Company Security at specific hierarchy points

I need to enable company level security when users want to run a report at certain cost center hierarchy points. Does anyone know how/if this is possible?
The company needs to be available to be run with lower level cost center hierarchy points and the hierarchy points at the top need to be able to be run with certain companies. So they are interdependant. I am being told that company and cost center security is independant.
So to put it another way - if account 100 is run then users must have clearance to run hierarchy point A. However if someone wants to run company 200 they can run hierarchy A or if they want to run company 100 they can run hierarchy point AAA for instance.
Any help will be appreciated.

If this is for K_CCA then I have customers using a standard hierarchy with the company code and business area as a prefix in the naming convention of the nodes. How you then structure the hierarchy is up to you, however I would not make it too complicated or deep into the hierarchy. Go for layer 1 as company code and layer 2 as the "secondary hierarchy" per company and authorize at this 2nd layer to achieve what you want. The cost centers can still move around as they please without having to change the auths.
Alternately it is possible to use up to 3 hierarchies at the same time, but I haven't tried yet myself. This might meet your hierarchy requirement but probably not the company code requirement. I believe the original intention was to be able to create a hierarchy each year and be able to report on older hierarchies while creating new authorizations for the new hierarchy.
Not sure whether anyone actually ever did that though nor whether it lasted very long (e.g. longer than 3 years...)
Do you also need this for profit center reporting and master data maintenance?
Cheers,
Julius

Similar Messages

  • New specific hierarchy using table SETCLST, SETHEADER and SETNODE

    Hi expert,
    I want to know if they are any customizing point to configure a new specific hiearchy using standard table SETCLST, SETHEADER and SETNODE?
    Thanks for your help.
    Regards
    Jonathan
    Edited by: Jonathan on Aug 2, 2011 3:36 PM

    We have a specific request to implement a specific hierarchy with specific data. The table with the specific data exist but now our user want to create a hierarchy with it. I know SAP use this standard table to create hiearchy with standard data.
    My question is I want to know if they are any transaction to customise this tables to create the hiearchy?
    Thanks for your help

  • View all what I have done from a specific start point or time frame ?

    While I am Creating A Controlling Area,  and Defining a Cost Center Standard Hierarchy
    get a phone call or meeting.   Need to get back to keep going,  is there a way or a T-Code to view all what I have done from a specific start point or time frame ?

    Greatly appreciate every single reply from all of you.
    I did access T-Code SE10, and attached a screen.
    The most confusing thing i have ever seen   
    I was hoping for some type of report that looks like an Excel sheet where it can give better details.

  • How do I mount a partition at a specific mount point.

    How do I mount a partition at a specific mount point? For example I see a Vol01 disk image, which is a partition of one of my hard drives, sitting on my desktop. Under the disk utility it says that its mount point is /Volumes/Vol01. How do I mount this partition as a file system at /Users?
    Thanks, much appreciated.

    why do you want to do this? it sounds like you want to keep your home directory on an external drive. this can be done without changing the mount point of the external. copy the home directory to the external. then in system preferences preferences->accounts, unlock the lock at the bottom, control-click on your user and select "advanced options." In the resulting popup change the location of the home directory to the external.
    in general to change the default mount point of a drive see this link
    http://beta.jamesstroud.com/jamess-miscellaneous-how-tos/os-x-admin/os-x-firewir e-mount-point

  • Problems streaming specific App-V applications from specific distribution point. Cannot find any KB article on the error?

    Hi there,
    Some clients are having trouble streaming specific app-v packages from a specific distribution point.
    sftlog.txt shows the following on the client:
    [05/14/2014 10:39:25:442 AMGR WRN] {tid=E7C}
    Attempting Transport Connection
    URL:
    https://APPVSERVER:443/NOCERT_SMS_DP_SMSPKGE$/VirtualAppStreaming/AGR00215/{85738DDB-F118-48F3-9459-47354509E464}/AGR00215.sft
    Error: 2460410A-40002EFD
    [05/14/2014 10:39:25:458 JGSW ERR] {hap=34:app=APPNAME 2.0 2.0.0.0:tid=1334:usr=*****}
    The Application Virtualization Client could not connect to stream URL 'https://APPVSERVER:443/NOCERT_SMS_DP_SMSPKGE$/VirtualAppStreaming/AGR00215/{85738DDB-F118-48F3-9459-47354509E464}/AGR00215.sft' (rc 2460410A-40002EFD, original rc 2460410A-40002EFD).
    [05/14/2014 10:39:25:458 SWAP ERR] {hap=34:app=APPNAME 2.0 2.0.0.0:tid=1334:usr=****}
    The client was unable to connect to an Application Virtualization Server (rc 2460410A-40002EFD)
    I have recreated the DP based on the best practice for removing the DP and re-adding, as we've had other app issues which needed tidying up, but that has not fixed this issue.
    I have searched for the above error (The client was unable to connect to an Application Virtualization Server (rc 2460410A-40002EFD) but I get no results.
    Please help me with this, I've deleted the DP content and re distributed the content to the DP with no change.. If I remove the DP, the content is able to be streamed from other DP's no problem.
    Cheers
    Max
    Max Christopher

