Document type authorisation
Hii .
I want some of my users to avoid psotings to document type SA ,please guide hot wo do that. Wiating for your feedback.
Cheers.
Enter authorization Group in OBA7 for document types .
In the role that you are going to use , Check the auth object F_BKPF_BLA and there in the authorization group maintain the authorization groups that you want the use to restrict and in the activity put the relevant ones like 1 for creation , 2 for change and so on.
Similar Messages
-
Document type Authorisation in FBL1N
Hi Friends,
We have one requirement to restrict the Document type authorization in FBL1N for one user.
Since in SAP we have created the employee as the Vendor so we are passing the salary voucher vendor wise.
We have tried to check the the authorization object through SU24 for transaction code FBL1N and found the F_BKPF_BLA after that, one authorization group is assigned to Document type in OBA7. there after, in table TBRG the authorization group has been assigned to authorization object. Now that authorisation group is being removed from the user id.
but the same is not working.
Please help.
Thanks in advance !!Hi Janeet,
You can able to restrict those values in 2 methods.
1. Create document type authorization object in OBA7 and exclude this authorization object to business user through mentioned object F_BKPF_BLA
2. Create separate account group for Employee vendors and assign one authorization group in Vendor master and restrict those values in FBL1N through authorization object F_BKPF_BEK
You have to exclude those object from obhjects.
Regards
Mani -
Authorisation group and document type
Dear Experts
I want our users who are using transaction F.14 to be able to process document type ZF only. I have created a role and in the authorisation object F_BKPF_BLA
i can see field authorisation group and activity. What value i should put in the authorizatuion group object which will allow me to restrict users to work in document type ZF only
<removed_by_moderator>
Edited by: Julius Bussche on Apr 30, 2008 4:53 PMHi All,
Didnt know whether to start a new post or continue this one. Basically I have the same problem but I seem to be missing something fundamental (and I think it must be obvious!).
Dev Team:-
1) New transaction code created ZF10 by which amongst other things should only process the newly created document type ZF.
Myself (Security Team):-
1) All of our document types are defined in OBA7.
2) The specific document type is ZF that we want to restrict access to.
3) In V_TBRG I have defined the custom authorisation group ZDTF against object F_BKPF_BLA.
4) In SU24 I have defined against the custom transaction code ZF10 the authorisation object F_BKPF_BLA to be inserted with Activity values 01, 02, 03; and Authorisation Group ZDTF.
5) Create new role and add ZF10 which then populates the auth object and values above.
What I cant see / understand is how the document type is then restricted to ZF in the role as it isnt defined anywhere that the authorisation group ZDTF only allows access to document type ZF.
Any help on this will be greatly appreciated. PS Should I have created a new thread for this ?
Cheers
Steve -
Authorisation combined with document type, activity and status
I want to create a role for a user who is only allowed to create and change document type ZDI in status IW .
Which object authorization can provided this check ?
The object authorization C_DRAW_TCD control only the activity (create/modify) and the document type (ZDI).
The object authorization C_DRAW_STA control only the document type (ZDI) and the status of the document (IW).
But I need the combination of the both authorization. Does a possibility exist in standard to do it without create a client new authorisation?
Thanks in advance for your help.
AmandeThanks for your response.
But it doesn't works as I want.
The object authorisation C_DRAW_TCS is checked before the save but not after save with the changed values.
for example :
the user has the following authorizations in the modification role:
C_DRAW_TCS activity 02 document type ZDI document status IW
C_DRAW_TCD document type ZDI activity 02
C_DRAW_STA document type ZDI status IW
The user has also the autorisation C_DRAW_STA document type ZDI status FI in the display role
With this configuration the user can modify the document ZDI in status IW and change the status into FI . I don't want that the user can change the status into FI. Does exist a possibility to avoid this?
Of course, after storing this change of the status , the user can't access to the document ZDI with status FI.
SAP doesn't check the authorization C_DRAW_TCS activity 02 document type ZDI document status FI after status change.
Thanks in advance
Amande -
Authorisation to post to document type n authorisation to post to cost cent
Hi
I have two questions-
1. I want that to a particular document type some user group should not have authorisation to post. I know in document type we have one field called authorisation group, but i dont know how to create such group.
2. one user working at a particular plant say plant A should have authorisation to use certain cost centers only.
Please guide.
Thanks
SwetaHI,
1: you can use authorization groups for that purpose, see F1-help for this field in T-Code OBA7 (doc.type maintenance in customizing. See also the link to "authorization objects" in this F1-help. Nevertheless you need the knowledge of somebody who is familair with the SAP authorization concept, role creation,...
2: see SAPNET-note 370082 how to create user authorization for cost center (groups).
