FERC Code of Conduct - Restricting access for employees

Similar Messages

• Restrict access for Vendor Master Data

  Hi all.
  Our company structure is like below:
  Single instance, just one mandant.
  Company codes like 1001, 3001, 6002, 6006, etc... over the world.
  At some companies just the central administration can create vendor for the companies using the transaction XK01.
  Now we need to give access to users from one of our company from other country but we can´t give access to transaction XK01 because just the central administration can create the master data for the vendors.
  I already read about the object F_LFA1_AEN that is possible to create some field groups and give access just for the rigth groups. I also read that this authorization groups don´t have effect on the vendor master data like address.
  How can I restrict access for the vendor master data? I´m thinking to give access to transaction FK01 and MK01 and restrict access for create a new vendor, I only want that the users can create the data for a new company or new purchase organization.
  Thank you
  Darlei Friedel

  among many other authorization objects, you find following three:
  F_LFA1_GEN general data
  F_LFA1_BUK company code data
  M_LFM1_EKO purchasing org data.
  If the user does not have authorization for F_LFA1_GEN , then he cannot maintain general data.

• Restricting access for servlet

  Hi,
  I've two servlet urls:
  http://mymachine/servlet/f60servlet?config=One
  and
  http://mymachine/servlet/f60servlet?config=Two
  I want One to be open for internet and Two only open for intranet. With:
  <Location /servlet >
  order deny,allow
  deny from all
  allow from mynetwork
  </Location>
  in jserv.conf I can restrict access to my intranet but this restriction is applyied to both my applications.
  How can I restrict access for Two but not for One?
  I use iAS 1.0.2.2 on a Sun Solaris 8 machine and Forms6i patch 10.
  kind regards,
  Ivan

  Hi,
  I did open a tar with Oracle and the problem is solved by
  1) creating an alias for /servlet/f60servlet in zone.properties:
  servlet.f60listener.code=oracle.forms.servlet.ListenerServlet
  servlet.f60servlet.code=oracle.forms.servlet.FormsServlet
  servlet.f60servlet.initArgs=configFileName=/u01/app/oracle/product/8.0.6/forms60/server/formsweb.cfg
  servlet.f60listener1.code=oracle.forms.servlet.ListenerServlet
  servlet.f60servlet1.code=oracle.forms.servlet.FormsServlet
  servlet.f60servlet1.initArgs=configFileName=/u01/app/oracle/product/8.0.6/forms60/server/formsweb_internet.cfg
  In formsweb_internet.cfg is only the web-form app defined that should be open for internet
  2) in jserv.conf :
  <Location /servlet/f60servlet>
  order deny,allow
  deny from all
  allow from <mynetwork>
  </Location>
  <Location /servlet/f60servlet1>
  order deny,allow
  deny from all
  allow from all
  </Location>
  See also Doc ID: 180741.996 on metalink.
  Hi,
  I've two servlet urls:
  http://mymachine/servlet/f60servlet?config=One
  and
  http://mymachine/servlet/f60servlet?config=Two
  I want One to be open for internet and Two only open
  for intranet. With:
  <Location /servlet >
  order deny,allow
  deny from all
  allow from mynetwork
  </Location>
  in jserv.conf I can restrict access to my intranet
  but this restriction is applyied to both my
  applications.
  How can I restrict access for Two but not for One?
  I use iAS 1.0.2.2 on a Sun Solaris 8 machine and
  Forms6i patch 10.
  kind regards,
  Ivan

• Restrict Access for Asset with Ubuntu

  Hello guys,
  now i have a problem for you and i hope, that you could help me.
  The ArtBox have some problems on my ubuntu system. The error message shows me "Restrict Access for Asset".
  Can somebody give me some tips, how the error could be recognize or how i can fix it?
  Thanks for the help.

  Hi,
  After you finish installing Artbox , you must now make sure that samba is setup correctly. I just plan to try ArtBox and ubuntu using virtualbox, hope it can work fine.

