Elements of WebUI by authorization object in user roles?

Hi all,
we are currently setting up a SNC scenario with SCM 5.1. I have some information about how to change the WebUI for the Responsive Replenishment, but by now I can only change it for all users. I would like to link certain Web buttons and screens to user authorization roles, so some users get buttons others can't see, depending on their roles.
Has anyone a clue for me if this is possible, and how I can implement this, or where I can documentation about it?
Thanks for any help.
Best regards,
Timo

Hi Timo,
If you are intending to change a few elements in the WebUI programatically, then you could restrict the changes on the basis of the role. (is for a supplier or a customer)
I do believe that you might to be needing to do the changes in the corresponding ICH Data matrix model business logic class.
Here
The attribute P_DATAICHDM->S_CBINFO-APPDATAID holds the value corresponding to the application and the role thats accessing the screen.
I do believe , in your situation, the appdataid for a customer would be 'RPLRRC' and for a suppler would be 'RPLRRS'. However, you would need to cross verify this.
All you need to do now, is to check the value of these attributes which have been set and code for the UI Changes accordingly.
There could be other simpler approaches , by means of configuring too, depending on the nature of your change. I am not really sure. I just suggested one thing that worked in my case.
Cheers,
Rashmi.

Similar Messages

  • Is there any BAPI or FM to authorization object to user in ABAP program??

    Hi guys.
               My requirment is to assign  authorization object to user in ABAP program,is there any FM OR Bapi to do this?

    Hai  ,
    In order to do the authority check in the program ,   in your report at selection-screen event   you need to check for the corresponding authority output .
    example :
    T SELECTION-SCREEN ON p_carrid.
      IF p_carrid IS INITIAL.
        MESSAGE 'Please enter a value' TYPE 'E'.
      ENDIF.
      AUTHORITY-CHECK OBJECT 'S_CARRID'
                          ID 'CARRID' FIELD p_carrid
                          ID 'ACTVT'  FIELD '03'.
    Regards,
    K.VinayKumar

  • Mass change of authorization objects in several roles

    Hello,
    we have to change a authorization object in almost 200 roles. Is there any possibility for mass change of authorization objects in several roles? We don't use the central SAP user administration.
    Best Regards
    Andreas Walter

    > at the moment all entries has the value "*". We want to change this value into "0001".
    Good!
    Here comes:
    1- download all relevant roles in once from PFCG. Make sure you use an appropriate codepage so you don't loose special characters in the role and menu texts.
    2- copy and backup the download file
    3- in the download file (is a text file)  look for all lines starting with AGR_1251 and conatining M_MATE_WGR and the field you want to change
    4- take out the star and two spaces and replace by 001. This file is a set of fixed record length table exports and keeping the original length is very important.
    5- upload the edited file and generate the profiles.
    As you may see this is not SAP standard and completely at your own risk. Best try in a sandbox client first.
    Good luck!
    Jurjen

  • Is there a Limit on number of authorization objects in a role?

    Hi all,
       Is there a Limit on number of authorization objects in a role because I am getting the following error.
    Authorization is full. Please enter fewer values
    Message no. 01262
    Diagnosis
    You have included too many values in an authorization.
    Procedure
    Please distribute the data to at least two authorizations and combine them in a profile.
    Thanks.

    Hello Neha,
    Message no. 01262 refers to the entered values in an authorization, not to the objects listed in the profile!
    So this message tells you, that you have to split the authorization, as the authorization contains too many values. It is not a quesiton of that you have entered too many different objects to the profile!
    Please refer also to:
    [SAP Note 410993|https://service.sap.com/sap/support/notes/410993]
    and
    [SAP Note 943796|https://service.sap.com/sap/support/notes/943796]
    b.rgds, Bernhard

  • How we can remove  one authorization object from multiplt roles

    How we can remove one authorization object from multiplt roles

    > Correct me if I am wrong !!
    O.K., Here I go
    > But if the object is maintained in SU24 and if you use Expert mode for generation of the role then again those objects may be pulled.(make sure you never use expert mode once you delete the objects)
    Actually using expert mode and choosing 'edit old status' is the only way to avoid objects being 'pulled in' after menu changes.
    > As jurjen said, you may download the tables and instead of deleting the object from the excel sheet, change the value of the object in column "DELETED" = X, by doing this only the objects get inactivated(but remain in PFCG).
    I am not speaking of downloading tables but about downloading roles from PFCG. This will not get you a spreadsheet but a flat textfile. If you whish to set the object status to deleted you'll have to swap the space on position 207, right behind the 'U, S, G' flag,  with an 'X' for all corresponding lines.
    Jurjen

