ChaRM: Role to display only in CRMD_ORDER

Dear all,
      I have to questions for you experts:
      1)  We are trying to create a role to display only the documentos in CRMD_ORDER, is that possible at all?
      2) I have some users that shouldnt be allowed to create an Urg.ent correction, I customized the authorization B_USERSTAT accordingly. When those users thy to create an UC they receive the error message, yet they can save the transaction and the UC is created in the system.
I would really appreciate any help on this!
Best regards,
Federico.

hi
pls chk this,
[http://help.sap.com/saphelp_crm50/helpdata/en/26/99973915e69238e10000000a11402f/frameset.htm|http://help.sap.com/saphelp_crm50/helpdata/en/26/99973915e69238e10000000a11402f/frameset.htm]
jansi

Similar Messages

  • Role creation: SAP ALL with SU01 and PFCG in display only

    hi all,
    I am looking for the easiest way to create a "sap all " like role with SU01 and PFCG in display only.
    i found several solutions, which sound very complicated.
    Thank you in advance,
    Julien

    Hi,
    As per your query there is not profile of SAP to give display authorisation, for this you have to create new profile on module wise and assign to user.
    Anil

  • New Role in PFCG only for customizing (display mode)

    Hi,
    Some users asked me to have a specific role to display all customizing settings (form transaction SPRO). This new role should allow users only to display customizing settings without changing them.
    I tried to copy and manipoulate standard role S_BC_CUS_CUSTOMIZER. In my new role Z_S_BC_CUS_CUSTOMIZER (copy of the standard) I have setted as "display" entries with field "ACTVT".
    However it doesn't work as I like because user with that role can still modify customizing.
    Can any of you help me please? thanks.

    Hi
    Those role doesn't exit in my system, anyway you should create a new role where all authorization groups have the value 3 for the activity.
    So you should assign to the object S_TABU_DIS only 3 as action allowed.
    Anyway you should check all roles assigned to your user, because perhaps if a user has two roles where it can changed the data for the first role and it can't do it for the second one, the result will be the user can change the data.
    Max

  • Role composition for ESS to display only own data.

    Hi all,
    I am trying to compose a role for Employee Self Service for employees to display their payroll, but i couldn't manage to structure it to display only their own personnel data. I had to put the personnel area in P_ORGIN however in that case they become authorised to display all employees' data in that personnel area. Can i use P_PERNR object for this operation? Please advise.
    Regards,
    Sezin

    You can give I in PSIGN field for the infotypes that you want to 'Include' for an employee, and E in PSIGN field for the infotypes that you want to 'Exclude' for an employee.
    Whether those Infotypes will be Read or Maintain will be dependent on the value in the AUTHC field.
    Hope this helps.
    Regards,
    Vikas

  • Displaying only User created roles -  Please help

    Hi,
    Can anyone of you please post the code for displaying only Non - SAP roles (which are created by users).
    Thank you for your time.
    Regards
    Som

    Hi,
    I will explain little bit more in detail..
    We are trying to have a Mapping between JobTitle and Portal-ID/Name in our database. so for the Portal-ID/Name instead of having a textbox for the user to enter, we want to have a list box which displays all the roles which were created by users (only) - that is I mean custom roles not the roles provided out of the box like useradministration,systemadministration etc.
    Thanks
    Vasu

  • SPRO Display only role

    Hello Gurus,
    I wanted to create SPRO display role and i am not sure what tcodes SPRO calls in the background. I googled and find out that giving S_TCODE = * and making other auth obj's like S_PROJECT and S_PROJECTS (related to SPRO) to display only (03) will serve my purpose of creating SPRO display only role.
    My question is, if i give S_TCODE = * , i am giving access to all the tcodes in SAP which i don't want to. Is there a solution for this? (SPRO display only access with tcodes that SPRO calls in the background)
    Any suggestion, advice, comments are appreciated
    Thanks Gurus
    Venkat

