Creation of an authorization object
Hi,
I want to create an authorization object, in which I can add my own selection of fields.
Hence, if I include this object in a role, I can restrict the user as per my requirements.
I found SU21 in one of the forums, however I'm not sure if this is possible thru' SU21.
Pls. help.
Thanks a lot,
Saba.
Hi,
Thanks for the reply...I was able to create the authorization objetc, however now I'm facing amother problem.
In my role , I've removed the std. object (since it has insufficient fileds) 7 added the new "z" objetc, howver the T-code still checks for the std. object & does'nt pick up values from my Zobject...Is there some way I can embed my Z objetc into the std. one??
Pls. help.
Thanks a lot,
Saba.
Similar Messages
-
Role creation and authorization objects in sap
Hi
i want to know the full relationship between creation of roles , authorization objects ,authorizations in web as abap
Please explain the process in detail the use of PFCG and all its options and how to create Z rolesAlthough, It would be a very long document to explain the query, I have briefed you on the concept. I hope it leads you well.
- Roles are nothing but a container for authorizations. A role represents a specific part of an employeeu2019s job.
- The R/3 authorization concept permits the assignment of either general and/or finely detailed user authorizations. These assignments can reach down to transactions, field and field value level.
For e.g. If a user wants to create a PO we can restrict him on:
u2022 Activity : Create/Change/Display
u2022 Org elements like Company Code, Plant, Purchase Organization etc
u2022 Document type etc.
- Authorization objects are grouped in an object class such as Materials Management: Master Data (MM_G). Each Object Class may have several authorization objects and within each object we can have several authorizations (max. up to 99).
- Fields :The permissible values for the fields constitute the authorization. For e.g. ACTVT (Activity) is a field with permissible values of 01 (Create), 02 (Change) & (03 Display) for the object M_MATE_CHG (Material Master: Batches/Trading Units). Value * for field BEGRU signifies all possible values.
- An authorization allows you to carry out an R/3 task based on a set of field values in an authorization object. By themselves authorizations do not exist and they only have a meaning inside a profile
- Authorizations are contained within profiles and these profiles are assigned to users manually or automatically via role assignment. When you assign the field values for all the authorization objects and save system will auto generate a profile name.
- Authorization check are included in the transactions source code in standard SAP R/3.A user may carry out an action if the authorization check is successful for each field in the object.
Edited by: Subramaniam Iyer on Nov 27, 2008 12:08 PM -
Authorization Object for Account Assignment field
HI all,
We wanted to restrict the users from creation of PO (in ME21N) against the specific Internal Orders (Account assignment KNTTP='F'). So that user can use Internal orders assigned to his Business Area only.
Which authorization object i can use to restrict the user to use specific Internal order during PO creation and change. ??? I tried to check authorization object listed under t code ME21n but none of them restrict Internal order.
Is there any std. object available, if not then what I need to do while creation of customized authorization object (in SU21), how system will call this authorization object in ME21N while using Acc. Assignment u201CFu201D. more detailed answers will be more useful.
Thanks...Hi frnd...
i think you want to allow all users to use acct. ***. "F",
but you want to stop the user from using ir-relevant internal orders.
For this, i think you can create a "Z" table having fields:
1)User ID - (key field)
2)Internal Orders - (key field)
3)Access.
Make the entries of the users against the internal orders. (if you want any user to access all the internal orders, then make entry (*) in the field access.
While creating GRN check these entries, if the entry exist, let user use that internal order, if not give the error as you are not authorized.
To do all these, you have to use user - exit. which one i dont know...
kindly let me know, if you use any.
njoy SAP...
njoy Lyf...
Regards,
Amit P Hiran -
Authorization Object for Purchase Group while GRN
HI all,
We wanted to restrict the specific users from doing GRN with ML81N & MIGO_GR against specific Purchase Group. Which authorization object can be used to restrict the user from processing others Pur. groups for which he is not authorised.
Is there any std. object available, if not then what I need to do while creation of customized authorization object (in SU21), how system will call this authorization object in MIGO & ML81N. more detailed answers will be more useful.
Thanks...closed...
-
BAPI for creation of Authorization Objects in BI 7.0
Hi BW Gurus,
Greetings!!!
Is there any BAPI Available for creation of Authorization Objects in BI 7.0.
The data will be transferred through flatfiles.
Kindly provide me the info as earliest as possible.
Best Regards,
PriyaGot the Workaround...
Priya -
Authorization object for field, EBAN-ESTKZ (creation indicator)
Dear All,
Does anyone know if there is an authorization object for field, EBAN-ESTKZ?
I need to control the PR's authorization at creation indicator level. i.e. we need to remove the ability for all users to change Purchase Requisitions created by MRP.
Thanks,
Arun.Hi Jay,
Thanks for your response.