• Restricting  Access for SQ01 User Group

  Hi ,
  Please let me how to Restrict  Access for a   User Group  to only some of  the specific users?
  Thank you
  Edited by: Vibhor Arora on Apr 12, 2010 7:29 AM

  Hi,
  Can you please clarify what exactly you want to know, your request can be interpreted in a few different ways.
  If you are concerned that people have access to all user groups, then you need to remove access to S_QUERY activity 02 and I think activity 23.  They will lose access to all user groups that they are not assigned to via SQ03.

• Restricting access for condition types in VK11

  Hi
  ZWX1 and ZWX2 are SD discount condition types, I should use these condition types  only for sales deal , hence , I will create condition record only in VB21 with reference to sales deal.
  Some other users may create condition records in VK11 mistakenly, I need to avoid it, so these condition types should not be accessible to create condition records in VK11 or anywhere except  VB21.
  Any thought ? how can I achieve this ?   
  thanks

  Hi
  If you want to restrict the access for the condition types then you give the authorization for VK11 for maritaining  the condition records only to those users who has  to maintain the condition records for that condition types.So you have to take the help of BASIS team
  Regards
  Srinath

• Restricted access for user in SU01

  Hi All
  How can we give authorisation to a User to modify access (Create/Delete/Password Change/Role assign /Role Delete..etc) for other user IDs but that user should have only display access for his User ID.
  Please Help me in this.

  Hi,
  I have worked with many clients, and the requirement of handling the user Administration and Role Administration is different from each client to other client.
  Some client may ask for the same person should handle both User and Role ADministration, but some client may ask for separating the tasks.
  In your case, if you want to restric the person to maintain the other users but not the own user id, this can be achieved by doing the following:
  Create a separate user group who is doing the administration part and create other user groups for other users.
  Create a role with SU01 and restrict the Standard objects with all user groups except the administation one and add S_USER_GRP authorization object manually into the same role and provide only 03 with the administration object.
  The above will solve the problem of administration not able to update the own user id, but the other users.
  Regards
  Anandm

• Ver 8.8 Restricted access for BP and activities

  Currently, I am not aware of a way to restrict access to certain BP accounts, including the related activities for a BP. For example, our bank, HR consultants, etc. where I would like to limit the access to these BP accounts and related attachments to certain users, such as our management group.
  Primary importance would be to limit access to related activities where sensitive information may be stored in the form of emails, attachments, etc.
  Our previous CRM allowed us to flag BP accounts as restricted and set up permissions to authorized users.
  Is anyone aware of a way to limit access to these activities?
  If not, this is a great enhancement for future releases.

  Current system design has only set up confidential GL Account but not for BP. You probably need to post it on the R&D forum here:
  /community [original link is broken]
  Thanks,
  Gordon

• Restricting access for top Hierarchy in queries

  Hello all,
  Since we have a top hierarchy that comes from R/3 in which every company from our organization is attached, is there any way to restrict users access in the queries and authorizations so that when a user runs a query and tries to access nodes (cost or profit centers or other companies) that are restricted for him/her the "Authorization Not allowed" message displays.  We know that the companies can not be treated as 0co_code but as nodes and We also know that in the Role modification we can put all this detail, but this will increase in a manual maintenace process, because everytime there's a new cost or profit center a manual maintenance must be done.
  We want to have an automatic process since the hierarchy comes from R/3.
  Thanks for your help!!
  Mrs. Eyda Muñoz

  Hi,
  You can try look at transaction RSSM and at the very bottom there is a button "fr. hierarchy".  This is where you can specify the levels and nodes to restrict to.  Then you have to set up a profile in PFCG to provide the restriction.
  http://help.sap.com/saphelp_nw04/helpdata/en/80/1a689ae07211d2acb80000e829fbfe/content.htm - this should be able to provide some form of basic understanding.
  Hope this helps.
  Cheers,
  Gim

• Sales Partner Functions - Restricted access for assigned partners

  Sales Department would like to use a partner function to assign a responsible salesman to a customer.  They would also like to restrict the access of the salesman to only those customers (and their associated sales orders/deliveries) that are assigned to him.
  How is this done from an authorization perspective?