Best regards, Christian -
Authorisation objects for RV and DR document types
Dear Consultants
Could any one tell me that, what are the authorization objects for Document types RV and DR?
we need to give the base line date change authorization for the documents which has been posted through RV and DR document types for some particular users
early reply will be highly appreciated
RegardsMaintained a role with that Authorization Object F_BKPF_BLA for
Auth Group (0001). And gave activity Nil. ie do not want to
allow any activity by that Group. Maintained Organizational
Level Values for Co Code. Generated a profile. Assigned the
Profile and Role in the User Master.Try running a trace using ST01 and confirming that F_BKPF_BLA is the
only object for which the user is passing the authorization check (RC 0). It's possible that other authorization objects are granting access
That need to be configured in customizing.
Trx OBA7 or IMG path Financial Accounting / Accounts Receivable and Accounts Payable / Business Transactions / Incoming Invoices/Credit Memos / Carry Out and Check Document Settings / Define Document Types,use table TBRG
use F_BKPF_BLA. Check if it is possible to have
the t-codes in question check this object in su24 -
Restrict the user based on document type on migo transaction-prepare GRN
Hi,
We are running ECC6.0 R/3 system.We had a requirement as follows
In MIGO transaction , we want to restrict the user on document type i.e. we want that a particular user can prepare GRN for document type STO only. He cannot prepare GRN for other document type.
We checked SU24->maintain check indicators for transaction codes->enter migo->execute->check indicator.This returned us the authorisation objects present in Migo transaction.We checked the help of all these objects,but none of them we found suitable for above mentioned requirement.We were planning to find out the proper authorisation object to add to Profile generater.
The following is the objects which we have checked for.
A_B_ANLKL--> Asset Postings: Company Code/Asset Class
A_B_BWART--> Asset Postings: Asset Class/Transaction Type
B_USERSTAT--> Status Management: Set/Delete User Status
B_USERST_T--> Status Management: Set/Delete User Status using Process
C_AFKO_AWK--> CIM: Plant for order type of order
C_CACL_DSG--> Interface Design
C_DRAW_BGR--> Authorization for authorization groups
C_DRAW_DOK--> Authorization for document access
C_DRAW_TCD--> Authorization for document activities
C_DRAW_TCS--> Status-Dependent Authorizations for Documents
C_KLAH_BKP--> Authorization for Class Maintenance
C_STUE_BER--> CS BOM Authorizations
C_STUE_WRK--> CS BOM Plant (Plant Assignments)
C_TCLA_BKA--> Authorization for Class Types
C_TCLS_BER--> Authorization for Org. Areas in Classification System
C_TCLS_MNT--> Authorization for Characteristics of Org. Area
F_BKPF_BUK--> Accounting Document: Authorization for Company Codes
F_BKPF_BUP--> Accounting Document: Authorization for Posting Periods
F_BKPF_KOA--> Accounting Document: Authorization for Account Types
F_FICA_FOG--> Funds Management: authorization group of fund
F_FICA_FSG--> Funds Management: authorization group for the funds center
F_FICB_FKR--> Cash Budget Management/Funds Management FM Area
F_KNA1_APP--> Customer: Application Authorization
F_LFA1_APP--> Vendor: Application Authorization
F_SKA1_BUK--> G/L Account: Authorization for Company Codes
G_GLTP --> Spec. Purpose Ledger Database (Ledger, Record Type,
Version)
J_1IDEP_SL--> Authorization object for depot sale transaction
J_1IEXC_OT--> Authorization object for Other Excise Invoice Create
J_1IEX_PST--> Autorization object for posting Other Excise invoice
J_1IGRPT1--> Auth. for PART1 at GR
J_1IINEX --> Incoming Excise Invoice
J_1IRG23D--> Authorisation object for Depo Transactions
K_CCA--> CO-CCA: Gen. Authorization Object for Cost Center
Accounting
K_CSKS --> CO-CCA: Cost Center Master
K_CSKS_SET--> CO-CCA: Cost Center Groups
K_PCA--> EC-PCA: Responsibility Area, Profit Center
L_TCODE--> Transaction Codes in the Warehouse Management System
M_ANFR_BSA--> Document Type in RFQ
M_ANFR_EKG--> Purchasing Group in RFQ
M_ANFR_EKO--> Purchasing Organization in RFQ
M_ANFR_WRK--> Plant in RFQ
M_BEST_BSA--> Document Type in Purchase Order
M_BEST_EKG--> Purchasing Group in Purchase Order
M_BEST_EKO--> Purchasing Organization in Purchase Order
M_BEST_WRK--> Plant in Purchase Order
M_MATE_CHG--> Material Master: Batches/Trading Units
M_MATE_STA--> Material Master: Maintenance Statuses
M_MATE_WRK--> Material Master: Plants
M_MRES_BWA--> Reservations: Movement Type
M_MRES_WWA--> Reservations: Plant
M_MSEG_BMB -->Material Documents: Movement Type
M_MSEG_BWA--> Goods Movements: Movement Type
