BRFPlus - Control Rule maintenance using Auth checks (BADI?)

Similar Messages

• EHSM: Use Auth Check BAdI to hide Incident

  Hi all,
  I have enhanced the standard Auth Check BAdI BADI_EHHSS_INC_EXT_AUTH_CHECK for EHSM. Works like a charm.  But I just got another requirement and thought maybe someone else has done this before.
  Right now, I have it set up so people with out the correct access can only view incidents.  Is there a way to use the BAdI to completely hide an incident when a user clicks on it?
  Hope this makes sense.
  Cheers,
  Kevin

  Hey all,
  Our requirements ended up changing a bit but ended up putting authorization checks into class methods that control visibility for the sections of EHSM that we wanted to hide.  So, we got the result we were looking for.
  Cheers,
  Kevin

• How to use Multiple Check Box control  to make a list of items in check box

  I have a use case where i have to save update list of items required, and i want to implement it through viewobject and use Multiple check box control, how do i go about it? Code snippet will be helpful........
  Edited by: jDev_08 on Nov 17, 2012 8:31 PM

  Hi,
  Always mention your JDev version.
  Check out the ADF Faces Demo : http://jdevadf.oracle.com/adf-richclient-demo/faces/components/index.jspx#%2Fcomponents%2FselectManyCheckbox.jspx (Hint : Code snippet is available in there itself).
  -Arun

• Period control Rule 03- Mid period Depreciation

  Hi All,
  I am trying to create two different depreciation keys.
  One is with Period rule 01 i.e Pro rata at period start date. Example. If I create an asset any time during the month, the ordinary start depreciation should start at the beginning of the month.
  Secondly another deprecation key with period rule 03 i.e. prorata at mid period. Meaning that the ordinary start deprecation date should be from 15 of the month.
  I activate the " Use of Half Months in the Company Code" then the deprecation key with prorata at period start date is behaving like pro rata at mid period.
  And the other key i.e. with mid period rule 03 is giving error
  "E003 SYST: Period 000 is not valid in financial year variant".
  I maintained in T.Code OAVH the entries for my fiscal year for the period control rule 03 for all the period, i.e. I tried for both 24 periods and also 12 periods, with Indicator: Depreciation calculated from mid-month selected.
  My FI fiscal year starts from July to June.
  Please advice me if I need to do any other configuration. Issue is to resolved urgently.

  Hi Dominic,
  I did not made any entries for rule 01.  there is only one entry for 01 i.e. standard. and for rule 03 I made like this:
  My fiscal year is July to June. (i.e. Non-Calender fiscal year) But periods are claender periods. so I gave the periods 1 for the  entry July i.e 7th month. entries are like this:
  1 - 31- 7,
  2 - 29 -8,
  3 - 31- 9,
  4 - 30 -10,
  5 - 31 - 11,
  6 - 30 - 12,
  7 - 31 - 1,
  8 - 31 - 2,
  9 - 30 - 3,
  10 - 31 - 4,
  11 - 30 - 5,
  12 - 31 - 6
  and selected the mid period for all entries.
  I tried for 24 periods also. for ex.
  1 - 15 - blank
  1- 31- 1 and mid period selected  and so on.
  But in both the ways even if maintain for 12 periods in OAVH or 24 periods in OAVH it is not working.
  I activated the mid month at company code level, giving 15th as the fixed date.
  When we activate the mid month, do we need to maintain assignemnt rules in OAVH or will the system generates on its own. For me system did not generate anything on its own. I am trying in different ways in OAVH.
  Please do reply. Can you please give me the exact matrix what I need to maintain in OAVH.
  Do I need to change the rule for rule 01 also.
  I will wait for your reply. Thanks so much for the reply.
  Krishna

