DMS security object c_drad_obj

Hi DMS Gurus,
I'm hoping someone can help me.  I've been testing different scenarios all day and just did a web search to see if anyone has posted anything about this in the past.  I came up with zero on both counts.
We are new to DMS at my company.  Our objective is to give some users full access to DMS and others no access.  I have found that our existing user roles already pull in Document Management security object CV, I think because the user has access MM03.  For example our sales role has the c_drad_obj object assigned, but we don't want this role to have access to DMS.  No matter what I change the options to in the security object, it doesn't have any effect.
I was under the impression that I can restrict the activity / document type / linked SAP object / document status in the c_drad_obj object.  But as I previously said, no matter what I set these to, even to disable the object itself, it doesn't seem to matter.
Thanks for your consideration.
Regards,
Julie

You do realize that C_DRAD_OBJ is relevant only for Object Links stored in table DRAD? Not all documents will have Object Links. See Authorization Objects for Documents - Document Management - SAP Library for details on DMS authorizations. The main table for documents is DRAW.

Similar Messages

  • Security object for check against Lab office in DIR

    Hi,
    We are running R/3 46C and use DMS to store our business documents via online vault. I have a requirement to set up access based on Lab office (department) that is used in the Document Information Record. Is there a standard security object that I can use in security roles to build this.
    Any info would be appreciated and rewarded.
    Regards
    Nirmal

    Your best option would be to use a user exit, for example badi "document_main01" "before_save" to populate the auth. group field, and then use normal roles/profiles to check on auth. group.
    Regards,
    Espen
    Please reward if useful.

  • Transport of Security objects in BPC 7.5NW

    As a part of NW BPC transports, changed the entries in table UJT_TRANS_CHG. For the 1st transport (from DEV to QA)wanted to transport ALL objects including Security and Teams. So, selected 'Development' for ALL objects under this table.
    After the transport collection via tcode UJBPCTR and importing into QA, found that 'Users', 'Teams'  and 'Task Profiles' did NOT transport. 'Member Access Profiles' did transport to QA.
    I expected 'Users', 'Teams'  and 'Task Profiles' also to be transported. We are on SAP BPC 7.5NW, SP4.
    Am I missing something here ?
    Thanks in Advance.

    Hi
    we had the same problem and didn't know if Security objects could be transported, but we found the BPC User Mass Management Tool.
    http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/d0cdbccf-0def-2d10-298d-f4223de9a6ed&overridelayout=true
    This could help you to export the security objects in DEV and import the objects in PRD.
    The transports you need for the ZUJE_MASS_USER_MGMT   Programm you found on page 46 in the document mentioned above.
    Please let me know if we could help you.

  • Service Entry Sheet in ECC 6.0 shipment costing security object?

    Does anyone know what security object is being checked during service entry sheet creation?  When I run the shipment cost create process in foreground (RV56TRSL) VI04, the program creates and settles the shipment cost, but in background only the shipment cost doc creates the settlement remains open (status A) and I get a message:
    You have no authorization for this transaction with movement type 101
    My assumption is a different object is being called in background versus foreground but my traces are not showing me anything useful. 
    thank you

    Shipment settlement in ECC 6.0 requires the users to have some version of the MIGO object to prefrom the goods movement.  this is a change from 4.7 and prior.

  • How to control partner function through security objects ??

    Hi, theres any way to control witch Partner function are avalilable to assign in support messages ??
    Theres any security object to control that ??
    I have configured rules for automatic determintation, but in certains cases i need to assign manually.
    I need to control this asignation Partner function
    Any ideas ?? CRM_ORD_OP ??
    Best Regards

    I got it fixed my self.
    here is the solution.
    in user exit :EXIT_SAPMM06E_012.
    call below FM: MM_CALL_UPDATE_PARTNERS
    Trick is pass the partner values the one you wanted to below table: x_mmpa and xuekpa.
    you can calculate partner records from wyt3 table depends on your logic/requirement.
    CALL FUNCTION 'MM_CALL_UPDATE_PARTNERS'
         EXPORTING
           ebeln       = wa_ebeln
           bstyp       = 'F'
    *     knuma       = wa_knuma
           application = 'P'
         TABLES
           x_mmpa      = it_mmpa1
           y_mmpa      = it_mmpa2
           xuekpa      = it_uekpa1
           yuekpa      = it_uekpa2
           i_mmpa      = it_mmpa3
           u_mmpa      = it_mmpa4
           d_mmpa      = it_mmpa5.
    Thanks,
    Mahesh

