DMS security object c_drad_obj
Hi DMS Gurus,
I'm hoping someone can help me. I've been testing different scenarios all day and just did a web search to see if anyone has posted anything about this in the past. I came up with zero on both counts.
We are new to DMS at my company. Our objective is to give some users full access to DMS and others no access. I have found that our existing user roles already pull in Document Management security object CV, I think because the user has access MM03. For example our sales role has the c_drad_obj object assigned, but we don't want this role to have access to DMS. No matter what I change the options to in the security object, it doesn't have any effect.
I was under the impression that I can restrict the activity / document type / linked SAP object / document status in the c_drad_obj object. But as I previously said, no matter what I set these to, even to disable the object itself, it doesn't seem to matter.
Thanks for your consideration.
Regards,
Julie
You do realize that C_DRAD_OBJ is relevant only for Object Links stored in table DRAD? Not all documents will have Object Links. See Authorization Objects for Documents - Document Management - SAP Library for details on DMS authorizations. The main table for documents is DRAW.
Similar Messages
-
Security object for check against Lab office in DIR
Hi,
We are running R/3 46C and use DMS to store our business documents via online vault. I have a requirement to set up access based on Lab office (department) that is used in the Document Information Record. Is there a standard security object that I can use in security roles to build this.
Any info would be appreciated and rewarded.
Regards
NirmalYour best option would be to use a user exit, for example badi "document_main01" "before_save" to populate the auth. group field, and then use normal roles/profiles to check on auth. group.
Regards,
Espen
Please reward if useful. -
Transport of Security objects in BPC 7.5NW
As a part of NW BPC transports, changed the entries in table UJT_TRANS_CHG. For the 1st transport (from DEV to QA)wanted to transport ALL objects including Security and Teams. So, selected 'Development' for ALL objects under this table.
After the transport collection via tcode UJBPCTR and importing into QA, found that 'Users', 'Teams' and 'Task Profiles' did NOT transport. 'Member Access Profiles' did transport to QA.
I expected 'Users', 'Teams' and 'Task Profiles' also to be transported. We are on SAP BPC 7.5NW, SP4.
Am I missing something here ?
Thanks in Advance.Hi
we had the same problem and didn't know if Security objects could be transported, but we found the BPC User Mass Management Tool.
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/d0cdbccf-0def-2d10-298d-f4223de9a6ed&overridelayout=true
This could help you to export the security objects in DEV and import the objects in PRD.
The transports you need for the ZUJE_MASS_USER_MGMT Programm you found on page 46 in the document mentioned above.
Please let me know if we could help you. -
Service Entry Sheet in ECC 6.0 shipment costing security object?
Does anyone know what security object is being checked during service entry sheet creation? When I run the shipment cost create process in foreground (RV56TRSL) VI04, the program creates and settles the shipment cost, but in background only the shipment cost doc creates the settlement remains open (status A) and I get a message:
You have no authorization for this transaction with movement type 101
My assumption is a different object is being called in background versus foreground but my traces are not showing me anything useful.
thank youShipment settlement in ECC 6.0 requires the users to have some version of the MIGO object to prefrom the goods movement. this is a change from 4.7 and prior.
-
How to control partner function through security objects ??
Hi, theres any way to control witch Partner function are avalilable to assign in support messages ??
Theres any security object to control that ??
I have configured rules for automatic determintation, but in certains cases i need to assign manually.
I need to control this asignation Partner function
Any ideas ?? CRM_ORD_OP ??
Best RegardsI got it fixed my self.
here is the solution.
in user exit :EXIT_SAPMM06E_012.
call below FM: MM_CALL_UPDATE_PARTNERS
Trick is pass the partner values the one you wanted to below table: x_mmpa and xuekpa.
you can calculate partner records from wyt3 table depends on your logic/requirement.
