FCH7 Authorization Restriction for voiding the checks
Hi Sap Guru,
There is a requirement in FCH7 where we need to provide to User A - just to put the void reason and save and to User B- just to reprint the checks.
Please let me know if any user exist for the same.
Thanks,
M
It is not possibel to provide authorization at this level.
Similar Messages
-
Authorization restriction for executing the ABAP queries
Hi
In ABAP queiries how the restriction can be done for where users should not execute /authorized
of other plant or company code - Projects/ WBS/NWA and its related components. I tried the following methods but not working - seems something is missing .
method 1) restricting based on the profit center ( free coding )
AUTHORITY-CHECK OBJECT 'C_PRPS_PRC'
ID 'PRCTR' FIELD PROJ-PRCTR
ID 'PS_ACTVT' FIELD '02'.
(or)
method 2 -(free coding)
*---Authorization for Company code entered by the users.
*---This code will restrict users to see data for company
*---codes which they are not authorized to.
*---Select all the company codes based upon selection entered by the
*---user
SELECT bukrs
FROM t001
INTO TABLE li_bukrs
WHERE bukrs IN z_bukrs.
IF sy-subrc EQ 0.
*---Clear Screen variable for Company code
CLEAR z_bukrs.
REFRESH z_bukrs.
*---Filter and prepare Select options for Company code table to be
*---passed to query. Table will only have values of company codes he is
*---authorized to for display.
LOOP AT li_bukrs INTO lwa_bukrs.
AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
ID 'BUKRS' FIELD lwa_bukrs
ID 'ACTVT' FIELD '03'.
IF sy-subrc = 0.
z_bukrs-sign = 'I'.
z_bukrs-option = 'EQ'.
z_bukrs-low = lwa_bukrs.
z_bukrs-high = space.
APPEND z_bukrs.
ELSE.
lv_flag = 'X'.
ENDIF.
ENDLOOP.
*---Give warning message to the user in case he is not authorized to see
*---data for all the company codes that he has entered.
IF lv_flag = 'X'.
MESSAGE ID 'ZF_MSS_FNG' TYPE 'W' NUMBER '015'.
ENDIF.
ENDIF.
Just make sure that Z_BUKRS field is available in selection tab.
Also, declare below mentioned variables in INITIALIZATION.
DATA: li_bukrs TYPE TABLE OF bukrs,
lwa_bukrs TYPE bukrs,
lv_flag TYPE c.
Kindly help if there is missing anything on the above or is there any other alternative.
Regards
PPHi,
Kindly help if there is missing anything on the above or is there any other alternative.
Carlos is right about the Authorization check.
If you further wants to explore something extra, just visit these links:
1. http://help.sap.com/saphelp_NW70EHP1core/helpdata/en/52/671449439b11d1896f0000e8322d00/frameset.htm
2. http://help.sap.com/saphelp_wp/helpdata/en/52/67129f439b11d1896f0000e8322d00/content.htm
3. http://help.sap.com/crmcg_en/5c/deaa74d3d411d3970a0000e82de14a/content.htm
4. http://www.sap-img.com/bc042.htm
May this information helps you.
Regards.
Deepak Sharma. -
Conditions for voiding the printed check
Hi,
I need some information regarding the standard check prin program RFFOUS_C. Please let me know all the conditions for which the program voids the checks.
Regards,
JaydipHi Jaydip,
Print program will void the check numbers that are damaged or unused due to various reasons. You need to input the check numbers that are to be voided to the payment run program or directly to RFFOUS_C program.
Pls go thru following link for more clarification:
http://help.sap.com/saphelp_46c/helpdata/en/01/a9d11a455711d182b40000e829fbfe/frameset.htm -
Authorizations: restrictions for InfoObjects and InfoProvider
Hi Gurus,
I am trying to define authorizations via RSECADMIN in 7.0 for a specific InfoObject and specific InfoProviders. The situation is: I want user USER1 to see only Company 4360 on Cube 'XXXXX', but he must be able to see all the Companies in all the other Cubes.
