Equipment category and Authorization (4.6C)
Hi,
The Business requires us to control IE01/IE02 by "Equipment category" types. Already taalked to security folks. But looks like there is no authorization object to control by "Equipment category". There is only one field "EQTYP" but that is not related to any of the Authorization Objects. How do we take care of this? We don't want the users to change or create all the equipment types. Thanks for all the suggestions.
Cheers
Not sure if you can control as expected. But further operation against a equipment can be controlled using authorisation groups. Extract IMG help of the node is mentioned below for easy reference.
Define Authorization Groups
Use
In this Customizing activity, you define authorization groups for your technical objects. Authorization groups are used to categorize similar objects from the point of view of authorizations.
Activities
Create the authorization groups for your technical objects.
Example
You have two maintenance departments, truck fleet and production. There is a series of equipment in the system for both departments. You want to ensure that a user 'A' may only process equipment of the truck fleet, and a user 'B' may only process equipment from the production area.
To do this, define two authorization groups and assign these to the two users 'A' and 'B' in their user master record.
The equipment must also be assigned to the two authorization groups.
The two users can then only process objects from their own user department.
Notes
If no authorization group is entered in an object, the check is not carried out. If this is the case, the user may process the object.
Regards
Sreenivas
Similar Messages
-
We have created an equipment with external number range and category 'M'. Then we realized that 'M' is wrong equipment category and put deletion flag on the equipment. Then we created new equipmnet with equipment category 'P' but system gives an error that equipment already exist, though we have putted deletion flag on wrong equipment. 'M' and 'P' have different reference category. How can we create new equipment with same equipment ID ? Is it possible to archieve the wrong equipment and then to create new equipment with 'P' as equipment category. Please give some information. What is t code to archieve equipments.
Regards,
VMHi
I am not sure how this is useful
any how check it out
If u go for archive.. u need to config content server, where the data will be served... i think this is complicated process..
If u want to archive...
[Archive PM orders|http://help.sap.com/saphelp_46c/helpdata/en/8d/3e6552462a11d189000000e8323d3a/frameset.htm]
[Deletiing Orders|http://help.sap.com/saphelp_46c/helpdata/en/f0/201138d7f011d395c800a0c93029cf/frameset.htm]
Also check with this note.. u will be finding the details how to archieve the objects,,,
[577847|https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=577847]
- Pithan -
Authorizations for changes on a Equipment Category
How I can stop the changes for a single category of equipment? I'd like to block the IE02 transaction for a certain category of equipment leaving the authorization to make changes on the equipments of others categories.
ThanksCheck this SAP help on user status.
<a href="http://help.sap.com/saphelp_46c/helpdata/en/28/72369adc56d11195100060b03c6b76/frameset.htm">user status</a> -->Basic setting -->Define user status
You can assign status profile to the equipment category using config "PM and CS>Master data> Technical Objects-->Equipment --> "
Hope it helps,
PJ -
Equipment Category authorization
Hi,
Is there any way to give authorization to Equipment Category,
I found only I_BEGRP for Authorization Group in the Equipment, or I_INGRP for Maintenance Planner Group.
Thanks, Amos.Not sure if you can control as expected. But further operation against a equipment can be controlled using authorisation groups. Extract IMG help of the node is mentioned below for easy reference.
Define Authorization Groups
Use
In this Customizing activity, you define authorization groups for your technical objects. Authorization groups are used to categorize similar objects from the point of view of authorizations.
Activities
Create the authorization groups for your technical objects.
Example
You have two maintenance departments, truck fleet and production. There is a series of equipment in the system for both departments. You want to ensure that a user 'A' may only process equipment of the truck fleet, and a user 'B' may only process equipment from the production area.
To do this, define two authorization groups and assign these to the two users 'A' and 'B' in their user master record.
The equipment must also be assigned to the two authorization groups.
The two users can then only process objects from their own user department.
Notes
If no authorization group is entered in an object, the check is not carried out. If this is the case, the user may process the object.
Regards
Sreenivas -
Enabling installation of new equipment category under superior FL and under sup Equip
Hi all,
I've created new equipment category. I can install a piece of equipment from this new category only under a superior piece of equipment but not under FL (the field of superior FL is darken in pop up installation ) . I know I've seen in SPRO where I should customize the equipment category to be possibly installed under FL and Equipment but I can't find it now .
Please advise if you know where.
Daniel.Hello Daniel,
Follow this IMG path
Tick the Checkbox
Best of Luck
KJogeswaraRao -
Creating new equipment category in PM Module
hi guru's
can i create new equipment category in plant maintenance module
plz specify the tcode.
its very urgent
if helpful, person will be rewardedHi Gurbir,
The T.Code is 'SPRO'
path in customization is,
IMG --> Plant Maintenance and Customer Serivce --> Master Data in Plant Maintenance and Customer Service --> Technical Objects --> Equipment --> Equipment Categories --> Maintain Equiment Category
Regards,
Prabhakar -
Maintain Equipment Category u2192 Generate Event for Workflow
Maintain Equipment Category u2192 Generate Event for Workflow
I activated this,
Now what should i do further to receive a workflow mail when an Equipment is created for this Equipment Category
ThanksHello
Maybe this can be helpful
http://help.sap.com/saphelp_erp60_sp/helpdata/en/52/e4fac8e31111d58d3a0000e8284931/content.htm
You can Synchronizing Fixed Assets and Equipment and in this scenarier there are workflow you can send out.