CALL FUNCTION 'MM_CALL_UPDATE_PARTNERS'
EXPORTING
ebeln = wa_ebeln
bstyp = 'F'
* knuma = wa_knuma
application = 'P'
TABLES
x_mmpa = it_mmpa1
y_mmpa = it_mmpa2
xuekpa = it_uekpa1
yuekpa = it_uekpa2
i_mmpa = it_mmpa3
u_mmpa = it_mmpa4
d_mmpa = it_mmpa5.
Thanks,
Mahesh -
UME security vs ABAP security object level
We installed Virsa Compliance Calibrator & Access Enforcer and trying to configure security in UME to control user access so that besides action level security, we need further restriction on for example, Functional Area, cost center & department access. Does UME have lower level authorization restriction capabilities similar to that of ABAP authorization object level security? If not, how can we utilize ABAP Virsa security objects to control JAVA front end access?
Your advice is much appreciated.
Thanks,I'm not aware of a way to limit requestor access (you can request anything visible); however, you can provide direction by populating an attribute field (i.e. company) with valid company values for each role. When a requestor searches for a role, if they filter by the appropriate company, they will only see valid roles for the request. I did, however, point the request authentification towards a 'fake LDAP'. This prevents individuals without specific UME credentials from submitting a request.
However, you can restrict approvers using a custom approver/determinator. In my case, I wanted to use a combination of "role" and "usergroup" to determine approver, rather than use one approver set for all requests. I have implemented and confirmed this works. The unfortunate side affect, is that you have to maintain a seperate file for this custom A/D (which you have to refer to /append for any request for role approver information). -
Only want to transport security objects in BPC
Hi,
I only want to transport Security objects in BPC from DEV to QAS
Is it possible ?
I setup the UJT_TRANS_CHG table entries in DEV the following way -
- Security - Development
- All others - Production
Will that work ? Is it going to mess up anything in QAS system ?
Do I need to have the same setup in QAS system also ?
Any help would be highly appreciated.
thanks
JBasically what it is saying is that you always need to have the following TLOGO objects in the UJT_TRANS_CHG table set to "Development". This is required by the framework, If they are not set this way, you run the risk of messing up the objects in the target system. Also, I bellieve that as of SP7 and above, you don't have to worry about this, as these 4 TLOGO are harded coded in the framework to always be triggered regardless of the setting in the UJT_TRANS_CHG table.
ASET
APPM
DIME
DIMA
So again, all you need to do is make sure that these TLOGOs are set to Development, as well as the security ones, and the security data will be transported successfully. Remember that you must transport your UJT_TRANS_CHG records to the target system before transporting the AppSet.
Regards,
Rich Heilman -
Security object for shipping conditions (T-Code VA02-sales order)
Hi
I need to gray out filed-VSBED (shipping conditions) in T-code VA02 (sales order change) for users, what could be the security object to be used for this requirement?
Regards
sriThe functional requirement till doesnt seem very clear to me , why would someone want to grey this field? (unless you have a strong case that you use different document types for normal orders, express deliveries, normal service, free of charge and a whole lot of possibilities)
Your SD consultant should guide and let you know that:
Shipping conditions are defined in customizing
you can eithe assign particular shipping conditions to particuar sales document types to make it as a default
(or) you can have the shipping conditions defined in the customer master
the ones set up in SPRO take a preference, but as you rightly noticed - if a use wishes to change the shipping conditions proposed by the system he would be able to do that, and this CANNOT be controlled with authorization objects
The only option you would have, is to find out if the users who are not suppposed to change the conditions beong to the same user group (or make a logical assesment on the common binding feature in the set of users)
then evaluate if you want to make the program changes such that the changes affect only the particular set of users
Note: Changes you make in ABAP do not necessarily apply to the complete user base - it depends on how well you analyse and plan the requirement -
SAP security - changing check maintain setting for security objects
I am trying to change the check maintain indicator for a couple of transactions
to alow me to manage access based on security objects that are not currently defined as check maintain. Specifically, I have updated the check indicator
(using SU24) to check maintain for object c_stue_ber on transactions MD11 and MD12 (planned order create/change). The transactions still do not check this object as expected. Does anything else need to be done to enable checking an
object that is not set up as check maintain originally?