    Hi Venkat,
    Yes you right. S_TCODE '*' is a hightened access to give.
    I am not sure if there is an easier way to do this. You could get the list of Tcodes within SPRO in a slightly long procedure:
    Steps:
    1. Activate the IMG activity display using the Path Additional Information>Additional Information>Display Key> IMG Activity.
    2. Use the Table CUS_IMGACH to find the Tcodes associated for each of the IMG Activity
    3. You could try assigning only these values under S_TCODE.
    Also I am not sure it works. But if you don't find an easier way out, this could be worth a try.
    Regards,
    Ann

  • Random Visio Stencils Displaying Only as Black and White Lines (No colour)

    I'm experiencing a strange problem where some Visio stencils/shapes are displaying only as black and white outlines (i.e. - without any colour). I'm using Visio 2010 on a Samsung NC900 laptop with 8gb RAM, 1.7Ghz i7 CPU on Windows 7.
    The symptoms that I'm experiencing are:
    The majority of stencils display fine in the left hand stencil window but some do not.
    Some stencils display the majority of shapes as black and white outlines but some in full colour.
    Some shapes display fine within the stencil window but change to black and white outline when I drag them to the drawing (These are typically ones that I open independently of the drawing - i.e. - by double clicking rather than via "Search Shapes").
    I've done a search on the web for this problem and have found some similar issues but none of the suggested fixes work.
    One of the stencils that I experience this issue with is the Exchange 2013 Microsoft stencil.
    I've updated Java and Silverlight (stab in the dark there) and my graphics driver is up to date.
    It's driving me mad now so any help would be appreciated!
    Nikos101

    Lori
    The remove profile worked like a charm with the greyscale images. Maybe a slight loss of contrast, but I'll hold the tiff scan in any case. I-photo would not import the image again (already in the library) but I can remove the profile on the image in my folder outside i-photo. And I think I can prevent it at import now.
    Thanks! I doubt I would ever have figured that one out.
    Marilyn A

  • On the web how can I check the user role to display the form suitable for this role i

    Hello
    How can I check on the web the use role to display the a form for each role
    Example
    If the admin login I display admin_form.fmb and if user login I display
    user_form.fmb
    Thankx
    Tamer

    In my forms I hide tab pages according the role using something like the following script in the WHEN_NEW_FORM_INSTANCE trigger.
    So the user can not navigate to tabs which are vorbiden by his role.
    CURSOR users_roles_cur IS SELECT granted_role FROM user_role_privs
    WHERE username=(SELECT user FROM dual);
    user_roles_rec users_roles_cur%ROWTYPE;
    IF users_roles_cur%ISOPEN
    THEN
    CLOSE users_roles_cur;
    END IF;
    OPEN users_roles_cur;
    LOOP
    FETCH users_roles_cur INTO user_roles_rec;
    EXIT WHEN users_roles_cur%NOTFOUND;
    MESSAGE (user_roles_rec.granted_role);
    PAUSE;
    IF RTRIM(user_roles_rec.granted_role,' ') = 'BLA-BLA'
    THEN
    tb_pg_id := FIND_TAB_PAGE('activity');
    IF GET_TAB_PAGE_PROPERTY(tb_pg_id, visible) = 'FALSE' THEN
    SET_TAB_PAGE_PROPERTY(tb_pg_id, visible, property_true);
    END IF;
    END IF;
    END LOOP;
    CLOSE users_roles_cur;
    Other solution may be is to use an initial form which only will detect the user role and run the appropriate form.
    Other solutions are also possible.
    Joseph

  • How To Configure 'SPRO' Can Display Only?

    Hi Gurus,
        In our ECC PRD circumstances. We need Display-Only authorization for Tx 'SPRO'.
    Do you have any good idea?
    Thanks!
    Jason

    Hi,
    Use the S_TABU_DIS and S_TABU_CLI authorization objects to assign the relevant authorization to the user.
    If you have created an IMG project, you can use transaction PFCG to create a suitable authorization for this IMG project. In transaction PFCG, you have the option of assigning one or several IMG projects. The corresponding authorization profiles are then transferred and can be defined as required.
    Create a new role for this in transaction PFCG. If you are processing the role, you can use the menu "Utilities -> Customizing authorizations" to assign the relevant IMG project and/or project views to the role. The role is then adjusted according to this selection.The user can then start the corresponding setting transaction from IMG.
    Regards,
    JP.