  • Setting Authorization Object to User defined field

    Hi
    What authorization object to be used to give user only display access in CJ20N tcode under "User Fields" tab. Any suggestion would be appreciated.
    Rgds
    Kamran

    Hi Imran,
    The value of field TRTYP of object C_PROJ_TCD should be A for display and you can also give C for Display from archive.
    Reward points invited!!
    Cheers,
    Hiral Soni

  • Cannot modify an authorization object in pfcg role for a business role

    Hi Experts,
    I have created two z pfcg roles from the standard business role CRM_UIU_SRV_PROFESSIONAL  lets say by names zagent and zmanager. My requirement is actually to map these two pfcg roles two a service professional agent and service professional manager custom business roles respectively( I have created these custome business roles from standard business role servicepro) . I have identified an authorization object by name CRM_CO_SE which is basically used to check whether the user is authorized to create service contract transactions. So, in the agent pfcg role, I need to de activate or deselect this particular authorization object so that the agent will not be able to create service contract. (This is not a real time requirement, but an internal assignment). When I change this object in the pfcg by deselecting 'Allow' check box and try to generate, it is not getting generated. I have selected all the options from the 'Expert mode for the profile generation' and still the traffic indicator for that authorization object is yellow.  Am I doing anything wrong?
    Please help me.
    Thanks
    Ajith C

    Hi Leon,
    Thanks for helping me, I have restricted the unauthorized user from creating a new order by disabling the 'New' button by checking the business role in  the code. The pfcg configuration, I am skipping it for now.  I have one mnore requirement. When one clicks on any items in the search result for the Service Contracts, it opens the details of that service contract with an 'edit' button. I can disable this button using do_output_preparation method for the some business roles. However, I want to disable this after checking a condition. The condition is that, edit button should be active, only if that service order was created by the employee who has currently logged on. I am relatively new to CRM and I could not figure how I can check it during run time. Could any one please help me with this?
    Thanks,
    Ajith

  • Export / import tablespace with all objects (datas, users, roles)

    Hi, i have a problem or question to the topic export / import tablespace.
    On the one hand, i have a database 10g (A) and on the other hand, a database 11g (B).
    On A there is a tablespace called PRO.
    Furthermore 3 Users:
    PRO_Main - contains the datas - Tablespace PRO
    PRO_Users1 with a role PRO_UROLE - Tablespace PRO
    PRO_Users2 with a role PRO_UROLE - Tablespace PRO
    Now, i want to transfer the whole tablespace PRO (included users PRO_MAIN, PRO_USER1, PRO_User2 and the role PRO_UROLE) from A to B.
    On B, I 've created the user PRO_Main and the tablespace PRO.
    On A , i execute following statement:
    expdp PRO_Main/XXX TABLESPACES=PRO DIRECTORY=backup_datapump DUMPFILE=TSpro.dmp LOGFILE=TSpro.log
    On B:
    impdp PRO_Main/XXX TABLESPACES=PRO DIRECTORY=backup_datapump DUMPFILE=TSpro.dmp LOGFILE=TSpro.log
    Result:
    The User PRO_Main was imported with all the datas.
    But i 'm missing PRO_USER1, PRO_User2 and the role PRO_UROLE...
    I assume, i 've used wrong parameters in my expd and / or impdp.
    It would be nice, if anybody can give me a hint.
    Thanks in advance.
    Best Regards,
    Frank

    When you do a TABLESPACE mode export by specifying just the tablespaces, then all that gets exported are the tables and their dependent objects. The users, roles, and the tablespace definitions themselves don't get exported.
    When you do a SCHEMA mode export by specifying the schemas, you will get the schema definitions (if the schema running the export is privied) and all of the objects that the schema owns. The schema does not own roles or tablespace definitions.
    In your case, you want to move
    1. schemas - which you already created 1 on your target database
    2. roles
    3. everything in the tablespaces owned by multiple schemas.
    There is no 1 export/import command that will do this. This is how i would do this:
    1 - move the schema definitions
    a. you can either create these manually or
    b1. expdp schemas=<your list of schemas> include=user
    b2 impdp the results from b1.
    2. move the roles
    expdp full=y include=role ...
    remember, this will include all roles. If you want to limit what gets exported, then use:
    include=role:"in ('ROLE1', 'ROLE2', ETC.)
    impdo the roles just exported
    3. move the user information
    a. If you want to move all of the schema's objects like functions, packages, etc, then you need to use a schema mode
    export
    expdp user/password schemas=a,b,c ...
    b. If you want to move only the objects in those tablespaces, then use the tablespace export
    expdp user/password tablespaces=tbs1, tbs2, ...
    c. import the dumpfile generated in step 3
    impdp user/password ...
    Hope this helps.
    Dean

