Document on BW authorizations

Hi,
Does anyone have a good document that can be used as a learning guide for BW authorizations?
Thanks,
Xibi

Hi Xibi,
You can check these:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/fda2a990-0201-0010-5497-b81b1556df24
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1d8ea990-0201-0010-43b3-d13b83e2bf20
https://websmp103.sap-ag.de/~sapidb/011000358700000972382004
http://help.sap.com/saphelp_nw04/helpdata/en/be/076f3b6c980c3be10000000a11402f/content.htm
Hope this helps...

Similar Messages

Document status wise authorization

Dear all,
I want to give a document status wise authorization to user .
Kindly let me know the procedure.
Rgds

Hi,
Use Auth Obj   C_DRAW_STA in your authorization role.
U will have a status network liket this
Create(AL)-> For Approval/release( FA)* -> Approved/Released(FR)
For Ex :-
Auth role for Engineer is Zdms_engg
This role will have auth obj C_DRAW_STA
Engineer with create auth for doc type DRW will have this values in his auth object
Doc type          DRW
Doc status       AL,FA
Assign this zdms_engg role to user ID.
HOD role:- zdms_hod
For HOD to approve will have values in his auth obj
Doc Type      DRW
Doc status    FA,FR
Assign this role to user ID of HOD
You will get the deired results.
Note:- They must have access to document type DRW so use auth obj C_DRAW_DOK with doc type DRW and C_DRAW_TCD with doc type DRW
Also read auth obj concept in help.sap.com to know the significans of each obj and their use and take help of BASIS person to do this.
Regards
Abhijit A. Pachgade

Display document in the Single Document web item -authorization problem.

Hi Gurus,
I have a problem.
I have two types of users, users for display document in the Single
Document web item and users who can maintain and create new comment in
the Single Document web item.
My problem is I can't create users that can only display documents (all
users who can display the query can add new comment).
We use the new 7.0 Authorization.
The authorization object S_RS_ADMWB doesnu2019t influence about the
activity in the Single Document web item.
In the new authorization method, in PFCG or in RSECADMIN there is no
functionality that we can separate between the two types of users I
mention before.we used S_RS_COMP & S_RS_COMP1.
Please advice
Sharon.

Hi Sankar,
this may be helpful
<a href="http://help.sap.com/saphelp_nw04/helpdata/en/e3/ae133bdca84047e10000000a11402f/content.htm">http://help.sap.com/saphelp_nw04/helpdata/en/e3/ae133bdca84047e10000000a11402f/content.htm</a>
Pavel

Sales Document initial load Authorization check.

Hi Guys,
I am trying to do an initial download of all the Sales Documents from R/3 to CRM but I get the error "An authorization check could not be executed".
SU53 is not showing any authorization failure for the corresponding user.
Thanks in advance,
Regards,
Siva.

Hi Siva,
As SU53 is not showing you anything, means there could be problem with rights of RFC user.
Check if your RFC user have all the required rights.
Best Regards,
Pratik Patel
Reward with points if it is of any help to you!

URLs in document function - HTTP authorization error

Hello,
I am trying to connect via DBUri from xquery: document('http://servername:8080/oradb/ISPROB/ISP_XMLS'); every time i get oracle.xquery.XQException: Server returned HTTP response code: 401 (unauthorized) for URL error. How to pass username and password or turn off the authorization.
Regards,
Michael

Michael,
This is a limitation with the current preview release. The DBURI authentication is also necessary to login into an Oracle database instance.
Regards,
Geoff

PR document material type Authorization

Hi Experts,
Is it possible to put a authorization in PR at the material type level? Requirement is that one set of users should be able to create PR for certain type of materials only.
Thanks
Alok

Hi,
I will give the Authorzation object and Authorization group
1. M_MATE_MAR (Auth. Object)
2. BEGRU ( Auth. Group).
You can change material type and authorization group here.
Siva

Authorization control for document status

Dear All,
I want to control the status change of Documets created,
How can i achieve this, so that a perticular user /ID can change the perticular status,
I have ,
01
02,
03,
04, Rel.
05,
Do i need to put some trace anf find Objects to control...
or there is any standard method to do this..
Please guide me..
Regards
Raghu