  • Issues with SAP_ALL - Display only

    Dear SAP security experts,
    I created a Role SAP_ALL_DISPLAY inherited from SAP_ALL profile. I made sure that ACTVT is 03 for all areas. But still it is allowing for some Tcodes like below :
    RSA6 -- It is allowing to delete, change, create ...extractors. This is very dangeours
    SM37 -- It is allowing to delete BG jobs..etc
    .....some more I did not know...dont have time to check.
    tcodes like RSA1...SCC*..SPRO... are OK. If finger the check indicators in SU24 for the above tcodes(RSA6,SM37..), what are the bad consequences?. How to fix this in an easy way?
    Thank you very much

    I guess this needs to be created as an FAQ
    - There is no such thing as SAP_ALL_DISPLAY
    - Proposal: create a "display only"  role for each functional area in your organisation, i.e. something you could give to every employee working in that area.
    - There are LOTS of transactions that couldn't care less about what you put in ACTVT!
    - There are display transactions that you do not want to give to people (confidentiality)
    - Furthermore, check for ACTVT might be deactivated in SU24
    In a nutshell: don't do that. Find out what the exact requirements for that role are, and create it like that. The way you do it now will have many more backdoors than you will ever be able to fix. How are you going to control/audit misuse?
    Alternatively: look at SAP GRC Access Controls and evaluate the FireFighter application - this might help.
    Sorry, no easy answer here.
    Frank.

  • How can FS03 be made Display only without removing Create/Change Activities

    ECC 6.0 Release 700
    Our internal auditors have asked to limit access to change the Chart of Accounts. Currently our Functional team has access to do this via transactions FS00, FSS0, FSP0, etc. which needs to be removed.
    The issue is that if we assign display transaction FS03 to the functional team's role, the Change and Create buttons are still enabled due to the corresponding activities in the Authorization object F_SKA1_BUK, as it seems FS00 and FS03 are essentially the same. The same holds true for FSS3 and FSP3.
    Unfortunately, the functional team requires the create and change activity in F_SKA1_BUK for other transactions, so if we strip the activities for the purposes of FS03, they will lose functionality elsewhere.
    The standard reports S_ALR_87012327 and S_ALR_87012328 were deemed as insufficient replacements for the information in FS00.
    Is there any way to limit the functionality of FS03 to Display only without taking away the create and change activities?

    While researching F_SKA1_KTP, I found that without the change or create activities in both F_SKA1_KTP and F_SKA1_BUK, the buttons gray out. The functional team is currently researching if they need change/create in F_SKA1_KTP, as I sent them a list of transactions they have for which it is required.
    I tried to remove S_TCODE FS00, but when I ran FS03 it gave me a "not authorized for FS00" message and did not display the screens. I removed the dependency via SE97, but then FS03 essentially became FS00 and I was back at square one.
    Thank you both for your suggestions.

  • Can we display only the required dimensions under Dimensions Drop Down list

    Hi,
    I am using Hyperion Financial Data Quality Management, Fusion Edition 11.1.1.3.00, so far under Activities -> Maps option we used to display all the dimensions used in the application, but now as per the client's requirement we need to display only those dimensions which needs mapping under dimensions drop down list.
    Eg)
    Now in our Application our Dimension Drop Down list will look show these dimensions
    Account
    Entity
    Legal Entity
    Inter company
    Reverse 1
    Reverse 2
    Among these we are doing mapping only for Account, Entity dimensions so we need to hide rest of the dimensions from the Dimensions Drop Down list for which we are not using any mappings (Legal Entity, Inter company,Reverse 1,Reverse 2)
    Another thing is these dimensions should be hidden only from the drop down list and not from the Output file generated after the Export.
    Some suggestions regarding this issue will be greatly helpful.
    Thanks,
    Abdulla Javeed Hassan

    Hi
    If hiding the other dimensions is to prevent users from accessing and changing the mappings then you could do this by amending the object security so that only certain user roles can access the Activities > Maps option.
    This will only really work if you have limited users / central team that will control the maps but it is the most obvious way to stop users accessing the maps.
    Hope this helps
    Stuart

  • How to make accounts display only via authorizations?