BR/Håkan -
Hi PM leaders.......
Why Equipment Category is used in PM??? I need a strong reason...
Regards
MohanHi mohan,
in this Customizing table you define the description for an equipment category. This allows you to control which basic characteristics a equipment master record such as a vehicle master record should have. Using these control characteristics, you can decide how many and which equipment categories you require.
Regards,
bharat -
Alphnumeric External Number range for Equipment category
Hi,
Is there any other option that I can restrict length of external alpha numeric number range except that exit IEQM0003? This exit only applicable or restrict when you save the equipment.
Requirement is like external number range should be like AAA-000 to ZZZ-999. System must not allowed any other equipment number which is out of this range. ( must be 7 character)
As far as my understanding , system use string comparison once you use alphanumeric number range and you can create equipment with 18 char length except special character if above range is maintained.
Please correct me if i am wrong and suggest.
Thanks
Anish AhyaHi Zenith,
Its not available in Standard SAP, please use the user exit and tell the ABAPER to check the Equipment numbering (count) before entering into Creation screen. In IE01,entering equipment Number, Category and date after completion of this activity when we enter continue icon there u can put a condition to check the length of equipment number. I implemented that user exit and i got the result. its working fine. User Exit: IEQM0003.
regards
Jalu -
Benefit of assignment of partner detemination to equipment category
Hi ,
If i will not assign partner determination procedure to equipment category then what is the disadvantage of this ?
Regards,
VivekAs We all know, the use of Partner Determination Procedure is to assign Partner Function into it, and when we create the the Equipment, We can assign Desired Partner Optionally. For Example, you could assign Person Responsible (link it with HR module) to get who will responsbile when the equipment is broken, lost, etc.
other benefit, it is also possible to transfer the equipment's Partner Determination Procedure into Notification's Partner Determinatiion Procedure. Please, Correct me if I'm wrong.
In the end, it's depends on your business Process to use Partner Determination Procedure or not.
Hope it's useful.
Thanks, -
Equipment class and charecterstics
Hi SAP specialists,
We are in the process of creating class and characteristics for equipments in my company. Please advise if there is a table of possible classes and characteristics that can be referred to while creating class and charecteristics.
I understand many companies refer to a catalog of class-characteristic to select the combination that is applicable to them.
Your valuable inputs are greatly appreciated.
Regards,Dear Sridhara
Actually the classes are mainatined according to class type & not according to equipment category (equipment type). So i think it is not possible to maintain it according to equipment category & there is no such table wich will maintain the classes according to equipment type.
Yes you can create the Z table & update it while creating the classes under equipment class type & maintain it according to equipment category (Equipment type). But it is Z Development & not standard one.
I hope this will answer your query.
Regards
Makarand Gurjar -
Equipment Category - Need two characters
Hi All,
I have a requirement where in equipments variety is huge. If I use standard equipment categories then I can create only 26+10=36 equipment categories.
I have requirement for equipment categories that might go beyond 36 numbers. And hence I need equipment category should have two characters.
Please let me know if we can increase the equipment category length from 1 to 2.
SundarHi Carlos/Pete,
I know its odd requirement. As I told you this requirement is for multiple locations and different indstry and different products and our client is only one.
Also I can use object types, etc. for it and I may not require equipment categories more than 36 nos, but this was just thought if in case I require two characters category then wherther anyone came across such requirement or not?
But it seems nobody had such huge requirement.....anyways thanks for your inputs.
Sundar -
Equipment Category number range shortclose
Dear Gurus,
i want to short close (ie close the the current number range ) and want to assign a new number range for the existing equipment category. How can I do it. The existing numbe range is External numbe range type.
Plz throw me some light on it. I
Rgs,
Pravs.Dear Sathees,
Thank ylu for you reply. I changed to new number range. But thing is that , the older range exists and retriving when I was checking in the IE03.Now I have two problems..
1).The new format which I have given with etrernal range, system is taking any format rather specified format. But range it is checking accurately.
2) If any sales return is there for the older format equipment, how to process that with the new format.
Plx help me in this.
Rgs,
Pravs. -
An issue with authentication and authorization on ISE 1.2
Hi, I'm new to ISE.
I have an issue with authentication and authorization.
I have ISE 1.2 plus patch 6 installed on VMware.
I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
I created authentication and authorization rules with Active Directory as External Identity Source. Also I applied authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
What should I do to resolve this issue?
Switch configuration:
testISE#sh runn
Building configuration...
