Controlling Specific Posting Key Access by Security Roles

Similar Messages

• Document types need restricted to specific posting keys

  Hi,
  When posting a KR document type with transaction F-43 we are able to post GL posting key (40) and posting key(50) without ever entering a vendor posting key(31).
  The question is how do we prevent this situation and make sure that a vendor posting key is used. We can use a validation rule but can this be done with standard configuration.
  Thx,
  -John

  Use a Validation OB28. You can use document type or transaccion code(f-43) in order to make mandatory the posting key 31. Keep in mind that you would need to use the accounting key 40 in order to post the expense.
  Regards

• Can I set Posting key 39 A as optional and 39 F as mandatory?

  Hi,
  Previously we set PO number as mandatory when user perform transaction F-47. The posting key is 39 F.
  I change the config via OB41, posting key 39 PO is mandatory
  Now Account use F-48 to post down payment. The posting key is 29 A.
  After that they want knock off by F-44, posting key is 39A.
  Then we hit error to key in PO number, but we don't have PO to key in.
  May I know, is it possible to set specifically:
  posting key 39 special GL indicator A, the purchasing document is optional?
  posting key 39 special GL indicator F, the purchasing document is mandatory?
  Thanks

  Hello
  At posting key level you control the field status of the document. Now in your case since the posting key 39/29 or for that matter any sgl posting key would be tagged to quite a few indicators so when you make changes for field status at posting key level it would result in central change for all these indicators.
  So what i told you was to check the field status group which is in the alternate g/l account for the relevant special g/l indicator, when you created them. Then in the field status group of this g/l account you can make the choice as suppressed / Display/ Required / Optional as the priority is in that order.
  Hope this clarifies

• Unable to assign all security roles to a user with a new custom security role

  Dear All,
  Happy New Year.!
  I have a query regarding the assignment of Security Roles to new users in CRM. Normally we assign the security roles to new users via an Admin user who has 'System Administrator' security role assigned to him/her. This works perfectly fine, and we can assign
  any desired security role to the new user.
  However, in our case, we need to delegate the user creation rights to some of the client partners. We do not want to give them access to all the Administration functions; hence we created a new Security Role, lets say 'Support User Role'. We have provided
  'Create', 'Append', 'Append To', and 'Assign' rights on 'User' entity for this new security role. With this security role, we are able to create new users now, but we are only able to assign 'Agent' security role, not any other security roles.
  For example, if user 'x' has Security Role defined as 'Support User Role'. If 'x' tries to add a new user 'y', then 'x' is only able to assign 'Agent' security role to 'y', but not any other security role. As per business requirement, 'x' should be able
  to assign some other security roles, including 'Support User Role', to new user 'y'.
  I believe that there is something missing in Security Role configuration, which is causing the above problem. We compared both 'Support User Role' and 'System Administrator' security roles, but not able to figure out which minimum rights we can provide to
  'Support User Role' so that users with this security role can only add new users (with any security role), and that they are not having access on any other Administration features as well.
  Appreciate any help that you can provide on the above issue.
  Thanks in anticipation.

  Hi,
  Can you check if you have organization level Read access for Securitity Role and Organization level Assign access for Security role.
  Refer:-
  http://www.magnetismsolutions.com/blog/paulnieuwelaar/2013/04/22/permissions-required-to-manage-roles-in-dynamics-crm-2011
  Hope this helps!!!
  Thanks,
  Prasad
  Make sure to "Vote as Helpful" and "Mark As Answer",if you get answer of your question

• How can I limit/control the addition of auth. objects to security roles?

  Checking the authorization object S_USER_VAL it seemed that it grants the ability to limit the addition of authorization objects, but I tried using a test ID in sandbox along with a test role, removing the object, creating ranges in order to limit to a certaing type of auth. objects and didn't work. S_USER_AGR will give me access to limit which type of roles I can modify, but I'm looking to restrict the addition of specific security objects to security roles. If anyone knows the answer to this please share! Thanks in advance for your help!!!!
  Edited by: Armando Salas on Nov 29, 2011 7:41 PM

  Hi Armando,
  Try with auth.obj. S_USER_AUT. A suggestion. Search this objects with tcode SU24, for instance, for tcode PFCG and it gives a list with objects.
  I hope this helps you
  Regards
  Eduardo

• Hi, I keep getting this message: Creative Cloud attempted to access a secure website, Parental Controls restricts access to secure websites. To add this website to your approved list, click Add Website. To do this, you need an administrator password.

