Checking BOM Authorization Group

Similar Messages

• Where we check the authorization group & authorization object?

  Hi all,
  i have a  std program & tcode  like fb03 . now i want to know the authorization group & authorization object. so where we will check..?
  help me.
  thanks.
  Vipin

  Hi,
  Use transaction SU21 & SU22 for Auth Objects & Class

• Check available authorization groups

  Hi ,
  if a custom table needs to be assigned to an authorization group in SAP.
  Which is the transaction to check users assigned to an authorization group?
  Currently i have an idea that Assigning and Creating authorization groups are dealt in SE54 but i cannot find a way to check
  whether users are assigned to an authorization group...!!!
  thanks
  kritika

  Checking Assignment of Authorization Groups to Tables:
  You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
  You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
  See also:
  ·        SAP Notes 7642, 20534, 23342, 33154, and 67766
  ·        Documentation for RSCSAUTH
  Hope this helps.... if not check the following link
  If you still don't find, search google 'table authorization groups in sap' - There are good info on web.
  You can assign the authorization group to any custom table via SE11 - table - display - utilities - assign authorization group and rest follow the sap help (where to maintain and how to assign) .This is a developer and security persons work.

• Authorization Group in BOM Header

  Can any one guide how to create Authorisation group for Bom and also it's use. <See field Authorization group in BOM header>
  Regards,
  Samar

  Hi,
  The Authorization group can be created as follows
  Transaction SE54 >Select 'Authorization Groups'>Create/Change-->New Entries.
  Now the authorization group created can be assigned to your table.
  Goto transaction 'SE56' and select authorization group radio button and create your authorization group.
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  USE
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented.check Su22 and SU24u will get list of objects
  Hope clear to you.
  Regards,
  R.Brahmankar

• Use of Authorization groups - do we need check on S_PROGRAM as well?

  Hi!
  As a rule we always implement authorization group in the attributes of our ABAP programs. We also insert an include which contains a check:
  AUTHORITY-CHECK OBJECT 'S_PROGRAM'
         ID 'P_GROUP' FIELD  W-SECU
         ID 'P_ACTION' DUMMY.
  where W_SECU is the given authorization group.
  My question is : do we really need this check in saperp2005 systems? I have a feeling that this check is included in the SE38 transaction already now.   Why I think this: someone forgot th copy the content of the mentioned include into our upgraded system, and if I try to run a program with a specfied authorization group I do not have access to , I get a message about this automatically from SE38.
  Regards, Tine

  Hi,
  that must be wrong. You must differentiate between calling transaction SE38 (for which you need an authorization) and executing the program (which you insert as an include). On one side, transaction SA38 is the one your users must call for this. On the other side, I´m also working with MySAP 2005 and SE38 does not check the authority for the program.

• BOM authorization controls -reg

  Friends ,
  we use only BOM with usage 1 -production BOM , we dont want to maintain many BOMs like engineering bom ,design bom ,production bom like that seperately.
  in this context we require some authorization control to control the users for BOM changes for
  BOM during new product developmental stage
  BOM once mass production kicks
  we want certain people only authorised to create or change BOM at new product development stage (precisely at R&D personnel )
  once it goes to mass production we dont want the R&D personnel control on it we would like to authorize operations personnel to take owership of it 
  is this can be done ? which object i have to use to differentiate between BOM at new product stage and mass production stage
  once it changes from new product stage to mass production stage some where we have to maintain this object and contro, through this
  please help at the earliest
  thanks
  madhu kiran

  Hi Madhu,
  The authorization objects checked for BOM, Inform your basis personnel to use them to authorize as per your business need.
  C_STUE_BER     CS BOM Authorizations     
  C_STUE_NOH     CS Authorization to process BOMs without a change number     
  C_STUE_WRK     CS BOM Plant (Plant Assignments)
  C_AENR_BGR          CC Change Master - Authorization Group
  C_AENR_ERW     CC Eng. Chg. Mgmt. Enhanced Authorization
  C_AENR_RV1     CC Engineering change mgmt - revision level for materials
  C_DRAD_OBJ     Create/Change/Display/Delete Object Link     
  C_TCLA_BKA     Authorization for Class Types
  Hope the above answers your query.
  Regards,
  Vivek

