Deletion of Authorisation object from many roles

Similar Messages

• *How to Delet one same object from different roles*

  I need to delete one auth object from different roles, Couls any one please advise me how can i do this and if there will be any complications involved with tis.
  Best regards:
  Maq

  In PFCG, it may be that you have added some objects manually. To remove them you will have to go to pfcg.
  Even if you first remove the objects from su24, you will have to go to all the roles through pfcg to generate them in expert mode by selecting the third option (edit old status and merge with new data)

• How we can remove  one authorization object from multiplt roles

  How we can remove one authorization object from multiplt roles

  > Correct me if I am wrong !!
  O.K., Here I go
  > But if the object is maintained in SU24 and if you use Expert mode for generation of the role then again those objects may be pulled.(make sure you never use expert mode once you delete the objects)
  Actually using expert mode and choosing 'edit old status' is the only way to avoid objects being 'pulled in' after menu changes.
  > As jurjen said, you may download the tables and instead of deleting the object from the excel sheet, change the value of the object in column "DELETED" = X, by doing this only the objects get inactivated(but remain in PFCG).
  I am not speaking of downloading tables but about downloading roles from PFCG. This will not get you a spreadsheet but a flat textfile. If you whish to set the object status to deleted you'll have to swap the space on position 207, right behind the 'U, S, G' flag,  with an 'X' for all corresponding lines.
  Jurjen

• Creating Single Role from Many Roles

  Hi,
  Can we created a single role(not composite) from many roles?? i.e. all the authorisations of n roles being copied into a single new role??

  You can create a composite role in PFCG and just include the other roles within it. But there is no functionality to merge roles into one another.
  If you need more detail, the I suggest you ask your question in the Security Forum.
  Hope that helps.
  J. Haynes
  Denver CO US

• Disable an Authorisation object for Multiple roles.

  Hi ,
  I need to Disable an authorisation object F_BKPF_BUP for about 345 roles.Is there any way by which we can make mass changes.Doing it for individual role would take a lot of time.kindly advice.
  Thanks in advance

  Hi,
  1. Go to SE16 --> table  USOBT_C --> put object F_BKPF_BUP in the field "Object" --> execute without restriction. Download the list of TCodes.
  Now go to Table AGR_TCODES --> put the list of TCodes (found with above method) in the field "Extended name" as multiple selection --> execute and download the list of roles.
  Look up your list of 345 roles with this list. After matching, you need to sort out the TCodes present in this list of roles which is checking the object F_BKPF_BUP.
  2. Now go to SU24.. go to option "Authorization Object" and NOT in the Transaction section.
  Put the Object and execute.... go to change mode.... check the proposals for the TCodes you sorted at last step of point 1. Make the proposal Do Not Check where ever it is not so.
  Move the Workbench Transport through Landscape. Your purpose will be done. But you should also keep in mind if the TCodes are present in other roles besides of your 345, those will become vulnerable.
  Regards,
  Dipanjan

• Deletion of data objects from already not existed source system

  Hello, Everybody,
  In BI 7 i had QASCLNT<b>500</b> source system and have been created datasource with transformation. Later QASCLNT<b>500</b> was deleted or changed (i don't know very well) to QASCLNT<b><i>300</i></b>, but old datasource with transformation is still in new system. When i try to delete these objects i get a message - "Source system QASCLNT<b>500</b> does not exist".
  Could you give me a suggestion how can i delete that datasourse and transformation?
  Thanks in advance.
  Best Regards,
  Arunas Stonys

  Hi,
  It depends on your requirements whether you have to keep the history or not.
  If you  delete the data from your info providers, you have to reload everything from scratch.
  If you want to delete the data from all
  1. first delete the data in data targets such as cubes, DSO's or ODS then
  2. master data
  use these programs to delete from se38
  -> rsdrd_delete_facts - for Cubes and DSO or ODS
  -> rsdmd_del_background - for master data in background
  -> rsdmd_del_master_data_texts - for master data right away
  manage your master data info objetcs after the deletion, if you still find them....
  go to se14 and delete individually each and every table such as attributes, texts, sids, hierarchy.
  hope it helps you better.
  But I dont recommend you to delete try to load full repair options for all yur loads

• How to delete bulk of objects from transport request?