  Hi, I keep getting this message: Creative Cloud attempted to access a secure website, Parental Controls restricts access to secure websites. To add this website to your approved list, click Add Website. To do this, you need an administrator password.
  what is this? what password do i need?
  I am trying to download Creative Cloud but it not working?

  Tamaro34896425 the error message you have posted appears to be related to the settings of your security software.  You can find guidance on how to configure software firewalls at Sign in, activation, or connection errors | CC, CS6, CS5.5 - http://helpx.adobe.com/x-productkb/policy-pricing/activation-network-issues.html.  You can find a link to the list of secure servers that the computer will need access to.

• CRM 2011: Can you control which form is used based not security roles, but on a field value?

  I see that you can control which form is used based on security roles, but can you control it based on other field values?  I'd like a new record to use a different form until a given status is updated.  I have a status of draft and active. So
  it would be nice if I could use form1 for those in draft, form2 for those that are active.  But I only see where you can control that via the security roles.
  I can code all of this via JavaScript, but having the ability to use two separate forms would be nice.  Is that even possible.
  Best regards,
  Jon Gregory Rothlander

  Hello,
  Recheck following article - http://gonzaloruizcrm.blogspot.com/2014/11/avoiding-form-reload-when-switching-crm.html
  Dynamics CRM MVP/ Technical Evangelist at SlickData LLC
  My blog

• Background FI Posting with clearing, posting key control, etc - How?

  I have the requirement to post FI documents with clearing, with defined posting keys, where some of the fields come from file, some of them defaulted. It should happen in the background.
  I used BAPI BAPI_ACC_DOCUMENT_POST. I had the posting key problem, however with Badi ACC_DOCUMENT using EXTENSION2 I managed to generate the FI docs with the right posting keys.
  Now I have problem with clearing. It seems with this BAPI it's not possible to trigger clearing.
  I found some threads about FM 'POSTING_INTERFACE_CLEARING', however I don't think I can have any influence on the posting key and generated line items. So it doesn't help to me.
  FM BAPI_PAYM_ITEM_POST_CLEARING is for payments.
  Using program RFBIBL00 would be difficult, as far as I can see it can only use file in the specific format as an input.
  I should read my file and generate another file and call this program. This wouldn't be really the best approach.
  In this moment the only solution I can think of is transaction recorder/call transaction approach. Unfortunately this solution would be really release-customizing dependent and not performance-optimized.
  Any other idea?
  Thanks in advance,
  Peter

  Hi Rob,
  Thanks for your answer.
  In one of the sap standard batch program I found FM FI_PSO_DOC_DIRECT_INPUT. I'll give a try, it might help also.
  Best regards,
  Peter

• Posting key 12 does not permit specification of a special G/L indicator Urg

  hi all
  i want to riverse the cross company code transaction showing follwing messages
  Posting key 12 does not permit specification of a special G/L indicator
  Posting key 22 does not permit specification of a special G/L indicator
  regards
  JK Rao

  Hi
  Please go to transaction code OB41 and for the posting keys 12 and 22 please ensure that there is a tick mark for the special G/L indicator. Then your entry can be completed.
  Let me know if it helped and do assign points if found useful.
  Check the posts in the thread tittled - "re:Cross Company Code Code Transaction Riversal urgent"
  Karthik
  Message was edited by:
          Karthik Coneru

• Reverse posting key specification is missing for posting key 80

  A FI document was wrongly posted with posting key "80" instead of 40. And now we are not able to reverse it. System is giving following error --
  "Reverse posting key specification is missing for posting key 80"
  Document posted as
  50     207200     CASH - MAIN-O.H.     762.00-
  40     410120     CONVEYANCE EXPENSES     702.00
  <b>80     402440     STAFF WELFARE EXPENS     60.00</b>
  Please suggest
  Thanks & Regards

  Hi,
  Go to OB41, select the posting key 80 and in the third tab "Other attributes" mention Reversal Posting key. Like you can observe for posting key 40, reversal key 50 would have been assigned.
  Pl assign points, if helpful.