Any help is appreciated.
Thanks,
Doug ScottHello Kerstin,
I also wrote a message to SAP and got the following response. Looks like there are no security checks for this object in these transactions.
Regards,
Doug
Response from SAP
03.04.2007 - 12:48:38 CET SAP Reply
Dear Doug,
An authority check on C_STUE_BER is not possible for the transactions
CO02, CO03, MD11, MD12, CO26, CO27, CO28, COOIS, COHV, CO05, CO05N,
CO04N, COMAC or CO46.
In CO01 we check if the user has the authority to resolve the BOM
(C_STUE_BER). After resolving the BOM we don't check any longer with
C_STUE_BER since we don't work with the BOM but with a component list
in the order (which is actually a copy or the BOM).
For this component list there is no authority check.
The component list is visible in CO02, CO03, CO26, CO27, CO28, COOIS,
COHV, CO05N, CO04N, COMAC, CO46.
For production orders we use authority C_AFKO_AWA. With this
authority you can limit the access to CO02, CO03 and the change of
production orders by other transactions.
But please note that there are still transactions
that will display the orders and its components without authority
checks. For example infosystem transactions (COOIS, COHV, CO26, CO27,
...) and other processing transactions (COGI, ...). For those
transactions you would have to limit access.
For the creation of planned orders MD11, the authority check C_STUE_BER
is not used. Here you can use M_MTDI_ORG to check on a MRP controller.
So you should enter the same MRP controller in the material master
of the troublesome products and only this MRP controller will be able
to create a planned order for this material.
I am sorry not to be able to offer you any better solution for this
problem.
Kind Regards
Eoin Donnelly
SAP Support Consultant (SCM)
SAP GSC Ireland -
Security Objects Migration(UJT_TRANS_CHG)
Hello All,
In BPC 7.5NW, during appset migration, does only security objects, Task profiles and member access profiles get migrated? Do teams and users do not get migrated? Also in UJT_TRANS_CHG, if I set TLOGO:SECU to P, will it not transport even the member access profiles & task profiles?
Is the best practise to maintain them in Prod Environment? I also see that a HTG exists to mass download and upload security information across landscapes. I can probably use that for teams & users.
Please advise.Hi,
The security profiles overall don't get transported properly. Some of the suggestions could be:
- You could have the setting in UJT_TRANS_CHG as 'D'
Like you mentioned about the mass user management guide, if you have all the users, teams and the required profiles ready with you, you could add them in your development system , test them thoroughly and use the tool mentioned in the guide to transport across.
- There is also some inconsistencies if you want to transport reports & schedules assigned to the team folders. Not everyhting gets transported. You need to check the settings in the config table UJT_TRANS_FIL.
If you look at this table, this may probably have nothing for 'SECU'. This probably explains to some extent about the security related incosistencies.
Better option would to maintain them in P if you dont have all the secuirty related things ready now. For testing some task profiles and member access profiles, you could create them in D and can also use the tool to transport.
Note: Please refer to the latest version of the user management guide.
Thanks -
Deactivated objects after transport of Analytics Security Object
Hello Experts,
We made a release Upgrade to 7.3. To garantee the access to our reports I implemented a lot new Analytics Security Objects. In our development system they are all activated. After transporting them into the quality system, all of them are deactived and not usable.
Do you have any ideas?
kind regards
FrederikeHi Sujai,
Just check is your ODS object Locked or any process job is running on it.
Was your transport successful.
Thanks
CK -
Secure object sharing in java card
Who has the complete code in secure object sharing in java card which is written by Michael Montgomery. I want to look at the code in this article. I wish somebody can help me!!!