  • UME security vs ABAP security object level

    We installed Virsa Compliance Calibrator & Access Enforcer and trying to configure security in UME to control user access so that besides action level security, we need further restriction on for example, Functional Area, cost center & department access. Does UME have lower level authorization restriction capabilities similar to that of ABAP authorization object level security? If not, how can we utilize ABAP Virsa security objects to control JAVA front end access?
    Your advice is much appreciated.
    Thanks,

    I'm not aware of a way to limit requestor access (you can request anything visible); however, you can provide direction by populating an attribute field (i.e. company) with valid company values for each role.  When a requestor searches for a role, if they filter by the appropriate company, they will only see valid roles for the request.  I did, however, point the request authentification towards a 'fake LDAP'.  This prevents individuals without specific UME credentials from submitting a request.
    However, you can restrict approvers using a custom approver/determinator.  In my case, I wanted to use a combination of "role" and "usergroup" to determine approver, rather than use one approver set for all requests.  I have implemented and confirmed this works.  The unfortunate side affect, is that you have to maintain a seperate file for this custom A/D (which you have to refer to /append for any request for role approver information).

  • Only want to transport security objects in BPC

    Hi,
    I only want to transport Security objects in BPC from DEV to QAS
    Is it possible ?
    I setup the UJT_TRANS_CHG table entries in DEV the following way -
    - Security - Development
    - All others  - Production
    Will that work ? Is it going to mess up anything in QAS system ?
    Do I need to have the same setup in QAS system also ?
    Any help would be highly appreciated.
    thanks
    J

    Basically what it is saying is that you always need to have the following TLOGO objects in the UJT_TRANS_CHG table set to "Development".  This is required by the framework,  If they are not set this way, you run the risk of messing up the objects in the target system.  Also, I bellieve that as of SP7 and above, you don't have to worry about this, as these 4 TLOGO are harded coded in the framework to always be triggered regardless of the setting in the UJT_TRANS_CHG table.
    ASET
    APPM
    DIME
    DIMA
    So again, all you need to do is make sure that these TLOGOs are set to Development, as well as the security ones, and the security data will be transported successfully.  Remember that you must transport your UJT_TRANS_CHG records to the target system before transporting the AppSet.
    Regards,
    Rich Heilman

  • Security object for shipping conditions (T-Code VA02-sales order)

    Hi
    I need to gray out filed-VSBED (shipping conditions) in T-code VA02 (sales order change) for users, what could be the security object to be used for this requirement?
    Regards
    sri

    The functional requirement till doesnt seem very clear to me , why would someone want to grey this field? (unless you have a strong case that you use different document types for normal orders, express deliveries, normal service, free of charge and a whole lot of possibilities)
    Your SD consultant should guide and let you know that:
    Shipping conditions are defined in customizing
    you can eithe assign particular shipping conditions to particuar sales document types to make it as a default
    (or) you can have the shipping conditions defined in the customer master
    the ones set up in SPRO take a preference, but as you rightly noticed - if a use wishes to change the shipping conditions proposed by the system he would be able to do that, and this CANNOT be controlled with authorization objects
    The only option you would have, is to find out if the users who are not suppposed to change the conditions beong to the same user group (or make a logical assesment on the common binding feature in the set of users)
    then evaluate if you want to make the program changes such that the changes affect only the particular set of users
    Note: Changes you make in ABAP do not necessarily apply to the complete user base - it depends on how well you analyse and plan the requirement

