Delete and unlock access for infotypes

Hi All,
Is there way to have only access to delete and unlock infotypes in HR?
We need to give access for unlocking and delete access to few users
Please suggest.
Regards
Manish

HI Gaj,
I have check E and D:
E comes with package of delete,create and change records
and D has auth to unlock records.
But my req is just to have delete locked records and Unlock lock records.
That is combination of E and D.
please advise
Regards
Manish

Similar Messages

  • Delete and Write Access for PA infotypes

    Hi Gurus,
    Our clients require managing Write and Delete access separately for PA infotypes. Example, an employee can have Write access (able to save values in infotypes) but s/he will not be able to Delete this infotype record one it has been Saved.
    How do we implement this?
    In the standard authorizatio object for HR master data, P_ORGIN you only have M, R and W. If an employee was given a W access, s/he'll also have Delete access.
    Is there a way on how to do this?
    <removed by moderator>.
    Thanks.
    Olekan Babatonde
    Edited by: Suresh Datti on Dec 28, 2009 6:21 PM

    Olekan,
    First of all, if your managing PA Infotypes, you're also using the P_PERNR object authorization.
    Next, you're right. For SAP, the Write and Delete permissions are the same authorization level (W).
    To avoid build a "Z" solution, i suggest you use the "block" permission in one of these ways:
    1) assign the S authorization level (Symmetric) for write access using the Symmetric Double Verification Principle; that is, user 1 do changes to an infotype and data is saved with "blocked" status, then user 2 save or delete data entered by user 1. Another day, user 2 do changes to an infotype, then data is saved with "blocked" status and only user 1 will be able to save or delete data entered by user 1.
    2) assign the E and D authorization level for write access using the Asymmetrical Double Verification Principle; that is, if user 1 has E, and user 2 has D, then the user 1 ever maintain data with "blocked" status and never will be able to save or delete data. And user 2 ever will be able to "unblocked" data (for save or delete) and never will be able to maintain data without "blocked" status.
    Check this links ([1|http://help.sap.com/saphelp_erp60_sp/helpdata/en/fd/4bba3b3bf00152e10000000a114084/content.htm] y [2|http://help.sap.com/saphelp_erp60_sp/helpdata/en/d3/4bba3b3bf00152e10000000a114084/content.htm]) to find out more information about these principles.
    Kind regards

  • ABAP Routine for Deleting and creating index for ODS in Process chains

    Any pointers for the ABAP Routine code for deleting and creating index for ODS in Process chains.

    Hi Sachin,
    find the following ABAP code to delete ODS ondex.
    data : v_ods type RSDODSOBJECT.
    move 'ODSname' to v_ods .
    CALL FUNCTION 'RSSM_PROCESS_ODS_DROP_INDEXES'
      EXPORTING
        I_ODS = v_ods.
    To create index:
    data : v_ods type RSDODSOBJECT.
    move 'ODSname' to v_ods .
    CALL FUNCTION 'RSSM_PROCESS_ODS_CREA_INDEXES'
      EXPORTING
        I_ODS = v_ods.
    hope it helps....
    regards,
    Raju

