Basic authorisation objects for display/execute
Hi Team,
For a start .....I need to create a basic user role for BEX (7.0)with Display and execution of the queries .
Down the lane another role with restricted access to only certain cubes
What is the authorisation objects needed to be given in that role?
Is there a std role which solves my purpose.?
I was playing with auth objects like S_RS_COMP, S_RS_COMP1,S_RFC....but coudn't get much farther.
Thanks for your time.
/Andy
Hi Nicco,
we evaluated ACE for two projects now and always found that customers are not very excited about administration of a)EP-roles b) CRM-roles and additonally c)ACE user groups which is furthermore a very new topic for all of us and therefore it seems there is little know-how existing. We are also not sure about the future of ACE if there are new development with BP-roles in 6.40? But for my personal opinion in the field of CRM and sensible data there is no way around ACE or something similar ...
Regarding performance we always had the felling that response time of PCUI-apps decreases when we activated ACE - maybe because there is some overhead with collecting ACE-data in different tables additionally to the other process of controllers and subcontrollers ... but this was only a personal experience, we never did any measurements which confirmed this "feeling".
Regards
Michael
Similar Messages
-
How to create authorisation object for save button please help in abap
how to create authorisation object for save button please help in abap
Hi
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Regards
ANJI -
How to create authorisation object for report
hi
experts..
hw can u create authorisation object for the custom report.
Thanks& Regards
SpandanaHi,
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Sy-SUBRC values
4 User has no authorization in the SAP System for
such an action. If necessary, change the user
master record.
8 Too many parameters (fields, values). Maximum
allowed is 10.
12 Specified object not maintained in the user
master record.
16 No profile entered in the user master record.
24 The field names of the check call do not match
those of an authorization. Either the
authorization or the call is incorrect.
28 Incorrect structure for user master record.
32 Incorrect structure for user master record.
36 Incorrect structure for user master record.
http://www.sap.ittoolbox.com/groups/technical-functional/sap-basis/please-how-to-create-an-authorization-object-386391 - 78k -
http://www.sap-abaprogram.blogspot.com/2007/11/what-is-use-of-
authorization-checks-to.html - 75k -
www.sapworld.hpg.ig.com.br/download/ab4query.pdf
with thanks,
Abaper. -
Authorisation object for "PO text in the material master"
Hi,
My requirement is as below:
"All users can see the Purchase Order Text as usual, but only a few users should be allowed to create / change the PO Long Text.
For other users, the same should appear in display mode only (both in creation & in change mode, MM01 & MM02)."
Please let me know, How to map this.
As per my knowledge thsi is possible only thru authorisation. But I want to know what is the authorisation object for "PO text in the material master" (Pl note that only for PO text in the material master field). we want control on "PO text of material master"
Regards.
ChinnaHi,
The authorisation object is "M_MATE_MAT", pl check
Regards
Merwyn -
Authorisation Object for Payment Block Filed(ZLSPR) in FB02
Hi,
I want to restrict the authorisation to modify the field Payment Block to some of the users only in FB02 Tcode.
How can i achieve it.
My basis team said it can help me if i can give the authorisation Object for the same they can restrict the authorisation object to limited users.
regards
JayaHi Mallikarjun,
The authorisation Object given is related to Excise invoice ? So, please let me know how this would help in restricting modification of payment block filed in FB02?
regards
jaya -
Authorisation object for Case Management
Hi Gurus.
I need to create authorisation object for Case Management,
SCMG_T_CASE_ATTR-CATEGORY Field,SCMG_CATEGORY element,
I use the tx SU21 and Su20, asigned this object to Role. But no WORK.
In the Su20:
Field Name: ZCATEGORY
Data elelment: SCMG_CATEGORY.
Table Name: SCMGATTR_CATEGO.
In the SU21:
Object: ZCASE
Class: AAAB
Field Name:
ACTVT
ZCATEGORY
When I use tx SCASE, The condition not work.
I use the field name ZCATEGORY because the field name CATEGORY was used by SAP. But for USC_Y_CONT_CATEGORY element
Edited by: Alfredo on Aug 1, 2008 5:39 PMHi Alfredo,
Go to SU24 tcode and see if the transaction SCASE is being check/maintaned to the authorization object ZCASE.
If not then you need to do that so that when you add the tcode SCASE to a role then you will see the authorzation object ZCASE which you have created. You can edit the role and change the authorizations for the field, ZCATEGORY and maintain.
Generate the role and then assign it to the user. I think it must work.