  • Trouble when adding / modifying authorization objects in a role through ERM

    Hi everyone!!!
    We're having some issues when configuring ERM, we followed the Post-Installation guides and we are done with the config part, but when we try to do an example creating a role, we're getting an error message when attempt to add the authorization data.
    When we look at the log, we find this message:  /VIRSA/GET_ACTGROUP_TIMESTAMP function template not found on RD1
    This is the last log...
    2010-11-05 17:03:42,515 [SAPEngine_Application_Thread[impl:3]_30] ERROR /VIRSA/GET_ACTGROUP_TIMESTAMP function template not found on RD1
    java.lang.Throwable: /VIRSA/GET_ACTGROUP_TIMESTAMP function template not found on RD1
         at com.virsa.re.service.sap.dao.SAPRoleTimestampDAO.getRoleChangedDetails(SAPRoleTimestampDAO.java:136)
         at com.virsa.re.bo.impl.ConcurrentAccessRoleBO.isRoleChangedInPFCG(ConcurrentAccessRoleBO.java:228)
         at com.virsa.re.role.actions.AuthAuthorizationDataAction.pageLoad(AuthAuthorizationDataAction.java:6865)
         at com.virsa.re.role.actions.AuthAuthorizationDataAction.execute(AuthAuthorizationDataAction.java:213)
         at com.virsa.framework.NavigationEngine.execute(NavigationEngine.java:273)
         at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:230)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)
         at com.virsa.comp.history.filter.HistoryFilter.doFilter(HistoryFilter.java:43)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:384)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Plz help us, we can't find any information about this error.
    Regards
    Connie

    Hi,
    Settings need to be checked-
    1. Connectors must be identical for all components for a particular system and test connection should be successful.
    2. Unicode should be checked for RAR connector.
    3. Patch Level should be same on GRC and Backend and all backend post-installation activites must be completed  - (BC set activation, Program etc)
    4. RAR Objects Import must be done.
    5. ERM Background jobs must be completed before doing Role Creation- Transaction/Object/Field sync, Org Value sync and activity sync.
    If above activities are done, no issues should occur in tcode/Object assignment in role.
    Regards,
    Sabita

  • Identify duplicated authorization objects in a role

    Hi,
    We built some roles manually by drag and drop transaction through the menu tab. In some roles, we have duplicated authorization object
    For example, in PM : Maintenance Plant (object I_SWREK), we have 2 profiles with SWERK=* and TCD = (list of transactions).
    I'd like to generate a new role with only one profile which contains SWERK=* and a list of transactions in TCD
    The pb is i don't know at first which authorization objects or profiles are concerned by this duplicated objects
    Is there a program, trans code or function module i can run to get this information ?
    Thanks
    Guillaume

    Hi Guillaume,
    I would say, that there will be not much difference.
    The auth.-check scans one authorzation (not profile!!!) after the other for the requested values.
    So for example:
    check for TCD = IE03
    first hit is successful for both scenarios, as both list IE03 at first place.
    Scenario 1:
    SWERK=* and TCD = IE03, IL03, IP06, IQS1, IQS2, IQS3, IW3D
    Scenario2:
    SWERK=* and TCD = IE03, IL03, IP06
    SWERK=* and TCD = IQS1, IQS2, IQS3, IW3D
    second example:
    check for TCD=IW3D
    Scenario 1: the first authorization is loaded and verified, last value gives success.
    Scenario 2: no success for the first authorization, second auth. has to be loaded for analyzis and gives success with the last value.
    So scenario 2 could even be less performant....
    did you realize already some differencies???? Would be interesting...
    thx, Bernhard

  • What is authorization object and how to create it for a table

    Hi All,
    What is authorization object and how to create it for a table?
    Thanks