  • Send As, Send on Behalf and Full Access for Exchange server 2010/2013

    [This FAQ contains 2 parts]
    Testing and watching the behavior of Send As, Send On Behalf and Full Access permission.
    Common issue and Troubleshooting on the three permission.
    [Testing and Watching]
    Based on following blog, I decide to test on my lab:
    Full Mailbox Access Rights + Send On Behalf = Send As ?
    http://blogs.technet.com/b/ehlro/archive/2012/04/06/full-mailbox-access-rights-send-on-behalf-send-as.aspx
    Description on my lab and test:
    Exchange 2010 + Outlook 2010
    Exchange 2013 + Outlook 2013
    Senders: A01, A02, … , A07, A08
    Recipient: A09
    A01 grand permission to other senders.
    Two methods:
    a. Use A0x’s credential configure A01’s profile, then send From both A01 and A0x via Outlook. Watching result in A09’s Inbox and Sent Items which has message copy left.
    b. Use A0x’s credential configure A0x’s profile, then send From both A01 and A0x via Outlook. Watching result in A09’s Inbox and Sent Items which has message copy left.
    Result as following forms:
    1. Exchange 2010 + Outlook 2010 / Exchange 2013 + Outlook 2013
    Using A0x’s credential configure A01’s mailbox, then send From both A01 and A0x
    To A09.
    2. Exchange 2010 + Outlook 2010 / Exchange 2013 + Outlook 2013
    Using A0x’s credential configure A0x’s mailbox, then send From both A01 and A0x
    To A09.
    [Common Issue]
    1. [Issue]
    Exchange 2010 + Outlook 2010. A01 grand A03 Send As permission. However A03 can’t send as A01 to A09 and get NDR:
    You can’t send a message on behalf of this user unless you have permission to do so. Please make sure you’re sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.
    Details as following pic:
    [Troubleshooting]
    1) Based on the NDR, it seems a permission issue. Check Send As permission, however the Send As permission configured correctly. Pic as below:
    2) ince the Send As permission configured correctly, it seems the permission hasn’t been replicated. Try to restart Microsoft Exchange Information Store service. It works.
    Note: The Send As permission isn’t granted until after replication has occurred. Replication times depend on your Exchange and network configuration. To grant the permission immediately, stop and then restart the Microsoft Exchange Information
    Store service.
    2. [Issue]
    Exchange 2013 + Outlook 2013. A01 grand A03 Send As permission. However A03 can’t send as A01 to A09 and get NDR:
    Your message did not reach some or all of the intended recipients.
    Subject: xxx
    Sent: xx/xx/2014 8:20 AM
    The following recipient(s) cannot be reached: A09
    This message could not be sent. Try sending the message again later, or contact your network administrator. Error is [0x80070005-00000000-00000000].
    Details as below:
    [Troubleshooting]
    1) Also check the Send As permission configuration first.
    2) Then try to use A03 send as A01 to A09 via OWA. If OWA works well, it seems and issue on the Outlook client side.
    3) This behavior may occur if the OAB in Outlook isn’t updated. Try to download OAB manually.
    4) If doesn’t work, please close Outlook and try to delete all the OAB folder on your computer. The path of OAB folder in Win7, Win8 as below:
    \Users\<UserName>\AppData\Local\Microsoft\Outlook\Offline Address Books
    5) Restart Outlook.
    Note: Be aware that you cannot send e-mail messages on behalf of a mailbox if the mailbox is hidden from address list. When sending a message, Exchange requires that e-mail address is resolved in the
    From field.
    3. [Issue]
    Exchange 2010. A01 grant A0x “Send As” or “Send on Behalf” permission. A0x send as/ send on behalf of A01. The message is only copied to the Sent Items folder in A0x’s mailbox (same as the result of my test). Also cannot configure Exchange 2010 so that the
    message is copied to the Sent Items folder of both A01 and A0x.
    [Troubleshooting]
    This issue occurs because Exchange server 2010 was designed to copy message to the Sent Items folder of the sender only. This issue can be solved by installing Exchange 2010 SP2 UR4. More details in the following KB:
    Messages that are sent by using the "Send As" and "Send on behalf" permissions are copied only to the Sent Items folder of the sender in an Exchange Server 2010 environment
    http://support.microsoft.com/kb/2632409/en-us
    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    Nice guide Mavis, I recently explored the same topic. Few things you might want to add is the type of connectivity (Cached vs Online will produce different results) and to expand further on the methods of adding the other mailbox in Outlook (additional mailbox
    vs additional account defaults to different methods). Check the screenshot:
    And please post this somewhere more visible, like blog/wiki page.

  • Object and reference accessing for primitives, objects and collections

    Hi,
    I have questions re objects, primitives and collection accessing and references
    I made a simple class
    public class SampleClass {
         private String attribute = "default";
         public SampleClass()
         public SampleClass(SampleClass psampleClass)
              this.setAttribute(psampleClass.getAttribute());
              if (this.getAttribute() == psampleClass.getAttribute())
                   System.out.println("INSIDE CONSTRUCTOR : same object");
              if (this.getAttribute().equals(psampleClass.getAttribute()))
                   System.out.println("INSIDE CONSTRUCTOR : equal values");
         public void setAttribute(String pattribute)
              this.attribute = pattribute;
              if (this.attribute == pattribute)
                   System.out.println("INSIDE SETTER : same object");
              if (this.attribute.equals(pattribute))
                   System.out.println("INSIDE SETTER : equal values");
         public String getAttribute()
              return this.attribute;
         public static void main(String[] args) {
    ...and another...
    public class SampleClassUser {
         public static void main(String[] args) {
              SampleClass sc1 = new SampleClass();
              String test = "test";
              sc1.setAttribute(new String(test));
              if (sc1.getAttribute() == test)
                   System.out.println("SampleClassUser MAIN : same object");
              if (sc1.getAttribute().equals(test))
                   System.out.println("SampleClassUser MAIN : equal values");
              SampleClass sc2 = new SampleClass(sc1);
              sc1.setAttribute("test");
              if (sc2.getAttribute() == sc1.getAttribute())
                   System.out.println("sc1 and sc2 : same object");
              if (sc2.getAttribute().equals(sc1.getAttribute()))
                   System.out.println("sc1 and sc2 : equal values");
    }the second class uses the first class. running the second class outputs the following...
    INSIDE SETTER : same object
    INSIDE SETTER : equal values
    SampleClassUser MAIN : equal values
    INSIDE SETTER : same object
    INSIDE SETTER : equal values
    INSIDE CONSTRUCTOR : same object
    INSIDE CONSTRUCTOR : equal values
    INSIDE SETTER : same object
    INSIDE SETTER : equal values
    sc1 and sc2 : equal values
    ...i'm just curios why the last 3 lines are the way they are.
    INSIDE SETTER : same object
    INSIDE SETTER : equal values
    sc1 and sc2 : equal values
    how come while inside the setter method, the objects are the same object, and after leaving the setter method are not the same objects?
    Can anyone point a good book that shows in detail how objects, primitives and collections are referenced, especially when passed to methods. Online reference is preferred since the availability of books can be a problem for me.
    Thanks very much

