Discount and users authorization

Similar Messages

• Query to fetch users and User Authorizations

  Hi
  I have a task to retrieve the all users and the authorizations. I am trying to run a query to get the results.
  Inorder to get the users, I use
  select * from OUSR
  But I am stuck with authorizations.
  Can anyone help.
  Thanks in advance.
  MSJ.

  Hi Manoj,
  It is not possible in SAPB1.
  Try to Export to Excel File.
  check the thread,
  Re: Authorisations List
  Regards,
  Madhan.

• ChaRM Process Flow and user authorizations

  Hello!
  I configured ChaRM functionality within SAP Solution Manager 4.0 (SP 13).
  I have the following question about the appropriate authorizations in CharM:
  <b>- What are the steps and made by whom?</b>
  (from create a service Desk message in satelite system to create, approve and process Change Request e.g. urgent correction in SAP Solution Manager)
  - <b>How is responsible for the creation of a change request e.g. urgent correction?</b>
  (SAP_SOCM_REQUESTER
  SAP_CM_ADMINISTRATOR_COMP
  SAP_CM_DEVELOPER_COMP)
  - <b>Does some documentation exist describing the assignment of authorization roles (e.g.SAP_CM_ADMINISTRATOR_COMP)to the tasks in ChaRM?</b>
  E.g. for Requester, Approve person, Developer, End User,..
  Thank you very much!
  regards
  Thom

  Hi Sid,
  There is a concept called transport of copies (ToCs) which will help you in this situation.
  Transport of copies can move the changes to TEST environment when ChaRM project is "in development".
  Transport of copies can move chang only to next system i.e. TEST and cannot move further to production system.
  Developers can test and revert back the change untill test is successful without any effect on the flow of the change documents. Once development is as per requirement, regular transport request can be released from D -> Q -> P.
  Thanks,
  Ambarish

• User Authentication and User Authorization

  We have a scenario where the B2B customers are being provided EP user ids so that they can access certain data and create certain transactions. there are two issues out here:
  (1) For multiple EP users, there will be one single SAP Backend user mapped (which is allowed by EP). However these multiple EP users would have different authorization based on which sales area/product they access/buy and this needs to be controlled via one SAP Backend user?
  (2) Under the above user mapping model, is it possible to have authentication at EP level and  authorization at SAP Backend?
  (3) Once the customer accesses the EP system, then the SAP Backend system is exposed to him? Are there possibilities of having any further layer of security between EP and SAP Backend?
  Looking for response to this or any documentation which addresses the above. My mail id is [email protected]

  This is a broad topic, let me try to point out some key issues: (I asume, B2B means actual SRM these days.)
  (1) The user that is mapped is the generic EBP/SRM user.
  Therefore, the SRM does only know this specific user. There is no way to pass additional data to the SRM. Once the authentication is done, the role assignement is done by SRM (i.e. derived from the generic SRM user, not the EP User) Whenever you want to pass extra context values from the EP to SRM, you can only do this with tricks.
  My experience is, that SAP wants to have a 1:1 relationship between portal users and EBP, even if the bundled mapping is "allowed". (Rather grey'ish area).
  The trick copuld be to set a cookie in the portal and use a BADI together with a Javascript, to  make addiional mappings. But this would count as modification, at the end.
  (2) The authentication is mappped from EP to SRM via SSO2-Ticket, which is accepted by the SRM as authentication. The authorization (role assignement etc) is done solely by the SRM.
  (3) The Backend is exposed to the usual content - the EP via https is considered secure, so is the connection via https to the SRM - you can harden the rfc connection between the srm and the backend as well.

