Controlling authorization for t-code SQVI.

Similar Messages

• How to Control authorization for users with certain status for level 2 WBS Element

  Dear All,
  Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
  Pre-requisite:
  There is only 2 level of project i.e.
  Lev_ WBSE_______Description
  1___ 7-14.E_______summay outage controller
  2___ 7-14.E.2310__ Plant/unit # 2310
  2___ 7-14.E.2310__ Plant/unit # 2220
  Project Controller  (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
  Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
  User ID_ Plant #
  123345_ 2310
  122455_ 2220
  Issue:
  After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
  Solution required: 
  Can any one tell how to control this scenario either by standard or enhancement available to control authorization
  BR
  Saqib Usman   

  Hi,
  Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
  Thank you and regards,
  Varshal Kachole
  The SCN Rules of Engagement

• No authorization for company code in MRBR

  Transaction MRBR is currently wide open. Anyone with authorization to this transaction can unblock invoices in any company code.
  Standard security profiles can only restrict users at universal (*) or purchasing group level. We require control on company code.
  OSS 399953 suggests creating validation rule (GGB0) to test user authorizations for transaction MRBR and authorization object F_BKPF_BUK.
  Can anyone supply the validation coding to solve this security problem?
  Is anyone familiar with this problem ? Do you have a solution ? also None standard SAP solutions are welcome
  Thanks in advance
  Greetings,
  Vincent

  Hi Vincent
  Another option could be to implement an authorization check in the BAdI MRM_RELEASE_CHECK - this is, of course not Standard.
  The code could look somthing like this:
  DATA: wa_rbkp_blocked TYPE mrm_tab_rbkp_blocked.
    LOOP AT i_rbkp_blocked INTO wa_rbkp_blocked.
      AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
               ID 'BUKRS' FIELD wa_rbkp_blocked-bukrs
               ID 'ACTVT' FIELD '02'.
      IF sy-subrc EQ 0.
        APPEND wa_rbkp_blocked TO e_rbkp_blocked.
        CLEAR wa_rbkp_blocked.
      ENDIF.
    ENDLOOP.
  Regards
  Morten Nielsen

• Error from BAPI_ALM_CONF_CREATE - "YOU HAVE NO AUTHORIZATION FOR T-CODE"

  Hi guys.
  I am getting an error message from the BAPI_ALM_CONF_CREATE with the DETAIL_RETURN returning "You have no authorization for the t-code".
  The error is arising from the form AUTH_CHECK_TYPE.
    AUTHORITY-CHECK OBJECT 'C_AFKO_ATY'
         ID 'ACTVT' FIELD tmp_actvt
         ID 'AUTYP' FIELD act_autyp.
  Thanks in advance.

  Hi,
  This might be beacuase you do not have authorization to that Tcode.
  Go to SU53 tcode and check authorizations You have for your User name. Ask Basis people to provide authorization to the Tcode for your User id.
  Regards,
  Karuna

• Control Indicators For Controlling area(for company Code) do not exist

  Hi Masters
  please any one help me to solved this error i.e. when i m creating purchase order through ME21N and at the time of save system shows the msg. "Control indicators for conrolling area SS88 do not exist". (My co. code and controlling area Is "SS88" in my practice server at my home).

  Dear Swapnil Ashtankar
  Go to OKKP, select your controlling area and double click on Activate Components / Control Indicators and Activate for the current year. and select cost centers componants are active, & select check box Activity type & select order mgt active , commitmnet magt active,
  regards
  shankar

• Volume control askin for a code?

  my ipod is askin for a code..when i go to settings > volume limit > Enter code!
  :S....Anything i can do? plz help
    Windows XP  

  If you've forgotten the combination (or one was inadvertently entered), you'll have to restore the iPod .
  http://docs.info.apple.com/article.html?artnum=303414

• Authorization for t-code

  hi friends,
  I have created parameter transaction using se93 for table display (SM30) and then created an authorization object
  using t-code su21. this authorization object contain only 2 ctivities i'e change and display(02 and 03)
  now i want to attach this authorization object to tis t-code.
  how can i do this.
  there is no report for this t-code so i cannot use authority-ceck key word in program.
  kindly suggest
  <removed_by_moderator>
  Regards
  Edited by: Bernhard Hochreiter on May 6, 2010 9:07 AM

  Pankaj,
  authority-check object 'S_TCODE'
  id 'TCD'
  field 'SM35'.
  if sy-subrc ne 0.
  User does not have authority for transaction SM35!!!
  endif.
  or
  Try FM AUTHORITY_CHECK_TCODE