    You are confusing references with objects.
    This compares two object references:
    if( obj1 == obj2 ) { // ...Whereas this compares two objects:
    if( obj1.equals(obj2) ) { // ...A reference is a special value which indicates where in memory two objects happen to be. If you create two strings with the same value they won't be in the same place in memory:
    String s1 = new String("MATCHING");
    String s2 = new String("MATCHING");
    System.out.println( s1 == s2 ); // false.But they do match:
    System.out.println( s1.equals(s2) ); // trueIf you're using a primitive then you're comparing the value that you're interested in. E.g.
    int x = 42;
    int y = 42;
    System.out.println(x == y); // trueBut if you're comparing references you're usually more interested in the objects that they represent that the references themselves.
    Does that clarify matters?
    Dave.

  • Lock and Unlock user for a period of time

    I need to lock a specific su01 user for a specific period of time each day.  Does anyone have any idea how to accomplish this task?

    Hi Lye and Elvira,
    I am not logged on, but fairly certain that calling FM BAPI_USER_GET_DETAIL will also deliver the lock status / reason and user existence check etc, which means that the program can react appropriately to the UFLAG lock and the reason for it (if coded to do so). It would also spare the select on USR02 which might change or even be blocked.
    A bigger problem I see with preventing a user from doing something from a certain point in time onwards using this lock-approach, is that the user might already be logged on!
    @ Elvira Knight and ELVIRA KNIGHT regarding points: You have 2 SDN ID's now. You need to logon as the ID which created the thread (Elvira Knight originally asked the question) either by using the P- or S-number from the registration or the email address (you might need to temporarily change ELVIRA KNIGHT's email address to do that). Then you will be able to assign points for the thread which you started as Elvira Knight.
    Theoretically I could add the points for you, but I prefer not to interfer in the decisions and points of SDN members (it is a free world  - unless there is points collaboration...). The future of the points-system is indeed also hanging in a bit of a balance because of that reason. You can email me via the address in my business card if you need some help.
    Cheers,
    Julius

  • Read and write access for shared folders shouldn't be enabled but it is.

    I have an external hard drive with all my media stored on it. This is shared over the local network so that others on my network can access it.
    However I set it u for read only access (I dont want the rest of my family to be able to delete files) but it persists to have read & write privaleges.
    Im sure im missing a really obvious point but I can't work it out. So was hoping someone could help.
    In System Pref-Sharing-File Sharing the folder is shared with 3 users added:
    Alastair Riddle (Read and Write) <----My account
    Staff (Read Only)
    Everyone (Read Only)
    I have applied permission to all folders, but guests appear to be able to log on and have full read write privaleges.
    Your help would be appreciated,
    Ali

    I'm no expert on this one, but for the others to be included under the Staff heading, I believe they have to be added to that group.
    It may be easier to add them by name and set to read-only, and add an entry for Guest as read-only.
    And ensure that the external drive has Owners Enabled.

