Company code authorization

Similar Messages

• One report, One Source System with multiple Company Codes -- Authorization

  Hello Guys
  We have 2 DEV source systems for our BI implementation right now. one for US (CCode - 406) an one UK(CCode - 301).
  We have already completed the implementation for UK with 38 reports.
  we are right now moving the US implementation.
  when we move to QAS we are going to have one Source system with both US and UK data.
  so when we move to QAS, the US clients wants to view the reports developed in UK implementation with their own data.
  How can we do that. since some reports doesn't have company code to restrict the data to respective users.
  Thanks and Kind regards,
  shekar.

  Hi
  First make the company code authorization relevant in infoobject BEx explore tab
  If your in BI7 , you have analysis authorization concept
  http://help.sap.com/saphelp_nw70/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm
  Regards
  N Ganesh

• CO authorizations by company code

  Dear all,
  I am looking for a solution to the following requirement: given is
  1 CO Area  for mutliple company codes
  Authorization shall be given to the controller for MOVEMENT DATA only for the company code he works for. So this could be controlled via RESPAREA in authorization object K_CCA. However, the same user shall be able to see ALL cost center hierarchies (standard and alternative hierarchies) and ALL cost center master data for all company codes. Thus RESPAREA would need a "*" with the effect that movement data can then be seen also from all company codes.
  Any idea how to resolve this, e.g. by using another authorization object or value? Thanks in advance.
  Peter
  Moderator: You'd better ask this in Security forum. As soon as you do, I'll close this thread

  Hi,
  I guess you should be able to control the authorisations with a single User ID.
  Follow the below steps :
  1. Create a new Role for the user.
  2. In the Role, for the authroisation object K_CSKS ( CO-CCA: Cost Center Master), you allow all cost centers. Thus, the user can get access to the master data of all cost centers in the given controlling area.
  3. For the reports, the authorisation object is K_REPO_CCA ( CO-CCA: Reporting on Cost Centers/Cost Elements ), here you need to restrict the cost centers for which he is allowed to view the reports . The pain here is that you don't have the option of entering the Cost center groups, rather you can give the cost center values in the range.
  4. In the authorisation object, K_CCA ( CO-CCA: Gen. Authorization Object for Cost Center Accounting), you try giving all cost centers in the controlling area , if it does not work then, don;t give any cost center so that it will take from the above authorisation objects in 2 & 3 above.
  I suggest you discuss with Basis consultant, who will guide you through the above process.
  Njoy
  Siva

• During MIRO"No amount authorization for customers/vendors in company code "

  Hi All,
  When I am doing MIRO the system is throughing message
  "No amount authorization for customers/vendors in company code Z114
  Message no. F5155
  Diagnosis
  No amount authorization for customer/vendor line items has been specified in company code Z114 for the user group to which you are assigned.
  Provided that you are not explicitly assigned to a user group, the amount authorization to the group blank (" ") is valid.
  Procedure
  If you entered the correct company code, initiate the maintenance of tables T043 (user groups) and/or T043T (company code authorizations)".
  Please  tell me procedure and steps to solve this issue.....
  Thanks&Regards,
  chand

  Hi All,
  the problem didnt solve,
  please tell me the steps to solve the issue...
  hope to hear from you all.........
  Thanks&Regards
  chand

• MIRO Error- No amount authorization for customers/vendors in company code

  Hi Friends,
  While creating Invoice (MIRO), when I enter amount at Header level, I faced below error.
  No amount authorization for customers/vendors in company code  XXX.
  Message no. F5155
  Please help to know how to rectify this.
  Regards, RAMAN.

  HI
  My problem  is not solved please guide me
  No amount authorization for customers/vendors in company code xxxx
  Message no. F5155
  Diagnosis
  No amount authorization for customer/vendor line items has been specified in company code xxxx for the user group to which you are assigned.
  Provided that you are not explicitly assigned to a user group, the amount authorization to the group blank (" ") is valid.
  Procedure
  If you entered the correct company code, initiate the maintenance of tables T043 (user groups) and/or T043T (company code authorizations).
  Regards
  Krishna