    It looks as though this may have been sorted out  - A re bind of the computer cert on the DP to the default website https binding seems to have resolved this for me.
    Max Christopher

  • Data Level security for specific Users

    Hi,
    Can you please suggest some ideas on by-passing the Data Level security for specific users or specific group?
    Currently, we have data level security defined on a group permissions for one group and for people belonging to another group, the security should not apply and they should see entire data.
    But, key thing here is that, the user belongs to both the groups.
    Any ideas helps.
    Thanks,
    Chandu.

    So you are saying you want a user to belong to a group with data-level security filters, but you don't want the filters to apply to that user?
    Why are they in the group then?
    Are the data filter defined with variables or are the hard-coded?
    If variables, you may be able to put logic in initialization block to set the variable appropriately for specific users.
    I'd rethink the security model - when I define data level security filters, I tend to force users to only belong to a single group/role.

  • RF Queue for a specific Shipping Point ...... Is it possibe?

    Hi,
    We have around 10 doors and 10 shipping points. Transfer orders created for all the outbound deliveries are directed to an RF queue for picking.
    Now, we have a specific  Shipping Point which we want to seperate out for picking and we want the transfer orders to go to a different queue.
    How can this be achieved?
    Few clues which might work out are :
    1) If we can somehow link that shipping point to a door, then we can create a queue for that door. But how can we link a shipping point to a door?
    2) If we create a new storage type and direct our picking to the new storage type. Is it possible? how?
    Any other suggestions are welcome.
    Thanks in advance.
    -Mike

    It is http://server:port/reports/rwservlet/showmyjobs.
    I have a pull-down (mmb) menu item that does the following. We're using Single Sign-on; not sure how this would need to be modified without SSO.
    WEB.show_document(:GLOBAL.report_server_url||'/showmyjobs','_blank');

  • Security package specific error occurred when trying to connect to Orchestrator with remote Runbook Designer

    When I try to connect to Orchestrator server with Runbook Designer installed on my laptop I get an error saying "A security  package specific error occurred.".
    Entry from Designer log file is below. I've tried to set error level to 3 and 7 but got no additional info about the error. I'm unable to find any details of the error on server or client side in any logs (Event Log or Orchestrator trace logs).
    Connecting to Orchestrator Management Server with local Designer installed on the server works fine. 
    Orchestrator is installed in AD environment and security groups are properly configured.
    Can anybody help?
    2012-06-12 11:35:51 [7472] 1 Exception caught in long __cdecl `anonymous-namespace'::connectCommunicator(struct HWND__ *,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &)
    Connections.cpp(238):
    <Exception>
    <Type>Opalis::Exception</Type>
    <Location>
    void __thiscall ServiceCommunicator::connect(const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &)
    ServiceCommunicator.cpp(118)
    </Location>
    <MsgCode>A security package specific error occurred.
    </MsgCode>
    </Exception>

    I'm having a similar issue with one of our runbook servers. i cannot deploy any IPs to it. I get the error "A security package specific error occurred". I can open the designer on the runbook server, connect to the management server, and look at
    runbooks. They wont run on the server without the IPs though, but it doesnt seem like a connection issue. i have also tried uninstalling/re-installing the runbook server and i get the same. 
    Has anybody else run into this? 
    Edit:
    Heres an error fromthe event log:
    The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server <Service Account>. The target name used was HOST/server.domain.domain.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can
    occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also
    happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to
    use the current password. If the server name is not fully qualified, and the target domain (domain.domain.COM) is different from the client domain (domain.domain.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified
    name to identify the server.
    So maybe I was just given the wrong account.
    - Slow is smooth and smooth is fast.