• Authorization Group for G/L Account

  Hi,
  What?
  - I wish to restrict the 'posting' of a G/L account to be done by certain users only
  How?
  - What I have done was...
  a) From FS00, I have added a free-text (BANK) into the Authorization Group for a G/L account
  b) From PFCG, a new role was created to allow these 2 Authorization Objects, F_BKPF_BES and F_SKA1_BES
  c) 'BANK' was entered for the Authorization Group for both these 2 Authorization Objects
  d) From there, I have assigned this new role to the user that I wish to allow Posting of the G/L account
  Problem?
  - Other users still can do Posting for this G/L account
  - Any steps which I have missed out here or done wrongly?
  Thanks,
  Brandon

  Hi,
  Some other roles of the users may override and cause the users to post against this GL account.
  Check all the roles relevant for the restricted users. 
  Use SUIM t-code to find if the auth object mentioned above is included in any other role.
  If it be, restrict that again.
  Generally if one role as no restriction against this auth and not all, this issue tends to happen.
  Regards,
  Sridevi

• Restrict Vendor line items display by Vendor authorization group

  Hi Gurus,
  I have a requirement to restrict Vendor line item diplay for Tcode FBL1N, I have updated the Authorization object F_LFA1_BEK, its work fine if all the vendors have authorization, However it also display vendors whose auth. group is "BLANK" or "SAPCE",
  Is there a way that I can slove this issue, is there any SAP notes of other object which needs to be updated ?

  Hi,
  this problem has been discussed on this forum last week. Basically, SAP does not perform authorization check if the authorization group is blank. Hence you need to assign authorization object to all vendors.
  Cheers

• Authorization group in GL A/C using FB01

  HI, We have  activated the authorization Group in GL A/c. Using the authorization object F_BKPF_BES we were able to create restrictions on other tcodes like F-28 . However when using the u201CFB01u201D tcode, the authorization check does not have any effect. I have already check the authorization in SU24 for fb01 and status is set to YES. I have also created a trace(using ST01) for this transaction but ST01 does not show any authorization trace for F_BKPF_BES.

  Hello,
  Authorization object：F_BKPF_BES should be checked when you run FB01.
  In your case,please try to check the following points:
  1.Authrization group was assigend to G/.L master data correctly.
  2.Authrization group  was assigend to object：F_BKPF_BES correctly.
  3.Avtivity was defined in this object correctly.
  4.Role was assgined to user correctly.
  5.SAP_ALL authorization was deleted from the user profile.
  Note: it is impossible to define the authorization group as '  '(space) in object：F_BKPF_BES,
  if '  ' was defined, system will consider there are no any setting existed.
  Hope the above infor. could help you to solve this issue.
  Best Regards,

• Customer Master Data and Line Items Balances Display - Authorization Group

  One autorization group was created and assigned to some customer masters in General, Company Code and Sales Area's.
  User is restricted to one authorization group. When executing FBL5N, all customer balances are displayed i.e. including blank authorization group customer. It is not restricted to authorization group customer! Why?

  Kindly check the authorization objects assigned in the user profile. You may ask your basis to help you with the authorization.

• Use of Authorization Group in OB52

  Dear Experts,
  I have updated Authorization Group as "OB52" in the last column of OB52 T-Code against each posting period variant with account type + , A,D,K,S,M etc with normal period 1 to 12 and special period 13 to 16.
  The same Authorization Group "OB52" is updated in one of FI users say Mr X Role profile under authorization object F_BKPF_BUP.
  Now as per the SAP standard practice the special period 13-16 should open for the user Mr X and block for all other users. But system is allowing to do transaction with special period 13-16 for other users also.
  Please advise where I am wrong.
  Regards,
  Alok

  Dear,
  I will explain you the step involved for auth Mr.X to post for the particular period.
  Let take an example  that Mr.X has to be allowed to post between the period 1 to 11 and other user only for the period 11(Apr - March as fiscal year).
  Now,for valuation variant with account  ' +'  for the first period, you enter from period as '1' and to period as '10' and in second period, you enter from period '11' and to period '11', provide the auth group (eg KU - key user)  in the last column.
  For other accounts (A,D,M,K,S) change the first period from '1' to '12' and dont assign any auth group.
  Now you goto se16n and check in TBRG table whether your auth group KU is available for the object F_BKPF_BUP,if not maintain it.
  The last step is to assign "KU" to Mr.X profile or role against the object F_BKPF_BUP.
  Once you made the change"generate" and save it.
  Now the system will permit Mr.X to post for the periods between 1 to 11 and other user only for 11 period.
  Hope that i am ab;le to clear your boubt.
  Do revert for any further assistance.
  Take care
  God Bless
  Regards

• How can i transfer the 'Authorization Group'(SE54) to another client?