Hi Raghu,
Here are DMS authorizatoins objects. For handle status it should be C_DRAW_STA
C_DRAD_OBJ          Create/Change/Display/Delete Object Link
C_DRAW_BGR          Authorization for authorization groups
C_DRAW_DOK          Authorization for document access
C_DRAW_MUP          Authorization for Markups
C_DRAW_STA          Authorization for document status
C_DRAW_TCD          Authorization for document activities
C_DRAW_TCS          Status-Dependent Authorizations for Documents
C_DRZA_TCD          Document Distribution: Authorization for Recipient Lists
C_DRZI_TCD          Document Distribution: Authorization for Distribution Order
S_ECL_CAT          ECL Viewer: Authorization Object for Stamp Categories
S_ECL_STP          ECL Viewer: Authorization Object for Printing with Meta Data
S_ECL_STP2          ECL Viewer: Authorization Object for Printing with Meta Data
Hope that it will help you
//Håkan

PO Document type Authorizations

All,
Whether its possible to give authorizations based on PO Document types ?
Authorization object is M_BEST_BSA.
pLS ADVISE.
REGARDS

Hi,
I am not an authorisations expert but I am sure that you can control which PO document type can be used by each user.
Hopefuly someoen with authorisations knowledge will confirm this???
Sorry I misunderstood your qiestion, it was my fault, your question was very clear.
Steve B

Authorization review process document

Hi all,
Our management wants to review authorization of all users yearly once.They are asking for a process document which will state all the process and procedures to do the same.I have no clue how should I go about it.
Can anybody please help with a document or something so that I can start preparing a "process document for annual authorization review".
Thanks,
Suman

Hello Chittranjan,
This is something for which you would need advise from your functional team. While doing auditing is a system adminsitrator or auditor's job the actual conceptual design of audit needs to be discussed with functional people as well.
First of all it depends on your business processes as well as on the modules of SAP which are in main use in your project.
Not only you need to check if the authorizations are vertically organized as also laterally.
Vertically means that a clerk in a department you should have restricted access for only what he is doing and a manager should have greater access.
Laterally means if your organization has mutiple sub units which can be identified with plants,company codes etc. then you need to make sure users belonging to one sub unit should have access for other sub unit/department.
Then also you need to the processes with in the organization.
There has to be a check on who creates master data and transactional data and who does not. Also check on customising authorizations needs to be in place. Similarily development authorizations also need to be brought under the ambit of the document.
The customising and development part is simple as it has to be restrcited to functional guys and developers respectively but master data and transactional data part is integrated with business proceeses. Also this is generally handled by end users.
You need to take advise from process owners also.
Regards.
Ruchit.

Acctg document not created for cancellation invoice

Hi all,
We have a vehicle sales order created with payment card. The SO contains one item for vehicle and one item for parts. The items were delivered and invoiced separately. Hence, SO has one vehicle sales invoice (VSI) and one parts sales invoice (PSI).
The standard procedure was to post VSI first before the PSI. Accounting documents have been created when both invoices were posted. However, there was a need to cancel the PSI. When this was done, cancellation invoice was created but there was no accounting document posted for the cancellation.
I tried simulating the scenario in our test server and cancelled VSI 90000081 first before cancelling PSI 90000082 to test if this can be an alternative solution. Cancellation for VSI was posted successfully but error persists for PSI cancellation.
Order 67 06/19/06 Completed
. Delivery 80000081 06/19/06 Being processed
.. Picking request 20060619 06/19/06 Completed
.. GD goods issue:delvy 4900000293 06/19/06 complete
.. Invoice 90000081 06/19/06 Completed
... Accounting document 2000077 06/19/06 partly cleared
.. Invoice cancellation 90000084 06/19/06 Completed
... Accounting document 2000079 06/19/06 partly cleared
. Delivery 80000082 06/19/06 Completed
.. Picking request 20060619 06/19/06 Completed
.. GD goods issue:delvy 4900000294 06/19/06 complete
.. Invoice 90000082 06/19/06 Completed
... Accounting document 2000078 06/19/06 Not cleared
.. Invoice cancellation 90000083 06/19/06
.. Invoice 90000085 06/20/06 Blocked
Accounting status of 90000083 (where error occurs) in VF03->Header->Details is set to K or Accounting document not created (authorization lacking).
Any inputs? Thanks in advance.

