Change Authorization object to add another InfoOjbect

Similar Messages

• Authorization object for "add approver" in contracts

  Hello, Experts,
    I am looking for authorization object for adding approver in contracts.
  But without adding authorization for changing contracts.
    Regards,
      Rami Kleiman - HP

  1. you can try to restrict  the authorization object ( Manager Role-- /SAPSRM/MANAGER) for contracts to display ( remove the change).
  2. you can also change the personalization object key "BBP_WFL_SECURITY" to None ( but i, think this will affect all the objects like shopping carts purchase orders etc..)
  Thanks
  velu

• Change authorization object in a derived role

  Hi Gurus,
  What's happen if someone has added a new authorization object in a derived role?
  He has only changed some derived role, not the parent role, he added manually a new value in the authorization field. The parent role didn't changed.
  <u>Note:</u>The field was not an organizationnal field, it was S_DATASET.
  What do you think about this ?
  Thanks
  Hery-zo

  Do i understand this right??? do functional teams have access to PFCG to create roles???
  If so that is your real problem, as that shoudl never been doen that way. You are completely right functional consultants have no clue about how roles should be build. advise:
  1 take away the access to PFCG in ALL systems for anybody other than security consultants administrators.
  2 ask all functional teams to describe the roles points to be adressed:
     A TRX in every role
     B all wanted restrictions on every TRX (described functionally)
     C orglevels on which restrictions should be build.
     D Test process for every TRX in every role (both positive and negative)
     E  check all roles against table USOBT and look for manually added objects,  
         if they can not give a good reason for adding these REMOVE them.
  3 retest all roles based on point 2D, ask the funcxtional consultants to assist where needed. Adjust roels during testing where needed, but create a good auditable record for every change.
  4 Update USOBT_C (use TRX SU24) for all changes you apply during testing
  5 check your roles for the corrected TRX after this change and update the other roels involved as well.
  6 ONLY allow roles that have followed the above process to go to Production.
  The above steps are the only way to create a secure SAP Production system for you!

• Copy object from one authorization object classe to another one

  Hello experts,
  due our revision we have the demand to copy our custom context sensitve authorization object from the old authorization class to a new one.
  Ist this generally possible? What are the impacts?
  Any ideas?
  Many Thanks!
  Marco

  > due our revision we have the demand to copy our custom context sensitve authorization object from the old authorization class to a new one.
  That is a strange revision (audit) demand... Did you challenge them whether they have ever done this before and survived as release upgrade?
  Is SAP_ALL otherwise okay for them? For example that people can write their own programs or maintain PRGN_CUST to include Z-classes again...
  Have you tried to simply remove all profile assignments to SAP_ALL and replace them with proper roles and restrict SAP*'s HR profiles to that which applies to all users which are not employees?
  You are definately barking up the wrong tree here by moving SAP objects to Z object classes and expecting it to be secure...
  Cheers,
  Julius

• Authorization Object to Add/Delete Materials in Process Order

  Hi,
  How to locate the specific object for Addition/Deletion buttons in the materials tab in Process Order creation/change(t code COR1/COR2).??
  We want to restrict the authorisation for the same.
  Regards,
  Arpit

  Hi,
  Try with the following object and fields:
  Object: B_USERST_T
  ACTVT
  BERSL
  OBTYP
  STSMA
  Please confirm.
  Regards
  Suri

• How do I query changed view object attribute in another view object

  Jdeveloper 10.1.3.4
  My requirement is that I want to be able to query a view object (based on entity) on a non-key attribute where the value I am searching on may either be in the database on an existing record or, have just been recorded by updating a different view object based on the same entity (and yet to be committed).
  When querying the second view object for a value just updated via a different view object, the second view object always returns no rows. I had expected the process to be :
  EntityA
  ViewObjectA based on EntityA
  ViewObjectB based on EntityA
  ViewObjectA - query row with key = 123. update attribute Y with value 456 (attribute Y in database null). Entity cache for EntityA, key 123, atttribute Y updated with value 456
  ViewObjectB - query row with attribute = Y. expect record in EntityA cache just updated to be returned. Instead, nothing is returned
  Here is the code I was using (where RandScheduleEdit and RandScheduleSearch are identical view objects based on entity object RandSchedule)
    public static void main(String[] args) {
      String        amDef = "test.cache.model.AppModule";
      String        config = "AppModuleLocal";
      ApplicationModule am = Configuration.createRootApplicationModule(amDef,config);
      ViewObject rsEdit = am.findViewObject("RandScheduleEdit");
      Key rsKey = new Key(new Object[]{40});
      Row[] rsEditRows = rsEdit.findByKey(rsKey,1);
      Row rsEditRow = rsEditRows[0];   
      rsEditRow.setAttribute("SId", new Number(7827));
      ViewObject rsSearch = am.findViewObject("RandScheduleSearch");
      rsSearch.setWhereClause("S_ID = :SId");
      rsSearch.defineNamedWhereClauseParam("SId", null, null);
      rsSearch.setNamedWhereClauseParam("SId",new Number(7827));
      rsSearch.executeQuery();
      Row rsSearchRow = rsSearch.first();
      Configuration.releaseRootApplicationModule(am, true);
    }Why does rsSearch not find the record S_ID = 7827 ? It seems to only be querying new records in the database and ignoring the cached record just updated ?
  Any help greatly appreciated.
  Cheers,
  Brent

