisting of a list of authorizations and other profiles. Such profiles are then assigned to users with that role and stored in their user master record along with other data (eg. password).
  Do check this link as well.
  http://articles.techrepublic.com.com/5100-10878_11-5110893.html

• Custom authorization object and check logic

  Hi gurus,
  we need to apply additional authorization check in our custom reports.
  so i created a custom fields & object, and put the statement
        AUTHORITY-CHECK OBJECT 'ZHR_APP01' FOR USER uname
                 ID 'ZROLEID' FIELD '03'
                 ID 'ZSOBID'  FIELD zzdwbm.
  in a abap class method centrally, so it could be called by many reports.
  but the test show that the sy-subrc always set to 0, even for users without any authorization.
  what i missed for adding custom auth check?
  for this case, do i need to maintain authorization check indicator in SU24?
  what i am confused is that , su24, you have to maintain a transaction , but our authorization check is not for transaction , but for reports and bsp application, how should i maintain su24 for that?
  thanks and best regards.
  Jun

  Hi,
  I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction  the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
  We've ran the report RPUACG00 also which is mentioned in this thread.
  We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
  I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked
  but still it is taking the P_ORGIN object.

• Authorization object for "set TECO" and "undo TECO"

  We want to control the authorization for "set TECO" and "undo TECO",but we can't find relevant Authorization object. Is there any Authorization object  for these two functions? If there's no Authorization object for them ,then how can we achieve the same result? Thank you very much!

  Hi,
  Under one user ID the auth object B_USERSTAT will have the authorization key in which user will be responsible to change the TECO user status.
  One user will not have any authorization key under B_USERSTAT Auth_Object.
  Hope it's will give you help.
  Regards,
  Vishal Kr. Sharma