Hello Sheila,
sorry - my first answer was in mistake - Status K means:
"The transaction is processed using payment cards. The order, however, does not contain valid authorization.
This problem occurs in billing documents for follow-up deliveries."
Could you check this ? Last way would be to set a breakpoint into the FM 'RV_ACCOUNTING_DOCUMENT_CREATE'
and trigger this via VF02 -> Release to accounting.
Regards Wolfgang

What is Analysis Authorizations in BI 7.0?

Hello BW Gurus,
Greetings!!!!
Please forward the relevant documents (Analysis Authorizations and also about data migration from 3.0 to 7.0 ) to the ID- [email protected]
Points will be rewarded..
Best Regards,
Priya

Hi Priya,
These would be great help to you,
Upgrading to SAP NetWeaver 7.0 BI - The Details doc.
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/10564d5c-cf00-2a10-7b87-c94e38267742
Please check these blogs for full details:
/people/prakash.darji/blog/2006/09/22/rolling-out-the-new-sap-netweaver-2004s-bi-frontend-tools?page=last&x-showcontent=off&x-order=date [original link is broken]
https://weblogs.sdn.sap.com/pub/wlg/4668?page=last&x-order=date [original link is broken] [original link is broken] [original link is broken]
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/6a19f233-0e01-0010-6593-c47af5a8df3b
Some Insights..
NW2004s Upgrade - Front-End Migration Strategy
https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=2331907
Migration of Data Sources
https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=3369391
Migration - Web Templates from 3.x to NW2004s
https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=2052465
Migration question
https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=2935414
Migration Transformation NW2004s Datasource
https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=3034054
Analysis Authorization Migration Question
https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=2537477
NW2004s Data flow
https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=3447826
Visual composer migration
https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=3775098
Rfer thez threads.. u will get good idea..
/thread/439486 [original link is broken]
/thread/377643 [original link is broken]
Migrate Transformations
/message/3034624#3034624 [original link is broken]
/thread/178564 [original link is broken]
For Data Flow:
http://help.sap.com/saphelp_nw2004s/helpdata/en/43/f00e2696d24c5fe10000000a155369/content.htm
/people/prakash.darji/blog/2006/09/22/rolling-out-the-new-sap-netweaver-2004s-bi-frontend-tools
Assign points if it helps,
Regards,
Mani

