CRM70 Authorization buffered for webclient UI?
Hello,
i added to an existing PFCG role a new activity process type.
If i use CRMD_ORDER i´m able to create this activity.
If i use CRM webclient UI this activity is not there.
Is there somewhere a kind of buffer which needs to be refreshed?
How to do this?
Thanks a lot.
Best regards
Manfred
Hi.
Are you working with IC business role or with CRM Web client role?
Can you please confirm if this document type has the correct Channel assigned (Interaction Center Web Client or CRM Web Client UI)?
Trnsaction SPRO: CRM > Transactions > Basic Settings > Define Transaction Types
Regards,
Susana Messias
Similar Messages
-
Authorization Object for Webclient UI BI-Links
Hello,
i created my first two BI-Reports for CRM Service and added them over navigationbar-profile to my businessrole.
No i have the issue that i can see and process this new to BI-Links (authorization SAP_ALL and SAP_NEW).
But i have an testuser which has the same authorization as our service users. With this testuser i can´t see the links.
Does anybody know which authorization object i need to add to PFCG-role to see the links?
Thank you
Best regards
ManfredHello Robert,
it must have to do with authorization.
The buisnessrole is the same for both users "ZSRVHELPDESK".
Authorization in BW is done for both users.
But the user without CRM authorization SAP_ALL and SAP_NEW can´t see the two links to custom BW-Reports.
Another idea?
Thank you.
Best regards
Manfred -
Custom authorization provider for WL7 problem (not getting all parameters from ContextHandler)
I'm implementing a custom authorization provider for WebLogic 7.
In my Access Decision isAccessAllowed method I need to check values of
the parameters passed to an EJB method. Now, if an EJB method I have
two parameters of the same type, for example int, when I get
ContextElement array from ContextHandler and iterate through it to get
names and values of the parameters I get the same value (value of the
first int parameter) from both ContextElement's.
Here is the code:
String [] names = ch.getNames();
for (int i = 0; i < names.length; i++)
String name = names;
System.out.println("name = " + name);//here it gets array of
Strings, which contains two parameter names: "int","int",
which are the types of EJB method parameters
ContextElement[] ces= ch.getValues(names);
for (int j = 0; j < ces.length; j++)
ContextElement ce = ces[j];
System.out.println(ce.getName()+ " = " + ce.getValue());
//here if the value of the first int was 2 and the second 0,
it would get 2 from both ContextElements (each of ContextElements will
have name "int"
If I try this with method parameters of different types, for example
int with value 2 and long with value 0, then this code work fine -
first ContextEleement has name int and value 2 and the second has name
long and value 0.
Thanks,
-Oleg Kozlov.I'm implementing a custom authorization provider for WebLogic 7.
In my Access Decision isAccessAllowed method I need to check values of
the parameters passed to an EJB method. Now, if an EJB method I have
two parameters of the same type, for example int, when I get
ContextElement array from ContextHandler and iterate through it to get
names and values of the parameters I get the same value (value of the
first int parameter) from both ContextElement's.
Here is the code:
String [] names = ch.getNames();
for (int i = 0; i < names.length; i++)
String name = names;
System.out.println("name = " + name);//here it gets array of
Strings, which contains two parameter names: "int","int",
which are the types of EJB method parameters
ContextElement[] ces= ch.getValues(names);
for (int j = 0; j < ces.length; j++)
ContextElement ce = ces[j];
System.out.println(ce.getName()+ " = " + ce.getValue());
//here if the value of the first int was 2 and the second 0,
it would get 2 from both ContextElements (each of ContextElements will
have name "int"
If I try this with method parameters of different types, for example
int with value 2 and long with value 0, then this code work fine -
first ContextEleement has name int and value 2 and the second has name
long and value 0.
Thanks,
-Oleg Kozlov. -
I bought new Macbook Pro 13" around two months before .My Apple ID is working on all other things except app store . It is buffering for a lot of time and lastly coming on screen " can not connect to app store " Please help me
Have you tried repairing disk permissions : iTunes download error -45054
-
Authorization Group for G/L Account
Hi,
What?
- I wish to restrict the 'posting' of a G/L account to be done by certain users only
How?
