Cannot modify an authorization object in pfcg role for a business role

Similar Messages

• Extend Object in Org model to add Business Role

  Hi All,
  How can I extend Object in Org model to add Business Role(e.g Sales Manager)?
  Thanks

  Hi Ashley,
  If you right click on org unit select create option.
  Select position & create the position you want to create.
  You can transport the org unites & positions thru SE38.
  Use programme RHMOVE30
  Select
  Plan version                    01  Current plan
  Object type                     O   Organizational unit ( S fopr positions)
  Select "tanport object" fo Transport screen.
  You will be able to create the request.
  Trust it clarifies doubt.
  Reward if useful.
  Thanks,
  Rahul

• Transaction launcher not working for custom business role

  Hi Experts,
  I am facing a very weird problem where the transaction laucher define for BOR transaction is working for one business role(Z business role Customized one) but its not working for other business role (Z business role).
  to emphasize further we have the code:-
  case ls_attributes-object_type.
      when lc_z23 or lc_z25.
        lv_logical_link = lc_ZITISU.
      when lc_BUS2000115.
        lv_logical_link = lc_ZITERP1.
      when others.
        lv_logical_link = lc_ZITERP2.
    endcase.
    l_if_navigation = cl_crm_ui_navigation_service=>get_instance( me ).
    IF l_if_navigation IS BOUND .
  Navigate to transaction launcher using link id
      l_if_navigation->navigate( iv_link_id = lv_logical_link ).
    ENDIF.
  in this the logical link is is lc_ZITISU whenever this BSP application is called from both the business roles but in  one the window opens up for BOR transaction whereas when we login again using different business role the code is the same as given above. I mean the sam logical link id is used and navigated to but window is not opening for transaction launcher as it happens for the previous business role.
  Request your help to resolve this issue.
  Thanks,
  Rajwin

  Hi,
  I tried by applying the PFCG role id of business role which was working to the business role id of the one for which it wasn't working and then try testing whether the transaction launcher is triggering. But the transaction launcher screen is still not opening even after doing this.
  Probably there's something else too which is causing the problem. Request your inputs on this,
  Thanks,
  Rajwin

• Calling one business role from another business role on CRM web client

  Hi,
  I have a requirement where, one business role can be launched just by click a navigation link on another.,
  For eg. in a UTIL_IC role frame work , I add a link by clicking on it, I go to UITIL_SALES role.
  This is required so that person need to launch crm_ui_frame again if he wants to login for another business role assigned to him..
  Please suggest the solution if possible for this one.
  Regards,
  Pratyasha Shishodia

  Hi Kavita,
  We are facing the same problem. Did you manage to solve this and if yes how?
  Kind regards
  Lars

• How to maintain cluisterview for new business roles in SAP CRM2007

  How to maintain cluisterview for new business roles in SAP CRM2007.
  Table - CRMV_UI_NB
  Regards,
  Biplab

  I also look forward to a 'solved' answer to your question.
  In the meantime, I'm curious to know if there are any organizations today running SAP B1 HANA for their production system.   Would you know of any?

• Red Light with Authorization Object in PFCG

  Hello All - I have a question with authorization objects, there are three roles with red lights 'ON' in authorization object screen in our PRD. However users who are using these roles have no auth issues, standard procedure is to make all lights green in PFCG by maintaining these auth objects.
  Big question is "what is the down fall by leaving these objects RED, I need to support my theory when I say all lights green with auth objects.
  Why best practise says maintain all lights to green?
  Please suggest, appreciate your suggestions.
  Thanks.
  Edited by: AJ on May 12, 2009 9:44 PM

  Hi,
  > "What will be the difference between leaving that red lights 'ON' vs "disabling" these red objects? (I am bit confused on this).
  Red Object: As you know that authorization Objects comprises of Authorization fields. There are certain fields, which are known as "Organization Level" fields and need to be maintained Centrally. If you miss this fields, then the traffic light icon is RED. For all other authorization fields, light will be Yellow if you miss any blank field to maintain. During check, these fields will provide missing authorization (but you may not get error if same object is present in the role with all fields maintained status).
  Disabled Object: If you make any Object Disable, then during check, this Object will not be treated for checking Authorizations. But profile generator will keep this in mind, so you don't get Standard Objects repeatedly (if already present in Deactivated status also) whenever you go to "..Merge with New Data".
  You all other questions are very nicely answered already.
  Regards,
  Dipanjan

• Authorization objects in PFCG

  Hi,
  1) When trying to maintain authorization objects post upgrade in the roles, there is a notation which i gues tells about the type of auth object introduced. For eg:
  Maintained Old/New/Updated
  Standard Old/New/Updated
  Changed New etc
  Can anybody tell what this means? and is there any standard approach while maintaining these?
  2) I read somewhere that its best to download the tables USOBX,USOBx_C, USOBT and USOBT_C before and after refresh. Whats is the significance of this step? i see that the values in these tables are too many to be able to download.
  Any help on this would be appreciated.
  Thanks,
  Abhijit