I have used in RSECADMIN the icon "InfoCube Authorizations" to introduce the single Cube and corresponding single values for my Company, but it seems that the system use this restriction for all the Cubes.
Please help me.
Ciao.
Riccardo.Problem solved.
-
What is thr transaction for posting the checks.
Hi
What is the transaction for posting the checks
and i want to get details based on the posting date. so any one tell me the tables used in this.What kind of operation are you talking about.
For example :
F-53 , F-58, F110 are transactions to post vendor paymment with check
F-28 transaction to post customer payment with check (without creating it)
FF68 for check deposit
Regards -
Authorization restriction for Goods issue against an Order
Hello All,
We have a situation wherein the user is able to issue goods using tcode MIGO by choosing Goods issue --> Others and mentioning an order number that belongs to another plant in the account assignment tab and issues a material which belongs another plant.
For eg we have material A that has been created for plant 1. The user issues the material (movement type 261)and the account is assigned to an order which has been created for plant 2.
I could not find any authorization object that restricts this.
I checked the objects M_MSEG_BWA and M_MSEG_WWA and he has authorizations only for plant 1 and all movement types.
Any pointers to restrict this access will be appreciated.
Thanks & Regards,
Subramaniam IyerHi,
MIGO transaction by default restricted with Plant. If you say that the user A is having access to only Plant 1 & 3, but not for 2, please check the below authorization objects does not have any manual objects inserted into the Role and restricted with the value only in organization field.
M_MSEG_LGO
M_MSEG_WMB
M_MSEG_WWA
M_MSEG_WWE
This issue may occur because if the objects are maintained manually in the role. If so, when you check in the organization field, it may not be showing the value which are manually added into the manual object.
Also, please check the other roles are assigned to the user. If any of the other roles assigned to the user having any of the above objects with * value, this may provide the user to do the Goods movement for any plant.
To check the issue, please go to SUIM and check the user under "Roles by Complex Selection Criteria" and make sure that you are checking the objects for the particular user. This should be able to identify whether the user is getting access from any other roles assigned to the user.
Regards
Anandm -
Authorizations setting for running the process chain
Hai
Iam planning to run the process chain for loading the data into ODS. But i dont have authorization for it.
so what are the authorizations i need to run the process chain in my system. And how can i set all those authorizations to my user-id. I have all authorization rights .
Pls let me knw
kumarHi,
Authorizations for Process Chains
Use
You use authorization checks in process chain maintenance to lock the process chain, and the processes of the chain, against actions by unauthorized users.
· You control whether a user is allowed to perform specific activities.
· You control whether a user is allowed to schedule the processes in a chain.
The authorization check for the processes in a chain runs when the system performs the check. This takes place upon scheduling or during synchronous execution. The check is performed in display mode. The check is performed for each user that schedules the chain; it is not performed for the user who executes the chain. The user who executes the chain is usually the BI background user. The BI background user automatically has the required authorizations for executing all BI process types. In attribute maintenance for the process chain, you can determine the user who is to execute the process chain.
See also: Display/Maintenance of Process Chain Attributes ® Execution User.
Features
For the administration processes that are bundled in a process chain, you require authorization for authorization object S_RS_ADMWB.
To work with process chains, you require authorization for authorization object S_RS_PC. You use this authorization object to determine whether process chains can be displayed, changed or executed, and whether logs can be deleted. You can use the name of the process chain as the basis for the restriction, or restrict authorizations to chains using the application components to which they are assigned.
Display/Maintain Process Chain Attributes
Use
You can display technical attributes, display or create documentation for a process chain, and determine the response of process chains during execution.
Features
You can display or maintain the following attributes for a process chain:
Process Chain ® Attribute ® ...
Information
Description
( Rename)
You can change the name of the process chain.
Display Components
Display components are the evaluation criterion in the process chain maintenance. Assigning the process chains to display components makes it easier to access the chain you want.
To create a new display component, choose Assign Display Components in the input help window and assign a technical name and description for the display component in the Display Grouping dialog box that appears.
Documents
You can create and display documents for a process chain.
For more information, see Documents.