I didnt find it there. You have any Z options?
Thanks,
Arun. -
Authorization Object for role creation for query display?
Hi,
Can Anybody here tell me what is the Authorization object that we use for role creation for query display?
I want to assign a role to the newly designed query! that query does not have any role so far!
Pls suggest me
Thanks,
RaviHi,
I could make the authorization tab green by entering the authorization object!
But user tab still remains red as it is not allowing me to enter my username in the user tab!
in the user tab i am unable to enter my user name?
Any suggestions?
Thanks,
Ravi -
Creation of a user with a particular authorization object (Very Urgent)
Hi,
There is a requirement in my project to create a user who can only reset his password. So for this I think a authorization object should be created and assign it to a profile which displays only the tab for reseting the password which is( Logon in SU01). I want to know two things in this regard.
1. The whole process of creating customised authorization object and assigning it to a profile and
2. Any other way to achieve the needed scenario.
Thanks & Regards,
Sujith
Edited by: Sujith K on Feb 4, 2008 1:26 PMIn transaction pfcg ,
give single/composite role name
give profile name and description in authorization tab, save it
enter into change authorization data
select manually tab
give authorization objects name (creating auth. objects)
fields will automatically come inside it
enter the field values
save and generate profiles (Profiles created)
go to su01,
create users (fill address, logon data, roles )
In pfcg,
select the role you created and click on the user comparison for giving the authorization to access.
award points if useful -
Creation of a new Authorization object
Hi ,
I need to create a new Authorization group and add three existing tables to it.
Kindly suggest a way.
Regards.Authorization Field
Smallest unit in an authorization object. An authorization field either represents data, such as a key field in a database table, or activities, such as Read or Create. Activities are specified as identifiers, which are stored in the database table TACT and the customer-specific table TACTZ.
Maintenance using transaction SU20.
Authorization Object
Repository object that forms the basis for authorizations. An authorization object comprises up to 10 authorization fields. The combination of authorization fields, which represent data and activities, is used for authorization assignment and to check authorizations. Authorization objects are grouped together in authorization classes.
Maintenance using transaction SU21.
Authorization
Enter in the user master record or part of an authorization profile. An authorization comprises complete or generic values for the authorization fields in an authorization object. The combination determines the activities with which a user can access certain data.
Maintenance in transaction SU03 or generation from transaction PFCG (profile generator for role maintenance).
Authorization Profile
Grouping of several individual authorizations or further authorization profiles. Can be entered in the user master record instead of individual authorizations. An authorization can be assigned to authorization profiles as often as you wish.
Maintenance in transaction SU02 or generation from transaction PFCG (profile generator for role maintenance). -
Creation of Authorization Object
Dear All,
Can anyone of you guide me on how to create Authorization Object?
My Knowledge on this concept:-
1) Mark required object as Authorization Relevant
2) Use of T-code RSSM
3) Select marked Authorization Object
4) Assign fields to it, for authorization.
thats all i know.
There are few more additional settings we need to do for it.
Request you to provide with step by step procedure for the same.
Thanks & Rgds,
Anuphi
To create an authorization object:
1) Execute transaction SU21
2) Double-click an Object Class to select a class that should contain
your new auth object
3) Click on CREATE (F5)
4) (If creating custom field) - Click the 'Field Maintenance' button -->
Click on CREATE (Shift+F1)
5) Enter the Name for the New Authorization field and the corresponding
Data Element and SAVE
6) Confirm the Change Request data for the new Authorization Field
7) Go back two screens (F3-->F3)
8) Enter the Authorization field name and document the object:
9) SAVE and ACTIVATE the documentation
10) Save the new Authorization Object
11) Confirm the change request data for the Authorization Object and
EXIT SU21
12) Finally, the SAP_ALL profile must be re-generated
the following link will be helpful
http://209.85.175.104/search?q=cache:BigTSV4_olEJ:www.gingle.com/glenaccess%255CsdnAuthorizationObjectsimple.docHowtocreatauthorisation+object&hl=en&ct=clnk&cd=10&gl=in
http://aroundsap.blogspot.com/2008/02/sap-bw-70bi-70-new-authorization.html
Use of T-code RSSM
Through BIW Authorizations (TCode RSSM)
Authorization check log. This gives information on
missing authorizations for reading data. -
Authorization object creation manual method
hi gurus
I have a requirement to create authorization objects for my project. The scenario is, we have a query which gives the profit center data on a weekly basis.the users for this report are the project management people. we have not created the project management hierarchy, but presently supposed to use a role as Project Management. We have a set of users for this Project Management role.
Now based on this scenario i am supposed to create the authorization objects.
can anybody suggest me the right step by step method for creating the authorization objects.