• USER AUTHORIZATION FOR T-CODE OB52 & OKP1

  Hi Experts,
  I would like to know if there is a t-code that assigns USER to open another t-code.
  OB52 & OKP1?
  I want to restrict this t-code for only few users....
  Is it possible?
  Need advice plese
  Rey

  Hi Rey,
      As per my knowledge the authorizations will be done by BASIS consultants.
  R.K

• Authorization for tax code in PO

  Hi,
  I have one issue from the client. In Po creation (ME21N), they want to restrict some users to enter only few tax codes from among the list. For example if there are 30 tax codes, then user should be authorised to enter only 5 tax codes from the list. In standard authorization, there doesn't exist an authorization object to restrict tax codes.
  For this I have created a Z-authorization object with authorization field (MWSKZ), in the user profile this authorization object has been assigned.
  I am stuck at coding the authorization object means calling this object whenever the user creates the PO. Can you pls guide me on this?
  Regards,
  pankaj

  Hi
  Hi See the following and do accordingly In general different users will be given different authorizations based on their role in the orgn. We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes. USe SUIM and SU21 T codes for this. Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction. If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check. This means you have to allocate an authorization object in the definition of the transaction. For example: program an AUTHORITY-CHECK. AUTHORITY-CHECK OBJECT ID FIELD . ID FIELD . ... ID FIELD . The OBJECT parameter specifies the authorization object. The ID parameter specifies an authorization field (in the authorization object). The FIELD parameter specifies a value for the authorization field. The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks. Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values. You program the authorization check using the ABAP statement AUTHORITY-CHECK. AUTHORITY-CHECK OBJECT 'S_TRVL_BKS' ID 'ACTVT' FIELD '02' ID 'CUSTTYPE' FIELD 'B'. IF SY-SUBRC 0. MESSAGE E... ENDIF. 'S_TRVL_BKS' is a auth. object ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display. The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity. This Authorization concept is somewhat linked with BASIS people. As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user. Take the help of the basis Guy and create and use.

• How to restrict authorization for MMBE

  Hi,
  I need to restrict the authorization for t-code MMBE according to plant wise. Can anybody tell me about the procedure and authorization object used.
  Regards

  M_MATE_WRK Material Master: Plants is the object that is used to control teh display of data at plant level in tcode MMBE

• Authorization for Measuring document creation

  Hi,
  i have one issue. I want to provide authorization for measuring documents creation. That has been done by providing the different authorization groups in roles for T codes IK11, Ik12 etc to the users. Now users with a authorized authorization group for perticular measuring point can create a measuring document fo that. But the problem is that despite the authorization group, if user goes to t code iw41 for order confirmation , there he can create measuring documents of any authoprization group. How to control that thing. I also give authorization group authorization for t code IW41 but still it is allowing for the creation of documents. any help on this thing.
  Regards,
  Aman Sharma

  Hi
     there are two ways you can control the measurement reading entry
  1. Block the authorisation of IK11.When you go to confirmation screen through IW41 , there a button for measurement document update. Even the user will press it system will not allowed to enter in it as he is no authorisation
  2.You can configure the screen template for overall confirmation  and use this profile while doing overall confirmation using iw42. There you can hide the measurment detail screen.
  customising node " Set Screen Templates for Completion Confirmation "
  Regards
  Amar

• Authorization for the Tax auditor

  Dear All,
  We are facing the problem to acces the person who got transftered to the other department.
  Tax auditor should have access to all the person which is belonging a personal area, Even if the person got tranfered to other personal area and was belong to that same  personnel area.
  Since LDB is reading the first record for the IT0001.We have given the access in the role for the infotypes with a  personal area.
  Auditor is not able to see the record for the transferd person.
  We tried to copy the program RPCAOKD0 and override the standard authorization check using the statement
  pnp_sw_skip_pernr = 'N'.
  but not working.
  Please sugest.
  Thanks
  Vikas