  >
  Abhijit Chitale wrote:
  > 1) When trying to maintain authorization objects post upgrade in the roles, there is a notation which i gues tells about the type of auth object introduced. For eg:
  >
  > Maintained Old/New/Updated
  > Standard Old/New/Updated
  > Changed New etc
  >
  Standard -
  > Standard SAP auth. object pulled in because of addition of a tcode in menu. No Manual chnages made.
  Maintained  -
  > Field values maintained for the auth. objects for open field values.
  Changed -
  > Field values of Std. Auth. objects Changed (ones for which the field values are already present)
  old -
  > Auth. Object corresponds to an earlier change to the role (current addition of Tcodes etc ... haven't affected these objects)
  New -
  > Auth. object has been pulled in because of a new addition to the menu. (same Auth. Object did not exist previously)
  Updated -
  > Auth. Object existed earlier but the Field values have been changed because of the new Tcode in the Menu.
  Hope I have made this clear.
  Experts: Be kind enough to correct if anything is wrong in this.
  Regards,
  Partha.

• BW 3.5 which authorization objects available rssm (checks for infoprovider)

  Hi all,
  How does SAP generates the list of authorization objects in RSSM when you enter a specific infoprovider (checks for infoprovider)? Are only the authorization object related to this infoprovider listed?
  Is there any documentation about the purpose in RSSM for the button 'update check status (Authorization objects, infoprovider).
  thanks for your help.

  Based on which criteria?
  Is there somwhere detailed documentation available about the RSSM part in BW authorizations? It seems hard to find any...
  Thanks,

• Authorization Object to Control access for ContactData in Dispute Managmt

  Hello Experts,
  Do you know which Authorization Object is necessary to use to be able to control Contact Data available in Dispute Management? Any hint will be much appreciated.
  I want to have greyed out the contact data fields (contact person, e-mail, phone and fax number) in change mode.
  Thanks in advance.
  Best Regards,
  Vanessa.

  Hi Ravi,
  Thank you very much for your reply, but I have done this already.
  Transaction is UDM_DISPUTE but they are so many authorization objects available and none of them seems to be related to contact data. Please kindly check within transaction the part of the screen that I am talking about.
  Also check the list of objects in SU24 to Transaction UDM_DISPUTE. Do you know which one is related to 'contact data' part of the screen?
  I need to know which authorization object valid to Transaction UDM_DISPUTE is the one related to contact data. Any other idea?
  Thanks in advance.
  Best Regards,
  Vanessa Barth.

• SAP Technical roles and IDM Business roles mapping

  Hi Guys
  Just wondering if there is an easy way to export SAP Positions and create them automatically as Business Roles in IDM and the SAP technical roles that are related to that corresponding position into privledges assigned to that Business Role. Or am I going about this the wrong way? What do you normally do in terms of getting all your sap technical roles from the sap system and assigning them to business roles in IDM. Any help on this is much appreciated?
  Cheers
  Leo

  Thanks Matt,
  I think get I the picture now
  One thing that I am still not sure about is how the sap abap technical roles or profiles are provisioned through workflow
  Here is what Ive done so far
  1. HCM data loaded into productive identity store via vds
  2. Did an initial load of the abap system into the productive identity store (now the technical roles and profiles are loaded as privileges in the idstore)
  3. Through workflow I select a user that already has an abap account and assign that user some additional sap technical roles, for e.g. sap_all and sap_new. The corresponding privileges for these roles are namely PRIV:PROFILE:ECX:SAP_ALL and PRIV:PROFILE:ECX:SAP_NEW .
  4. For the provisioning to occur so that these new privileges are reflected in the ABAP system for this user, I have used the setABAPRole&ProfileForUser task from sap provisioning framework folder and set it as the add/mod/del  event task for the MXREF_MX_PRIVILEGE attribute. That way whenever a privilege is added to a user account the setABAPRole&ProfileForUser task will run and the sap_all and sap_new profiles will be added in the backend. This way I can avoid setting a provisioning task for each abap privilege that gets loaded.
  But it should be obvious now that there is a flaw with this kind of setup, because all non abap privileges that get added or removed will trigger the setABAPRole&ProfileForUser task anyway because the privileges use the same attribute i.e.MXREF_MX_PRIVILEGE. So it brings me to the question how do you provision abap technical roles or profiles through workflow without setting a provisioning task for each abap related privilege.
  Thanks again for all your help!
  Leo

• Transaction launcher not working for custom business role in WEB UI

  Hi Experts,
  we have maintained a link for activity reports in web Ui which triggers a program Z_CRM_TIME_REPORT . we have maintained the logical links and assigned them to the custom business role. when we run the program in SE38 in GUI its working fine but we are facing the problem when we click the link in WEB UI we get a different screen related to BP and not the activity report.Kindly suggest what are the configuration need to be tested.
  Thanking you,
  Deepa

