BASIS--to restrict authorization for a PO document type & 122 movement type

Similar Messages

• To restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.

  Hi,
  We have  a requirement where we need to restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.
  Presently we can restrict authorization at Purchasing organization level but not at Plant level.
  Any pointer please!
  Regards,
  Chetan

  First of all, this is not the right forum to post such a question.  Coming to the requirement, this can be achieved by creating a role in PFCG where you can restrict plant and assign this role to each user id.  Your basis team can do this.
  thanks
  G. Lakshmipathi

• How to restrict authorization for OBC4

  Dear all
  How to restrict authorization for obc4( field status) for user id wise
  Regards
  nasa

  Hi Nasa
  You try to use the S_TABU_LIN object. With this object you can control access to tables (called from maintenance views, SM30 etc) based on the database key for the table.
  And as far as I cant see, the OBC4 transaction is just a couple of maintenance views for V_T004V andf V_T004F.
  You can find a small how-to [here|http://www.mhn-consulting.com/s_tabu_lin.html]
  Regards
  Morten Nielsen

• Release authorization for Posting FI document nor Parked document

  hii guru
  I am facing a problem as below. i have created a release authorization for parking document using workflow variant, created event - Created, object type - FIPP, receiver type - WS10000051, and when i am parking the document its working fine, wants release authorization to post parked document. but my client requirement is to set release authorization for posting FI document in fb50.  not parked document.
  please give me a solution how do i cofigure the release authorization to post directly FI Document in fb50.
  thanks & regards
  Rajesh

  i have solved by myself

• HR authorization for Display the documents  in SAP DMS

  HI experts,
  We want to control display authorization depending on the entry made in object link tab in DMS( DOcument Management System). We developed screen for HR master object link. When user executes cv03n and enters document No. system should check hr master number entered in object link. If the user has authorization for that hr master number in PA (personnel administration), then he should be allowed to display the document. Otherwise it should restrict him to display the DIR.
  Now my query is how to achieve it. Can anybody provide me some solutions
  I have one solution, whenever user enter document number in cv03n screen, system will first check hr master number entered in object link and it will check the Personnel Area, Employee group and employee subgroup aginst this hr master number. Say for ex: PA:1000, EG:1 and ESG:01 for HR number xyz.
  Now system should check in roles assigned agaist user id for these PA, EG and ESG values. If user has got authorization for PA:1000, EG:1 and ESG:01 in HR roles,then he should allowed to display the document.
  Now my query is how feasible this approach? is this tough task for abaper? or is there any easier approach than this.
  regards
  sham

  Hi,
  Try to use the User Exit: CNEX0002.
  Check with your ABAP er for the enhancement.
  Hope it helps..
  Thanks!!!

• Authorization for Task - Manual Document Posting

  Hi All
    We have have few tasks in our consol monitor like data collection, manual posing, validation, reclass etc. I want to restrict authorizaiton to users based on company and tasks.  When I do so its perfectly working except for manual posting task. The system is allowing user to post manual posting of other company in which the user is not supposed to. I am wondering. The system is just ignoring manual posting task alone. Is there any tricky way to solve the issue for manual posting task?
    I am currently using the objects R_UGMD_CHA, R_UGMD_SNG, R_UC_TASK combinations. It works fine except for manual document posting task. If any one got any suggestions, let me know to fix this problem.
  Regards
  A.Bharath

  Note 610621 - SEM-BCS: Authorization check for the Manual Posting
  During the execution of the Manual Posting the system by mistake checks the authorization for consolidation groups or consolidation units against value '#'. The system should check against the initial value instead.
  For example, if you start a Manual Posting task, which posts on posting level 10, for a consolidation unit 'xyz', the system checks the authorization against the following values:
  Consolidation unit = 'xyz'
  Consolidation group = '#'
  Instead of this, the system should check against the following values:
  Consolidation unit = 'xyz'
  Consolidation group = initial value
  Other terms
  Manual Posting, authorization check
  Reason and Prerequisites
  This problem is caused by a program error