  In project i must define an 'Authorization Group' in T-Code SE54---The 3rd radiobutton.
  But there is no message to me to entry the Request NO.?
  How can i transfer the 'Authorization Group' ?
  I konw the date can be show from view 'V_BRG_54' ,but how to transport the data of the view?
  TKS a millon~~

  Hi,
  If your client is set for automatic recording of changes it should prompt for a transport, check there is not another client where you should make config changes.  If not, the menu option Table View -> Transport will let you assign the Auth group to a transport.
  Regards,
  Nick

• Cant use more than one authorization group per report with SBO CR Basic

  Cant use more than one authorization group per report with SBO CR Basic.
  I have installed on SAP Business One SBO 2007 SP00 PL49 the Crystal Reports Basic 2.0.0.7.
  i have defined two users, manager and supervisor.
  I have defined two groups, M and S.
  Manager belongs in managers (M), and supervisor is assigned to the supervisors (S).
  i enter to one report, disable the public option to enable group authorization, and then check M group.
  Manager can see the report, but Supervisor is not allowed. So far good.
  Then i uncheck M, then check S in the report properties, and Manager cant get in, supervisor opens the report, So far good.
  But when we check both Groups or more, only the M group authorization appears to work, and S group users cant acess, even the report is allowed for that group, also happens with all the groups appart the first (2nd, 3rd, 4th, etc.).
  It seems that a report can manage a single group, but i have to be shure to tell this to the customer.
  So far we have included all Manager users to the S group in order that only S group is used and authorized users can use, but this is duplicating user participation in groups, and it would be much easier to check the desired groups for a single report.

  Cant use more than one authorization group per report with SBO CR Basic.
  I have installed on SAP Business One SBO 2007 SP00 PL49 the Crystal Reports Basic 2.0.0.7.
  i have defined two users, manager and supervisor.
  I have defined two groups, M and S.
  Manager belongs in managers (M), and supervisor is assigned to the supervisors (S).
  i enter to one report, disable the public option to enable group authorization, and then check M group.
  Manager can see the report, but Supervisor is not allowed. So far good.
  Then i uncheck M, then check S in the report properties, and Manager cant get in, supervisor opens the report, So far good.
  But when we check both Groups or more, only the M group authorization appears to work, and S group users cant acess, even the report is allowed for that group, also happens with all the groups appart the first (2nd, 3rd, 4th, etc.).
  It seems that a report can manage a single group, but i have to be shure to tell this to the customer.
  So far we have included all Manager users to the S group in order that only S group is used and authorized users can use, but this is duplicating user participation in groups, and it would be much easier to check the desired groups for a single report.

• Authorization Group restrictions

  Hi Experts,
  I want to restrict user to access documents with help of Authorization Group field in DIR.
  But, problem is client required this Auth. Group field as selection field and not as an entry field available in standard DMS.
  How to provide selection list to user for Auth. Group field. With BADI & SAP Access Key possible but not useful in my case because of some client side restrictions.
  Can SAP Moderator guide me, why SAP chose not to offer a drop down on Authorization Group field with a user selectable list option? Also not even gave chance to consultant to do configuration for such a critical field.
  Thx in advance..

  Hi
  Check my Wiki on the same.
  If you need any more info, get back
  Link: [Authorization group|https://wiki.sdn.sap.com/wiki/display/PLM/UsingAuthorizationGroupfieldin+DMS]
  And if you want to activate dropdown F4 then check this wiki:
  Link: [F4 for auth group|https://wiki.sdn.sap.com/wiki/display/PLM/F4forAuthorization+group]
  Niranjan
  points welcome for useful info
  Edited by: Niranjan Dandekar on Dec 12, 2008 2:08 PM

• Authorization group in material

  Hi,
  Where can we found the field "authorization group" in the material MM01 .
  In OMS9, the field MARA-BEGRU depend on the field selection group and it's defined as a requierement entry. But, I can't found this field in the MM02.
  Thanks in advance for your help.

  The Authorization group field is available in Basic data 1 of material master, at "material authorization group" section of the screen.
  (I checked at ECC 6.0 - R/3. It may be different for IS retial etc)