  • SAP security - changing check maintain setting for security objects

    I am trying to change the check maintain indicator for a couple of transactions
    to alow me to manage access based on security objects that are not currently defined as check maintain.  Specifically, I have updated the check indicator
    (using SU24) to check maintain for object c_stue_ber on transactions MD11 and MD12 (planned order create/change).  The transactions still do not check this object as expected.  Does anything else need to be done to enable checking an
    object that is not set up as check maintain originally?
    Any help is appreciated.
    Thanks,
    Doug Scott

    Hello Kerstin,
    I also wrote a message to SAP and got the following response.  Looks like there are no security checks for this object in these transactions.
    Regards,
    Doug
    Response from SAP
    03.04.2007 - 12:48:38 CET    SAP    Reply 
    Dear Doug,
    An authority check on C_STUE_BER is not possible for the transactions
    CO02, CO03, MD11, MD12, CO26, CO27, CO28, COOIS, COHV, CO05, CO05N,
    CO04N, COMAC or CO46.
    In CO01 we check if the user has the authority to resolve the BOM
    (C_STUE_BER). After resolving the BOM we don't check any longer with
    C_STUE_BER since we don't work with the BOM but with a component list
    in the order (which is actually a copy or the BOM).
    For this component list there is no authority check.
    The component list is visible in CO02, CO03, CO26, CO27, CO28, COOIS,
    COHV, CO05N, CO04N, COMAC, CO46.
    For production orders we use authority C_AFKO_AWA. With this
    authority you can limit the access to CO02, CO03 and the change of
    production orders by other transactions.
    But please note that there are still transactions
    that will display the orders and its components without authority
    checks. For example infosystem transactions (COOIS, COHV, CO26, CO27,
    ...) and other processing transactions (COGI, ...). For those
    transactions you would have to limit access.
    For the creation of planned orders MD11, the authority check C_STUE_BER
    is not used. Here you can use M_MTDI_ORG to check on a MRP controller.
    So you should enter the same MRP controller in the material master
    of the troublesome products and only this MRP controller will be able
    to create a planned order for this material.
    I am sorry not to be able to offer you any better solution for this
    problem.
    Kind Regards
    Eoin Donnelly
    SAP Support Consultant (SCM)
    SAP GSC Ireland

  • Security Objects Migration(UJT_TRANS_CHG)

    Hello All,
    In BPC 7.5NW, during appset migration, does only security objects, Task profiles and member access profiles get migrated? Do teams and users do not get migrated? Also in UJT_TRANS_CHG, if I set TLOGO:SECU to P, will it not transport even the member access profiles & task profiles?
    Is the best practise to maintain them in Prod Environment? I also see that a HTG exists to mass download and upload security information across landscapes. I can probably use that for teams & users.
    Please advise.

    Hi,
    The security profiles overall don't get transported properly. Some of the suggestions could be:
    - You could have the setting in UJT_TRANS_CHG as 'D'
    Like you mentioned about the mass user management guide, if you have all the users, teams and the required profiles ready with you, you could add them in your development system , test them thoroughly and use the tool mentioned in the guide to transport across.
    - There is also some inconsistencies if you want to transport reports & schedules assigned to the team folders. Not everyhting gets transported. You need to check the settings in the config table UJT_TRANS_FIL.
    If you look at this table, this may probably have nothing for 'SECU'. This probably explains to some extent about the security related incosistencies.
    Better option would to maintain them in P if you dont have all the secuirty related things ready now. For testing some task profiles and member access profiles, you could create them in D and can also use the tool to transport.
    Note: Please refer to the latest version of the user management guide.
    Thanks

  • Deactivated objects after transport of Analytics Security Object

    Hello Experts,
    We made a release Upgrade to 7.3. To garantee the access to our reports I implemented a lot new Analytics Security Objects. In our development system they are all activated. After transporting them into the quality system, all of them are deactived and not usable.
    Do you have any ideas?
    kind regards
    Frederike

    Hi Sujai,
    Just check is your ODS object Locked or any process job is running on it.
    Was your transport successful.
    Thanks
    CK

  • Secure object sharing in java card

    Who has the complete code in secure object sharing in java card which is written by Michael Montgomery. I want to look at the code in this article. I wish somebody can help me!!!