Last Changed By
Displays the technical attributes of the process chain:
· When it was last changed and who by
· When it was last activated and who by
· Object directory entry
Evaluation of Process Status
If you set this indicator, all the incorrect processes in this chain and in the overall status of the run are evaluated as successful; if you have scheduled a successor process upon error or always.
The indicator is relevant when using metachains: Errors in the processes of the subchains can be evaluated as unimportant for the metachain run. The subchain is evaluated as successful, despite errors in such processes of the subchain. If, in the metachain, the successor of the subchain is scheduled upon success, the metachain run continues despite errors in unimportant processes of the subchain.
Mailing and alerting are not affected by this indicator and are still triggered for incorrect processes if they have an upon error successor.
Polling Indicator
With this indicator you can control the response of the main process for distributed processes. Distributed processes, such as the load process, are characterized as having different work processes involved in specific tasks.
With the polling indicator you determine whether the main process needs to be kept until the actual process has ended.
By selecting the indicator:
- A high level of process security is guaranteed, and
- External scheduling tools can be provided with the status of the distributed processes.
However, the system uses more resources; and a background process is required.
Monitoring
With the indicator in the dialog box Remove Chain from Automatic Monitoring?, you can specify that a process chain be removed from the automatic monitoring using CCMS.
By default CCMS switches on the automatic process chain monitoring.
For more information about the CCMS context Process Chains, see the section BW Monitor in CCMS.
Alerting
You can send alerts using alert management when errors occur in a process chain.
For more information, see Send Alerts for Process Chains.
Background Server
You can specify here on which server or server group all of the jobs of a chain are scheduled. If you do not make an entry, the background management distributes the jobs between the available servers.
Processing Client
If you use process chains in a client-dependent application, you can determine here in which client the chain is to be used. You can only display, edit, schedule or execute the chain in this client.
If you do not maintain this attribute, you can display, edit, schedule or execute the process chain in all clients.
Process variants of type General Services that are contained in a process chain with this attribute set will only be displayed in the specified client.
This attribute is transported. You can change it by specifying an import client during import. You must create a destination to the client set here in the target system for the import post processing (transaction RSTPRFC) The chain is activated after import and scheduled, if necessary, in this client.
Execution User
In the standard setting a BI background user executes the process chain (BWREMOTE).
You can change the default setting so that you can see the user that executes the process chain and therefore the processes, in the Job Overview. You can select the current dialog user who schedules the process chain job, or specify a different user.
The setting is transported.
The BI background user has all the necessary authorizations to execute all BI process types. Other users must assign themselves these authorizations so that authorization errors do not occur during processing.
Job Priority
You use this attribute to set the job priority for all of the jobs in a process chain.
Hareesh -
Authorization restriction for Goods issue . others radio button in migo tcode
Hello All,
We have a situation wherein the user is able to issue goods using tcode MIGO by choosing Goods issue --> Others and the movement type 201
the above mentioning details i need to block the others tab only for specific user ids i have checked the MIGO objects But its not worked
please give me solution for block the others button on the drop down box
please find the attachment of screen shot its helpful to sort out the issue
Best Regards
sureshDear Anandan,
Please use trace t.code ST01 to fix the issue.
You can restrict the movement type using the authorization object M_MSEG_BWA.
If you can provide the step by step screens where you want to exactly restrict we can fix it.
Regards,
Venkatesh -
Authorization restriction for BP transaction
Hi,
We need to restrict the BP transaction access to user in the below mentioned way in our SRM system.
1. Restricting BP access to all the users with display access.
2. Restricting BP access to security users with create, change and display access.
What is the main object for BP transaction for restricting access in the above mentioned scenarios?
Here, we have observed one more issue like....
Let say object-B_BUPR_BZT(not sure) is a main object for transaction-BP. If we restrict activity to 03 in that object, it will give display access when we are executing transaction-BP.
Some of other transactions(like PPOMA_BBP) are there in SRM, those are also maintaining same object with all activities(create,change,Display).
In this scenarios, how the above mentioned restriction is going to help the user.
Please check and advice in this.
Thanks & Regards,
KKRao.> Let say object-B_BUPR_BZT(not sure) is a main object for transaction-BP.