• Transport roles and analysis authorization with user assigned

  Hi expert,
  I face with this problem transport roles and analysis authorization with user assigned. When I have created a transport request to move the roles and analysis authorization from development system to test system. I couldnu2019t maintain the user assigned, after transport I have to assigned manually all of user or create a program to fill AGR_USER table or there are other way.
  Thanks for your time,
  Luis

  Hi,
  In role administration, you have the following options for transporting roles:
  You can download the roles from one system and upload them into another  
  You can import the role from a remote system using RFC  
  You can transport the roles with the transport function.
  Role upload loads all role data, including authorization data from a file into the SAP system. The user assignments for the role and the generated profiles for the role are exceptions in this case.
  Transporting Roles with the Role Transport Function
         1.      Start the role administration function by choosing Tools ® Administration ® User Maintenance ® Role Administration ® Roles (transaction PFCG).
         2.      Enter the role to be transported and choose Transport Role.
  The Mass Transport of Roles screen appears. You can control the default settings for the options Also transport single roles for composite roles and Also transport generated profiles for roles using Customizing switches (see Role Administration Functions in the section Functions of the Utilities Menu).
  You should not change the authorizations profiles of the role after you have included the role in a transport request. If you need to change the profiles or generate them for the first time, transport the entire role again afterwards.
  For more information go thrpugh the below link
  http://help.sap.com/saphelp_nw70/helpdata/EN/6d/7c8cfd410ea040aadf92e1f78107a4/content.htm
  Regards,
  Marasa.

• SOLMAN 7.0 SPS 17: MOPZ and EWA user authorization

  Hi!
  I installed SOLMAN 7.0 SPS 17 and have multiple solutions within tcode DSWP.
  Now I would like to give a MOPZ and EWA authorization for user x to see content of special solution x within DSWP.
  It should look like:
  User X --> tcode DSWP: Solution X (authorizations for MOPZ, EWA)
  User Y --> tcode DSWP: Soution Y (authorizations for MOPZ, EWA)
  What are the appropriate roles/profiles for this approach? 
  Thank you very much!
  regards

  >
  Holger Thomasson wrote:
  > Hi!
  >
  > I installed SOLMAN 7.0 SPS 17 and have multiple solutions within tcode DSWP.
  >
  > Now I would like to give a MOPZ and EWA authorization for user x to see content of special solution x within DSWP.
  >
  > It should look like:
  > User X --> tcode DSWP: Solution X (authorizations for MOPZ, EWA)
  > User Y --> tcode DSWP: Soution Y (authorizations for MOPZ, EWA)
  >
  > What are the appropriate roles/profiles for this approach? 
  >
  > Thank you very much!
  >
  > regards
  See information in Security Guide, too.
  Please check authorization object D_SOL_VSBL. to restrict display, edit authorization for specific solutions.
  Best regards,
  Ruediger

• Define and assign user authorization groups in FI

  Hi All,
  In order to allow some specific group of users to post in AUGR allowed periods, how do I define and assign user authorization groups in FI?
  Thanks,
  Teo

  Hi Teo,
  Here i am giving some authorisations in fi
  F_AVIK_BUK FI Payment Advice: Authorization for Company Codes
  F_BKPF_BED FI Accounting Document: Account Authorization for Customers
  F_BKPF_BEK FI Accounting Document: Account Authorization for Vendors
  F_BKPF_BES FI Accounting Document: Account Authorization for G/L Accounts
  F_BKPF_BLA FI Accounting Document: Authorization for Document Types
  F_BKPF_BUK FI Accounting Document: Authorization for Company Codes
  F_BKPF_BUP FI Accounting Document: Authorization for Posting Periods
  F_BKPF_GSB FI Accounting Document: Authorization for Business Areas
  F_BKPF_KOA FI Accounting Document: Authorization for Account Types
  F_BKPF_VW FI Acc. Document: Change/Display Default Vals for Doc.Type/PKey
  F_BL_BANK FI Authorization for House Banks and Payment Methods
  F_BNKA_BUK FI Banks: Authorization for Company Codes
  I hope it will help.
  BR,
  Satya

• Is it possible to do machine and user authentication in same Authorization profile?

  Hi,
  I want to know is it possible to do machine authenticaiton and user authentication happen at the same time? Some thing like this...
  Condition
  IF ( wired_802.1x and AD:externalgroup EQUAL dommain computer AND    AD:exteranalgroup EQUAL Some_domain_user_group )
  Permissions
  then Vlan x
  Basically i am trying to check a machine is part of domain and user is valid only then he should be able to have full access.
  Any help will be of great value.