- What I have done was...
a) From FS00, I have added a free-text (BANK) into the Authorization Group for a G/L account
b) From PFCG, a new role was created to allow these 2 Authorization Objects, F_BKPF_BES and F_SKA1_BES
c) 'BANK' was entered for the Authorization Group for both these 2 Authorization Objects
d) From there, I have assigned this new role to the user that I wish to allow Posting of the G/L account
Problem?
- Other users still can do Posting for this G/L account
- Any steps which I have missed out here or done wrongly?
Thanks,
BrandonHi,
Some other roles of the users may override and cause the users to post against this GL account.
Check all the roles relevant for the restricted users.
Use SUIM t-code to find if the auth object mentioned above is included in any other role.
If it be, restrict that again.
Generally if one role as no restriction against this auth and not all, this issue tends to happen.
Regards,
Sridevi -
Analysis Authorization failed for Multiprovider
Hi all,
We are facing an issue pertaining to the Analysis Authorization for a multiprovider. When we attempt to access a query base on a multiprovider, the program complains that it has insufficient authorization. So we did debugging in the customer exit and we realise it fails to populate the rest of the authorization variables in I_step = 0. Base on our initial investigation this only happens on queries on multiprovider, so is there anything I need to set or do to curb this error?
Many thanks!Best solution is to trace the authorization for your issue in ST01.
Switch on the trace in ST01 and start your work. if you face authoirzation check failed. look into the trace there you will find the logs and authorization failed for your userid.
And one more thing, have you got anything in SU53 as authorization check failed?
Hope this would help you. -
Hi there,
I'd like to ask you something:
I'm trying to synchronize all my iPod's (I have as many as 4 iPods: 2 iPod touch a 8 GB each and 2 iPod classic a 160 GB each) with my iTunes software (Version 11.3.1 which is installed on a Windows PC (Windows Vista Home Premium)). Unfortunately, the iTunes software refuses to run the command "synchronize with the iPod connected" regarding each and every iPod I have. iTunes just declares:
Synchronizing is impossible because I wouldn't hold the access authorization / rights for this operation.
I uploaded the songs at issue to my iTunes folder from CD's (all songs are in AAC format now).
What is this access authorization, why was something like that invented and what can I do to get it?
How do I have to proceed in detail?
What would it cost?
I am brand new here and have never ever made a post in any support community anywhere in the world in my life. Well, and I am not excessively knowledgeable about the particular computer or mac language but I know the very basics or can find out about them.
Anyways - can you help me please?
If you can't help me, who can do so?
It would be nice if you could answer me as soon as possible!
Thank you guys
Prying PedroYes, others have experienced the problem, a simple search of the forums would have revealed that and the simple solution.
Termporarily disable any security software on the computer. -
Authorization restriction for Goods issue against an Order
Hello All,
We have a situation wherein the user is able to issue goods using tcode MIGO by choosing Goods issue --> Others and mentioning an order number that belongs to another plant in the account assignment tab and issues a material which belongs another plant.
For eg we have material A that has been created for plant 1. The user issues the material (movement type 261)and the account is assigned to an order which has been created for plant 2.
I could not find any authorization object that restricts this.
I checked the objects M_MSEG_BWA and M_MSEG_WWA and he has authorizations only for plant 1 and all movement types.
Any pointers to restrict this access will be appreciated.
Thanks & Regards,
Subramaniam IyerHi,
MIGO transaction by default restricted with Plant. If you say that the user A is having access to only Plant 1 & 3, but not for 2, please check the below authorization objects does not have any manual objects inserted into the Role and restricted with the value only in organization field.
M_MSEG_LGO
M_MSEG_WMB
M_MSEG_WWA
M_MSEG_WWE
This issue may occur because if the objects are maintained manually in the role. If so, when you check in the organization field, it may not be showing the value which are manually added into the manual object.
Also, please check the other roles are assigned to the user. If any of the other roles assigned to the user having any of the above objects with * value, this may provide the user to do the Goods movement for any plant.
To check the issue, please go to SUIM and check the user under "Roles by Complex Selection Criteria" and make sure that you are checking the objects for the particular user. This should be able to identify whether the user is getting access from any other roles assigned to the user.
Regards
Anandm -
Authorization checks for PNP LDB
question : how to validate authorization checks for pnp logical database?