    Hi
    Authorization
    For authorization checks, there are many ways of linking authorization objects with user actions in an SAP system. The following discusses three possibilities in the context of ABAP programming.
    Authorization Check for Transactions
    You can directly link authorization objects with transaction codes. You can enter values for the fields of an authorization object in the transaction maintenance. Before the transaction is executed, the system compares these values with the values in the user master record and only starts the transaction if the appropriate authorization exists.
    Authorization Check for ABAP Programs
    For ABAP programs, the two objects S_DEVELOP (program development and program execution) and S_PROGRAM (program maintenance) exist. They contains a field P_GROUP that is connected with the program attribute authorization group. Thus, you can assign users program-specific authorizations for individual ABAP programs.
    Authorization Check in ABAP Programs
    A more sophisticated, user-programmed authorization check is possible using the Authority-Check statement. It allows you to check the entries in the user master record for specific authorization objects against any other values. Therefore, if a transaction or program is not sufficiently protected or not every user that is authorized to use the program can also execute all the actions, this statement must be used.
    AUTHORITY-CHECK OBJECT object
                            ID name1 FIELD f1
                            ID name2 FIELD f2
                            ID namen FIELD fn.
    object is the name of an authorization object. With name1, name2 ... , and so on, you must list all fields of the authorization object object. With  f1, f2 ... , and so on, you must specify the values that the system is to check against the entries in the relevant authorization of the user master record. The AUTHORITY-CHECK statement searches for the specified object in the user profile and checks the useru2019s authorizations for all values of f1, f2 ... . You can avoid checking a field name1, name2 ... by replacing FIELD f1  FIELD f2 with DUMMY.
    After the FIELD addition, you can only specify an elementary field, not a selection table. However, there are function modules available that execute the AUTHORITY-CHECK statement for all values of selection tables. The AUTHORITY-CHECK statement is supported by a statement pattern.
    Only if the user has all authorizations, is the return value sy-subrc of the AUTHORITY-CHECK statement set to 0. The most important return values are:
    ·        0: The user has an authorization for all specified values.
    ·        4: The user does not have the authorization.
    ·        8: The number of specified fields is incorrect.
    ·        12: The specified authorization object does not exist.
    A list of all possible return values is available in the ABAP keyword documentation. The content of sy-subrc has to be closely examined to ascertain the result of the authorization check and react accordingly.
    REPORT demo_authorithy_check.
    PARAMETERS pa_carr LIKE sflight-carrid.
    DATA wa_flights LIKE demo_focc.
    AT SELECTION-SCREEN.
      AUTHORITY-CHECK OBJECT 'S_CARRID'
                      ID 'CARRID' FIELD pa_carr
                      ID 'ACTVT' FIELD '03'.
      IF sy-subrc = 4.
        MESSAGE e045(sabapdocu) WITH pa_carr.
      ELSEIF sy-subrc <> 0.
        MESSAGE e184(sabapdocu) WITH text-010.
      ENDIF.
    START-OF-SELECTION.
      SELECT  carrid connid fldate seatsmax seatsocc
        FROM  sflight
        INTO  CORRESPONDING FIELDS OF wa_flights
        WHERE carrid = pa_carr.
        WRITE: / wa_flights-carrid,
                 wa_flights-connid,
                 wa_flights-fldate,
                 wa_flights-seatsmax,
                 wa_flights-seatsocc.
      ENDSELECT.
    Regards
    Hitesh

  • Get Authorization Object and Tcode

    Hi,
    I have a requirement to get a report of
    Role Name, Date of Validity, Authorization Object in User Master Maintance (TCode) and Description of Tcode
    I used SQVI
    and joined Tables
    AGR_USERS, AGR_1251, USTSTCAP
    From the first two tables I get all most all fields Except the description of T-Code for that I used the table USTSTCAP but it is not working.
    is there any table to get text description. please give guidence
    Regards
    Nausal

    Hi,
    From TSTCT We get TCode Description
    but it is not possible to join with AGR_USERS and AGR_1251 in SQVI
    Regards
    Nausal

  • Authorization object for Profit Center in BW 3.5

    Hi,
          I have question regarding BW security. I want to restrict users access based on profit center ie i mean to ask is there any authorization object in BW, where i can specify Profit Center values and create role, where i can further assign this role ans restrict authorization to that particulat profit center.
        I already have authorization on profit center hierarchy which is old. Now we have new hierarchy, how can I use those authorization object, profiles, and roles to this new hierarchy. If there is quick work around please advise or can tell me how to create authorization object in BW, where i can specify Profit Center values and create role.
    Thanks in Advance
    Robert Courtney.
    Edited by: Robert Courtney on Apr 22, 2009 9:25 PM
    Hi,
        Some one can help to change my old hierarchy to new hierarchy in the authorization.
    Thanks
    Robert Courtney
    Edited by: Robert Courtney on Apr 22, 2009 10:07 PM