• Authorization issue with Company code/ Cost center combination

  Hi,
  I am currently trying to restrict user access by company code and cost center combination.
  We have roles defined for each user and I am trying to use the standard authorization object A_S_KOSTL in this role . It seems that since it is not a 'maintianed' object no activity can be assigned to this autorization object.
  currently the values are :
  company Code : 1110 , 1112, 1114
  Cost Center : *
  i am getting sy-subrc as 0 even when i test for company code : 1110 for a user with the above role.
  My code is :
  AUTHORITY-CHECK OBJECT 'A_S_KOSTL'
      ID 'BUKRS' FIELD '1110'.
  F sy-subrc EQ 0.
    AUTHORITY-CHECK OBJECT 'A_S_KOSTL'
    ID 'KOSTL' FIELD '*' .
    IF sy-subrc EQ 0.
      MESSAGE 'Success with KOSTL also' TYPE 'S'.
    ELSE.
        MESSAGE 'Success with BUKRS only' TYPE 'S'.
    ENDIF.
  ELSE.
        MESSAGE 'Failure' TYPE 'S'.
  ENDIF .
  I get a subrc NE 0 for the KOSTL part. The test passes for BUKRS.
  Please advise on how to proceed.
  Thanks and Regards
  Soumya

  Okay, I misread the "NE". Sorry.
  Have you done a syntax check on it?
  Also compare to:
  AUTHORITY-CHECK <object>
  ID 'KOSTL' '*'.
  I cannot confess to ever have done a "full" AUTHORITY-CHECK myself, but it is most likely the same as with DUMMY ->  you should not use the FIELD statement as '' value if the data element does not know what a '' is...
  Cheers,
  Julius

• Infotype authorizations at Company Code level

  The project I am working on has two company codes 1000 & 1100.  The user requirement is that a person working in one company should be able to make changes only to employee data of employee's in his/her company and to have only read authorizations for employee data from the other company.
  I've tried creating a role for Company 1000's employees where the authorization object P_ORGIN has Personnel Areas for that company code itself and all permissions (read, write etc.) and another role with read access to all Personnel Areas.  However, when assigned to a user, they are still able to access data from the other company (i.e. the company whose personnel areas were not listed in the first role). 
  Any ideas what I am doing wrong and how I can resolve them?

  Authorization level            *
  Infotype                       *
  Personnel Area                 1000's Personnel Areas
  Employee Group                 *
  Employee Subgroup              *
  Subtype                        *
  Organizational Key             *
  Authorization level            R
  Infotype                       *
  Personnel Area                 1100's Personnel Areas
  Employee Group                 *
  Employee Subgroup              *
  Subtype                        *
  Organizational Key             *
  This config should work.
  Or can you post the values you entered in all the HR authorization objects in your role so that we can check. (P_ORGIN, PLOGI, P_PERNR etc)

• Authorization at Company Code Level for table FEBKO

  Hello Experts,
  I need to add authorization check on my report program that accesses and displays data from table FEBKO. However the user should only be able to access the data of table FEBKO particular only for their company code. How can I apply this? Thanks in advance for all your responses!
  Best Regards,
  Kurtt

  Hi,
  if it is in your own report, you can define your own authorization object with field for company code. Check transaction SU21 or ask your security guy. Then you will check if an user have authorization for this object.
  Cheers

• Data model 0G: No authorization for entity type Account (Company Code) - activity Display

  Hello Expert,
  I have a problem with authorization in MDG-F.
  I want to create Account with Collective processing. After, entered Entity type, Edition and Chart of account,  Blocking message "Data model 0G: No authorization for entity type Account (Company Code) - activity Display" is displayed.
  But, i checked in PFCG transaction, for this user profil, activity are : create or generate, Change and display. So, for me , it is correct.
  Please, check screen shot below :
  Blocking message :
  and in PFCG transaction
  Could you help me to solve this point?
  Kind regards,
  Heri RAOELISON

  Hi Heri,
  the system behavior is correct. The account in company code consists of three entity types:
  1) COA - Chart of Accounts (Type 3)
  2) ACCOUNT - Account (A-Segment, related to ECC table SKA1, Type 1)
  3) ACCCCDET - Account in Company Code (B-Segment, releated to ECC table SKB1, Type 1).
  3) includes 1) and 2) whereas 2) includes 1). If you grant authorization only for 3) but not for 1) and 2), you cannot do anything.
  Best regards
  Michael

• Authorization-check in company code for GR55 reports

  Hi to all!
  Created User: ZTESTUSER
  The scenario is this.
  We created a report in GR55(Report Painter) and we want users (ex. ZTESTUSER) to access only company codes 7000 to 7999. How will I be able to do that?
  I am thinking of creating a role or profile then assign it to the user, but I was not be able to locate an authorization object for GR55 reports.
  The authorization object in GR51 is not doing what we want. It only control the create/change/display and execution transactions.
  I tried using validation in GGB0 but I can't find a parameters where the GR55 reports will be checked so the users will be limited by company code.
  Can somebody help me?
  Thanks a lot.