  rsSearch.setNamedWhereClauseParam("SId",new Number(7827));This might help:
  rsSearch.setQueryMode(ViewObject.QUERY_MODE_SCAN_ENTITY_ROWS);
  rsSearch.executeQuery();

• Authorization object creation manual method

  hi gurus
  I have a requirement to create authorization objects for my project. The scenario is, we have a query which gives the profit center data on a weekly basis.the users for this report are the project management people. we have not created the project management hierarchy, but presently supposed to use a role as Project Management. We have a set of users for this Project Management role.
  Now based on this scenario i am supposed to create the authorization objects.
  can anybody suggest me the right step by step method for creating the authorization objects.
  I would like to have steps as what i need to do in RSD1, in PFCF, in RSSM and in the BEx.
  you answers will be rewarded accordingly
  thanks in advance
  regards
  vijaykumar

  hi!
  1) identify the infoobject which must have restricted access. I think it is Profit Center in your case or may be PSP element
  2) in infoobject maintainance screen check Whether it is marked as Authorization relevant(RSD1)
  3) goto RSSM and create a new authorization object and add your infoobject to it.
  4) in PFCG role maintainance screen add create a new role Project Management and addt eh users to it. under the authorizations tab go to maintaina authorizatioons and add your authorization object that you create in RSSM. and maintain the correct values with in it.
  with regards
  ashwin

• Authorization object creation for transaction MIGO

  Hi,
  We have created the auth object for acct asignment category with values as activity & acct assignment category.
  But when assigned to respective users, its still allowing to perform the transactions.
  Basically I am using this object for doing Goods Reciept tcode MIGO.
  As in if auth object carries value 'K' in this object i.e. for cost center then other user with value 'P' i.e. project wont be allowed to perform the MIGO for POs with 'K'.
  Kindly tell me the specifications for the auth object, so that it will restrict users from performing the MIGO.
  Regards,
  Krutika

  hi!
  1) identify the infoobject which must have restricted access. I think it is Profit Center in your case or may be PSP element
  2) in infoobject maintainance screen check Whether it is marked as Authorization relevant(RSD1)
  3) goto RSSM and create a new authorization object and add your infoobject to it.
  4) in PFCG role maintainance screen add create a new role Project Management and addt eh users to it. under the authorizations tab go to maintaina authorizatioons and add your authorization object that you create in RSSM. and maintain the correct values with in it.
  with regards
  ashwin

• Altering authorization objects

  Hi all,
    I copied the existing role to a new role and need to do some modifications to authorization objects. I entered the new role in change mode but in authorizations tab, I only have 'display authorization data' mode. I can not get it to 'change' the authorizations. In the users tab, I am able to change the users though. I tried the option 'display<-->change'  but still authorization tab is in display mode only. The profile name is blank. Do I need to generate the profile first, before I can change authorization objects?? And how do I generate the profile?
  Thanks and regards,
  Kim.

  Hi,
  You can generate the profile using a round button with red and white quadrants.
  Cheers,
  Kedar

• PFCG - Alteration the 'authorization objects' of a profile.

  Good Morning My Friends,
  I have a profile created in PFCG, I want to change your authorization objects, using a BADI or function.
  Does anyone know which function to use?
  I've tried a lot and found nothing.
  This is an example of what I want to do.
  >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  Original profile.
  Profile Name: Profile_Deivison
  Object :.......... S_DEVELOP
  Auth :.............. T-TD55048100
  Field :.............. ACTVT
  Value :............ 01, 02, 03, 06, 07
  Modification of authorization objects of the profile (fictitious example).
  called function to change the profile.
  CALL FUNCTION 'CHANGES_OBJECT_AUTHORIZATION_PROFILE' "" "" This function does not exist
  EXPORTING
  name_profile = 'Profile_Deivison'
  object = 'S_DEVELOP'
  auth = 'T-TD55048100'
  field = 'ACTVT'
  value = '01, 06, 07 '
  Results function.
  Profile Name: Profile_Deivison
  Object :.......... S_DEVELOP
  Auth :.............. T-TD55048100
  Field :.............. ACTVT
  Value :............ 01, 06, 07
  >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  I thank.
  Edited by: Deivison.Lana on Jul 7, 2011 9:55 AM

