ChaRM - Authorization Object to show documents in CRM_DNO_MONITOR

Hi folks,
does anyone know which auth. object or other prerequisite is needed to show documents in transaction CRM_DNO_MONITOR?
To our needs the SAP ChaRM default roles do not fit. So I am building roles from scratch (basically).
Auth. trace via ST01 did not show anything relevant when executing tx: CRM_DNO_MONITOR.
Sol Man 7.0, ST400-0017, BBPCRM500-0012
Any help is appreciated.
Thanks in advance.
Edited by: Christian Kaunzner on Mar 9, 2009 10:28 AM

Hi,
I would still recommend to use SAP Standard roles as backbone and build on with your custom roles. Make a copy of standard roles. Creating from scratch would again have the same auth. objects that are available in standard roles.
>
Christian Kaunzner wrote:
> To our needs the SAP ChaRM default roles do not fit. So I am building roles from scratch (basically).
Can you let us know, how you want your roles to be defined?
Feel free to revert back.
-=-Ragu

Similar Messages

  • Authorization object of DMS Document Number

    i need to limit access of users on range of document .
    for example  :
    i have created document type ZFI with number range 100 to 500
    i need grant the access of a specific user to range from 100 to 300 only .
    How can i do that ?
    i need to know the authorization object of Document number .

    Hi Reda,
    You can use ACL authorization, There is the only option available to control authorization at document level.
    The task for doing the same will take time if the documents are more, I hope there is some standard FM for ACL , try using the same and let me know the results.
    Rgds,
    Nayeem.

  • Authorization object to view Maintain Performance Documents on MSS

    Hi Experts,
    Would like to know which authorization object would require to view Maintain Performance Documents on MSS. Currently, we removed SAP_ALL access from MSS user and not able to peform Maintain Performance Documents.We are on EP 7 and ECC 6.
    It gives following error :
    java.lang.NullPointerException
         at com.sap.xss.hr.mbo.blc.BMboStatusComp.resetGlobalMboR3Data(BMboStatusComp.java:260)
         at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusComp.resetGlobalMboR3Data(InternalBMboStatusComp.java:195)
         at com.sap.xss.hr.mbo.blc.BMboStatusCompInterface.resetGlobalMboR3Data(BMboStatusCompInterface.java:150)
         at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:168)
         at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface$External.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:224)
         at com.sap.xss.hr.mbo.vac.VMboStatusComp.onBeforeOutput(VMboStatusComp.java:227)
         at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusComp.onBeforeOutput(InternalVMboStatusComp.java:185)
         at com.sap.xss.hr.mbo.vac.VMboStatusCompInterface.onBeforeOutput(VMboStatusCompInterface.java:143)
         at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface.onBeforeOutput(InternalVMboStatusCompInterface.java:136)
         at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface$External.onBeforeOutput(InternalVMboStatusCompInterface.java:212)
         at com.sap.pcuigp.xssfpm.wd.FPMComponent.callOnBeforeOutput(FPMComponent.java:603)
         at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:569)
         at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:438)
         at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:196)
         at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:110)
         at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
         at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
         at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
         at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
         at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:733)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:668)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
         at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
         at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
         at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:860)
         at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:220)
         at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1288)
         at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:355)
         at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:548)
         at com.sap.portal.pb.PageBuilder.wdDoInit(PageBuilder.java:192)
         at com.sap.portal.pb.wdp.InternalPageBuilder.wdDoInit(InternalPageBuilder.java:150)
         at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
         at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
         at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
         at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
         at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
         at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
         at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
         at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Would appreciate kind guidance to resolve issue.
    Thanks in advance.
    Aashish

    I am closing this thread as opened at wrong place.
    Thanks,
    Aashish

  • Upload Document Authorization Object

    I try to set the authorization for uploading a document onto the report via the Portal website.
    However, I can't find any proper authorization object for this purpose. (I tried the authorization object 'S_RS_ADMWB', but it is not workable)
    May you all help me in this issue? It will be highly appreciated if you also give me details of authorization object parameters?

    Hello,
    Mash recently reported a similar error here :
    when i try to upload oracle authorization objects getting errors
    obviously, we can't see the attached file
    Cheers,
    Diego.