2 nd question: hr report
this report is basically for salary survey. in this i had so many fields can any body let me know how
can i form the internal tables. and i have to display overall 150 fields in csv file for that
how can i take in to the final internal table.
what is the logic behind this:
T71JPR09-JOBCODE
PA0000-PERNR
HRP1000-STEXT
P0006-PSTLZ
PA0008-ANSAL * 100 / PA0008-BSGRD
PA0015-BETRG
PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-GRADT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
like that i had.
please give me the steps how can i proceed.Hi,
The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
Hope this helps. -
Authorization object for Object services
Hello together,
I want to know if there is an authorization object for Generic object services functionilty especially the WF options like WF overview, start WF, Archieve WF..............................
My understanding is any user who has access to a particular Business object, can user GOS to view WF stuff..................Is my understanding correct or should we have extra functions.....................
RegardsCheck authorization objects S_OC_ROLE and, for recent releases, S_GOS_ATT.
Regards,
Raymond -
Archive Link Authorization problem for Business Partner.
Hi Experts,
Currently we are attaching documents to respective objects through Tr. OAWD & these documents are available in service for object as attachment, until this it is working fine.
But we are facing problem of authorization for archive link of ISU- Business Partner. Letu2019s say we had two users USER-A & USER-B responsible to upload documents of Business partners started with 1 & 2 respectively.
We needed authorization control for USER A&B so that,
USER-A should upload documents for Business Partner 1001 to 1999
& USER-B should upload documents for Business Partner 2001 to 2999
we need to know can we restrict USER A&B so that they can not upload documents for Business Partner for which they are not responsible. we allready checked the roles "SAP_BC_SRV_ARL_* " but not found useful to restrict USER A&B.
Thanks in advance....Hi Sam,
as this sounds like you search for suitable authorization objects I think that the authorization trace in transaction ST01 could be useful for you. For further information please see the following link: http://wiki.sdn.sap.com/wiki/display/PLM/AuthorizationTraceintransactionST01
Best regards,
Christoph -
Authorization object for plant on selection-screen
Hi All,
I need to cehck the authorization object for plant on sleection screen..the palnt is select-options.
I have written the code
Declaration of local constants.
CONSTANTS : lc_i(1) TYPE c VALUE 'I',
lc_eq(2) TYPE c VALUE 'EQ'.
REFRESH : r_werks.
LOOP AT s_werks.
IF s_werks-low IS NOT INITIAL.
AUTHORITY-CHECK OBJECT 'M_MATE_WRK' "Check if the user has autorization for the plant.
ID 'ACTVT' FIELD '03'
ID 'WERKS' FIELD s_werks-low.
IF sy-subrc NE 0.
r_werks-sign = lc_i.
r_werks-option = lc_eq.
r_werks-low = s_werks-low.
APPEND r_werks.
ENDIF.
ENDIF.
ENDLOOP.
LOOP AT s_werks.
IF s_werks-high IS NOT INITIAL.
AUTHORITY-CHECK OBJECT 'M_MATE_WRK' "Check if the user has autorization for the plant.
ID 'ACTVT' FIELD '03'
ID 'WERKS' FIELD s_werks-high.
IF sy-subrc NE 0.
r_werks-sign = lc_i.
r_werks-option = lc_eq.
r_werks-low = s_werks-high.
APPEND r_werks.
ENDIF.
ENDIF.
ENDLOOP.
My doubt is will the authorization will check the plants in between 1001 and 2001..suppose i have pplants 1001,1002,1003,1004,2001..Now will the above code will check for all the plants or only 1001 and 2001 if i specify in the select-options.
Regards,
rajHi Raj
First no need to LOOP AT s_werks and check s_werks-high as it will always be present only once in the table s_werks.
Do this
SELECT werks FROM t001w INTO li_werks
WHERE werks IN s_werks.
LOOP AT li_werks.
*check your authority thing here and fill the range
ENDLOOP.
Pushpraj -
Create authorization check for a report
Hi,
I need to create an authorization check for a report. It means that I need to restrict the usage of the report to couple of users ( 'USER1' and 'USER2' ). How can I do that? I did read through a lot of threads regarding this piece got a bit confused and stuck while creating the authorization object.
Say the report name is ZHR_TIMEABC.
Can anyone explain how to create an authorization object and how are they tied to the object and call them in the abap code?
Thanks in advance,
VGHi,
Thanks. Here is my understanding, S_C_FUNCT calls a system generated function module to make an authority check. So, if different users say USER1 and USER2 have different authroization levels, defined in their user profile, just adding this piece code will take care of authroization check for the program OR do I need to take care of something else?