If it doesnot work then as Alex said, you need to go and look where the Authority check statement is placed in the program behind the SCASE tcode.
Hope this helps.
Regards,
Kiran Kandepalli. -
Authorisation object for cost center
Hi all,
I need to know the authorisation object for the field COST CENTER in ME21N(creation of PO) screen. How to find it? Since I am creating roles for users with help of BASIS I need to know it. I need to restrict the values for the cost center field while creating the purchase order.
Thanks in advance.
Regards,
RajHello,
Master Data:
CO: Cost center master (K_CSKS)
CO: Cost center groups (K_CSKS_SET)
CO: Cost element master (K_CSKB)
CO: Cost element groups (K_CSKA_SET)
CO: Activity type master (K_CSLA)
CO: Activity type groups (K_CSLA_SET)
CO: Statistical key figures (K_KA03)
CO: Stat. key figure groups (K_KA03_SET)
Planning:
CO: Version (K_KA09_KVS)
CO: Planner profiles (K_TKA50)
CO: Cost center planning (K_CSKS_PLA)
CO: Cost element planning (K_CSKB_PLA)
CO: Budgeting (K_CSKS_BUD)
Regards
Mahesh Naik -
Authorisation object for controlling te changes to "Delivery completed indi
hi
I want to know the authorisation object for controlling te changes to "Delivery completed indicator" in PO.
I want to give the authorisation to change to certain users only.
Best regards
SarThere is no authorization at field level.
Either the user has authorization to change an order or not. -
Authorisation object for field level
Hi all,
In support desk ,Is there any authorisation object for controlling field level changes such as category or priority by message processors.
BalamuruganHi.
Not that I know of. I was also looking for something like this and could not find anything.
I think there is even no logging if someone makes any changes to those fields. -
Authorisation object for Supplier field in Shopping Cart
Hi Team,
In Shopping Cart Source of Supply tab field Supplier is not getting displayed as it in hidden for some users, sor those users an authorisation object has to be provided to display the Supplier field.
Can you please Suggest me the authorisation object to be used to display Supplier field in Source of Supply tab of Shopping Cart.
Thanks & Regards,
Goutam Kolluru.Question is solved.
Answer can be find in bellow link
Field Supplier is not displaying in Shopping Cart with Std Roles SRM 7.0 -
Good day buddies.
We are trying to find authorisation object that used by transaction PFTC.
Users is able to see workflow template (object type WS, WF) but they are unable to display workflow task (object type TS, T).
The SU53 doesn't produce anything
From ST01, I could not find red color (RC not equal 0) under "AUTH" Type column.
In the user's authorisation profile, we giving authorisation object "PLOG"
Infotype : *
Object Type: T, TS, WF, WS
Plan version: *
Function Code: *
Subtype: *
Is there any transaction code that I can trace? Or perhaps somebody having similar problem before, I am really appreciate it if one of you can share your problem solvingHi,
Got to SU24 and give the transaction code PFTC and execute.Click on Display Check Indicator ..It will give you the list of ahtuorization objects .
Regards,
Phani -
Authorisation Object - for specific functins to restrict access
Hi,
I have to use Authorisation Object in my program to restrict the access by all users.
Only those users with the zcxbilllock security role will be able to perform the functions like 'Lock/Unlock', 'Delete', and 'Recosting' ..
How do I code this.... Can anybody please help.... I would really appreciate...
INCLUDE YFMXBOMCL1.
INCLUDE YFMXBOMO01.
INCLUDE YFMXBOMI01.
INCLUDE YFMXBOMF01.
*-At selection screen
AT SELECTION-SCREEN.
AUTHORITY-CHECK OBJECT 'Z_PP_XBILL'
ID 'ACTVT' FIELD '02'.
*SY-SUBRC = 0.
*IF SY-SUBRC <> 0.
AUTHORITY-CHECK OBJECT 'Z_PP_XBILL'
ID 'ACTVT' FIELD '16'
ID 'ACTVT' FIELD '95'.
IF SY-SUBRC <> 0.
MESSAGE E010(AD) WITH TEXT-A01.
ENDIF.
Here 16 -
>execute
and 95 is unlock.
Thanks a lot in Advance
JayaHi jaya
Evaluate sy-subrc right after authorization object call.
sy-subrc = 0 : user is authorized for the activities defined in authorization object
sy-subrc ! = 0: no authorization.
To understand more about authorization object creation and there usage refre this link.