  Hi,
  This can be achieved thru user exit.  You might need to create the authorization objects for document type, partner function and this has to be assigned to the concerned user.  The validation can be done with the field ERNAM and SYUNAME. 
  Thanks
  Krish.

• Password restricted access for published Groupwise calendar

  Hello,
  we want to publish our internal calendar. But I want to prevent, that everyone who knows the link-address has access to this calendar.
  So I tried to add the LDAP-authorisation to the /etc/opt/novell/groupwise/calhost/gwcal.conf as described in Novell-doc 7000659.
  But the access to the (for testing) published calendar is still open for every who knows the link-address.
  Another directory I published from the same apache2 with the same entrys in the config file in /etc/apache2/vhosts.d/xxxx.conf works fine, if the user wants to get access, he has to login with his uid/password.
  Is there another way to restrict the access to the public calendar via LDAP as described?
  Thanks for your help,
  Holger

  Originally Posted by trixlopez
  Hi Laura,
  Has there been any update on the authentication mechanism built into Calendar Publishing? One of our executive wanted to have his GW calendar access by an external user for business purposes.
  We have the Calendar Publishing working but user has some concerns about privacy, if it can be password protected. Any other option/suggested is greatly appreciated.
  Thanks.
  For example NetIQ Access Manager would be one option to handle this problem.
  Thomas

• Restricting access for import manager and syndicator

  Hi All,
  I wanted to know whether is there any way on how we can restrict the access to import manger and syndicator.
  I have one scenario whether user needs to be given the access to data manager only but not to other components.It is ok if they are able to open but should not be able to import or syndicate.
  Please help in this
  Thanks
  Nitin

  Hi Nitin,
  No i get your point Nitin,I said if a unwanted user logs into Import manager he can try to add/modify/replace record,this can be stopped if he is not given the rights.For this go to Console,Admin table and goto Roles and set rights and privileges on that.
  whenever a user logs into Import Manager he has to give his user id and password,and from there we can control this.
  If he tries to import records,it will fail.also if he tries to modify map,it wil fail too.
  To get a clearer picture try doing it for one user and run this scenario.
  An excerpt froim reference guide:
  "The groups and functions displayed in the Name column are listed in Table 89; access privileges for each function are directly editable in the Functions pane"
  record - Add records
   Modify records
   Modify checked out records
   Delete records
   Merge records
   Merge checked out records
   Protect records
   Unprotect records
   Check out records
   Check out new records
   Check in owned records
   Roll back owned records
   Check in non-owned records
   Roll back non-owned records
   Modify join permissions for non-owned records
  Consolidation and distribution - Add import maps
   Modify import maps
   Delete import maps
   Add syndication maps
   Modify syndication maps
   Delete syndication maps
   Enable key mappin
  You can control these setting privileges in Console.
  thanks,
  Ravi

• How to restrict access to views for some users in the app?

  Hi SDN!
  I have an WD application wich embedded in the portal. Appication has 2 iViews (and 2  pages respectively). These iViews consist several views connected with each other (e.g. one view provide list data, second view is add/edit form for this data). I need to restrict access for some users for view with add/edit form. I can't make separate page for this view.
  What I've done:
  1) create yet another UIContainer for this view in main window and embed view to this container. It was be done for create separate iView for form.
  2) in the portal I create iView for this form but don't embedd in any page.
  When I try to call my form from list data (that is one iView from another) I get exception:
  <b>com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: duplicate usage of view .MyCarRentalAddCity</b>
  Is there a way to get needed functional?
  Thanks,
  Lev