  • Can we deploy a software from specific Distribution Point

    we have 12 DPs and a Primary Site SCCM 2012. can we deploy a software or Updates from
    specific Distribution Point?
    Thanks

    DP use by clients is all about your boundaries. Simply adjust your boundary groups so that the good "DP" is referenced in the boundary group defining the boundaries for the alternate location.
    Jason | http://blog.configmgrftw.com

  • Is Outlook app for iOS breaks company security

    Hello Team,
    I have on-premises Exchange 2010 SP3 setup.  Just want to know about the views on below articles... IS this true??
    https://blog.winkelmeyer.com/2015/01/warning-microsofts-outlook-app-for-ios-breaks-your-company-security/
    http://www.networkworld.com/article/2878816/microsoft-subnet/outlook-for-ios-android-flagged-for-inherent-security-flaws.html
    Should I not allowed to use this App to all mobile device users.
    Thanks in Advance
    Thanks in advance NKumar

    iCloud only syncs iCloud calendars.
    If there is an app for viewing outlook calendars then maybe it needs installing everywhere.

  • Load movie and go to the specific cue point?

    How can I load movie(1.swf) into the current file and make it go play the specific cue point (of the child's file)? Can someone please correct my code below?
    on (release) {
    loadMovieNum("1.swf",0);
    // Seek to Cue Name Behavior
    var c = vid.findCuePoint("second_start");
    this.seekSeconds(c.time);
    // End Seek to Cue Name Behavior

    1.  no code following loadMovieNum("1.swf",0) will execute.
    2.  it's not clear there's an flvplayback component named vid anywhere.  if there is such a component, where is it?  in 1.swf?

  • Securing Aironet 350 Access Point

    Hello -
    My small network is operating correctly using the Aironet 350 Access Point and multiple clients. However, the setup is not secure.
    How is it possible to secure access to our AP?
    Specifically: I would like to establish a WEP key, as some devices (i.e. pocket-pc's) do not support more advanced security schemes.
    Thanks,

    Extensible Authentication Protocol (EAP) authentication, also called 802.1x authentication, provides dynamic WEP keys to wireless users. Dynamic WEP keys are more secure than static, or unchanging, WEP keys.
    For more details on configuring both types of WEP refer the following document,
    http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/i12215ja/i12215sc/s15wep.htm

  • Is there any way I can control which specific access point I connect (and stay connected) to from amongst a set of access points with the same SSID?

    I'm working from a boat in a harbor in which the ISP has deployed numerous access points around the periphery.  All the access points share the same SSID and each is configured to use either channel 1, 6 or 11.   From my location, there are over a dozen of these access points "visible" (based on the the output of WiFi Scanner) with a range of RSSI and S/N values that vary over time.
    The ISP has told me that the quality of my connection should be "perfectly fine" for any access point with an RSSI value better than -75, but I know from experience that my connection quality is miserable (i.e. < 50Kbps download) for almost all of these, including those with RSSI values better than -75.  There is at least one exception, however, which gives me on the order of 2Mbps download, which is "great" in this context.
    I've tried using a more powerful USB antenna plugged into my MacBook Air (mid 2011), but as far as I can tell, it really doesn't make much difference.  Neither does my location within the boat.   The overriding factor seems to be which access point I happen to connect up to.
    I should point out that the closest access points are about 75 yards away, with many of them being several hundred yards away or more.  I'm guessing that even though the signal strength of some of the distant access points is causing them to get "chosen" some times, the results are unacceptable due to the distance.
    I'm hoping that I can determine, through experimentation, which access point(s) provide(s) acceptable performance and then configure my Mac to limit my connection to those points through whatever mechanism I need to use (e.g. channel, MAC id, etc.).