  Hi
  I made some mistake in selecting the objects for transport, and now there are a lot of unwanted objects saved under the request number. I know the objects can be deleted from the transport request through SE01, SE09 and SE10. But none of these allows me to delete the request number because there are a objects under the request that has to be deleted first.
  Is there any way by which i can delete the entire list of objects in one go rather than deleting them one by one?
  Thanx
  Sujai

  Hi,
  You have to Unlock the request before you deleting the request.
  Goto SE03->Under Requests/Tasks Double Click on Unlock Objects (Expert Tool)-> enter the Request no you want to Delete and Click on Execute -. Click on Unlock.Now you can Delete that Request.
  -Vijay

• BDC to PFCG (Delete Authority Objects from Roles.)

  When we try to change an authority object it gives an error message saying that 'This authority object is used in roles XXX'.
  To remove Authority Ojects from roles, transaction PFCG is used. But the problem is that BDC is almost impossible to PFCG.
  Is there any way you can suggest us to change an authority object when it is assigned to a role or how we can BDC delete authority object from a role or a function/badi we can call to achieve this.
  This is a very high level question.

  Hi
  U should consider PFCG trx is enjoy trx so it's not suitable for BDC, what doesn't mean you can't do a BDC program for that trx but it won't be easy.
  Anyway you can know the users assigned to certain profile reading table AGR_USERS. I believe PFCG shows them sorted alphabetical, so you can know the position where an user should be, after u should use PAGE UP and PAGE DOWN command to scroll the table control.
  Max

• Authorisation object Clarifications

  Hi Friends ,
                        I have a requirement like there is a custom pushbutton in the screen and when a user clicks the button the code has to check whether the user belongs to Customer Service user group or not . If so then proceed with coding else sent a message.
  I understand that the user can be checked using Authorization object , hence created one Authorization object and also coded the program
      AUTHORITY-CHECK OBJECT 'Z_CUS_SERV'
                          ID 'ACTVT'         FIELD '02'
                          ID 'ZUSRGRP'    FIELD lv_cust_serv.
  Question - Is it right that the parameter lv_cust_serv should have the value 'Customer Service'? or the New role name or the profile name ?
  I'm confused , could anyone suggest me ..which is right way to approach this ?
  Many thanks ,
  Kumaran

  Hi,
  You probably need to read up on the authorisation concept or talk to a security guy to really understand this.
  Anyway, based on what you've said here's what I think you need.
  Firstly, forget about the role name or the profile name, your program should not know or care what the role is called.
  So, you've created an object Z_CUS_SERV with fields ACTVT and ZUSRGRP.  The field ACTVT is used to determine the type of access Create/Change/Display/Delete etc, so if you need the check the type of access to grant the user you need this.  From your original explanation of the requirement I don't think you do, you've pretty much a binary check, the button can only be clicked if you're in Customer service.  This is where ZUSRGRP comes in, this could be used to check the group the use belongs to.  But the value can only be Customer Service or nothing, so do you really need it?  I don't think so, as you can use just the object to make the check.
  Your security guy (or girl) should create a role that contains the object Z_CUS_SERV and only give this role to users in the Customer Service group.  In your code you should just check;
  AUTHORITY-CHECK OBJECT 'Z_CUS_SERV'.
  IF SY-SUBRC EQ 0.
  * User has the authorisation object in their role therefor is in Customer Service, display the button
  ELSE.
  * User does not have the authorisation object in their role, so is not in Customer Service, hide the button
  ENDIF.
  Regards,
  Nick

• How to Delete multiple Software Component  from repository

  Hi,
  We have XI 3.0 running on MaxDB & Linux environment. Due to some mistake we had imported ALL Software Component versions from SLD. Since it was not required, we have to delete around 150 objects from repository.
  We can delete one by one. But I am looking for option where we can delete multiple objects at time, which will save our time.
  Thanks in Advance,
  Vinod