  Hi,
  IF ( wired_802.1x and AD:externalgroup EQUAL dommain computer AND    AD:exteranalgroup EQUAL Some_domain_user_group )
  - Not possible
  As user and machine authentication occur at different contexts.
  ACS cannot verify the both at the same time.
  Using MAR, you can, though club the both together and achieve:
  "machine is part of domain and user is valid only then he should be able to have full access"
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1235978
  Tips for configuring MAR:
  1) Set the client to perform user or computer authentication.
  2) Create two rules in authorization, one for user and and one for machine (identity them by using group membership on AD).
  3) Enable MAR under the AD configuration page on ACS and set the aging time.
  4) In the user rule, customize and use the condition "Was machine authenticated" and set it to true.
  Rate if useful

• Variable value to be populated based on user authorization

  Hi all,
  I want to have a variable with single value on plant.
  when the user executes the report, value of the variable has to be populated automatically based on the authorization of the login user and it has to show the output without displaying the selection screen.
  Kindly guide me of, what type of variable to create and to proceed.
  Thanks.
  I

  Hi
  Restriction Plant from user authorization can be achieved by the following steps
  1. Plant infoobject should be authorization relevant.
  2. make authorization object including plant and restrict to the plant u needed and assign the profile to the user
  3. in BEX create variable of authorization type on plant. this variable will get the default values for the plant from the user authorization on the selection screen of the query.
  4. if you dont want to display the variable on the selection screen then remove the chek box in variable that " variable is not ready for input"
  thanks
  radhika

• Users Authorization- Restrict value of one variable corresponding to other.

  Dear Experts,
  I have query regarding BEx Authorization for the given selection screen of any variable for any report :
  I have two parameters/variables( Category and Sub Category) which needs to be passed from User. I want to restrict the value of second variable corresponding to the values passed in first variable. For e.g. :  if i passed Category value -Engineering ,Sub Category variable should only show the value related to engineering only other than all the values in sub category field in the selection screen for the user.
  Please suggest.

  Hi Shikhar,
  E.g. Category: Engineering , Arts , Commerce
  Sub Categories for Engg. ECE, IT , CSE.
                                 Arts : sociology philosophy etc
                                 Commerce: economics, accountancy etc
  Now Maintain authorization for Char. related to Engineering and create Auth. variable, follow this steps:
  Transaction Code- RSECADMIN
  Steps to create Authorization based on Division e.g. InfoObject    is 0DIVISION.
  Check for 0DIVISION, it must be Authorization relevant checked, if not then maintain 0DIVISION and check Authorization relevant box.
  Step 1: Create Analysis Authorization Maintenance using RSECADMIN T-Code, in that add 3 special characteristics i.e. 0TCAACTVT , 0TCAIPROV and 0TCAVALID, these are the mandatory Char. along with that add 0DIVISION for which you want to create Authorization, 0DIVISION details restrict value as 01 (EQ 01).
  Step 2: Again goto RSECADMIN -> User tab-> Assignment, enter username (e.g. User1) which you want to restrict. insert Auth. obj. from step1.
  Step 3: Now in Query designer, create Authorization variable for 0DIVISION, i.e. process type Authorization.
  Execute That query with restricted user (e.g. User1) it will only show the data for Division = 01.
  For reference: [http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/c0b7acf2-6121-2e10-5591-eaec182d9315]
  Hope this will meet your requirement, let me know if further explanation required.
  Regards:
  Avinash

• Can I use both Education discount and Black Friday discount

  Hi
  Can anyone tell me if both the education discount and the black friday discount be used together. I plan to buy a macbook.
  Ajju

  Hello and Welcome to Apple Discussions. 
  We are just iMac users here. Far better to give Apple a call and get the official line from them:
  1-800-MY-APPLE or +(800) 780-5009+
  cheers
  mrtotes

• Need a Query/User Authorization Report

  Hello All,
  I am looking for tables, function modules, programs etc that will aid in building a report that will show every query and which users have access to them.
  This program I am wanting to build will serve as a periodic "reality check" on our authorizations.
  I am not sure about the tables/programs etc involved in interpreting the user's roles/profiles.
  My current thinking is that there may be a function module or program that is being by the BEx tools that comes up with the list of queries that the user has access to when they first select the query they want to run. Getting a hold of that would be very beneficial.
  Any ideas?