  Hi,
  You can change the code below
  *---Authorization for Company code entered by the users.
  *---This code will restrict users to see data for company
  *---codes which they are not authorized to.
  *---Select all the company codes based upon selection entered by the
  *---user
  SELECT bukrs
     FROM t001
     INTO TABLE li_bukrs
    WHERE bukrs IN z_bukrs.
  IF sy-subrc EQ 0.
  *---Clear Screen variable for Company code
     CLEAR z_bukrs.
     REFRESH z_bukrs.
  *---Filter and prepare Select options for Company code table to be
  *---passed to query. Table will only have values of company codes he is
  *---authorized to for display.
     LOOP AT li_bukrs INTO lwa_bukrs.
       AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
                         ID 'BUKRS' FIELD lwa_bukrs
                         ID 'ACTVT' FIELD '03'.
       IF sy-subrc = 0.
         z_bukrs-sign = 'I'.
         z_bukrs-option = 'EQ'.
         z_bukrs-low = lwa_bukrs.
         z_bukrs-high = space.
         APPEND z_bukrs.
       ELSE.
         lv_flag = 'X'.
       ENDIF.
     ENDLOOP.
  *---Give warning message to the user in case he is not authorized to see
  *---data for all the company codes that he has entered.
     IF lv_flag = 'X'.
       MESSAGE ID 'ZFNG' TYPE 'W' NUMBER '015'.
     ENDIF.
  ENDIF.
  This code does an authorization check at company code level and removes all the company codes that user has entered but is not authorized to look for. After that we pass the filtered list of company codes for which user is authorized to in the select query and fetch the results. You can first select all the records from database for PERNR and VKORG. Then filter them and prepare new list of VKORG and PERNR after performing authorization check and pass it further to select queries in your program.
  KR Jaideep,

• Authorization for the report

  Hi
  I have made one report,  I needed to check the authorization for the report, how to do it.
  Eg.  One employee is executing the report, he only needed to select his transaction
  If somebody from one sales organisation, they only needed to take the data belongs to the sales office.
  SELECT-OPTIONS: p_vkorg  FOR tvkot-vkorg.
  SELECT-OPTIONS: p_pernr FOR pa0001-pernr
  for example two selection parameter is displaying. if my employee no is 100, while trying to enter execute the report for 200 employee no. no data should show. like that vkorg filed also should work.
  Please let me know how it possible.
  Regards
  Sebastian John

  Hi,
  You can change the code below
  *---Authorization for Company code entered by the users.
  *---This code will restrict users to see data for company
  *---codes which they are not authorized to.
  *---Select all the company codes based upon selection entered by the
  *---user
  SELECT bukrs
     FROM t001
     INTO TABLE li_bukrs
    WHERE bukrs IN z_bukrs.
  IF sy-subrc EQ 0.
  *---Clear Screen variable for Company code
     CLEAR z_bukrs.
     REFRESH z_bukrs.
  *---Filter and prepare Select options for Company code table to be
  *---passed to query. Table will only have values of company codes he is
  *---authorized to for display.
     LOOP AT li_bukrs INTO lwa_bukrs.
       AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
                         ID 'BUKRS' FIELD lwa_bukrs
                         ID 'ACTVT' FIELD '03'.
       IF sy-subrc = 0.
         z_bukrs-sign = 'I'.
         z_bukrs-option = 'EQ'.
         z_bukrs-low = lwa_bukrs.
         z_bukrs-high = space.
         APPEND z_bukrs.
       ELSE.
         lv_flag = 'X'.
       ENDIF.
     ENDLOOP.
  *---Give warning message to the user in case he is not authorized to see
  *---data for all the company codes that he has entered.
     IF lv_flag = 'X'.
       MESSAGE ID 'ZFNG' TYPE 'W' NUMBER '015'.
     ENDIF.
  ENDIF.
  This code does an authorization check at company code level and removes all the company codes that user has entered but is not authorized to look for. After that we pass the filtered list of company codes for which user is authorized to in the select query and fetch the results. You can first select all the records from database for PERNR and VKORG. Then filter them and prepare new list of VKORG and PERNR after performing authorization check and pass it further to select queries in your program.
  KR Jaideep,

• Role authorization for CJ88 T Code

  SAP Gurus
  can any one tell me control the CJ88 T code, my client is having 4 business areas but, so in one business area employee will not access the other business area WBS element, can any one tell me how can i control
  thanks in adv
  venkat

  You could get with your Basis group to add the authorization object: F_BKPF_GSB - Accounting Document: Authorization for Business Areas to the CJ88 transaction and set it to be checked at execution.  Then you could create different roles for each business area and set them to the different values for BA.  You can use TCode SU24 to see that there are no authorization objects in CJ88 for checking BA in SAP standard.
  Alternately, you could find another role that already has this object and limit it by each area, but this would take multiple, nearly identical roles.
  Regards

• Authorization at Company Code Level for table FEBKO

  Hello Experts,
  I need to add authorization check on my report program that accesses and displays data from table FEBKO. However the user should only be able to access the data of table FEBKO particular only for their company code. How can I apply this? Thanks in advance for all your responses!
  Best Regards,
  Kurtt

  Hi,
  if it is in your own report, you can define your own authorization object with field for company code. Check transaction SU21 or ask your security guy. Then you will check if an user have authorization for this object.
  Cheers