  You could try to get the Basis people to restore from a backup. (But that would only work, if you had a backup from just before, or there aren't too many changes after the last backup you can rollback to).
  I don't think there is any other way of doing a mass-delete of SWCs.
  Cheers
  Manish

• How to remotely control objects from transport request

  Hi all,
  I have to perform some task but can't find the way to get it done. What I have to do is:
  a) get list of transport requests for given SAP system (i.e. its import queue)
  b) let the user choose transport requests from the list
  c) get list of all objects from chosen transport requests
  d) control these objects in source and destination (from point a) ) SAP system. 
  Points a) to c) are easy and already done (using appropriate function modules and ALV objects). But I have no idea how to do things from point d). Control means comparison of dates (i.e. last modified) of objects in source and destination SAP system. The main goal of this approach is to avoid transportation of older objects from source system (DEV) and overwritting newer versions of the objects in destination system (PRD). I tried to use SAP versioning system to check versions remotely (the same way as it can be done from standard SAP transactions, e.g. SE38 for program source) with RFC and it worked fine (see function module SVRS_DISPLAY_REMOTE_DIR). But what about other objects not covered with versioning system? There are 932 objects that can be transported (at least TR_OBJECT_TABLE function module says so). Versions management system covers about 30 (program source, function module, object methods, table definitions, lock objects, and so on) of them. The problem is with the rest (900 transportable objects).
  How can I check their dates remotely in source and destination SAP system. Any clues? Manual retrieval of the information about dates of 900 various SAP elements must be very difficult (if possible at all) because so many objects must be spreaded out in many tables. Is there any universal or standard way (report, RFC function module) to get required information?
  Thanx in advance,
  Jacek Witczak

  Hi
  There is no automatic way to delete the unnecessary objects from the transport reqeust.
  1. Go to Tcode se09 and select the request which contains the unnecessary objects.
  2. Select the unnecessary objects and delete manually.
  Also if you want to delete the entire request then unlock the request in the tcode SE03 and then delete the request completely.
  Also note that if the request is released then you will not be able to delete the objects in that request.
  Hope it helps.
  Regards
  Sadeesh

• I have deleted the Facetime icon from a Contact but now want to reinstate it. How do I do this?

  On my iPad Air, I have deleted the FaceTime icon from many of my listed Contacts. Is there a way to restore the icon and FaceTime facility to selected contacts?

  Some of my contacts in Contacts have the Facetime icon in their listing, some don't. I guess I've deleted it from those where it's missing, though not sure how! How can I get it back when it's missing? in Edit, I can add new email addresses, phone numbers etc, but I can't figure out how to add FaceTime to a listing.

• Left over objects from install?

  I had started to migrate DNS and DHCP from a Netware 6.5 server to an
  OES 11 server and then held off. DNS and DHCP are both still running
  fine on my two Netware 6.5 servers. I noticed that I have some odd
  objects scattered around my tree now.
  Netware servers are FS2 and FS7
  OES server is FS13 (DNS and DHCP are not running here)
  O=MSKTD
  - DNSDHCP-GROUP (FS2.MSKTD and FS7.ININ.MSKTD)
  - DNS-DHCP (FS2.MSKTD and FS7.ININ.MSKTD)
  - DHCP_FS2
  - DNS_FS2
  OU=ININ
  - DNSDHCP-GROUP (OESCommonProxy_fs13.ININ.MSKTD)
  - DHCPGroup (OESCommonProxy_fs13.ININ.MSKTD)
  - DHCP_FS7
  - DNS_FS7
  - DHCP_fs13
  - dhcpLocator (points to FS2.MSKTD)
  Can I delete the following objects from OU=ININ? Does Netware DHCP
  use the "dhcpLocator" object?
  - DNSDHCP-GROUP (OESCommonProxy_fs13.ININ.MSKTD)
  - DHCPGroup (OESCommonProxy_fs13.ININ.MSKTD)
  - DHCP_fs13
  - dhcpLocator (points to FS2.MSKTD)
  Thanks,
  Ken