  Hi,
  do you need to remove the IView from the portal menu or do you just want to make a View container in your WD application invisible if the user doesn't have the rights to see it.
  If so, you could create your own roles on the app server:
  You need to create a new class that extends NamePermission like:
  import com.sap.security.api.permissions.NamePermission;
  public class ApplicationAccessPermission extends NamePermission {
             * @param name
            public ApplicationAccessPermission(String name) {
                 super(name);
             * @param name
             * @param action
            public ApplicationAccessPermission(String name, String action) {
                 super(name, action);
  Also, you have to create an Action.XML file that looks like this:
  <BUSINESSSERVICE
       NAME="com.vendor.administration">
       <DESCRIPTION
            LOCALE="en"
            VALUE="actions view usage"/>
       <ACTION
            NAME="View Permission">
            <DESCRIPTION
                 LOCALE="en"
                 VALUE="Show view"
                 />
            <PERMISSION
                 CLASS="com.vendor.utilities.ApplicationAccessPermission"
                 NAME="ShowView"
                 />
       </ACTION>
  </BUSINESSSERVICE>
  If you have created these to files in your packages, you can access this function like:
  IUser user ;
  try {
            user = WDClientUser.getCurrentUser().getSAPUser();
            if(user.hasPermission(new ApplicationAccessPermission("Show view"))){
                 wdContext.currentV_UIElement().setViewVisibility(WDVisibility.VISIBLE);
            }else{
                 wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
       }catch (WDUMException e1) {
            wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
                  e1.printStacktrace();
  You have to bind the ViewVisibility attribute of the context to the View Container you want to hide.
  The applicationAccessPermission you defined in the XML File will be visible in the UME Manager of you J2EE engine. With this action you can create a new role and group that you can map to the users that should see you view.
  But, the exception you get is because you have embedded one view twice, which is not possible.
  Hope this helps.
  Regards,
  Dennis

• Restriction access to single pernr

  Hello!
  I'd like to restrict access for one pernr without changing of existant roles.
  These roles use P_ORGXX (SBMOD) for restriction. SBMOD (Administrator groups) depends from Employee Group and it's automatically filled out (the Feature/PE03).
  Is it possible to create the feature for pernr or may be to fill Admin. grout out other way?
  TIA
  Regards,
  Tonya

  VI libraries (llb) had certain advantages on older OS, they e.g. supported long filenames, even before W95. Now the advantages are are not as clear anymore except for the built-in distinction between plain and toplevel VIs. They are useful for distributing applications. or e.g. attach an example program containing multiple VIs here as a single file.
  > In LabView 4.0, Windows 95, how can I make files from single VIs?
  You can always open any subVI for editing, then save it to a plain "single-file" VI. You can also use the "VI library manager" (under tools. I don't remember if LV4 already had that).
  Newer version of LabVIEW have an option of "enable windows explorer for llb files". This is nothing more than a new "explorer like" interface that lets you b
  rowse inside llb files with a similar look-and-feel as windows explorer. It does not convert anything.
  LabVIEW Champion . Do more with less code and in less time .

• Restricting access of to auth relevant characteristics

  Hello Experts,
  We have a requirement wherein I have to restrict access for a user by which the user would not be able change the poroperties of characteristics even in the local view in the query designer.
  The requirement is like the user should be able to go into change query (local view) and change rows and columns but the user should not be able to change the properties of any characteristic.
  In our case the user is trying to change the properties of a authorisation relevant characterstics which the user should not.
  Thanks in advance.
  Best Regds,
  Suyog.

  Hi Suyog,
  As per my knowldge, you cant control change acceess only to rows and column only in query designer. Also please note that maintaining auth. relevant charactristics as processing type authrization or customer exit is BW developers job, as BI security consultant you can give suggestions to maintain such varaiables.
  Hence you give change  query access in Dev and  give only display in QA & production.
  Best Regards
  Imran