Current configuration : 7103 bytes
! Last configuration change at 12:20:15Tue Apr 15 2014
! NVRAM config last updated at 10:35:02 Tue Apr 15 2014
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname testISE
boot-start-marker
boot-end-marker
no logging console
logging monitor informational
enable secret 5 ************
enable password ********
username radius-test password 0 ********
username admin privilege 15 secret 5 ******************
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting update periodic 5
aaa accounting dot1x default start-stop group radius
aaa server radius dynamic-author
client 172.16.0.90 server-key ********
aaa session-id common
clock timezone 4 0
system mtu routing 1500
authentication mac-move permit
ip dhcp snooping vlan 1,22
ip dhcp snooping
ip domain-name elauloks
ip device tracking probe use-svi
ip device tracking
epm logging
crypto pki trustpoint TP-self-signed-1888913408
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1888913408
revocation-check none
rsakeypair TP-self-signed-1888913408
crypto pki certificate chain TP-self-signed-1888913408
dot1x system-auth-control
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
ip ssh version 2
interface FastEthernet0/5
switchport mode access
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 1
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
interface FastEthernet0/6
switchport mode access
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 1
authentication event server alive action reinitialize
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
interface FastEthernet0/7
interface Vlan1
ip address 172.16.0.204 255.255.240.0
no ip route-cache
ip default-gateway 172.16.0.1
ip http server
ip http secure-server
ip access-list extended ACL-ALLOW
deny icmp any host 172.16.0.1
permit ip any any
ip radius source-interface Vlan1
logging origin-id ip
logging source-interface Vlan1
logging host 172.16.0.90 transport udp port 20514
snmp-server community public RO
snmp-server community ciscoro RO
snmp-server trap-source Vlan1
snmp-server source-interface informs Vlan1
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps mac-notification change move
snmp-server host 172.16.0.90 ciscoro
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 3
radius-server vsa send accounting
radius-server vsa send authentication
radius server ISE-Alex
address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
automate-tester username radius-test idle-time 15
key ******
ntp server 172.16.0.1
ntp server 172.16.0.5
endYes. Tried that (several times) didn't work. 5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts. Kept getting error message that username and password invalid. Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick. Think there is an issue with imap.gmail.com and IOS 6.0.1. I'm sure the 5 of us suddently experiencing this issue aren't the only ones. Apple will figure it out. Thanks.
-
Multiprovider and Authorizations
Multiprovider and Authorizations:
The challenge is to ensure you do not have more access trough the multiprovider then you have trough the sourcecubes.
example:
Multiprovider, Joining sourcecube 1 + 2 ( Heterogeneous MP combining data from different infoareas)
Sourcecube 1: Authorizations for company code X+Y
Sourcecube 2: Authorizations for company code Y+Z
What company codes in which source cubes will you have access to report on trough the multiprovider?
1) XYZ from both cubes ?
2) X from cube 1 , Y from cube 1+2, Z from cube 1
3) only the common Y from cube 1 +2
The expected results is scenario 2. Basically the same access/restriction you would get, if reporting directly on the sourcecube's.
This can of course be tested with a test user with limited authorizations. The obstacle here though is that the authorization setup is defined with roles and a business unit hierarchy authorization object (consisting of several company codes) that is not fully in place yet. Hence the test will not give you a 100 % liable verification.
Has anyone else faced the same question, or can verify the expected results? I have not found any good documentation on authorization and multiprovider .
(PS, With Support package 2 for BW 3.0B a new authorization object is available used to define authorizations on a Multiprovider level. S_RS_MPRO - Multiprovider. This gives more flexibility , but is not the answer to the general question)
Best regards Per RoarIt depends. When you create an authorization object you decide on which InfoProviders the authorization object is valid. So if it's valid on Cube 1 it doesn't say anything about authorization on the Multiprov.
Best regards
Dirk
Maybe you are looking for
-
Hi All: How can we save a sales order in WebUI without submitting it for processing. The idea is that a person can come back to the saved and not submitted sales order and can work on it befor doing the final submission to the system(ECC)? Regards
-
From scorecard Pass parameter to be used as Measure in query of analytic grid report in PPS Any idea of how we can pass this parameter while connecting scorecard and report any use of MDX in connection formula ? Parameter needs to be assigned on cli
-
Terminated with error: br REP-501: Unable to connect to the specified data
Dear All, Oracle DB 10g installed on Windows 2003 Server machine and client is Windows 7 Pro. Forms are running fine. If I run report by puting everything in URL it is also giving result. But only when i am trying to call report via form I get an err
-
Numeric Format with "dB" causes strange Increment and Decrement behavior
To reproduce this, drop a numeric control in LabVIEW (Version 8.2 and later). Right click on the numeric control and select properties Select the "Format and Precision" tab Select the "Advanced editing mode" radio button Change the Format string to "
-
How to remove pop up blocker on a desktop mac osx and hp notebook?
Trying stop pop ups. My tools doesn't show how, on the Old mac desktop, and my HP notebook also doesn't allow me to complete a resume building site on the web because of these pop ups????