If so, when do we need to create the authorization objects using SU20 and assign the group and follo this process? When do we use this approach ( lot of threads on authority check have mentioned this procedure)?
Your inputs will be helpful to understand this concept.
Thanks,
VG -
Authorization scheme for users stored in a database table?
Hello!
I'm trying to find out how to make an authorization scheme for database users.
I first made an authentication scheme for my current application, I named it "Authentication for database accounts", and the scheme type is "Database Accounts".
A word of explanation:_
I have a table in my database, named "USERS". Inside this table, I have the following columns:
- USERID (NUMBER)
- USERNAME (VARCHAR2(50))
- PASSWORD (VARCHAR2(50))
- EMAIL (VARCHAR2(200))
For this question, I'll take an example user. The username is USER and the password is USER. Email and UserID don't matter here, but let's just say the UserID is 1.
What I want:_
When you go to the application, and you are requested to log in (page 101), then I want a user to be able to log in with the data that has been stored in the USERS table.
So, on the login page, the user will enter USER as username, and USER as password. The authorization scheme then needs to check whether or not this username and password match the data in the USERS table. If it does, then it must sign the user in with the credentials the user entered (those being USER and USER).
I also want the UserID to be stored somewhere in the application (if possible, in an application item).
How do I do this? I've never made an authorization scheme before... I'm not too good with PL/SQL either, but I'm working on that part.
Any help is greatly appreciated.I'm trying to find out how to make an authorization scheme for database users. I think there may be some confusion here. An authorization scheme gives the user access to different parts of an Apex Application. Database users are the users that you use to login to the database, for example with sqlplus.
From the rest of your post it sounds like you need a custom authentication scheme to validate users against a custom table. For this you need to create a custom authentication scheme and select use my custom function to authenticate. Exactly how you set up the authentication scheme depends on the version of Apex you are using. But an example of validate user function you could use is given below:
function validate_login (
p_username in varchar2
, p_password in varchar2) return boolean
is
v_result varchar2(1);
begin
select null into v_result
from USERS
where userid = p_username
and password = p_password;
return true;
when no_data_found then return false;
end validate_login;Once the user has successfully logged on the userid will be in the APP_USER apex substitution string.
And for Application Express Account Credentials, does this mean an admin must make each new user by hand?If you using Apex account credentials the user details are stored within the Apex tables. You can create users using the Apex admin application or by using the APEX_UTIL.create_user api.
Rod West -
Authorization Check for Special Stock Indicator in IE02
Dear Gurus,
Would like to check with you if there is an authorization check for change in Special Stock Indicator in IE02-SerData Tab?
For example, the User will only be allowed to change the Special Stock Indicator only to "E" - Sales Order.
Would appreciate your help.
Thanks.Hi,
This cannot be done by using standard auth object. Standard SAP doesnt support control via this field.
Take help of your ABAP team and create an customized authorization object "Z_OBJECT" with field SOBKZ and which check these field value in table EQBS. Assign this auth object to role and profile you want.
Use the user exit IEQM0003 Additional checks before equipment update. Give a logic to check auth object when while using equipment change tcode.
Maybe you are looking for
-
My husband and I share an iCloud account and want to see eachothers calendars. How can we do this?
I want to sync calendars with another iPhone that shares the same account how do I do this?
-
How do you make a back-up copy of the OSX Leopard Install Disk 1?
I'd like to make a back-up copy of +Leopard Install Disk #1+ but I only have one DVD read/write machine onboard the Mac Pro. Can I insert the Leopard DVD, copy it to my desktop, remove it from the drive, insert a blank DVD and burn the contents to th
-
HD won't appear on Desktop and cannot use Find for HD searches
The HD icon disappeared from my Desktop last week and I cannot get it back using Finder Preferences. Also when I search with Find it cannot see anything on the HD although all applications etc are there and can be used. External HD icon and CDs etc.
-
I am trying to find out the complex conversions used in BPM process modelling activities such as mapping activity. What are the different complex conversions/functions which are very widely used/required in BPM projects? I am talking about custom fun
-
Safari SnowLeopard no longer shows in desktop and applications!
I have no idea how it disappeared off the face off my computers earth. Tried downloading all versions... No luck what so ever!!!! How do I get the same type of Safari for my MacBook without paying the price! I have a warranty and everything.. Please