    Who has the complete code in secure object sharing in java card which is written by Michael Montgomery. I want to look at the code in this article. I wish somebody can help me!!!

  • Easy DMS and object links

    Hi
    I have added cProjects object links from DMS. It works fine if I create an object link from cProjects, but if I add an object link from DMS there is no link created in cProjects. Ideas anyone??
    Regards Camilla

    Hi Camilla,
    Regarding your description I would kindly ask you to check your
    object link settings.
    To grant that allways the currenct screens and authorizations were
    called please maintain also the value "1" into the "Authorization"
    column. For further informations on this maintainance please see the
    attached note 375452. It's important that you not enter the mentioned
    screen number wihtout the leading "1" as this number is added
    automatically by the system (e.g. object MARA 1201 maintain like MARA
    201). You can do this in customizing under:
    Transaction SPRO
    > Cross-Application-Component
        > Document Management
             > Control Data
                 > Define screen for object links
    If you need the dynpro number or object you will find all standard SAP
    objects and their screen number in function module CV130 (Screens) by
    transaction SE80. Please maintain all necessary SAP objects.
    Best regards,
    Christoph

  • Security Object UIU_COMP

    I am looking for any direction on the use of UIU_COMP within PFCG roles for the new UI.  The default roles which I have copied do not seem to cover all aspects of required security.  What about any custom development?  Is there any direction or rule of thumb as to determining what entries are required?

    There are a number of methods available to determine the settings needed for this authorization object that you can try.  Two initial suggestions I would have are:
    1)  Assign a test user SAP_ALL and run an ST01 trace while the test user is accessing the Web UI.  Any calls to the UIU_COMP object will be listed along with the field values needed.  Add these authorization values to the production user role.
    2)  Use program CRMD_UI_ROLE_PREPARE to generate the necessary UIU_COMP settings, based on the CRM business role that is being assigned to the user. 
    Hope this helps.

  • JavaCard Secure Object Sharing

    I'm facing problem on passing object as parameter between server and client applet. Does anybody know how to overcome the above problems?

    If client applet and server applet belong to the same package,
    they can "share" an object or array via a class variable (keyword: static)
    because they belong to the same context.
    Otherwise, using javacard.framework.Shareable you can provide
    methods for transfering the data.
    By the way, I don't think there are security issues using the global
    APDU buffer.
    JC 2.2.1, Chapter 6 Applet Isolation and Object Sharing, p. 33:
    "Note � Because of the global status of the APDU buffer, the Application
    Programming Interface for the Java Card� Platform, Version 2.2.1 specifies that this
    buffer is cleared to zeroes whenever an applet is selected, before the Java Card RE
    accepts a new APDU command. This is to prevent an applet�s potentially sensitive
    data from being �leaked� to another applet via the global APDU buffer. The APDU
    buffer can be accessed from a shared interface object context and is suitable for
    passing data across different contexts. The applet is responsible for protecting
    secret data that may be accessed from the APDU buffer."
    How would you interpret this quote?

Maybe you are looking for

  • HT204053 how do i move page and numbers documents from one icloud login to another?

    how do i move page and numbers documents from one icloud login to another? I had to change my email address whcih meant new apple login. I have a number of docs in iwork/pages and iwork/numbers.  How do I transfer them to my new login?

  • Packages from CVS?

    Hi guys, i have one quick question. i am new to Arch, so please excuse me if that was already asked. Is it possible to make packages from CVS? thanks for the help, Shemeta

  • Will not load windows

    trying to get comp. bootable or restored to factory if i try to boot from hd in safe mode gets down to mup.sys and stops stays like there till i shut it down i have the restore disks they will only load until setup says "setup is starting windows" th

  • How to download the older version CS3 dreamweaver into my new windows if there is no DVD drive

    I took my older CS3 dreamweaver out of my old computer to put into new computer, windows 8.1, but this computer has not drive how to get it to this computer.

  • Cs3 design premium install problem.

    hi. i tried to install cs3 design premium and i didn't know where i put this and i made a mistake. i don't know what i did exactly so anyhow it choose the application with blue tooth. now anytime when i try to install cs3 design premium, it opens blu