  Originally Posted by ketter
  I had started to migrate DNS and DHCP from a Netware 6.5 server to an
  OES 11 server and then held off. DNS and DHCP are both still running
  fine on my two Netware 6.5 servers. I noticed that I have some odd
  objects scattered around my tree now.
  Netware servers are FS2 and FS7
  OES server is FS13 (DNS and DHCP are not running here)
  O=MSKTD
  - DNSDHCP-GROUP (FS2.MSKTD and FS7.ININ.MSKTD)
  - DNS-DHCP (FS2.MSKTD and FS7.ININ.MSKTD)
  - DHCP_FS2
  - DNS_FS2
  OU=ININ
  - DNSDHCP-GROUP (OESCommonProxy_fs13.ININ.MSKTD)
  - DHCPGroup (OESCommonProxy_fs13.ININ.MSKTD)
  - DHCP_FS7
  - DNS_FS7
  - DHCP_fs13
  - dhcpLocator (points to FS2.MSKTD)
  Can I delete the following objects from OU=ININ? Does Netware DHCP
  use the "dhcpLocator" object?
  - DNSDHCP-GROUP (OESCommonProxy_fs13.ININ.MSKTD)
  - DHCPGroup (OESCommonProxy_fs13.ININ.MSKTD)
  - DHCP_fs13
  - dhcpLocator (points to FS2.MSKTD)
  Thanks,
  Ken
  If you aren't running dns/dhcp on fs13 (the OES box), then the objects aren't needed. If you plan on running them in the future, then you may need them. NetWare contains the dns and dhcp locator under one object: DNS-DHCP. OES break them off. DNS uses DNS-DHCP and DHCP used dhcpLocator. NetWare does not use the dhcpLocator. The other objects you mentioned are DHCP specific, so if you aren't using DHCP on fs13 and you want to get rid of them, then you can do that.
  Wouldn't hurt to export your dns/dhcp configuration using the DNS/DHCP Java Management Console before making any changes. That is just good practice.

• How TopLink handles deletion of dependent objects

  Hi,
  If you load an object in one ClientSession, release this Session then serialize this object to Client, in Client remove one dependent object (1-M) from this object, then serialize this to server, on server acquire another ClientSession, acquire an UnitOfWork then register and deepMergeClone the object, the TopLink don't delete the dependent object from database but remove this from cache, what happen?

  Are you sure it's mapped as a private relationship on the 1-M? Are you sure that when you remove the target from the collection that you are setting it's source to null? I.e:
  In Invoice:
  public removeInvoiceItem(InvoiceItem ii) {
  getMyInvoiceItems().remove(ii);
  ii.setInvoice(null);
  When removing a 1-M, it's most important to set the backreference to null.
  Are you certain that you are doing the remove on a serialized object and not on the cached object by accident?
  - Don

• Transport request and deletion of an  object

  Hi Folks,
  1.Will it ask for a transport request when a object is deleted from
  the Development.
  2.If it asks, then whether this transport request when transported to
  quality and production will it  delete the same object from Quality and
  production too?
  3.What is the best way to delete an object having an transport request.
  4.Anyother way to make an object null and void.
  Thanks,
  K.Kiran.

  Hi,
  1.Will it ask for a transport request when a object is deleted from
  the Development.
  <b>YES</b> this is needed so that the objects are deleted from all the systems in the ladnscape. so that when you release thisrequest the objects gets deleted from the target system
  2.If it asks, then whether this transport request when transported to
  quality and production will it delete the same object from Quality and
  production too?
  <b>YES</b>
  3.What is the best way to delete an object having an transport request.
  <b>If the object exist in your quality and production the best way is to use the transport request, if that does not exist you can ask your basis guy to delete it.</b>
  4.Anyother way to make an object null and void.
  <b>Ask the basis guy to delete it</b> but to keep track its always better to delete it using the Transport reuqest.
  Regards,
  Sesh