• BBP_PD_MSG_ADD  issue in CHECK badi

  Hi all,,
  SRM 5.0 ECS
  I want to display an error message in the cofnirmation screen bit in the form op a POP UP !
  I tried using the FM BBP_PD_MSG_ADD in the CHECK badi but it doesnt display the message in the pop up format!
  The strange thing is that the pop up msg is being displayed in the search list screen before I click on CREATE CONFIRMATION button!
  I want the pop up msg to be displayed after the user clicks on the next screen after user clicks on create confirmation button...
  Please help as to where I am going wrong....
  Here is my code:
  IF flt_val = 'BUS2203'.
      IF sy-ucomm = 'BUTTON_CHECK'.
  REFRESH et_messages.
        CALL FUNCTION 'BBP_PD_CONF_GETDETAIL'
          EXPORTING
            i_guid          = iv_doc_guid
            i_with_itemdata = 'X'
          IMPORTING
            e_header        = lt_conf_header
          TABLES
            e_item          = lt_conf_item.
        LOOP AT lt_conf_item INTO ls_conf_item.
  *get the PO # and doc type
          lv_po = lt_conf_header-be_refobj+0(10).
          CALL FUNCTION 'BBP_PD_PO_GETDETAIL'
            EXPORTING
              i_object_id = lv_po
            IMPORTING
              e_header    = lt_po_header.
          IF lt_po_header-process_type = 'ECV' .
  CALL FUNCTION 'BBP_PD_MSG_ADD'
                EXPORTING
                  i_msgty       = 'W'
                  i_msgid       = 'BBP_SC'
                  i_msgno       = '014'
                  i_msgv1       = text-001
  *            i_doc_guid    = iv_doc_guid
                  i_field_name  = 'EXPRESS'
                EXCEPTIONS
                  log_not_found = 1
                  OTHERS        = 2.
  EXIT.
  ENDIF.
  ENDLOOP.
      ENDIF.

  Thanks Jay.
  If I change the SY_UCOMM to that of "CREATE CONFIRMATION" button,custom message does get displayed in POP UP form,but then the next screen (which should be displayed after lcicking on CREATE CONFIRMATION button) is not dsplayed and controlstays on the same screen which is worse!
  Please let me know if something wrongly written in  my code or if SRM CONFIRMATION screen is designed in such a way that custom messages cannot be diplaye din form of pop up!

• Multi user catalog and how to make it - use a checked out system

  Lots of people want or need a Multi user ability in lightroom here is one way to achieve multi-user catalogs by using a check-in check-out system.
  The Catalog would open normally upon a second user opening LR would then ask to switch to multi-user mode.
  Once in multi user mode lightroom would lock-out images, collections, or folders by a checked-out for editing system.
  By checking-out images, collections, or folders: files would be unavailable to other users until edits are saved, and the images, collections, or folders are checked-in.
  This check-in check-out system would need a global check-in feature in case someone forgot to check in an image, collection, or folders (global check-in could be admin level). Word documents, CAD files, etc, use a similar lock-out/read only system for the files. Since, we wouldn't want to bloat the files with programing to lock out the files, this would have to be added to the catalog and managed by the catalog.
  My system
  Vista Ultimate 32bit SP1
  AMD 64X2 duel core 6000+ 3.2Ghz
  6GB 666mhz Ram PAE force enabled
  NVIDIA Gforce 7600 256MB video card (1.75GB total with system shared ram)
  primary hard drive 500GB
  Hard drive 2 400GB (system and photoshop paging files and lightroom catalog drive)
  Hdrive 3 1TB (primary image storage)
  user control turned off
  system graphics set to performance
  Duel display
  LR 2.0
  PS extended CS3

  Your thread pool is a pool and probably keeps
  the thread alive even though the thread has nothing
  after a minute toi execute - you'll have to call its
  shutdown() methodThanks Oxe...
  I googled that (easy when you know what the answer is) and yes the ScheduledThreadPool retains threads for re-use, so you have to check that all threads are done and then shutdown() the scheduler... like this:     while (!future.isDone()) {
            try { Thread.sleep(10); } catch(InterruptedException e) {}
       scheduler.shutdown();
  ... here is the complete working class:
  import java.util.concurrent.ScheduledExecutorService;
  import java.util.concurrent.Executors;
  import java.util.concurrent.ScheduledFuture;
  import static java.util.concurrent.TimeUnit.*;
  import java.awt.Toolkit;
  class BeeperControl {
       private final ScheduledExecutorService scheduler = Executors.newScheduledThreadPool(1);
       public void beepForAMinute() {
            final Toolkit tk = Toolkit.getDefaultToolkit();
            final Runnable beeper = new Runnable() {
                 public void run() {
                      tk.beep();
                      System.out.println("beep");
            final ScheduledFuture<?> future = scheduler.scheduleAtFixedRate(beeper, 250, 250, MILLISECONDS);
            scheduler.schedule(
                 new Runnable() {
                      public void run(){
                           future.cancel(true);
                 }, 3, SECONDS
            while (!future.isDone()) {
                 try { Thread.sleep(10); } catch(InterruptedException e) {}
            scheduler.shutdown();
       public static void main(String[] args)
            BeeperControl bc = new BeeperControl();
            bc.beepForAMinute();
  }Thanx again. Keith.