M_MSEG_BWE--> Goods Receipt for Purchase Order: Movement Type
M_MSEG_BWF--> Goods Receipt for Production Order: Movement Type
M_MSEG_LGO--> Goods Movements: Storage Location
M_MSEG_WMB--> Material Documents: Plant
M_MSEG_WWA--> Goods Movements: Plant
M_MSEG_WWE--> Goods Receipt for Purchase Order: Plant
M_MSEG_WWF--> Goods Receipt for Production Order: Plant
M_RAHM_BSA--> Document Type in Outline Agreement
M_RAHM_EKG--> Purchasing Group in Outline Agreement
M_RAHM_EKO--> Purchasing Organization in Outline Agreement
M_RAHM_WRK--> Plant in Outline Agreement
Q_TCODE QM --> Transaction Authorization
S_ADMI_FCD--> System Authorizations
S_ALV_LAYO--> ALV Standard Layout
S_BDS_DS--> BC-SRV-KPR-BDS: Authorizations for Document Set
S_BTCH_ADM--> Background Processing: Background Administrator
S_BTCH_JOB--> Background Processing: Operations on Background Jobs
S_CTS_ADMI--> Administration Functions in Change and Transport System
S_DATASET--> Authorization for file access
S_DEVELOP--> ABAP Workbench
S_DOKU_AUT--> SE61 Documentation Maintenance Authorization
S_GUI--> Authorization for GUI activities
S_OC_DOC--> SAPoffice: Authorization for an Activity with Documents
S_OC_ROLE--> SAPoffice: Office User Attribute
S_OC_SEND--> Authorization Object for Sending
S_PACKSTRU--> Internal SAP Use: Package Structure
S_PRO_AUTH--> IMG: New authorizations for projects
S_RFC--> Authorization Check for RFC Access
S_SCD0 --> Change documents
S_SPO_DEV--> Spool: Device authorizations
S_TABU_DIS--> Table Maintenance (via standard tools such as SM30)
S_TCODE --> Transaction Code Check at Transaction Start
S_TRANSLAT--> Translation environment authorization object
S_TRANSPRT--> Transport Organizer
S_WFAR_OBJ--> ArchiveLink: Authorizations for access to documents
V_LIKP_VST-->Delivery: Authorization for Shipping Points
V_VBAK_AAT-->Sales Document: Authorization for Sales Document Types
V_VBAK_VKO-->Sales Document: Authorization for Sales AreasHave you executed a trace while a functional user executes the transaction code for the specific parameters? (i.e. document type). The trace will then show which objects are being checked; then look at the object documentation in txn Su21 to determine if there are any ways to restrict on the particular value; in some cases, if the authorization group field is being checked, additional configuration is needed in order to implement the security (Su21 will explain in detail for the particular object).
-
Sales document type restriction to create sales order
Hi Frinds,
My client has one requirement ...they have different sales document type. For sales document type free of charge delivery they want only some authorised person should be able to create sales order. Is it possible to set the authorisation to create sales order according to sales document type.
Regards
SVYes,
As already suggested, it is very well possible to restrict the user for the use of certain sales document type from basis.
& to add to the above,
Create Z* table with Sales Org + Doc type = UserID.
call this table in VA01 transaction & write piece of coding , if current USerID have entry in this table with the said combination - should not allow to proceed further.
without any basis involvement also you can ahieve your requirement.
Note: Sales Org is used for validation purpose only.
Regards,
Reazuddin MD -
MIGO_GR Authorization check for PO Document type
Hi Friends,
We would like restrict users processing GR's against certain PO document types. In brief, <b>X</b> group of users are allowed to process GR's against PO document type <b>'NB'</b> only. This validation should take place soon after they enter the PO number or at the check level in MIGO_GR.
Unfortunately, MIGO does not provide relevant standard authorization object... or EXITS to achieve this.
Appreciate, if you share your expertice in this regard . Points will be awarded...
Regards
KumarBy defining custom authorisation object.
-
Document Type restirction by company code
Hi All
We have a scenario where they are different companies with a group company and DMS is installed in all companies under single client
While defining Document types, one group company should not be able to view the Document type of another..
We can give authorisation based on Document types, but they dont even want to see the Doc, type name of the other company while using search option..
How is the possible?
Can we differentiate Doc types by company code ?? so that only Doc types specific for one particular company only will be reflected while using F4 , Search option??
Please suggest
Regards
AbyHi,
There are many authorization objects like C_DRAW_TCD, C_DRAW_TCS, C_DRAW_STA & C_DRAW_DOK, which might be helpful in your case.