    Hi Robert,
    Check the link below, hope this will resolve ur issue.
    [Re: Authorization to new hierarchy node (Profit center) in 3.5 Transaction code]
    Regards,
    Praveen

  • Authorization in which user receive rights to see specific node in Orgunit

    Dear SDN's,
    We have Organizational Unit Hierarchy.
    We need to provide authorzation for the Org.Unit Hierarchy in which user receive rights to see specific node in Orgunit hierarchy.
    For example manager of MIC can see only MIC node, Manager of  0VTH ATL can see only 0VTH ATL.
    (1)Made Org.Unit info object as authorization relevant
    (2)created authorization object for Org.unit and given authorization fileds ORGUNIT,TCTAUTHH,ACTVT,9YPVCALVL,9YPVCGRP,1KYFNM,9YPVCALVL2 in that authorization object.
    (3) Assigned Authorization object to the Role.
    Please let me know how to give rights to user to receive rights to see specific node in Orgunit hierarchy.
    For example manager of MIC can see only MIC node, Manager of  0VTH ATL can see only 0VTH ATL.
    Thanks and Kind Regards,
    Lakshman Kumar G

    Hi Lakshman Kumar G,
    Where are you up to with this??
    Have you assigned the org unit value in RSECADMIN to the analysis auth?  Once this is done assign the analsis aut to the user.  In the query you will need a filter on org unit which uses an authorisation variable.  This should do the trick.
    This whole process can be automated using standard DSO's.  Please refer to the SAP help below.
    http://wiki.sdn.sap.com/wiki/display/BI/Authorization%20in%20SAP%20NW%20BI
    http://help.sap.com/saphelp_nw04s/helpdata/en/59/fd8b41b5b3b45fe10000000a1550b0/frameset.htm
    http://help.sap.com/saphelp_nw70/helpdata/en/52/6715a2439b11d1896f0000e8322d00/frameset.htm
    http://help.sap.com/saphelp_nw2004s/helpdata/en/01/a7fb3a72a05546e10000000a114084/frameset.htm
    Get back to me if your stuck.
    Cheers.

  • Assign Authorization Object dynamically

    Hi,
    I just want to know through coding is it possible to assign authorization object to user based on some condition dynamically.
    Its related to BP and in CRM 6.0
    Pls provide some approach if its possible.
    Thanks a lot.
    Regards,
    Shobhit

    Shobhit,
    Displaying authorization details would not be much of a problem. We can add a flag in the customer master and fetch the customers with the flag in the search result. I believe there is BADI to do that.
    Once the customers are retrieved navigating to the account details should be standard procedure. It should make use of standard events to go to the BPHeadOverview screen.
    But, the concern is whether or not there is authorization failure when we are trying to save the activity created using these flagged customers.
    Regards
    Prasenjit

Maybe you are looking for

  • This PDF form requires a newer version of Adobe reader !?

    Hi there I use LiveCycle 8 and I design forms for a target audience using Acrobat Reader 7.. My problem is whatever I put in a form, I get a really annoying message when opened in Acrobat reader 7 This PDF form requires a newer version of Adobe reade

  • How do i unhide media files

    i cant unhide my media files, ive tried the whole explore show hidden then highlight the folder i want to unhide and click properties but when i try to do so i cant because the hide option is grayed out and i cant select it. can anyone help me?

  • K7T266PRO2 Ver. 2.0... wont keep 133mhz for XP2100.. HELP!

    It will post as a XP 1500+ .. ill change the cpu bus speed to 133 and every now and then i can get it to post as a XP 2100+ but after a reboot it goes right back.  I was thinking maybe memory but Ive ran this PC2100 on another system at 133 and had n

  • Flashing Question Mark Folder... with a twist

    Hi all, I hope you can help me out. A month ago I had some trouble with my MacBook. It would continually freeze, then when I restarted it would show the flashing question mark folder icon. When I booted from the OSX CD it couldn't see any drives to i

  • How to update SPAM

    Dear All,          Since, i was not able to find a forum for basis, i'm using this forum for my query.          I want to update SPAM inmy system.The current version is 9 and i want to update it. I have downloaded the current version sof SPAM, BUT UN