• What FM can I use to check the budget in shopping cart?

  Hi Gurus,
  I want to check budget in shopping cart in badi BBP_DOC_CHECK_BADI in SRM.
  Budget information is in ERP system (ECC 6.0).
  What function module can I use to check budget in shopping cart?
  How can I off standard budget check for specific cases?
  My system is:
  SRM 7.0 (SRM_SERVER 700 Level 8)
  ECC 6.0 (SAP_APPL   604 Level 6)

  Hi,
  Please look at FM B470_BUDGET_READ in SRM.
  Regards,
  Masa

• Can we give more than one value for an Authorization field in Auth-Check.

  Hi all,
  Can we give more than one value for an Authorization field in Auth-Check.
  Ex: AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD <Value 1> <Value 2> <Value 3>.
  IF SY-SUBRC 0.
  MESSAGE E...
  ENDIF.
  If yes, please help me with exact syntax.
  Think it will be like
  ID 'CUSTTYPE' FIELD: <Value 1>, <Value 2>, <Value 3>.

  Hi,
  yes we can give more than one field.
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object> 
     ID <authority field 1> FIELD <field value 1>. 
     ID <authority field 2> FIELD <field value 2>. 
     ID <authority-field n> FIELD <field value n>. 
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  please reward points, if it is useful.
  satish.

• Need to deactivate structural auth. check for a custom Report

  Hi all experts:
  I have a report that is based on PNPCE logical database and it displays work hours for a project, all non-sensitive information.  We would like a wide range of users to have access to this but since this is based on PNPCE logical database whenever a user runs it, the str. authorization check is performed.  I have tried deactivate this check with P_ABAP object and coers 2 but it only ignores infotype auth. check but still checks the structural.  We don't want to expand str. profile for users. 
  Do you know if there is a way to deactive this just for one report?
  Your help will be greatly appreciated.
  Regards,
  Net

  Thanks Kiran. I had tried that value but still got the same message.  I am having problem understanding exactly when this value 2 ignores structural authorization because it works on some reports and not others.  Anyway, we implemented BADI for this report to ignore structural auth. check and it is working fine.
  Thanks again,
  NT

• Sec. Optimization self-service - Customer specific auth Checks

  Hi There,
  checking some automatic check like 0750 I see in SolMan there are some tabs like Green, Red, Recommendation (0705)
  checking the Customer specific auth Checks I found out only some of them.... I would be interested to know if it is possible to configure "something" in order to have the  tab Recommendation (9XXX)  for Customer specific auth Checks .
  Thanks
  FedeX.

  Hi,
  I still test and no quit sure if I am doing the right process...what I have done:
  use st13 to create my own alerts > 9000.
  use st14 for creating the report on target system... I check on the target system and by viewing data of the generated report there is a list of users because security specification > 9000.
  export report to SolMan ... successfully
  on SolMan ... what are the steps that I have to do?..I am not quit sure ... I go to session workbench ...here there are already some info of the previous check that I did days before ......  I click on the option collect data (ST13, ST14)..I delete the old number and introduce the new GUI Number and click on collect button... the rest of the fields are filled in ... and no additional message appear..
  one of the existing entries on the left side  is Customer specific Auth check ...it is in red..
  being on the collect data (ST13, ST14) entry I just click on save + next open check an the focus/cursor jump automatically to the last entry check session consistency  I do not identify any change in the entry Customer specific Auth check which still red and not showing the expected list ( what I see in target system)
  well hope this give some idea about the issue and possible solution
  Thanks
  FedeX

• Query: Best practice SAN switch (network) access control rules?