• Restrict authorizations for payment item transaction

  Hi All,
  This is regarding authorizations for a banking system.
  The requirement is the users need to be restricted for the following transaction based on the Bank Posting Area or the contract managing unit.
  BCA_PAYMITEM_CREATE
  When the user goes to create payment item the user should be allowed to enter an account which has been created with the contract managing Unit ZSUM007 or Bank Posting area ZSUM. The user should not be allowed to go in for any other values of contract managing unit and Bank Posting Area
  BCA_PAYMITEM_MAINTN
  The user should be allowed to enter an account which has been created with the contract managing Unit ZSUM007 or Bank Posting area ZSUM .The user should not be allowed to go in for any other values of contract managing unit and Bank Posting Area.
  I checked the transactions in SU24 and found only authorization object S_TCODE associated with the transcations BCA_PAYMITEM_CREATE and BCA_PAYMITEM_MAINTN.
  Can someone please suggest a way to acheive this.
  Regards,
  Thamarai.

  Hi Shiva,
  I tried assigning the org unit using PFCG ORGFIELD CREATE.
  Now the org unit in pfcg shows Org. level Contract-Managing Organizational Unit (Encrypted) but there is no coresponding field in the authorization objects in the role.
  Can you please help since the project is very critical.
  Regards,
  Thamarai.

• How to restrict authorization for MMBE

  Hi,
  I need to restrict the authorization for t-code MMBE according to plant wise. Can anybody tell me about the procedure and authorization object used.
  Regards

  M_MATE_WRK Material Master: Plants is the object that is used to control teh display of data at plant level in tcode MMBE

• Restricting Authorization for a specific Info-object

  Dear All,
  I have a scenario where I have to restrict the account managers by specific channels.
  I have 2 info-objects, Sold-to party and Sales Channel. Sales Channel is defined as attribute of the the Sold-To Part info-object.
  I was exploring the BI authorizations concept in SCM 2007.
  I created a authorization called "Test" and assigned the info-object Sales Channel in the authorization and restricted it for one value. This authorization along with 0BI_ALL I have added to the role under BI authorizations.
  However in interactive demand planning, I cannot restrict by the sales channel. It allows me to load data for all the channels.
  If I remove 0BI_ALL object, then I cannot load anything in interactive planning.
  Does anyone have a step by step proceedure for using the BI authorization concept?
  Regards,
  Kedar

  Yes, 0TCAACTVT (activity), 0TCAIPROV (InfoProvider) and 0TCAVALID (validity) have to be made authorization relevant. For the info objects you want to use to control security, also make them authorization relevant in RSD1, imagine the object you want relevant is ZZ_VKORG (sales organization).
  Then use RSCEADMIN transcation and 0BI_ALL will include the objects from above, copy 0BI_ALL into a object such as Z_1000 and then change the value for the specific info object that you want to control, imagine that you want sales org 1000 only to be allowed within Z_1000.
  Now, you have 2 choices: You can use the normal security maintenance (SU01, PFCG) and you can asssign RSRS_AUTHBIAUTH and set BIAUTH requal to Z_1000 or you can use user maintenance directly within RSCEDAMIN and assign Z_1000 to the user. Either way, it becomes part of the authorization of the user.
  You may find that you need to introduce colon authorization concept ( for mixed levels of data and that is just a matter of adding a second line to the allowable values and setting it like "EQ :".
  Things to consider:
  1. This authorization concept is water tight and will do everything you need, but will do at the expense that if you don't model it first, you will kill yourself trying to make it right. This becomes evident when you trace a security issue (via RSCEADMIN) because the way BI7.0 works is that it will build a minimized superset of authorizations, so it is best to know where you want to get to, rather than starting off by where you know you need to go.
  2. To control change or display mode, you will need to influence 0TCAACTVT, even though you might think to use C_APO_SEL3 for ACTVT, the BI7.0 concept works within the BI space and 0TCAACTVT doesn't impact it.
  3. If you activate more info objects, 0BI_ALL will get updated automatically but your custom  authorization objecst will not. So, it is best to activate them all at the same time so that you don't have to manually change them.
  4. Do the work in development and transport it to the TEST/QA/PROD environments, there are transprt tools within the RSCEADMIN.
  This is probably enough to get you going, reply back if you have specific questions or issues.
  I've been thru this in a painful way, sometimes the best things learned are learned the hard way