  Thanks for the help.
  but from what I saw during the discussion was not found a solution, that with reference to 'Change Authorization Objects'.
  Edited by: Deivison.Lana on Jul 7, 2011 4:33 PM

• Add new authorization object for production order creation/change/display

  As mentioned. I definded new authorization object using "Production scheduler" (Field Name : FEVOR) by SU20. then use SU21/SU24 to add authorization object for some transaction code such as COOIS. use PFCG maintain new role and assign a  fixed production scheduler value and assgin transaction code COOIS to this role. create new user ID and assign to that role.
  logon system with new ID, run COOIS. but system don't check new authorization object(production scheduler). who can tell me why it is and how i can add new new authorization object for standard transaction code?
  Thanks.
  Kevin.WU

  Hi,
  there is an icon of generation.  just click there in PFCG and also in su21.
  then add this object in new role.
  Assign this role to user id
  while assigning the role also there is a generation.
  Please take a help of BASIS consultant also as this is entire a BASIS process.
  Regards
  Amit parkhi

• How to add custom authorization object to a SAP standard transaction

  Hi All,
  I have a standard tcode IW22 (change PM Notification) and I would lock changing when some users modify the field Functional Location (field TPLNR).
  Since this field does not have an authorization object associated, I've tried to solve this problem with the following steps:
  - tcode SU20 - creation of new authorization field TPLNR with data element TPLNR
  - tcode SU21 - creation of  a new auth object in transaction SU21 with name ZPM and field (TPLNR, ACTVT and TCOD)
  - tcode SU24 - insert of new authorization field e check indicator (green)
  - tcode SU22 - check indicator - check (green)
  After this we have created a new role with PFCG and add transaction IW22; the new auth.ZPM was added manually.
  We have try to analyze log (ST01 trace) but it seems no check was made in the trace file.
  It seems new authorization object was not checked.
  My question is: "Is it possible to add a custom authorization object into standard transaction and implementing authorization check without writing abap code in exit or badi ?"
  Thanks
  Maurizio

  > My question is: "Is it possible to add a custom authorization object into standard transaction and implementing authorization check without writing abap code in exit or badi ?"
  >
  No .. not possible. The list of Auth. objects SAP proposed in SU24 for each Stnd. SAP TCodes are basically documentation of the Authority-Checks in the program for that TCode. The extra advantage of SU24 is to set the object status (means the proposal for availability in PFCG) among any of the four check indicators. So that we can provide our own value (customer specific values which are basically defined and separate from sap provided values) and reinforce the authorization concept of the organization.
  So you need to provide a Authority-Check for ZPM in the program of IW22 to make sure that the fields you want to be checked are really being checked during execution of the tcode.
  Regards,
  Dipanjan

• How do I add another computer to my account to authorize

  How do I add another computer to authorize on my account list so I can use or redeem my gift cards and use my store credit?

  You can authorize up to 5 computers.
  To authorize you need to install iTunes on the computer to be authorized:
  Open iTunes
  From Store in the menu bar, choose Authorize This Computer. (If the menu bar is not visible hit CTRL-B).
  When prompted, enter your Apple ID and password, then click Authorize.
  iTunes Store: About authorization and deauthorization

• When I am sending an email and add a recipient, and then go to add another recipient, my contact book will start at "A". How do I change it so that it will leave me at the place I left off at in my contacts?

  When I am sending an email and add a recipient, and then go to add another recipient, my contact book will start at "A". How do I change it so that it will leave me at the place I left off at in my contacts?

  When I am sending an email and add a recipient, and then go to add another recipient, my contact book will start at "A". How do I change it so that it will leave me at the place I left off at in my contacts?

• HT1420 My laptop crashed completely and I need to authorize a new laptop to enable it sync with itunes. I have 5 computers authorized so I am unable to add another one so I need to unauthorize the bad laptop that is no longer working. How do I authorize n

  My laptop crashed completely and I need to authorize a new laptop to enable it sync with itunes. I have 5 computers authorized so I am unable to add another one so I need to unauthorize the bad laptop that is no longer working. How do I authorize new Laptop?

  You can only deauthorize everything to do that. Click on Account under Quick Links. You can deauthorize all five there. But you can only do this once a year.