  I programmed a company code check for a report like this.
  ===========================================================
  data: lv_text(4) type c.
    if p_bukrs is not initial.
      select single * from T001
                    where bukrs = p_bukrs.
      if sy-subrc <> 0.
        message e321(FR) with p_bukrs.
      endif.
      AUTHORITY-CHECK OBJECT 'F_SKA1_BUK'
      ID 'BUKRS' field T001-BUKRS
      ID 'ACTVT' field '03'.
      if sy-subrc <> 0.
        clear lv_text.
        lv_text = p_bukrs.
        message e800(FR) with p_bukrs.
      endif.
    endif.
  ============================================================
  but I was not able to do that in GR55 reports because the program is automatically generated by SAP named GPXXXXXXXXXXXXXXXXXXXXXXXXXXXX.

• Authorization objects which contain company code field

  Hi,
  We are looking for list of Authorization objects which contain company code field for Audit. The listing should have Role, Authorization obj and the <b>company code and values</b>.
  Is there any we can query this info.
  Thanks,
  Sam
  Message was edited by: Sam

  Hi,
  You can use the follwing
  in USR12 table
  in USOBT table (but you get the details for the Auth Obj in the Tcodes and their field values.
  But as far as my knowledge goes you will get all the Auth Obj with Company code field
  Caution: If there are some objects in not check or are which are not in any tcodes then they will not be captured.
  But they are very less I guess and so i think you can capture most of the Auth Obj I guess
  Message was edited by: Manohar Kappala

• No authorization for company code in MRBR

  Transaction MRBR is currently wide open. Anyone with authorization to this transaction can unblock invoices in any company code.
  Standard security profiles can only restrict users at universal (*) or purchasing group level. We require control on company code.
  OSS 399953 suggests creating validation rule (GGB0) to test user authorizations for transaction MRBR and authorization object F_BKPF_BUK.
  Can anyone supply the validation coding to solve this security problem?
  Is anyone familiar with this problem ? Do you have a solution ? also None standard SAP solutions are welcome
  Thanks in advance
  Greetings,
  Vincent

  Hi Vincent
  Another option could be to implement an authorization check in the BAdI MRM_RELEASE_CHECK - this is, of course not Standard.
  The code could look somthing like this:
  DATA: wa_rbkp_blocked TYPE mrm_tab_rbkp_blocked.
    LOOP AT i_rbkp_blocked INTO wa_rbkp_blocked.
      AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
               ID 'BUKRS' FIELD wa_rbkp_blocked-bukrs
               ID 'ACTVT' FIELD '02'.
      IF sy-subrc EQ 0.
        APPEND wa_rbkp_blocked TO e_rbkp_blocked.
        CLEAR wa_rbkp_blocked.
      ENDIF.
    ENDLOOP.
  Regards
  Morten Nielsen

• *NO AUTHORIZATIONS FOR CREATING ACCOUNTS IN COMPANY CODE*

  HI
  NO AUTHORIZATIONS FOR CREATING ACCOUNTS IN COMPANY CODE
  SYSTEM MESSAGE:
  No authorization for creating accounts in company code 3333
  Message no. F2305
  System Response
  You cannot access the requested data.
  Procedure for System Administration
  If necessary, include an entry in the user's authorization profile for the authorization object and parameters specified below.
  Authorization object:
  F_KNA1_BUK
  Parameter:
  Company code: 3333
  Actions: 01
  KINDLY THROW UR IDEAS

  Hi,
  You have not been authorized for this transaction. Please speak with your BASIS guy he will give you the authorization.
  Regards,
  Abhee.

• Delete authorization for specific Company Code

  All,
  For a specific transactions, our users may only run the transaction for a specific company code. Transaction is TPM55A
  What authorization object do I need to add to my role, so the users have only authorization for let's say Company code range 1000 - 1050.
  Many thanx for help
  kr,
  Stef

  Hi Stef,
  Please try to add this authorisation object manually F_BKPF_BUK- Authorisation object for company code.
  In the filed BUKRS you can maintain the company code as you required for the users.
  I hope this may help you in resolving the issue.
  Thanks
  Karthick

• T-code CJ88 role authorization  using company code?

  Hi expert!
  who can tell me how to control  CJ88 T-code using company code .
  the business is below:
  1, the user have 10 company code  and only one control ares.
  2, one employee cannot use CJ88 to settlement the project of the other company code.
  can any one tell me how can i control
  Please explain me all the steps to be required.
  Thanks in advance!

  I am not sure about CoCode wise authorization for CJ88...you said you have 10Cocodes, if the Person Responsible of the projects are different for each cocode, then use authorization object C_PROJ_VNR (Project Manager for Proj Def) or C_PRPS_VNR(project manager for WBSE) for running CJ88, so that person repsonsible of other company code project cannot run settlement of other projects.