  • Filter Document Type based on Authorization Object

    Hello Everyone,
    I have a requirement where i was asked to filter the document type based on authorization object M_BEST_BSA in transaction /KCP/2,ME21N, ME22N and ME23N.
    When I create or modify a purchase order, I dont want  to be lost in choosing the PO type. I want the field EKKO-BSART displays only the values authorized for the user(me).
    Thanks a lot

    RE is standard for MIRO .This is SAp standard .
    Please clarify what u require .
    Did you need other RE  for example LE for miro doc type in your co code 1130 and miro doc type EE for your co code 1145.
    like wise
    Edited by: manu m on Jul 13, 2009 7:53 AM

  • How we can show authorization object  at infoprovider  level

    hi all
    how we can show authorization object at infoprovider level..
    shalini

    S_RS_ICUBE:
              Auth objects for working with Infocubes and their sub-objects. For example,
              protecting users who can define the Infocube, applying update rules, and
              looking at the data in the Infocube.
    In order to execute any query, u must have access to R_RS_ICUBE and S_RS_COMP. S_RS_COMP is
    a powerful object that enables u to make choices on how to secure.

  • Authorization Object for 'Save As Completed' in Parking Document

    Hi,
    Is there any authorization object for 'Save As Completed' in Parking document. The user who is 'Parking' should not have the 'Save As Completed' enabled. It should be disabled. Because we are using that in the workflow. Similarly, the user who performs Save As Completed should not have 'Park' option.
    Regards,
    JMB

    Hi,
    I would like the park and post transactions to be used by different users in my company.
    would you be able to give the authorisation objects where the ristrictions have been placed.
    Regards,

  • Authorization object and document management

    Hi !
    I'm french so please excuse my english level
    I'm not a technical consultant but my manager gave me the responsibility of authorization in a SAP BW project.
    There are several projects in the same system. A man in my team implemented a document fonctionality. When using BPS for planning, the user can create a document that will be bonded to a cell and will be displayed in queries.
    For my project, I implemented two authorization objects (AO): Division and region.
    My problem is that users of my project can't see the documents created if they're not autorized for ALL the AO existing in the system (aboute 12), even if theses AO are not involved in my project and not checked in the cubes and multiproviders of
    my project. I have to put "#" in profils for each specific AO existing in the systems.
    When I check in "RSSM", I see that these AO are not in relation with my info providers.
    I think it is a bug but if someone could help me it would be great !
    Thanks a lot.
    Best regards
    Rémy

    Hi,
    you have to create a role with the following object (classe BC_Z):
    S_BDS_D
    Activity                       *
    BDS: Data element for LOIO cla *
    S_BDS_DS
    Activity                       *  
    Business Document Service: Cla BW_*
    Business Document Service: Cla OT 
    And restrict in the role with your customer AO
    hope it help's

  • Authorization for custom trans.type in crm_dno_monitor

    Hi
    In ChaRM , i have created custom transaction type ZDCR, i have added the transaction to the authorization object CRM_ORD_PR for change manager role for create ,change & display . as when i open the crm_order ,i could able to create the custom transcation type , but when i am execute the transaction type in crm_dno_monitor , no thing is selected , but when i check the same in the full authoraztion user it is getting selected , i don't know where to maintain the custom transaction type for getting selected via t-code CRM_DNO_MONITOR .
    Regards
    Arumugam

    - First you display the ZDCR list from Tx CRM_DNO_MONITOR with a user with limited authorizations
    --> Messages are not displayed
    - Then you do the same (tell me if i'm wrong it was not clear on your screenshots, i'm not sure whether messages on the last screenshot are SDCR or ZDCR) with another user with full authorization.
    Did you create a BP for your first user ?
    I recommend that you try again with your first user with SAP_ALL profile and tell me if it works. If not we'll have ruled out one cause of error.
    Stéphane.

  • Assigning authorization through assigning authorization objects

    hi all,
    can anybody tell me the whole procedure for assigning authorizations by assigning authorization objects from the scratch along with the example with guide for assigned authorizaon using this method.b'coz this is the requirement of our organization.
    I mean to say assign authorization manually without assigning trnsaction codes.
    suggestion are always accepted.
    if you want to send me the documents then my email id is [email protected]
    thanks in advance,
    waiting for reply............
    hardik patel.

    hi kumar,
            thanks for your help.
            ok i got it and i agree that i can find the authorization object by your suggested way.
        now my point is that i find that this perticulat object is corresponding to this particular trnsaction code. now if i want to aloow only four transaction code out of all transaction codes belongs to that authorization objects. so, for this how can i maintain authorization for this authorization objects.
    It means on " Change authorization tab" it shows fields of that added authorization objects. so what values should i give to those fields so that i can allow only particular transaction codes which i want. so, how can i determine these values for allowing particular transaction codes, not all transaction codes. can you guide me regarding this?
    Please help me regarding this?
    thanks for your support,
    waiting for your reply...............
    Regards,
    Hardik Patel.