    Has anyone setup CRM 2007 to get the account page to be display only? We don't want to allow certain users to manage accounts directly in CRM and would like to lock this down via authorization objects. We can't seem to figure out what authorization objects are needed to lock it down appropriately. Thanks in advance.

    Hi James,
    We've had a similar requirement. We used sap note 1260695.
    Using this BAdI you can customize that depending on the BP role, some areas (e.g. marketing attributes) are
    editable, and others (e.g. address data) are only displayed.
    As an alternative, you can use note:
    Note 1259940 - Authority check for accounts depending on roles
    Hope this helps.
    Regards,
    Wim Olieman

  • Ship-to Address" screen in SRM browser need to change to display only

    Hi Freinds,
    Ship-To Address" screen in SRM browser needs to change to "Display" only. The users shouldn´t have the possibility to change the delivery address in the screen to their own private address.
    Is it possbile to do any changes in SRM itself or else its purely JAVA HTML work.
    Kindly i need you guys help to resolve the above development.
    Regards
    Vivek

    Hello Vivek,
    Solution given by Suneel should be OK.
    Nevertheless, if Ship-To must be only in display mode for all users (independently of their role) and only for particular document types, you can manage it with partner schema:
    SAP Implementation Guide > SAP Supplier Relationship Management > SRM Server > Cross-Application Basic Settings > Define Partner Schema
    Then maintain this partner schema ID to your concerned document type:
    SAP Implementation Guide > SAP Supplier Relationship Management > SRM Server > Cross-Application Basic Settings > Define Transaction Types
    Regards.
    Laurent.

  • Adding tcode to role in display access.

    Hello,
    Please can someone suggest how we can add transaction codes to a SAP role with only display access.
    That means users should have only display access when they execute that transaction. Please suggest.
    Thanks.

    >
    adnan shahid wrote:
    > I would like to add the following tcodes in display access. In all the tcodes only auth object present is S_TCODE.
    >
    > OKY9
    > OKYA
    > OKY0
    > OKKM 
    > OKK6
    > OKK5
    > OKG6

    > Please suggest.
    I suggest that your run an authorisation trace to see what objects those transactions reference.
    Create a role with those transactions and objects in display only mode.  Then get a functional consultant to negative test those roles.
    Don't assign with other roles which give change access to the auth objects you have restricted.

Maybe you are looking for

  • ERROR MESSAGE WHEN IMPORTING FROM IPODS WITH IGADGET

    I just upgraded to VISTA and was unable to transfer my songs off ofmy old computer, so decided just to use IGADGET to transfer off ofmy IPOD. The error when I try to transfer songs is: ERROR- retrieving the COM CLASS factory for component W/CLSID. Do

  • I'm trying to restore/update my iphone 3gs but I got the error -1 . Does somebody knows what it means and how to fix it?

    I update my iphone to the version 5.0 and it was great, but after I got the 5.1 IOS my iphone started to reboot every now and then. It restarted itself a couple of times and keep working fine, and then it happen again until the screen showed the usb

  • Pushbutton in alv column

    Hello, I have to create an ALV(not using OO) with a pushbutton column.  The requirement is as follows: the grid contains a text column.  When the text contains more than 100 characters, a column with a pushbutton (named: More...) is selected by the u

  • Adding Technical objects (equipment) in sales contract

    Hi Gurus!, I trying to add an equipment in a sales contract (Extras / Technical Objects) but the system gives the message V1 192 (Serial number profile is missing for material 212 in plant 0001), the material is a maintenance service, and the equipme

  • How do i make the text font look similar to that in IE?

    The text font with which i have been working on IE is different from the text font used in Firefox. I would like to change my text font settings to the one similar to IE's. == This happened == Every time Firefox opened