  Hi,
  Refer the below links
  www.das.state.ne.us/nis/security/docs/authorized_agent_manual.pdf
  script.wareseeker.com/PHP/uas-user-authorization-system.zip/18033
  eda.ogden.disa.mil/users_guide/trainMaterial/GeneralAdminMaint.ppt
  www.umaryland.edu/eumb/Documents/user_aff.pdf
  www.mariewagener.de/node/98
  https://wiki.sdn.sap.com/wiki/display/BI/AuthorizationinSAPNWBI?focusedCommentId=78053701
  www.bi-expertonline.com/downloads/Smith.doc
  https://aisweb.wustl.edu/hr/benefits.nsf/pages/files/$file/hrmssecurityauth07.pdf
  www.sapdev.co.uk/sap-bw/queryexit.htm
  naresh

• Creation of variable in BEx from user authorization

  Hi gurus,
     i want to create a variable with user authorization in BEx. Can any one please tell me the steps to create the variable for authorization.
  Thanks in advance
  sandy

  Hi,
  You will get a better and quicker answer if you post this in the BI forums.
  Eddy
  PS.
  Put yourself on the SDN world map (http://sdn.idizaai.be/sdn_world/sdn_world.html) and earn 25 points.
  Spread the wor(l)d!

• Auth Group for Accounting Doc and Account authorization for  Vendors

  Hi guys,
  I have question regarding Accounting Doc for Vendor and G/l Account.  I have a security client whree I build my business roles for end user but we we configuration client where all the functional focus wokring and doing configuration.  My questiion when I start creating business roles  and start going  into these authorization objects and filling up the field values (F_BKPF_BEK, F_BKPF_BES,  F_BKPF_BLA).
  I won't  see auth group that will be c reated by functional  cocus because they are working on configuration Client and they probably create auth group for above authorization objects in Config lcient and I'm building Roles in my security client. 
  If it is true what would be the best way to create business role.  I'm in realization face of the project  Should I build my roles in Config client?   Please advise.
  Thanks in advance
  Faisal

  What is the benefit of a "security client" in DEV? I don't get it...
  You anyway need to protect the namespace... and the authorizations for role development (SU24) and admin (PFCG).
  Anyway, you have closed your question so we can only lick our wounds now
  Cheers and good luck on your project (let is know how it goes if you stick around for long enough to experience a release upgrade...
  Julius

• CRM Analytics - User Authorization Not Suficient

  Hi Guys,
  We have implemented the CRM analytics report, however when I access the menu Sales Pro in CRM and try to open the report Closed Opportunities, I get the error : User Authorization not sufficient.
  If I open the error I get the message :
  Diagnosis
  The user doesnot exist in the BI client or has insufficient authorizations
  Procedure
  Contact system administrator to verify the user is setup properly in both CRM and BI client
  Procedure for System Administration
  Verify that the user exist in BI client with the same user id, if not create it and assign proper authorizations as per the configuration guide.
  When I run the query or the webtemplate in BW I don't have authorization problems, but I can't run from CRM.
  Any suggestion about how to fix it?
  Thanks in advance,
  Fernando

  Hi Fernando,
  The report which you have implemented is doing a RFC call to BI system where some other system program is getting called which have authorization logic check for the RFC user ( or the person who is running the report). here report is terminating with error. I have face the similar issue.
  generally such reports we use to schedule as a background job with batch user which have SAP ALL access but I feel in your case user who runs the report have not sufficent authorization in BI system and also you are not running report as an background job.
  There aretwo tricks to findout the missing authorization which I also have used.
  First option : close all the session except one in CRM and than run the report as soon as the error comes open transaction code SU53 to know the missing authorization - may be you can fail here as the authorization check fail in BI.
  Second option definitely will work. Whenerror is coming double click on the mmessage to know the message detail(class and number) than again run the report in debugging mode (/H- type in address bar to activate debugging) than set breakpoint in the message and press f8( may be system will not set the break point immediately than you need to debug till the RFC calls BI system) . system will take you to the exact authorization code check where the error is coming. there you can find out the missing authorization object which is not included in the user assigned role. than can ask access team to add in the user role.
  I hope this will solve your issue. Please revert with your finding.
  Thanks,
  Prem