  • Authorization Object for using Object Services

    Can you tell me how to limit a users authorization to create or delete attachements using the object services functionality?  We'd like to control the addition and deletion of the attachments.  Is there a specific authorization object for this functionality?
    Thank you, Julie

    Hi julie;
    I hope that following are the solution for you problem. Check wheather this is helpful to you or not.
    Authorization Object C_DRAW_BGR (Authorization Group)
    The following table shows authorization object C_DRAW_BGR. This authorization object allows you to limit access to individual documents.
    Fields      Possible Values      Description
    BEGRU (Authorization group)      0000 - ZZZZ      Used to restrict the authorizations for document maintenance further.
    Authorization object C_DRAW_BGR can be used to restrict access to individual documents. It works like a simple on/off switch. If the check of object C_DRAW_BGR is fine, the user's authorization can be further restricted by checking C_DRAW_TCD (check only based on the document type) or C_DRAW_TCS (check of the
    combination of document type and status). At the fifth level there is a BADI called DOCUMENT_AUTH01, which you can use to design your own authority check.
    Authorization Object C_DRAW_DOK (Document Access)
    The following table shows authorization object C_DRAW_DOK. This authorization object controls which original data of a specific document type there are access authorizations for.
    Fields      Possible Values      Description
    ACTVT (Activity)      52 53 54 55 56 57      Change application start Display application start Display archive application Change archive application Display archive Store archive
    DOKAR (Document type)            Here you enter the document type that access to original data is allowed for.
    Authorization Object C_DRAD_OBJ (Object Link)
    The following table shows authorization object C_DRAD_OBJ. This object controls which users can process which document info records, based on a combination of activity, object, and status.
    Fields      Possible Values      Description
    ACTVT (Activity)      01 02 03 06      Create Change Display Delete
    DOKOB (Object)            You must enter the data base table for the objects here (for example, MARA for material record).
    STATUS (Document status)
    if useful rewards points.           
    Regards,
    nitin
    Edited by: nitin bhagat on Feb 18, 2008 6:23 AM

  • Set "Sales Office" as an authorization for all sales document

    Dear SD Expert,
            Base on ECC 6.0, I have to set authorization which check u201CSales Officeu201D in create/ change / display all sales document.
             I found that authorization object u201CV_VBKA_VKOu201D contain authorization filed ; that are, sales org, distribution, division, sales office and sales group. Also u201CV_VBKA_VKOu201D have assign to (Transaction code: VA03, VF03) as standard SAP (see in T-Code : SU24) . However, when I assign; for example, T-Code u201CVA03u201D, u201CVF03u201D in PFCG. After generated profile, only u201CSale org, distribution chan., and divisionu201D is pop-up.  I wonder that
    1)     Why u201CSales officeu201D dose not show in u201Corganization levelu201D ?
    2)     How can I set u201CSales Officeu201D as an organization level?  for checking an authorization
    Please give me step-by-step.
    Regards,
    Prach

    Refer SAP Help url it may help you , I did not work on this,[Maintain authorizations|http://help.sap.com/saphelp_45b/helpdata/en/91/6cec6eb435d1118b3f0060b03ca329/content.htm]

  • How to assign authorization objects to a cube

    Hello,
    My cube includes 0profit_ctr which is marked as authorization relevant. Still in RSSM my cube is not included in the list of infocubes for an authorization object (zprofit) linked to 0profit_ctr. I'm therefore not able to enable that authorization object for my cube. I have a few ODSs which are included in the list. Why is my cube missing? Is there something I must do to include it, or is it a bug?
    When checking the infocube for authorization objects in RSSM this list is empty as well. I don't see any option to add authorization objects in that list.
    I have read the following document:
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b849e690-0201-0010-9b88-c00cca40736f
    I'm using BW 3.5.
    Regards,
    Christoffer

    Hi Christoffer,
    In RSSM  you will find a button  "Update Check Status ( Authorization Objects, Info providers) ". After this update you should find your cube in the list.
    Jaya

  • Mass update to FILENAME field in S_DATASET authorization object

    We are migrating to a new fileserver with a new hostname, and so I've been asked to update about 1900 instances of the S_DATASET authorization object for the new FILENAME value.  I'd like to do this programmatically if possible.
    What I've learned so far is that I need to update the value in table USR12, but the value is encoded.  When I look at the table in SE16, I do not see the encoded value field.  The value does show in UST12, but I'm told this is an unreliable table.
    So I'd like to know..
    1. How can I look at the value if not in SE16?
    2. Is there an API I can use to encode/decode the value?  If not, where is the specification on how to build it?
    If this is better addressed in a different forum, which one should I try next?
    Thanks,
    Dan