I would like to have steps as what i need to do in RSD1, in PFCF, in RSSM and in the BEx.
you answers will be rewarded accordingly
thanks in advance
regards
vijaykumarhi!
1) identify the infoobject which must have restricted access. I think it is Profit Center in your case or may be PSP element
2) in infoobject maintainance screen check Whether it is marked as Authorization relevant(RSD1)
3) goto RSSM and create a new authorization object and add your infoobject to it.
4) in PFCG role maintainance screen add create a new role Project Management and addt eh users to it. under the authorizations tab go to maintaina authorizatioons and add your authorization object that you create in RSSM. and maintain the correct values with in it.
with regards
ashwin -
Hi All,
I want to creat an authorization object whihc is similar to the P_ORGIN with an extra field payroll area 'ABKRS'.
So that I have created a new authorization obj which includes all the fields from P_ORGIN and with ABKRS.
And I assigned this to role instead of P_ORGIN. But is it not working as P_ORGIN.
Can anybody help me in this regard?
Thanx in advance.Hi,
have you assigned your object to the transactions via SU24 ?
http://help.sap.com/saphelp_erp2005vp/helpdata/en/9e/74ba3bd14a6a6ae10000000a114084/content.htm
Please have also a look at
http://help.sap.com/saphelp_erp2005vp/helpdata/en/4e/74ba3bd14a6a6ae10000000a114084/frameset.htm
The link describes how to generate your own object if p_orgin isn't enough for your requirements.
Hope this helps.
Regards
Bernd -
Authorization object creation for transaction MIGO
Hi,
We have created the auth object for acct asignment category with values as activity & acct assignment category.
But when assigned to respective users, its still allowing to perform the transactions.
Basically I am using this object for doing Goods Reciept tcode MIGO.
As in if auth object carries value 'K' in this object i.e. for cost center then other user with value 'P' i.e. project wont be allowed to perform the MIGO for POs with 'K'.
Kindly tell me the specifications for the auth object, so that it will restrict users from performing the MIGO.
Regards,
Krutikahi!
1) identify the infoobject which must have restricted access. I think it is Profit Center in your case or may be PSP element
2) in infoobject maintainance screen check Whether it is marked as Authorization relevant(RSD1)
3) goto RSSM and create a new authorization object and add your infoobject to it.
4) in PFCG role maintainance screen add create a new role Project Management and addt eh users to it. under the authorizations tab go to maintaina authorizatioons and add your authorization object that you create in RSSM. and maintain the correct values with in it.
with regards
ashwin -
Authorization object for Sales Area Data creation ...
Hi Gurus,
Please suggest on this:
"when an CRM Sales employee creating a BP , employee wants the sales Area for the BP from the sales area of employee in the Input selection option of Sales Area for BP". Any authorization object will help?
Thanks in advance.,Hi Joern,
will this ST01 also work for the PCUI or BSP application for finding the authorization objects.
Actually our requirement is that we need to restrict a user searching documents belonging to him and reporting to him.
without any authorizations given we are able to search the documents of all users in activty management under activtiy monitor. we would like to block users to view only documents done by him in his sales area.
can you provide me the details of the authorization object, please.
thanks
Srini -
Add new authorization object for production order creation/change/display
As mentioned. I definded new authorization object using "Production scheduler" (Field Name : FEVOR) by SU20. then use SU21/SU24 to add authorization object for some transaction code such as COOIS. use PFCG maintain new role and assign a fixed production scheduler value and assgin transaction code COOIS to this role. create new user ID and assign to that role.
logon system with new ID, run COOIS. but system don't check new authorization object(production scheduler). who can tell me why it is and how i can add new new authorization object for standard transaction code?
Thanks.
Kevin.WUHi,
there is an icon of generation. just click there in PFCG and also in su21.
then add this object in new role.
Assign this role to user id
while assigning the role also there is a generation.
Please take a help of BASIS consultant also as this is entire a BASIS process.
Regards
Amit parkhi
Maybe you are looking for
-
how to get photos from mac to iPhone 6? when i try it just comes up iCloud instead of my photos
-
Is it possible to insert a div tag (or two) inside another div tag. I have a background image I want to be in the background of a section that will have 2 or 3 div tags in it. I know I can go with a table, but I am trying to get away from them. Thank
-
FCC Parameters are required in the Receiver File Adapter
Hi , Sorry for posting this question again.. my Structure is MT_CADVICE_STRING . . Batach - 1:Unbounded (Node) . . .Header_String - 1:1 . . .Line_Item - 1:Unbounded (Node) . . . .LineItem_String
-
I would like to arrange the mail with the inbox and the text side by side
I would like to read my mail to the right of the incoming mail, and not below or above. Is that possible?
-
Can you help me find pix that I stupidly made a new folder in temp files and now can't find my pictures?