  • ShowModalDialog and "Unauthorized Access" for Item Help Tips - APEX 2.2.0

    Hi, all,
    Well, I have a popup that is displayed using ShowModalDialog, and that popup has help tips for some items. When I view it on my computer, regardless of whether or not I'm logged into APEX or not, and regardless of what authentication scheme I use to log into my application, I can see the help tips.
    When another user I have testing tries to view the help tip, she gets "Unauthorized Access." It doesn't matter what she is logged into or how. However, if I send her the link to the page displayed in the ShowModalDialog popup and she opens it in a regular window, she can see the help just fine.
    I did see mentions of this elsewhere in the forums. Is this Bug #5469015 : Authentication Fails On Popup Item Help Pages? If so, is there a workaround?
    Thanks!
    Don

    Thanks for all your help Scott
    I've added the -PORTAL_SSO- .....
    After this I've had a new problem same to this: Re: SSO Authentication Not Working
    "get the error below and it then directs me to http://hostx/htmldb/f? and the "p=" is missing"
    But after a lot of tests I discovered where was the problem: "The apache configuration for the proxy!!"
    This an extract from the installation doc :
    SetEnv force-proxy-request-1.0 1
    ProxyPass /htmldb http://127.0.0.1:8080/htmldb
    ProxyPassReverse /htmldb http://127.0.0.1:8080/htmldb
    ProxyPass /i http://127.0.0.1:8080/i
    ProxyPassReverse /i http://127.0.0.1:8080/i
    ProxyPass /sys http://127.0.0.1:8080/sys
    ProxyPassReverse /sys http://127.0.0.1:8080/sys
    where you replace 127.0.0.1 with the name OR ip address of your XE installation. 8080 is the default http port of your XE installation. "
    Well, I used the IP ADDRESS and in the @regapp > listener_token the NAME!!! (HTML_DB:servername.domain:80)
    I changed the IP ADDRESS with the NAME, restarted the httpd service and now all works fine.
    Emanuele

  • Use Same URL for Internal and External Access for CRM 2015 IFD

    I have setup a CRM2015 server for IFD access.
    ADFS and CRM are on separate servers.
    CRM server all roles
    ADFS 2.0 server.
    Using the internal URL I am able to access CRM without entering my details (as expected)
    Using the external URL I am authenticated by ADFS as expected and can sign in.
    We have an internal domain domain.local
    We have an external domain domain.com (the certificate is for *.domain.com)
    We have a DNS zone created internally for domain.com.
    CRM URLs
    internal : internalcrm.domain.com
    External : externalcrm.domain.com
    I would like all users to use the same link regardless of them being internal or external, but I would like so that any user who is on the domain is automatically logged in without entering their username and
    password. What is the best way to do this?
    I have tried creating a cname record on the internal domain.com zone pointing externalcrm.domain.com to internalcrm.domain.com but that didn't work, I still get the ADFS sign in page.
    Thanks

    So fair warning, what you're asking for isn't really a supported deployment method of CRM.
    That said, you should be able to do some DNS trickery internal to your network that points your "crm.domain.com" to "crm.domain.local" and then hopefully CRM will treat the connection as if it came from an internal network.
    Otherwise, you're likely going to have to accept that everyone gets the ADFS login page internal and external to your network.
    The postings on this site are solely my own and do not represent or constitute Hitachi Solutions' positions, views, strategies or opinions.

  • Linksys WRT400N and Remote Access for VPN

    Hi all
    Let me start by saying I am not a techie; I am trying to troubleshoot my own router (Linksys) issues with using Lync and accessing some sharepoint sites that are internal to my company's network.  If this is not the correct place to be to get help - please say the word and I will move on.
    I am connecting to the Internet using a Linksys router (WRT400N).  When I have my work laptop using RESCUE GFE hardwired directly to the modem - and then connecting to VPN - I can connect to Lync and work normally. 
    However, when I move connection via the router - I can no longer connect to Lync nor access some Sharepoints.  I can access VPN fine but with Lync I get an error stating "Your Lync account does not allow access from outside your organization's network.  Please connect to your organization's network and try again.  However, I am connected via the VPN.
    Thanks very much in advance!  This is driving me nuts as previously, this connection worked with a prior laptop using WinXP (I am no on Win7) and the connection thru router and using VPN worked with Communicator.
    I unfortunately had to reset my router - so I cannot recall if there were port settings established from the last time I had to set up the network.  I didn't save the configuration; note to self - save configuration in future.
    Thanks in advance for any help/direction/insight.

    The router's firewall may be blocking the said access. Adjusting the security settings on the router might help. Log- in to the router's page and disable Block Anonymous Internet Requests under the Security tab. If this doesn't work, you may definitely need to open certain ports. Port forwarding should allow specific applications to work behind the router for this setup to be up and running. I recommend looking for these ports (Google?). For isolation, you can try to connect to VPN and check if Lync works on a different computer.