    Establishing a wireless connection with a client computer is left to the access point for various reasons. One reason that your Mac may not connect to the strongest access point is that it may have reached a limit of the number of clients it can serve, leaving it unable to accept a connection with another. The limit may not be very large.
    Suppose that happens, and your Mac establishes a connection with a more distant access point having a weaker signal. Then, suppose a client drops off the network. Doesn't this mean your Mac will switch to the stronger access point? Not necessarily. The throughput delivered to and from your Mac would have to drop below a threshold specified in the AP for it to drop the client, leaving your Mac free to connect with another one. The reason for this is to prevent rapid switching from one AP to another in an area in which two signals are of approximately equal quality. If that were to occur the frequent and repetitive handshaking between the two devices would slow throughput to zero.
    In an environment in which several access points are broadcasting the same SSID, Apple provides no insight as to how it determines which access point to choose. This is the reason I suspect this "choice" is a function of the router, or access point. The connection originates with it, not the Mac.
    Now, what would solve your dilemma would be to determine a way to control the access point with which your Mac connects, by specifying the access point's unique MAC address for example. In this happy circumstance, you could maintain an editable "whitelist" or "blacklist" of the harbor's access points and be able to choose which among them you prefer.
    I do not believe OS X maintains such a record of MAC addresses though, only those of the routers it uses. If I am correct about that, such a solution is unlikely to exist. Don't let that discourage you from searching for one though... I would concentrate on something like "selecting access point by specific MAC address".
    I did find this patent application though:
    Roaming Network Stations Using A Mac Address Identifier To Select New Access Point
    Perhaps it's a start

  • BPS Security with Compounded Hierarchy

    In the Cost Center Hierarchy, cost centers have 14 digits, namely 10 digits for cost center, and 4 for controlling area.
    Implementing the white paper to upload user-specific variable values, I find it not possible to update specific cost center values for individual users, since cost centers take 10 digits only, but the hierarchy is looking for 14.
    I tried to add 0CO_AREA to the flat file:
    USER     HIECHA     NODENAME     DUMMY_LEAF     0CO_AREA
    AJOHN     0COSTCENTER     0000001155     X     1000
    However, it still does not get into BPS correctly. What am I missing?

    Hi Stefan,
      See if this helps you...
    http://help.sap.com/saphelp_nw04/helpdata/en/ff/f470375fbf307ee10000009b38f8cf/frameset.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/ff/f470375fbf307ee10000009b38f8cf/frameset.htm
    Thanks,
    Raj

  • Consolidation unit change - error: company already used in hierarchy

    Hi all,
    I have Company 1018 moving up in the hierarchy from congroup B to congroup A.
    I have configured the divestiture date as 12/2010 for Company 1018 in congroup B.
    When I try to add company 1018 to congroup A, I get errormessage that u201CCompany 1018 is already used in hierarchiesu201D that it exist in congroup B.
    Could anyone tell me exactly how to add company 1018 to congroup A to avoid this error message.
    I understand that Iu2019m not doing this in correct way.
    Thanks in advance,
    Sveinn Muller.

    Hi,
    SAP Note 702649 refers to when consgroup is moved
    SAP Note 721376 refers to when cons.unit is moved, as it is in my case
    I'm doing this according to below description in SAP Note 721376
    the only problem is when I add 1018 in consgroup A in my example, I get mentioned error.
    CG1
    |- A        First consolidation in 2003/012 (Start)   divestiture accounting > (grater than)  2005/006 (End)
    |- CG2
        |- A    First consolidation in 2003/012 (Start)   divestiture accounting in 2005/006 (End)
    Rgds.
    Sveinn.

Maybe you are looking for

  • Default Text in Transportation (Shipment)

    Hi Gurus Need yr expertise.. I need to maintain certain default texts for a customer in shipment (transportation).. How can I maintain those texts? Where should I maintain it? Can I maintain it in customer master, so that whenever there is shipment i

  • Problem displaying date

    Hi, I am trying to display date, the source code is: code]import java.lang.*; import java.text.*; import java.util.*; class Date { public static void main(String args[]) { Date date = new Date(); System.out.println("the date is:" + date.toString());

  • I can't rember my ansers for the questions on your security page plz send sorry to cause aney problem

    can't get songs i wood like to buy only just had pc reformated  and can not rember the answers to the questions you set on your page sorry <Email Edited by Host>

  • Help with exit

    Hi all my exit statement is not working why? i wont thet when value true exit from loop.               LOOP AT l_fields INTO wa_l_fields.                 IF wa_l_fields = 'MASSG'.                 exit.               endif.                   CASE wa_l

  • JarClassFinder inEclipse/NWDS not showing up

    Hi, I would love to use the JarClassFinder-Plugin in NWDS (2.0.11), but I can't get it to work. On the IBM-Site it says to put the "jarclassfinder.jar" file to ../eclipse/ directory, but this did not work. I also tried putting the jar into the plugin