Restrict the user   based on document type on migo transaction-prepare GRN

Hi,
We are running ECC6.0 R/3 system.We had a requirement as follows
In MIGO transaction , we want to restrict the user on document type i.e. we want that a particular user can prepare GRN for document type STO only. He cannot prepare GRN for other document type.
We checked SU24->maintain check indicators for transaction codes->enter migo->execute->check indicator.This returned us the authorisation objects present in Migo transaction.We checked the help of all these objects,but none of them we found suitable for above mentioned requirement.We were planning to find out the proper authorisation object to add to Profile generater.
The following is the objects which we have checked for.
A_B_ANLKL-->     Asset Postings: Company Code/Asset Class
A_B_BWART-->     Asset Postings: Asset Class/Transaction Type
B_USERSTAT-->     Status Management: Set/Delete User Status
B_USERST_T-->     Status Management: Set/Delete User Status using Process
C_AFKO_AWK-->     CIM: Plant for order type of order
C_CACL_DSG-->     Interface Design
C_DRAW_BGR-->     Authorization for authorization groups
C_DRAW_DOK-->     Authorization for document access
C_DRAW_TCD-->     Authorization for document activities
C_DRAW_TCS-->     Status-Dependent Authorizations for Documents
C_KLAH_BKP-->     Authorization for Class Maintenance
C_STUE_BER-->     CS BOM Authorizations
C_STUE_WRK-->     CS BOM Plant (Plant Assignments)
C_TCLA_BKA-->     Authorization for Class Types
C_TCLS_BER-->     Authorization for Org. Areas in Classification System
C_TCLS_MNT-->     Authorization for Characteristics of Org. Area
F_BKPF_BUK-->     Accounting Document: Authorization for Company Codes
F_BKPF_BUP-->     Accounting Document: Authorization for Posting Periods
F_BKPF_KOA-->     Accounting Document: Authorization for Account Types
F_FICA_FOG-->     Funds Management: authorization group of fund
F_FICA_FSG-->     Funds Management: authorization group for the funds center
F_FICB_FKR-->     Cash Budget Management/Funds Management FM Area
F_KNA1_APP-->     Customer: Application Authorization
F_LFA1_APP-->     Vendor: Application Authorization
F_SKA1_BUK-->     G/L Account: Authorization for Company Codes
G_GLTP -->       Spec. Purpose Ledger Database (Ledger, Record Type,
                               Version)
J_1IDEP_SL-->     Authorization object for depot sale transaction
J_1IEXC_OT-->     Authorization object for Other Excise Invoice Create
J_1IEX_PST-->     Autorization object for posting Other Excise invoice
J_1IGRPT1-->     Auth. for PART1 at GR
J_1IINEX -->            Incoming Excise Invoice
J_1IRG23D-->     Authorisation object for Depo Transactions
K_CCA-->                     CO-CCA: Gen. Authorization Object for Cost Center
                                Accounting
K_CSKS     -->                CO-CCA: Cost Center Master
K_CSKS_SET-->     CO-CCA: Cost Center Groups
K_PCA-->                    EC-PCA: Responsibility Area, Profit Center
L_TCODE-->                    Transaction Codes in the Warehouse Management System
M_ANFR_BSA-->     Document Type in RFQ
M_ANFR_EKG-->     Purchasing Group in RFQ
M_ANFR_EKO-->     Purchasing Organization in RFQ
M_ANFR_WRK-->     Plant in RFQ
M_BEST_BSA-->     Document Type in Purchase Order
M_BEST_EKG-->     Purchasing Group in Purchase Order
M_BEST_EKO-->     Purchasing Organization in Purchase Order
M_BEST_WRK-->     Plant in Purchase Order
M_MATE_CHG-->     Material Master: Batches/Trading Units
M_MATE_STA-->     Material Master: Maintenance Statuses
M_MATE_WRK-->     Material Master: Plants
M_MRES_BWA-->     Reservations: Movement Type
M_MRES_WWA-->     Reservations: Plant
M_MSEG_BMB     -->Material Documents: Movement Type
M_MSEG_BWA-->     Goods Movements: Movement Type
M_MSEG_BWE-->     Goods Receipt for Purchase Order: Movement Type
M_MSEG_BWF-->     Goods Receipt for Production Order: Movement Type
M_MSEG_LGO-->     Goods Movements: Storage Location
M_MSEG_WMB-->     Material Documents: Plant
M_MSEG_WWA-->     Goods Movements: Plant
M_MSEG_WWE-->     Goods Receipt for Purchase Order: Plant
M_MSEG_WWF-->     Goods Receipt for Production Order: Plant
M_RAHM_BSA-->     Document Type in Outline Agreement
M_RAHM_EKG-->     Purchasing Group in Outline Agreement
M_RAHM_EKO-->     Purchasing Organization in Outline Agreement
M_RAHM_WRK-->     Plant in Outline Agreement
Q_TCODE     QM -->         Transaction Authorization
S_ADMI_FCD-->     System Authorizations
S_ALV_LAYO-->     ALV Standard Layout
S_BDS_DS-->     BC-SRV-KPR-BDS: Authorizations for Document Set
S_BTCH_ADM-->     Background Processing: Background Administrator
S_BTCH_JOB-->     Background Processing: Operations on Background Jobs
S_CTS_ADMI-->     Administration Functions in Change and Transport System
S_DATASET-->     Authorization for file access
S_DEVELOP-->     ABAP Workbench
S_DOKU_AUT-->     SE61 Documentation Maintenance Authorization
S_GUI-->                     Authorization for GUI activities
S_OC_DOC-->     SAPoffice: Authorization for an Activity with Documents
S_OC_ROLE-->     SAPoffice: Office User Attribute
S_OC_SEND-->     Authorization Object for Sending
S_PACKSTRU-->     Internal SAP Use: Package Structure
S_PRO_AUTH-->     IMG: New authorizations for projects
S_RFC-->                     Authorization Check for RFC Access
S_SCD0     -->                Change documents
S_SPO_DEV-->     Spool: Device authorizations
S_TABU_DIS-->     Table Maintenance (via standard tools such as SM30)
S_TCODE     -->                Transaction Code Check at Transaction Start
S_TRANSLAT-->     Translation environment authorization object
S_TRANSPRT-->     Transport Organizer
S_WFAR_OBJ-->     ArchiveLink: Authorizations for access to documents
V_LIKP_VST-->Delivery: Authorization for Shipping Points
V_VBAK_AAT-->Sales Document: Authorization for Sales Document Types
V_VBAK_VKO-->Sales Document: Authorization for Sales Areas

Have you executed a trace while a functional user executes the transaction code for the specific parameters? (i.e. document type). The trace will then show which objects are being checked; then look at the object documentation in txn Su21 to determine if there are any ways to restrict on the particular value; in some cases, if the authorization group field is being checked, additional configuration is needed in order to implement the security (Su21 will explain in detail for the particular object).