  • XP2400 and unlocking (this for ya Raven)

    i've followed the advice given here and read as much as i could find about wire tricks and painting bridges and stuff to unlock AMD processors. the problem is, i've found several contradictory data on forums and the like, as in overclockers for example:
    - All AMD tbreds are unlocked in Nforce2 chipsets
    - unlocking an XP2400 is not worth it since it can't go over 150 FSB
    - unlocking an XP2400 is worth it since you can reach 180 or more
    on my board, lower multis are available but any attempt to use them results in no boot, even at 133.
    my aim is to get to 166x12 wich would be stock speed but would allow me to set ram at 333 without loosing the 1:1 ratio. i've 'paged' you raven since you have this same CPU wiretricked.
    emilio

    Quote
    Originally posted by Tazin
    Since i already got this load of thermal paste i'll try with the stock HSF first and see what happens. what can i use to clean the leftover thermal joint?
    Does a Duron 700mhz HSF fit in my XP2400? my mom has such a computer and for some reason it has a killer HSF.
    emilio
    Isopropyl Alcohol is what you want to use to clean it.   If you're going to be
    OC'ing your CPU which it sounds like you are, you want to make sure your cooler
    is rated above your 2400. Also make sure you have case fans, I would
    recommend two intakes in the front and 2 outputs in the back. Also space out your
    drives if you can for good airflow. Round cables wouldn't hurt either.
    Good Luck  

  • Screen Modication and Feature change for Infotypes

    Hi,
    I have an issue with the Feature P0185. I will appreciate your help with this. I have a scenario where, the IT0185 screen is different for different MASSG (of the same MASSN - Action). So I created a new screen with a new variable. E.g. for reason code 01 during Prehire action, default screen 3000 and for reason code 02 during Prehire action, default the standard screen 2000. In feature P0185 I am looking at TCLAS first and after that A – Master Data and Time Data after that MOLGA then MASSN then MASSG and here my return value is the screen variable. However with reason 01, it still defaults the standard screen (and not the custom screen).
    I have done similar configuration for IT0002 and IT0006 and it works just fine. However with IT0185, I am unable achieve this.
    I will appreciate and reward your valuable suggestion on this.
    Thanks
    Sanghamitra

    Hai..
    These are the descision parameters available for P0185.
    BUKRS     Company Code
    WERKS     Personnel Area
    BTRTL     Personnel Subarea
    SUBTY     Subtype
    MOLGA     Country Grouping

  • I can't figure out how to delete and email address for someone that is no longer valid.

    I can't figure out how to delete an email address that is no longer valid.

    Assuming that this is on your iOS device, then you can change a contact's details via the Contacts app. If it's not linked to one of your contacts then I get a blue 'i' to the right of the email address on the popup list :
    Tapping on that gives me a second popup, at the bottom of which is :

  • How to limit file access for different users in 10.7.4 Server

    We had everything working perfectly with an earlier version of Lion Server. The update to 10.7.3, or 4, seems to have opened access to all files for all users. Much to our surprise, this wide-open access started without warning.
    - We have an external drive that contains all of the company's archives
    - We had set access for one employee to get to the files he needs, and different access for another employee. Neither saw sharepoints outside of their access settings.
    After an update, each employee can see and log in to all sharepoints. There doesn't seem to be a way to limit access for each employee now. I can set 'read' access for one employee, but it doesn't stop the other employee from accessing that sharepoint/folder.
    Is there some new way to go about this? Or is something simply broken with the current release?

    That is good to know. If the file share is seeing the drive and ignoring its permissions, that is why everyone can see everything. I have found, in Lion Server, that it is best to get the permissions set before turning on File Sharing. I don't know if you have the luxury of turning the file share off for a little while, but I would unshare the drive and see if the issue persists if you plug the external drive into another machine. The settings for permissions are set on the file or folder itself, so the issue should follow you to the other machine.
    Again, if you can, I would unshare the drive and reshare it with the permissions that you want and turn file sharing back on. However, if you can get the drive to respect permissions rather than ignoring them, I think it will save you a lot of work.

  • Giving Access for an User On One Schema.

    Hi all,
    I want to give read,write and execute access for an user in one schema and only read access to another two users.
    How can I give..Please suggest.

    Hi,
    Well in that case you may have to give the select privilege to a particular user for all tables.
    Or
    You may like to create two roles, and give select privilege to a particular role for all tables. And give write i.e. insert/update privilege to the other role. Then assign this role to the user whom you like to give the access.
    Regards
    Anurag Tibrewal.

Maybe you are looking for