  Dear SAN experts,
  Are there generic SAN (MDS) switch access control rules that should always be applied within the SAN environment?
  I have a specific interest in network-based access control rules/CLI-commands with respect to traffic flowing through the switch rather than switch management traffic (controls for traffic flowing to the switch).
  Presumably one would want to provide SAN switch demarcation between initiators and targets using VSAN, Zoning (and LUN Zoning for fine grained access control and defense in depth with storage device LUN masking), IP ACL, Read-Only Zone (or LUN).
  In a LAN environment controlled by a (gateway) firewall, there are (best practice) generic firewall access control rules that should be instantiated regardless of enterprise network IP range, TCP services, topology etc.
  For example, the blocking of malformed TCP flags or the blocking of inbound and outbound IP ranges outlined in RFC 3330 (and RFC 1918).
  These firewall access control rules can be deployed regardless of the IP range or TCP service traffic used within the enterprise. Of course there are firewall access control rules that should also be implemented as best practice that require specific IP addresses and ports that suit the network in which they are deployed. For example, rate limiting as a DoS preventative, may require knowledge of server IP and port number of the hosted service that is being DoS protected.
  So my question is, are there generic best practice SAN switch (network) access control rules that should also be instantiated?
  regards,
  Will.

  Hi William,
  That's a pretty wide net you're casting there, but i'll do my best to give you some insight in the matter.
  Speaking pure fibre channel, your only real way of controlling which nodes can access which other nodes is Zones.
  for zones there are a few best practices:
  * Default Zone: Don't use it. unless you're running Ficon.
  * Single Initiator zones: One host, many storage targets. Don't put 2 initiators in one zone or they'll try logging into each other which at best will give you a performance hit, at worst will bring down your systems.
  * Don't mix zoning types:  You can zone on wwn, on port, and Cisco NX-OS will give you a plethora of other options, like on device alias or LUN Zoning. Don't use different types of these in one zone.
  * Device alias zoning is definately recommended with Enhanced Zoning and Enhanced DA enabled, since it will make replacing hba's a heck of a lot less painful in your fabric.
  * LUN zoning is being deprecated, so avoid. You can achieve the same effect on any modern array by doing lun masking.
  * Read-Only exists, but again any modern array should be able to make a lun read-only.
  * QoS on Zoning: Isn't really an ACL method, more of a congestion control.
  VSANs are a way to separate your physical fabric into several logical fabrics.  There's one huge distinction here with VLANs, that is that as a rule of thumb, you should put things that you want to talk to each other in the same VSANs. There's no such concept as a broadcast domain the way it exists in Ethernet in FC, so VSANs don't serve as isolation for that. Routing on Fibre Channel (IVR or Inter-VSAN Routing) is possible, but quickly becomes a pain if you use it a lot/structurally. Keep IVR for exceptions, use VSANs for logical units of hosts and storage that belong to each other.  A good example would be to put each of 2 remote datacenters in their own VSAN, create a third VSAN for the ports on the array that provide replication between DC and use IVR to make management hosts have inband access to all arrays.
  When using IVR, maintain a manual and minimal topology. IVR tends to become very complex very fast and auto topology isn't helping this.
  Traditional IP acls (permit this proto to that dest on such a port and deny other combinations) are very rare on management interfaces, since they're usually connected to already separated segments. Same goes for Fibre Channel over IP links (that connect to ethernet interfaces in your storage switch).
  They are quite logical to use  and work just the same on an MDS as on a traditional Ethernetswitch when you want to use IP over FC (not to be confused with FC over IP). But then you'll logically use your switch as an L2/L3 device.
  I'm personally not an IP guy, but here's a quite good guide to setting up IP services in a FC fabric:
  http://www.cisco.com/en/US/partner/docs/switches/datacenter/mds9000/sw/4_1/configuration/guides/cli_4_1/ipsvc.html
  To protect your san from devices that are 'slow-draining' and can cause congestion, I highly recommend enabling slow-drain policy monitors, as described in this document:
  http://www.cisco.com/en/US/partner/docs/switches/datacenter/mds9000/sw/5_0/configuration/guides/int/nxos/intf.html#wp1743661
  That's a very brief summary of the most important access-control-related Best Practices that come to mind.  If any of this isn't clear to you or you require more detail, let me know. HTH!