• How to specify the security policy "Allow access to everyone" for security role in Deployment descriptor

  Hi,
  I am migrating a web application from Websphere to Weblogic. The web application has a security role defined in web.xml (Use LDAP for authentication).
  security-role>
          <description>Authenticated</description>
          <role-name>Authenticated</role-name>
      </security-role>
  This role is mapped to a special subject "All authenticated user in appliation realm" in WAS.
  In weblogic, I have the following setting in weblogic.xml
  <wls:security-role-assignment>
          <wls:role-name>Authenticated</wls:role-name>
          <wls:externally-defined />
      </wls:security-role-assignment>
  And after deploy the application, have to manually add a security role and add the security policy "Allow access to everyone" to this role.
  I am wondering if this setting can be specified in  for example weblogic.xml so just deploy web applicaiton using deployment descriptor, and I don't need write script to do that .
  Thanks

  Hi,
  You need to have Back End support to achieve this. In Back End you need to create two groups . You need to know what joins has to be made for which group (which is more important) and also make session variable for the userrole (with SQL supporting it). In the BMM layer, we need to put the security join conditions in the 'where clause'.
  And make a common report. User loggin in with the respective userid will have userrole and joins assigned in the Back end. And they will be viewing the report according to their access.
  Hope this will solve your problem.
  Regards
  MuRam

• F-32 - Posting Key 07 does not permit specification of a spl G/L Indicator

  Hi Expert
  Pl help on following -
  Customer has following
  Advance Rs. 10000 - Entered via T.code F-28 (Note We have different type of advnces collected from a customer and therefore we entre special G/L Indicator here, .i.e. "A")
  Outstanding Invoice Rs. 6000 - From Sales Module
  In F-32, partical payment we want to clear the Advance, so that System should knock off Invoice and keep 4000 as credit balance for further adjustment.
  However after we simutlate, we are getting error -
  "Posting Key 07 does not permit specification of Spl G/L Indicator  (Message No. F5761) which suggest to make following configruation changes.
  To correct above issue, I tried to correct the accounting configuration (OB41) for posting key 07 and selected "Speical G/L' Check box in 'Other attribute. Here I have also provided the allowed Spl G/L Indicator i.e. "A".
  However after above changes done, system is now reporting message F5311 "Incorrect automatic posting are cancelled" and coming out from F-32 Tcode itself.
  One last oberservation, In OB41, for posting key 07 "Payment Transction' tick is NOT selected. Actually posting key 07 is "Other Clearing". In posting key 08 which is "Payment Clearing" , I can see 'Payment Transction" is Selected. Is this making the difference.
  So I am in complete mess. Please help.
  - Sunil

  Thanks for your answer.
  I have following questiong
  1. Why system is suggesting posting key 07, as it is automatically coming during simutatlion.
  2. If using 07 is not correct, which one should be use and how to correct the configuration so that in simulation by defualt correct posting key will appear.
  Thanks in advance.
  - Sunil

• Can't access some secure sites through proxy?

  can't access some secure sites through proxy server on osx it just keeps going local authority couldn't be contacted, i had the same problem with parental controls, but now that is off and its still doing it, is there a setting or something i need to enable?

  In my original post, not today's, I had said I was having the issues on the Mini, running OSX 10.6.8 and Safari v.5.1.5 for my bank's pill pay. I should have been more specific as to which machine and OSX Safari browser I'm having the T-Mobile problem with. My mistake.
  It is on both the MacMini and now the Air too. A moment ago, I was able to log in to my.t-mobile.com on the Air, but after putting into my Bookmarks folder, I can't do it anymore. The Log in button comes up greyed out instead of green.
  I'm also still having trouble with my bank's bill pay section on both computers too.
  I wonder if it's related to the saving of the log in info or putting in the Bookmark Folder?

• Does Azure SQL support AD and Security Roles

  I would like to create Reporting Service reports using Azure SQL Database.
  It is possible to attach Azure SQL to Active Directly and use its Security Roles so that I can filter reports based on AD groups of report user?
  Kenny_I

  Hi Kenny,
  Thanks for posting here.
  I suggest you to check this link for details.
  http://www.infoq.com/news/2015/02/azure-sql-ad-media
  http://www.developerfusion.com/article/121561/integrating-active-directory-into-azure/
  http://www.codeproject.com/Articles/749588/Role-Based-Access-Control-with-Azure-Active-Direct
  http://azure.microsoft.com/en-us/documentation/articles/best-practices-security/
  Hope this helps you.
  Girish Prajwal

• How reusable is a security role

  Can I copy one from one org to another?  More specifically, since the set of custom entities don't match, am I creating a problem or opportunity for collision by copying a security role from one org to another?  Are custom entities managed by
  guid or entityTypeCode within the security role?

  I've just done a test and managed to import a role that was controlling access to an entity present on the origin CRM but not present on the destination CRM. the import went though without errors. the role was created on the destination, but the role's
  settings for the custom entity disappear. So, even if that may not break the system, it Can cause confusion. Specially if you are moving across DEV, TEAST and PROD systems. Not a good practice.
  I Hope I could help. If I have answered please mark as 'Answer'. If was just helpful, please vote. Thanks and happy coding! Bruno Lucas, http://dynamicday.wordpress.com/