Problems in creating and storing new documents using BAPI_DOCUMENT_CREATE2

Hi experts,
I'm getting problems in creating and storing new documents using BAPI_DOCUMENT_CREATE2.
I have a scenario where is defined the document type ZC1, document part 200, authorization group 0002 and for all of these documents the storage category "Cofre DMS1". And the status which demands the storage category is 'FR'.
I've been fullfiling the BAPI_DOCUMENT_CREATE2 in this way:
"Tables
data: it_doc like bapi_doc_draw2,
      it_return like bapiret2,
      it_files like bapi_doc_files2 occurs 0 with header line,
      it_objs like bapi_doc_drad occurs 0 with header line.
"Variables
data: wl_doctype like bapi_doc_draw2-documenttype,
      wl_docnumber like bapi_doc_draw2-documentnumber,
      wl_docpart like bapi_doc_draw2-documentpart,
      wl_docversion like bapi_doc_draw2-documentversion.
it_doc-documenttype = 'ZC1'.
it_doc-documentpart = '200'.
it_doc-documentversion = '00'.
it_doc-description = 'Test of documents creation via BAPI'.
it_doc-username = sy-uname.
it_doc-statusextern = 'FR'.
it_doc-authoritygroup = '0002'.
refresh it_files[].
clear it_files.
it_files-originaltype = '1'.
it_files-storagecategory = 'Cofre DMS1'.
it_files-wsapplication = 'PDF'.
it_files-docfile = 'c:\110307.pdf'.
it_files-description = 'Test file'.
append it_files.
refresh it_objs[].
clear it_objs.
it_objs-objecttype = 'EKPO'.
it_objs-objectkey = '47000497600010'.
append it_objs.
CALL FUNCTION 'BAPI_DOCUMENT_CREATE2'
EXPORTING
    documentdata = it_doc
IMPORTING
    documenttype = wl_doctype
    documentnumber = wl_docnumber
    documentpart = wl_docpart
    documentversion = wl_docversion
    return = it_return
TABLES
    objectlinks = it_objs
    documentfiles = it_files.
After execute the BAPI process I got the following error:
E26 087 - Data carrier COFRE DMS1 not defined
Does anybody have a sugestion to help me, please?
Thks
David
Edited by: David Tsutsui on Mar 18, 2010 10:52 AM

Please refer to this thread, it tells why you need a data carrier you can also configure the same in DC20.
Data Carriers for Storage the Originals of DMS

PO Document type

Hi,
How to configure to get only the required document types for Purchase order
Regards,
Sattuj

Hi,
If you don't want to see the SAP Standard PO Document Types in Search Help of ME21N or any other Transaction then the only option is to delete these document types from config. (Path: - SPRO > MM > Purchasing > Purchase Order > Define Document Types).
But it is not recommended to delete the SAP Standard PO Document Types since in future if you want to create any new PO document type then you need to by copying SAP Standard PO Document Types.
It is suggested to control the usage of SAP Standard PO Document Types by Authorization using Authorization Object M_BEST_BSA (Take help of BASIS Consultant). By this SAP Standard PO Document Types will be visible in the search help but user will not be able to use these.

Hide Document Sturucture Field

Hi Gurus
How can we hide the document structure field in DMS tcodes (CV01N/ CV02N/ CV03N/ CV04N)
Regards
Harris

Hi Harris,
Please remove the transactions codes pertaining to Document structure from Authorization profiles viz
CV11                 Create Document Structure
CV12                 Change Document Structure
CV13                 Display Document Structure
This will disable the options atleast.
Hope this helps.
Regards,
Deepak Kori

Document on BW authorizations

Similar Messages

Maybe you are looking for