• Restrict authorizations for loads from HR to BW for certain data

  Hi,
  our customer wants protect some data in the HR productive system. This data are defined/restricted by certain personal areas.
  It is not enough to use reporting authorizations in BW to restrict presentation in queries or use filters in infopackets during load to avoid this data.
  The requirement is to make load of such data from HR to BW absolutely impossible, even BW administrator cannot see them and must not be able to load them.
  We will probably have to somehow limit ALEREMOTE users authorizations in BW. I do not know how and I even doubt, that extractors in HR source system perform authorizations checks for fields.
  Is there any way to do this?
  Thank you very much,
  Petr

  Hi Petr,
  Create a general enhancement program (restricted authorization) with generic name, which should be called dynamically for every datasource.
  Refer-
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/2d99121a-0e01-0010-e78c-b1ae566a2413?overridelayout=true
  Not personally tested but check following.
  In that program, you may try applying following logic:
  1) You may need to use TYPE ANY field symbols
  2) In While Loop until all fields of C_T_DATA checked, may be a counter based on total number of fields.
      DELETE C_T_DATA where <TYPE_ANY1> EQ (OR use IN) specific value(s) of Personnel Area
      DELETE C_T_DATA where <TYPE_ANY1> CS (Contains, check pattern) specific value(s) of Personnel Area
  ENDWHILE.
  Optionally: For Standard Daatsources in the same program you can add logic based on standard field only "WERKS".
  Note: You may need to research on dynamic pointing using field symbols for every field.
  Thanks
  Arun Purohit

• User X has no authorization for the requested document

  Dear All,
  We are trying to allow users to view the reporting documentation against a particular InfoProvider.  We have created the documents and assigned them to the InfoProvider and transported these to QA.
  However we can see the documents but the users get the above error.
  Which authorisation objects do they need assigning to their Role/s ?
  We have tried S_RS_ADMWB, S_BDS_D & S_BDS_DS to no avail.
  Please help.
  Thanks
  Craig.

  Dear All,
  Thanks for the replies however I have solved this myself.
  The InfoProvider that we associated the documents against has an authorisation relevant InfoObject that the users are assigned.  And the queries run just fine.  But because of some bizarre authorisations check EVERY object within the InfoProvider that is marked as Authorisation relevant must be given a value whether used or not that matches your profile.
  So what we ended up having to do was to give the users their restricted value for the queries and colon ":" authorisation to display the documents against the InfoProvider.
  How crap is that ?
  Cheers
  Craig.

• PGI Receipt Accounting Document Not Created_ Movement Type 651

  Dear SAP Expert,
  In my company 1st time we have cretaed a return sales scenario in SAP, I made return sales order with reference to biling document thn made delivery dcument (movement type - 651) goods kept in return storage location automatically during PGI Receipt after tht credit note is issued.
  Now accounting document during PGI Receipt (movement type -651- goods return delivery) is not created.
  I am not getting why system is not generating accounting document with movement type 651,kindly advice if there  any configuration is missing in system.
  Account grouping data for Mvt type 651 is empty, i want to know how to enter data into that so that accounting entry could be generated.
  Looking forward for your quick response on the same.
  Warm Regards
  Parul

  Hai ,
  In a sales return process
  Invoice-> Return sales order ->PGR->Credit for return
  Once the material comes to stock " RETURNS"
  Proceed the following steps
  1. Reversal of Excise Invoice u2013 J1IH (additional Excise)
      Create the excise JV (if it is excisable material)
  2. Transfer of Returned Stock to Restricted/Quality Stock u2013 MIGO (Movement type - 457)
  Now the material document create the Accounting entries.
  Hope return process get completed and details will be helpful.
  Regards,
  Mani