It may be a "main object" for BP, but that doesn't tell you much at all about the security aspects or where in the logic of the transaction it is used. This object is for example not a part of the business logic of transaction SE80, or that I am sure.
If you have no clue, then start in SU21 and read the application help documentation on the transaction (to understand it's context) and the use-cases of the object - also to find the other transactions. Then you will become more sure.
You also need to understand that in the same way the transactions, reports and the "real checks" are layers in the security, objects themselves can also be selective and layered in a conceptually consistent way, or (to make it more interesting...) transaction dependently.
There are lots of shortcuts (even out-of-the-box roles which someone might try to sell you...) but ultimately if you use a SAP system to "build" your business processes, then you need a concept to secure your build. SAP owns the authority-checks in standard programs to enable the process to comply with legal requirements and some common sense.
=> So, you need to choose your transaction (or other entry point) carefully and understand the objects which they use.
Cheers,
Julius -
Authorization Restriction for Object Changeability :
Hi ,
How to restrict users from using Object changeability in Production System if they are given access to RSA1, even though the system is completely closed , with Object changeability, the users can still create a new Info package and upload data ?
I have gone through the SDN and SAP documentation, but I could not find any such references.
Looking forward to your valuable input on this.
Regards,
Ahmed.Hi there,
You have an authorization object named S_RS_ADMWB (Data Warehousing Workbench - Objects).
You can with that object restrict the several activities (display, execute, create, etc.) for different Datawarehouse InfoObjects (InfoPackage, etc.).
Try to restrict that to the users.
Diogo. -
Void the check but cannot print another check by using the same check no.
Dear All,
Our customer need to print the check on number #10.
However, we already print a check by using #10.
Then I void that check and go to house bank and change the 'Next Check No.' to 10.
But the system still print the check on number #11
Please help. Thanks a lot.
The other question is, when I take a look their database, I cannot find check #9. But if I would like to print check#9, the system said it is already in the database. Why? Thanks
Regards.
Yuka
Edited by: Jie Jin on Jul 31, 2009 11:06 PMWe test printing check on their production database
So check A printed on check #10 check b#11 check #12 printed on the blank paper.
Then they said they would like to print the real check from number #10. But the system will not allow us to do that. It ask us start from #13.
So, they decide to write the check manually for check #10, check #11, check #12. Then they will have 3 checks in the system they didn't print it. And next time, they can start from #13.
The problem is, for the 3 checks they write manually, the system didn't print it. So, every time, they are showing on 'to be printed' list (actually our customer write it manually). What should we do to block those 3 checks if they don't want to void it? Thanks. -
Authorization restriction for CRM 2007
Dear Experts,
We are in process of defining the authorization matrix for CRM 2007 for end users who will be using Web UI.
Here my requirement is the service orders created by USER1 should not be displayed by USER2 and vice-versa when they do a search in both Web UI and GUI in Tx CRMD_ORDER for service orders.
Please let me know how can I acheive this and what is the auth. object for the same.
Thanks & Regards,
SharathDear babu,
If I understood your request, you want that, only one user will be able to access the document. If you want to do that, this is the answer:
At tcode PFCG you shoud set:
First you must set what type of document will be avaible to the user, in this case Z020.
CRM_ORD_PR: PR_TYPE 'Z020',ACTVT '*'
Next you must set which activities they will be able to do (notice, you must set the same field in the previsou object(
CRM_ACT: ACTVT u2018*u2019
And then you set which partner function or partner category are able to access the document, here is the main point !
In this example I set that only users who has Partner Category (not partner function) Employee Responsible (std partner category 0008) are able to access the document
CRM_ORD_OP: ACTVT '', PARTN_FCT '', PARTN_FCTT '0008'
Here you can notice again field ACTVT, here you will set what user are able to do, "*" means everything, "1" = create, "2" = modify, etc. (I can see the list at PFCG, adding the auth. object to the PFCG profile).
I notice only std partner function or partner category works with this object. I sent a message to sap support, and they confirm that, so if your user has Z partner funcition or category it is not possible to do that.