• What version control system you use?

  We are 20 developer and we use bitkeeper as a version control system.
  But we have 4 envirronnement.
  dev/test/pre-prod/prod.
  Sometimes, 2-3 projects are affecting the same packages.
  And different packages version is all over the place since we have 4 envirronnements.
  What version control system you use for packages?
  Would be cool to have a version control system intergrated to our tools, like toad, pl/sql dev or sql developer, is there one for those tools?
  Is the tool you using it doing all you want it to do?
  Have any link for me to check out?

  Hi,
  I recommend SourceAnywhere Standalone to you. It is an SQL-based source control application that provides all of the key features of VSS, plus much more. It is well integrated with Microsoft Visual Studio 6/2003/2005/2008, Dreamweaver and Eclipse. Here is the home page of SourceAnywhere Standalone:
  http://www.dynamsoft.com/Products/SAWstandalone_Overview.aspx
  The Hosted edition, SourceAnywhere Hosted that is delivered as a SaaS application is also available.
  http://www.dynamsoft.com/Products/SAWhosted_Overview.aspx
  You can take a look.
  Thanks,
  Catherine Sea
  www.dynamsoft.com
  the leading developer of version control and issue tracking software
  Message was edited by:
  Catherine Sea

• Deselect auth. check for infocubes (Checks for infocubes) in RSSM

  Hi,
  An infocube I installed contains an authorisation relavant object (already exists) in BW3.5 system. By default the infocube is selected for auth. check in RSSM.
  After I transported the cube to target system I realised the auth check in RSSM has also been transported with the cube.
  Hence, I have deselected the auth. check for the infocube "Checks for infocubes" in RSSM and saved it. Then, I created a second transport and only transported the cube. But the changes I made in RSSM hasn't been transported.
  Please can you advise me how to transport the changes I made in "Checks for infocubes" in RSSM?
  Thanks a lot
  Murali

  Hi,
  check this threads:
  Re: RSSM: Checks Authorization Objects for Infoprovider are not activ
  Re: RSSM Transports
  Normally system would check all the authorization relevant objects whenever a new Info cube is imported and in case if you want to transport these changes to Production system manually then follow the below listed steps:
  1) In Development system, check or un-check the authorization relevancy using the transaction RSSM on a given Info provider
  2) These changes are stored in table RSSTOBJDIR
  3) Create a manuall transport request and include these entries covering the required Authorization objects manually.
  R3TR TABU RSSTOBJDIR
  Ex: If Info object 'A' is authorization relevant in Development system but not in Production system and you want to transport this change to Production system then include object 'A' table entries manually.
  Regards
  Andreas

• Mavericks: "System Events" would like to control this computer using accessibility features?

  I just installed Mavericks on my MacBook Pro and was in the process of exploring changes when suddently this message popped up:
  - "System Events' would like to control this computer using accessibility features. Grant access to this application in Security & Privacy preferences, located in System Preferences.
  The two choices offered are "Open System Preferences" and "Deny."
    Any idea why this would be triggered?  I don't like clicking to grant access without understanding what's going on.
  Thanks.
  Message was edited by: Bob Mayo

  Dribble666 wrote:
  Why would I want to do this?
  Only if you want intrusive, incompatible, memory hogging software on your Mac.
  Would this open a back door up to Google?
  Yes. More than one.
  Google software (Chrome, Google Drive, and Google Keystone Agent in particular) is bad news for Macs, and a frequent flyer on these discussions.

• How to use spell checker without mouse?

  Hi,
  how to use spell checker without mouse?
  And how to quickly change between languages related to documents, and be able to quickly get back to the main language setting that should be the default for the system?

  And how to quickly change between languages related to documents
  If you are talking about input keyboards, this is controlled by shortcuts that are explained at the top right of system prefs/language & text/input sources.