• Amount on Goods receipt for return orders is wrong with movement type 653

  Hi All, I am sorry if it is a simple question because i am an abap'er.
  My requirement is to create return sales order (with ref.to Billing document) and deliver and PGI for the return orders. This should go to sales order stock. Accounting document should be generated for material document and the amount should be picked up from condition type (if man.cond. type exist) else from material master.
  1) Created a sales order (Bought in item cat) - Create PO (Non stock) - Receive goods (MIGO) - Create Delivery (VL01N) -   PGI (Movement type 601 and special stock indic. 'E') - Create billing document (F2 type from VF01)
  So far it is good. The account document is created (PGI - cost of goods) with correct amount as desired
  The next scenario is if the material is returned? This is where we are having issues
  Created sales order with ref.to billing doc. (S.O: RE. Item.Cat. Return Bought in (YRBI)... this is pretty much same as bought in except few things which are YRBI  - Delivered - PGI (Goods returns. unrestricted) Movement type 653 - Problem comes here.
  a) If i put special stock indic 'E' in 'Return bought in item.cat - There is no accounting document generated for 653 movement type.
  b) if i maintain space instead of 'E' in return bought in item.cat - there is an accounting document but the manual cost is not copied to accounting document and it is picking up from material master which we dont want and The stock is not showing up in sales order.
  I did my research (forum, OSS, google, and in help.sap.com) before posting here but no help.
  I have checked account assignment categories for 'A' - (some post explained this) I tried changing values but no help.
  I even tried changing the schedule line category to DN but no help.
  I dont know what i forgot to change or check but i have tried everything what i know and from help from different sources ... still couldnt get it.
  Original requirement is to make the return stock as sales order stock and this can also be returned to vendor. If there is a manual cost in return sales order, the PGI accounting document should be created with this condition value else from material master.
  My pricing settings are good.
  It would be really helpful if any one guide me to configure the process or atleast if anyone tells me what am i missing... .

  Have a look at any of the following notes:-
  1)  Note 171989 - Sales-order-related productn: Custmr exit COPCP002
  2)  Note 520000 - FAQ: Valuated special stocks
  3)  Note 557582 - User exit and valuated sales order stock
  4)  Note 580228 - Incorrect prices for materials procured externally
  5)  Note 983193 - Docu:Externally procurd material in valtd sales order stock
  thanks
  G. Lakshmipathi

• Report based upon material type against movement type for a period ?

  i need a inventory report which should be based upon materil type & movement type for a particular period.
  For example- for last monthe how much Raw material has been issued againast production order. i would like report to allow me  ROH and movement type 261/262 and period entry. MB5B does not satisfy my requirements, ist of all there si no material type/secondly it restricts itself if i use movement types
  thanks
  sam

  Hi,
  You can create a small program to get report.
  Input fields Date of posting BUDAT, Movement type BWART (Plant if required).
  Check field BUDAT (Posting Date. Should check based on input date field.) In table MKPF.
  If data falls in required date range. Pick MBLNR-MKPF (Mat doc number).
  Go to table MSEG compare MBLNR-MKPF and MBLNR-MSEG if same pick field MATNR-MSEG (Mat number).
  Go to MARA check MTART-MARA for picked MATNR-MARA (in previous step). Take the material type.
  Add the below fields to out put
  MATNR, MTART, BWART-MSEG (Movt type), ERFMG-MSEG (quantity posted), WERKS-MSEG (Plant received), LOGRT-MSEG (S. Loc received).
  Please take advise from ABAPer regarding prog logic
  Thank you,
  Anand K

• Revesal of document posted with movement type 654

  I have created one outbound delivery using tcode VL01NO (Create outbound del without order reference). In PGI material qty was issued using movement type 654. Now, I need to reverse this document i.e. reversal of movement type 654, but system is not allowing the same.
  Pl help on this
  regards,

  movement 654 is already the reversal to movement 653.
  A reversal movement type does not have a reversal movement type.
  you may need to create a new schedule line category in VOV6 to create a new outbound del without order reference with a 653 as movement