Summary, your user must be present in the partner list of the document, and they must have a partner function or partner category std. It is possible to set together both values PARTN_FCT and PARTN_FCTT, but I think it is not necessary.
The easy way to do that is, user who will be able to access the document, must be the employee responsible.
This help is very usefull
http://help.sap.com/saphelp_crm60/helpdata/en/4a/b9f63a8ab2c745e10000000a114084/frameset.htm
Regards,
Lalas
ps.: As you should know, only one partner function must have partner category Employee Responsible, in the partner det. procedure, otherwise, you will get error message in your application. -
Authorization restriction for Transaction PK13N
Hi @ all
My colleagues and I are responsible for the authorizations in our system.
Since few days we test the Kanban functions in SAP.
In abovementioned transaction are two buttons "To Empty" and "To Full".
Does anybody know if there is a possibility to restrict some users for these buttons?
Thanks @ all!!
Greets KristinHi Kristin,
The "Save to Empty" and "Save to Full" buttons are screen elements and can't be restricted with the authorization objects.
Further, below are the authorization object that are checked with PK13N transaction code:
C_KANBAN PP KANBAN Processing
C_TCLA_BKA Authorization for Class Types
CPE_SETTIN Commodity Pricing Engine: General Settings
You can imply restriction on any of these.
If you with to show/remove one of these buttons, you can achieve this with screen variants using SHD0 transaction code.
Hope this helps.
Regards,
Raghu -
Restricting for creating the Billing Document without PGI in STO Process
We want to restrict creating the Billing Document without PGI in STO Process
Delivery Type:NL
Item cataogory:NLN
Billing Type: JEX Profroma Invoice
I have check in VTFL
At Header Level, Routine - 003. for normal sales process LF-F2
At Item Level , Routine - 004
in VTFL-- NL-JEX
At Header Level, Routine - 009.
At Item Level , Routine - 010. here when i changed to 003 and 004 for NL and JEX
i am getting error after PGI when i am doing vf01 error is coming " document is not relevant for Billing"Hi
Kindly do the belwo
1. goto the t code VOV7 item category determination and select the item category and put the billing relevance as "A"
2. once the step 1 is completed then it will show the billing relevant status AS "A"in the delivery documnt at the item level
The above configuration will be applicable in the new documents only
Regards
Damu -
Authorization restriction for bank details in FK03
Hi,
Please help me in restricting display of Bank details (payment transactions) in vendor master when we use transaction FK03 or XK03.
Thanks,
NitishHello Nitish,
You can protect all general data (i.e. address data, payment transaction
data, ...) with the authorization object F_LFA1_GEN. However, it is not
possible to protect only bank data using authorization objects.
As a workaround(!) for your requirement, you can do the following:
1) Use the IMG Customizing tool (transaction SPRO) or transaction OB23
directly to define Payment transactions data as "Suppress" within
transaction FK03 and as "Display" within transaction XK03.
2) The use of transaction XK03 should only be allowed to the managers,
but not to the normal users who should use transaction FK03.
Hope that helps,
Jon
Maybe you are looking for
-
Selection criteria are not applied to summary fields on group footers.
I wonder if anyone can help me with this problem. I am using Crystal reports version 11.2, and my data source is a Sql Server view. The records on the view have a date field, and I have selected all records within a given date range in "Selection Fo
-
HT1918 Why does my credit card keep getting declined
Why does iTunes keep declining my credit card
-
"The application PubSubAgent quit unexpectedly"
Can't open Safari. I get this message every time I try to open it. The application pubsubagent quit unexpectedly. I already tried clearing and deleting pubsubagent and that didn't do anything. I don't have a mobile me .mac account. When I try to open
-
Hi there, So I'm getting a tad frustrated with this BBM copying issue. As I select the text, choose copy as its the only option, it then reads message copied...my where to?? where is it copied to?? I seem to have no clipboard so where can I find it?
-
Hi all, I have an iphone 4 and the guy transferring the contact list from my old phone transferred all the photos that were on that phone as well to the new phone. There are some photos I don't wnat to keep but can't delete them from the iphone as t