  My guess would be that the parameter stated in the logical link (navigation bar customizing) that you use is incorrect. This should be the name of the transaction launcher definition you have maintained.
  Otherwise, check the transaction launcher wizard to see that the report is maintained correctly.
  Hope this helps.
  Regards,
  Pieter Rijlaarsdam

• Business Content Objects on BI side for the business content data sources

  Hi All,
  We are doing a fresh implementation, and would like to know the step by step way through which i can know the relevant business content objects on BW side for a BC data sources ,,,,,
  0material_attr
  and 0mat_sales_Attrt
  As Per my understanding, once installed the BC data sources, the data would be feed to the master data info object 0material
  But the question is how do i know the complete Business content object on BW / BI side, and use the same building the entire flow.
  I have a hint that we can know it through the help.sap.com, and it would be highly appreciated and awarded for your expertises guidence, i have tried sercing in it, but dont know the correct trick.
  Even for the other  business content data sources.
  Example, the relevant infoobject or the DSO or the Cube,transformation, dtp,etc..
  Thanks
  Daljeet sing Nagi

  Hi Vineeth,
  Do you mean this way in the meta data repository, it will propose the flow for the business content object, and if yes, then even if they are in delivery version and not in active version, still it shall propose the flow for the business content objects,
  And to cut short my requirement,  as specified we are doing the fresh implementation,
  and i have identified that we would require first to load the material master data, and based on our present requirement, the data source which i have identified are
  0material_attr   (for the table mara in ECC system)
  0mat_sales_attr (for the table mvke in ECC system)
  all the fields data would be loaded to which master data info object,
  will it be 0material or ????
  Thanks for your support and surly as promised

• GRC 10 BRM - Approve Single Role assignment in Business Roles

  Hello,
  I want to set up a workflow where any Single Role assigned to a Business Role requires an approval of the Single Role Owner.
  The thing is that my customer doesn't have a Security Administrator, so what they want is that each Single Role Owner could be aware when their roles are assigned to a Business Role, especially when the Business Role Owner is another person.
  Once the Business Role is created, the provisioning would be in charge of Business Role Owners.
  Do you know any way to configure this?
  Thanks,
  Fernando

  Hi Claudio - thanks for breaking it down
  @ Fernando - for the Role Approval Methodology you need to split your approval out to be based on request type. Claudio has shown this up above already. In continuing his example, where the business role goes to path C - you would then have Path C do a line by line approval based on the single role owners
  By using this role approval methodology your single role approvers are indirectly allowing  any user who are approved the business role via an access request and that request is approved by business role owner (which is role owner).
  As mentioned - you are using two different workflow process ids
  Role Build - using BRM to approve the single roles being part of the business role
  Access Assignment - approving the user to receive the business role which includes the single roles
  Regards
  Colleen

• Common technical roles in different business roles in BRM & ARM

  Hi Gurus ,
  Some help please .
  We have the following situation with BRM & ARM role provisioning .
  In BRM we have for example two business roles setup (B1 & B2). We have in these two business roles a common technical role .
  E.g. B1 (has role T1 ,T2 )  , while B2 (has roles T1 & T3) .
  in our example an user already has role B1 (with T1 & T2) assigned. The user then needs access to role B2 as well .
  Since role T1 is common in both business roles  , When an user does an request , ARM then send them a notification saying that an duplicate role exist within the request. (which they have to remove before continuing) . This is confusing the some users .
  My question is as follows. Is there a way to for the user to process the request without having the warning displayed & without having the duplicate technical role assigned ?
  So essentially , they will get access to business role B1 & B2 (but technical role T1 will not be assigned twice) ?
  Your help is greatly appreciated .
  Regards,
  AJ

  Hi AJ,
  Could you share the notification message that  ARM generates.And what about role T1 assignment.
  Is it assigned two time in user profle?
  Thanks,
  Mamoon

• CRM WEBClient UI -The same screen-menu appears for different Business Roles

  Hi Experts,
  We are working with CRM 2007 and are facing the following problem:
  After starting the CRM WEBClient , a screen with two Business Roles appears: u2018SALESPROu2019 and u2018SERVICE PROu2019 (because in my User I have added the roles: SAP_CRM_UIU_SRV_PROFESSIONAL & SAP_CRM_UIU_SLS_PROFESSIONAL).
  I select the one of the two roles (e.g. SALESPRO) and then I choose u2018backu2019 and select the other Role (SERVICEPRO) but the same screen appears with the menu from SERVICEPRO .
  I noticed that the menu that appears has to do with which business role I select first.
  Do you have any ideas what could be the problem?
  Best Regards,
  Roula

  Hi Roula,
  In CRM 2007, the CRM Webclient doesn't have the capability to switch from one business role to another directly as you are trying to do. The only option to switch is to logoff from Webclient and login in another role.
  regards
  Srikantan