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c
Thanks
Vishal Kapoor -
BOR object for Displaying the Spool
I am trying to create work item that will display spool output.I have thought of using FM "SWW_WI_START_SIMPLE" to create a work item and will take to the display of the spool file .Can any body suggest the BOR object which I can use for displaying the spool output??
(Background of the issue-I am executing a report in background and taking out put of that on spool. After executing this I want to send that spool number in the work item to the user and from that work item a link should be generated that will take the user to the spool display.)Hi raz
i think it will help you
Firstly go to Transaction of event trace SWE4 on the event trace
Secondly go to your transaction create one invoce
then go to SWEL it will display the BOR Triggered during the Invoice creation
In case of any issue please revert back
Donot forgot to reward points
Regards
hitesh -
Disable an Authorisation object for Multiple roles.
Hi ,
I need to Disable an authorisation object F_BKPF_BUP for about 345 roles.Is there any way by which we can make mass changes.Doing it for individual role would take a lot of time.kindly advice.
Thanks in advanceHi,
1. Go to SE16 --> table USOBT_C --> put object F_BKPF_BUP in the field "Object" --> execute without restriction. Download the list of TCodes.
Now go to Table AGR_TCODES --> put the list of TCodes (found with above method) in the field "Extended name" as multiple selection --> execute and download the list of roles.
Look up your list of 345 roles with this list. After matching, you need to sort out the TCodes present in this list of roles which is checking the object F_BKPF_BUP.
2. Now go to SU24.. go to option "Authorization Object" and NOT in the Transaction section.
Put the Object and execute.... go to change mode.... check the proposals for the TCodes you sorted at last step of point 1. Make the proposal Do Not Check where ever it is not so.
Move the Workbench Transport through Landscape. Your purpose will be done. But you should also keep in mind if the TCodes are present in other roles besides of your 345, those will become vulnerable.
Regards,
Dipanjan -
Authorisation Object for reporting
I created a Authorisation Object on an Infoobject .The list that comes up for selecting the Infocubes which should be effected by this doesnot show the Cube in which the Infoobject is used.
The list shows various ODS and Cubes and I dont know how they r related to this Authorisation Object.hi,
check if relevant oss note 641614-InfoProvider in RSSM not displayed for authorization object.
the solution support package may out of date, you may try this ?
... You can avoid this problem by using the 1KYFNM field in the authorization object. In this case, all InfoProviders will be always displayed.
Symptom
An InfoProvider is not displayed in transaction RSSM for checking authorization objects. Consequently, the setting that indicates whether this InfoProvider should be checked for the authorization object cannot be changed.
Other terms
Authorization object, InfoProvider, InfoCube, RSSM, check
Reason and Prerequisites
The InfoProvider contains a referencing characteristic, which is authorization-relevant, as a navigation attribute. As a result, the usage is not found as the navigation attribute in the where-used list for the InfoObject in the authorization object and consequently, the InfoProvider is not found either.
You can avoid this problem by using the 1KYFNM field in the authorization object. In this case, all InfoProviders will be always displayed.
In addition, it will also be easier to implement a check on key figures at a later stage because once authorizations exist for an authorization object, no more fields can be added.
Solution
BW3.0B
Import Support Package 15
BW3.1C
Import Support Package 09 for 3.1C
Maybe you are looking for
-
Reading/Writing Form Message Bodies
In JSP how do you read the body of a submitted form? When I run the code below I get nothing back. I'm trying to submit XML in the body of the HTML form and then read it in the JSP. What am I doing wrong? readBody.jsp <%@ page import="java.io.Buffere
-
Behavior of ENTER arbitrarily changes in my JTable
The setup: basic, non-exotic JTable in a 1.6.0_02 application running on Red Hat Enterprise 3. Normal behavior: hitting enter causes the table to select the next cell row. My behavior: randomly, I've been noticing that hitting enter causes the cell t
-
GUI_DOWNLOAD like SE16 format
Hi all, i have a requirement to build a report to download standard tables dinamically in foreground to a .txt file in the same format like going through SE16, displaying a standard table and go to System --> List --> Save --> Local File (format unco
-
Do I have to erase my HD when re-installing Classic 9?
This is going to be a little long, so I apologize for that, but I figure more information will help the experts in the world of Mac to help me. my Mac : iBook 500 MHZ power PC G3 Version loaded: OS X 10.2.1 Original (and also my discs): OS X 10.0.3 I
-
win xp, downloaded ps free, had problems, now won't start, "user name, org, or serial number missing".