Regards
Surjit -
Dear Sir
we have created document type by one user and i want to restrict for other user for change in that document type with user specific
eg. user 1 created document with doc type dev and save
user 2 has creation authorisation of save doc type but he/she should not have authorisation to edit user 1 docueIf I have understood your requirement correctly, you want to say that:
There are two users say, USER1 & USER2 & both use same document type, say DC1.
For example, USER1 has created a DIR with doc. type DC1. And you want to restrict changing of this DIR by USER2 & viceversa.
If this is your requirement, then what you can do is, you can utilize the "Authorization Group" functionality in DMS.
Create two different Authorization groups for USER1 & USER2. For example, create Authorization group AUT1 for USER1 & Authorization group AUT2 for USER2.
In roles & authorizations, you create two different roles. For USER1 you assign the Authorization group AUT1 in object BEGRU
For USER2 you assign the Authorization group AUT2 in object BEGRU.
Once you do this & assign roles to respective users, USER1 can create the DIR with doc type DC1 & enter the Authorization group AUT1 & saves it. Now even if USER2 tries to open it, he/she can't access it, since her roles do not have authorization for the Authorization group AUT1.
The same thing works for USER2. Say, if USER2 creates DIR with Authorization group AUT2, USER1 can't access it.
This is the only way, that you can control it.
Otherwise, you may need to create two different Document types for USER1 & USER2 depending on your business requirement.
I hope this helps.
Regards
Amaresh Makal -
PR mandatory only for few PO document types
Hi SAP Gurus,
Issue being faced in a support project.
A buyer is authorised to create 5 different PO doc types. Requirement is to make for only 2 PO document types PR is mandatory. Need immeidate inputs. Any suggestion without implementing user exists is highly appreciated.
Regards,
GMThe field can not be made a required entry in ME21N. However you
can use "Function Authorizations" (OMET) to restrict the user to only
order with reference to a purchase requisition.
As both the "agreement field" and "purchase requisition" fields are
reference fields they are populated when created in reference and thus
the system would not accept attempting to make them a mandatory field.
Please use the OMET transaction and the PID EFB to accomplish your
desired functionality.
I have also attached note : 664424 'Requisition number not mandatory in
ME21N' which contains further information regarding this functionality.
I hope you find the note useful together with the information i have
given you!!\
This will make for all document types...........I guess you cannot do this for different document types -
PO Document type Authorizations
All,
Whether its possible to give authorizations based on PO Document types ?
Authorization object is M_BEST_BSA.
pLS ADVISE.
REGARDSHi,
I am not an authorisations expert but I am sure that you can control which PO document type can be used by each user.
Hopefuly someoen with authorisations knowledge will confirm this???
Sorry I misunderstood your qiestion, it was my fault, your question was very clear.
Steve B -
Table for document type Number Range interval
Hi,
I want to know the number range interval for document type in the production system but I do not have authorisation for SPRO in the prd system.
Kindly let me know the table name to check this number range interval for the document type.
Table T003 stores only the number range and not the interval.
Thanks
SureshHi,
The table which has document types is T003 but the number ranges are stored in a Structure IRDP. The number ranges are maintained directly in the production system.
regards,
radhika
Edited by: kolipara radhika on Aug 25, 2008 6:01 AM -
Limit Document types by plant and user
Hi,
I need to limit document types between two plants meaning a user should be able to use only one document type when buying from another plant but have all other types available for use generally.
Example when user A from plant 1000 buys from plant 2000 he can only use UB Purchase Order type but for all other plants he can use any document types.
Points will be awrded.You can limit the document type for each buyer in the Authorisation profile for the buyer. This is done by SAP Authorisation team. T code: PFCG
Please contact your SAP Authorisation Team or SAP BASIS Team.
G.Ganesh Kumar.
Maybe you are looking for
-
Where to buy TS-L633P DVD drive
Hey guys, just like the title says, I'm in the market for a new DVD burner for my laptop. I have a P305D-S8834 Part number PSPD8U-005002 I currently have a TSST Corp. CDDVDW TS-L633P ATA Device (that's what it says in device manager) But for the life
-
Hello there... I have a very hard job to do here in the office...Documentation in general... So my problem is this (and i think it's somewhat complicated, at least for me) I have to scan about a dozen of thousands of applications (style: form) and th
-
Force Submit prior to Save?
I have a button scripted to submit to email and auto-close the document upon the click* event. The problem we've ran into is that some people are saving the document and manually attaching it to an email and sending it to us. This creates a problem i
-
Hi Experts, I have a client who want to print ECC nos information in AR invoice PLD . Pl suggest me query. Thanks Nitin
-
Dear All, I have batch management process....maintained the material type as HALB.....and kept back flushing in one operation of routing..... But while creating the production order in goods receipt tab...non valuated goods is ticked and goods receip