    Hi there,
    Okay I started a few tests and made a bit of progress, but am running into the problem that if I don't check the authority first using the FM and want to test what happens when the user is not authorized, then the bugger dumps (as expected and mentioned in the note)...
    But the behaviour as you have described:
    >
    > Path                   Saveflag  Fs_noread Fs_nowrite Fs_Brgru
    > =============================================================
    > *                                 X         X            DUMY
    > /temp/FI/..                       X         X            DUMY
    > /temp/FI               X                                 FIFI
    >
    ... is correct, and I found something interesting in the F1 on the spth-path field which explains this.
    > Caution:
    > - If you enter paths generically in the table SPTH, the most precise specification counts.
    > - If you select the no-read or no-write fields in the table SPTH, this overrides the authorization group.
    So, the DUMY is not needed as the check does not use it in those cases, and "/temp/FI/.." is anyway more specific than "*" so the system would have used it for DUMY anyway. But that is irrelevant... because if the begru field is empty in the FM, then the check is not performed.
    So, the only check which is effective to protect the path, is:
    Path                   Saveflag  Fs_noread Fs_nowrite Fs_Brgru
    =============================================================
    /temp/FI               X                                           FIFI
    ... and the "fs_noread" and "fs_nowrite" flags should be understood as "no protectable authority to read" and "no protectable authority to write" and not the activity field which the authority is being checked against. This is coming from the S_DATASET check (which is already known at that time to the function module).
    Using these flags, you can leave the entries in the table without having to delete them if you want to turn them off and on temporarily. Perhaps an "active / inactive" switch would have been clearer...
    form CHECK_PERMISSION using ISPTH_HEAD type SPTH
                                MODE       type CLIKE
                                SUBRC      type SY-SUBRC.
    data: ACTIVITY like AUTHB-ACTVT.
       SUBRC = 0.
       case MODE.
         when 'R'.
              ACTIVITY = '03'.
         when 'W'.
              ACTIVITY = '02'.
         when 'D'.
              ACTIVITY = '02'.
       endcase.
       if ISPTH_HEAD-FS_BRGRU <> SPACE.  "Here it is... for BEGRU checks there must be a value...
          authority-check object 'S_PATH'
              id  'FS_BRGRU' field ISPTH_HEAD-FS_BRGRU
              id  'ACTVT'    field ACTIVITY.
           if SY-SUBRC <> 0.
              SUBRC = 3.
           endif.
       endif.
    endform.
    Cheers,
    Julius

  • Report to check authorization object used in customized programs

    Hi Guys,
    An auditor came and he raised a question to us, he asked whether all of our customized transactions and programs are maintained with authorization checks? The question is how can we check what authorization objects are used for our customized programs and transaction codes? The developer did not maintain the objects used for that program in SU24 table. Is there a program or a report to show us all the authorization object used for a customised program or transaction? Example : T-code MIGO we can check in SU24 table for all the authorization object used. How do we check for customized tcodes? Please advise. Thanks!
    Edited by: Jarod Tan on Nov 25, 2010 9:42 AM

    Note that some programs are built in such a way that no (visible) auth check is necessary, or even desired at all.
    To determine the necessity of an auth check, you should check that starting it has an entry point (tcode, rfc, service) which is appropriately restricted. The rest (whether and where and how a further check is evaluated) is entirely dependent to what the program actually does.
    Well designed applications generally have centralized functions and methods, and the checks are in there or a "base check" they use.
    Others again use the same in UI programming to determine the visibility of functions, to make the application more intuitive for the user. This on it's own is however not a sufficient auth check to rely on.
    Code review is an art form!
    Cheers,
    Julius

Maybe you are looking for

  • Skype account keeps disconnecting after 30 seconds

    hi guys, its driving me nuts.  my skype account keeps disconnecting after 30 seconds and i haven't even done anything.  it does it on windows, and on my iphone too. what's going on? is this a problem with skype?  i've seen similar posts. and i'm usin

  • CHANGE THE GROUP FOR VENDOR

    Hello Sir, I have already create business partner for OTHERS group and also I mention Account Payable as Creditors for OTHERS. Now I have to change these control account into Creditor for Fixed Asset account. For Example In Creditors for Others accou

  • End of content reached while more parsing required

    I have a simple jsp program running on a tomcat4 server, and I am           using the tag library from a JSP book. I keep getting this error, and           I am not sure what it really means.           (org.apache.jasper.compiler.ParseException: End

  • How do I rename photos within events?

    I know how to give an event a title but I'm looking for an easy way to rename all the photos within the event so that they, too, have a title corresponding to the event title but each with it's own number added to the end. This helps me for when I cr

  • Music Files - when Itunes reshuffles them to a mess

    How do merge my music files back into one. I tunes has whipped them out and split my music (randomly).  I have spent too many hours and have too many songs to do it manually.