Who has the complete code in secure object sharing in java card which is written by Michael Montgomery. I want to look at the code in this article. I wish somebody can help me!!!
-
Hi
I have added cProjects object links from DMS. It works fine if I create an object link from cProjects, but if I add an object link from DMS there is no link created in cProjects. Ideas anyone??
Regards CamillaHi Camilla,
Regarding your description I would kindly ask you to check your
object link settings.
To grant that allways the currenct screens and authorizations were
called please maintain also the value "1" into the "Authorization"
column. For further informations on this maintainance please see the
attached note 375452. It's important that you not enter the mentioned
screen number wihtout the leading "1" as this number is added
automatically by the system (e.g. object MARA 1201 maintain like MARA
201). You can do this in customizing under:
Transaction SPRO
> Cross-Application-Component
> Document Management
> Control Data
> Define screen for object links
If you need the dynpro number or object you will find all standard SAP
objects and their screen number in function module CV130 (Screens) by
transaction SE80. Please maintain all necessary SAP objects.
Best regards,
Christoph -
Security Object UIU_COMP
I am looking for any direction on the use of UIU_COMP within PFCG roles for the new UI. The default roles which I have copied do not seem to cover all aspects of required security. What about any custom development? Is there any direction or rule of thumb as to determining what entries are required?
There are a number of methods available to determine the settings needed for this authorization object that you can try. Two initial suggestions I would have are:
1) Assign a test user SAP_ALL and run an ST01 trace while the test user is accessing the Web UI. Any calls to the UIU_COMP object will be listed along with the field values needed. Add these authorization values to the production user role.
2) Use program CRMD_UI_ROLE_PREPARE to generate the necessary UIU_COMP settings, based on the CRM business role that is being assigned to the user.
Hope this helps. -
JavaCard Secure Object Sharing
I'm facing problem on passing object as parameter between server and client applet. Does anybody know how to overcome the above problems?
If client applet and server applet belong to the same package,
they can "share" an object or array via a class variable (keyword: static)
because they belong to the same context.
Otherwise, using javacard.framework.Shareable you can provide
methods for transfering the data.
By the way, I don't think there are security issues using the global
APDU buffer.
JC 2.2.1, Chapter 6 Applet Isolation and Object Sharing, p. 33:
"Note � Because of the global status of the APDU buffer, the Application
Programming Interface for the Java Card� Platform, Version 2.2.1 specifies that this
buffer is cleared to zeroes whenever an applet is selected, before the Java Card RE
accepts a new APDU command. This is to prevent an applet�s potentially sensitive
data from being �leaked� to another applet via the global APDU buffer. The APDU
buffer can be accessed from a shared interface object context and is suitable for
passing data across different contexts. The applet is responsible for protecting
secret data that may be accessed from the APDU buffer."
How would you interpret this quote?
Maybe you are looking for
-
HT204053 how do i move page and numbers documents from one icloud login to another?
how do i move page and numbers documents from one icloud login to another? I had to change my email address whcih meant new apple login. I have a number of docs in iwork/pages and iwork/numbers. How do I transfer them to my new login?
-
Hi guys, i have one quick question. i am new to Arch, so please excuse me if that was already asked. Is it possible to make packages from CVS? thanks for the help, Shemeta
-
trying to get comp. bootable or restored to factory if i try to boot from hd in safe mode gets down to mup.sys and stops stays like there till i shut it down i have the restore disks they will only load until setup says "setup is starting windows" th
-
How to download the older version CS3 dreamweaver into my new windows if there is no DVD drive
I took my older CS3 dreamweaver out of my old computer to put into new computer, windows 8.1, but this computer has not drive how to get it to this computer.
-
Cs3 design premium install problem.
hi. i tried to install cs3 design premium and i didn't know where i put this and i made a mistake. i don't know what i did exactly so anyhow it choose the application with blue tooth. now anytime when i try to install cs3 design premium, it opens blu