Field Level Authorization
Hi Gurus,
Can you explain me how to proceed forward inrelation to Field Level Authorizations in SAP HR. For instance I want to restrict roles of individuals based on Field for example restrict users based on Field Workschedule in IT 0007 ( Planned Working Time).
Regards,
Happy
AUTHORITY-CHECK OBJECT 'S_TABU_LIN'
ID 'ORG_CRIT' FIELD 'MOLGA'
ID 'ACTVT' FIELD '03'
ID 'ORG_FIELD1' FIELD '10'
ID 'ORG_FIELD2' FIELD '*'
ID 'ORG_FIELD3' FIELD '*'
ID 'ORG_FIELD4' FIELD '*'
ID 'ORG_FIELD5' FIELD '*'
ID 'ORG_FIELD6' FIELD '*'
ID 'ORG_FIELD7' FIELD '*'
ID 'ORG_FIELD8' FIELD '*'.
IF sy-subrc NE 0 .
MESSAGE e000 WITH 'No Authorization for area' v_text.
ENDIF.
Use S_TABU_LIN authority object for field level authorizations.
Similar Messages
-
SM30 Field level authorization check
Hi,
I have a requirement to add the authorization check in SM30 for the company field in the custom table. Please suggest.
Thanks,
Gagan ChodhryHi,
I have this requirement for both type of tables i.e. custom as well as standard. Tables has got field profit center.. I need to show the table based on the loggedin user authorization to the profit center.
If it is a custom table then as mentioned by Siva, there is a way I heared that we can check the authorization in PAI event, but when I tried to do a small test, I could get the field symbol with the values, but I was not able to skip that record for disply.
If anyone can send the sample or the way to skip the record based on the check.
Also is there any other way to add the field level authorization to custom and standard tables...
Thanks,
Gagan Chodhry -
Field level Authorization configuration in SAP BO issue !!!
Hi gurus,
I want to create field level authorization at query level and use the same at BO web Intelligence. (Ex if i h ave company code as A,B,and C. and if i have created a rolehe users where only A and C is assigned so when i crreate a webi where users should only able to select comapny code as A and C only.)
Now i want to know the steps to configure the same in BO for roles import and SAP authentication setting.Please do tell the pre-requisites .I got lot of links but am still confused.
So please provide exact steps and setting to configure the same.
Thanks &Regards,
Montz
Edited by: montz2006 on Jun 27, 2011 9:05 PMAUTHORITY-CHECK OBJECT 'S_TABU_LIN'
ID 'ORG_CRIT' FIELD 'MOLGA'
ID 'ACTVT' FIELD '03'
ID 'ORG_FIELD1' FIELD '10'
ID 'ORG_FIELD2' FIELD '*'
ID 'ORG_FIELD3' FIELD '*'
ID 'ORG_FIELD4' FIELD '*'
ID 'ORG_FIELD5' FIELD '*'
ID 'ORG_FIELD6' FIELD '*'
ID 'ORG_FIELD7' FIELD '*'
ID 'ORG_FIELD8' FIELD '*'.
IF sy-subrc NE 0 .
MESSAGE e000 WITH 'No Authorization for area' v_text.
ENDIF.
Use S_TABU_LIN authority object for field level authorizations. -
We need to give field-level authorization for some fields
The schenario is as follows :
1. There are various storage locations within a plant.
2. There is one or more people incharge of creating PO and receiving
stocks for every storage location.
3. We dont want to authorise the person incharge of one storage
location to receive stock in another storage location or even view the
other storage locations at the time of creating the PO or any other
transaction. The user incharge of one storage location should not be
able to view any other storage location in any storage location field's
drop down.
regards
Manish
+91 9811647727Hi Umesh,
Please see the documentations for authorization profile P_ABAP in the R/3 library and the following:
SU03 -> HR Human resources -> position your cursor to P_ABAP HR: Reporting -> choose button "Docu." -> the pop-up "help - P_ABAP" appears.
There is an example, which describes a similar issue regarding RPTIME00 and the Basic pay infotype (0008).
The standard reports of personnel administration are based on logical database PNP I would recommend to set your authorization as follows:
Object HR: Master data (P_ORGIN) (two authorizations)
Infotype 0002 ' '
Subtype * ' '
Authorization level R ' '
Organizational key ' ' 0001YYYYXXX
Object HR: Reporting (P_ABAP)
Report name SAPDBPNP
Degree of simplification 1
Please note, that if a user has authorization for e.g. the birthday list , (s)he will be able to view the birth date through thisquery, although (s)he cannot access to IT0002 through PA20.
Another possibility would be using Customer-Specific Authorization Object P_NNNNN. I have attached a file with a very comprehensive documentation regarding HR authorizations. P_NNNNN is documented on pages 40 ff.
Hope this help
Sarah -
Field level Authorization for IT0002
Hi All,
We have a requirement to control the authorization for the field NI Number/Social Security number from IT0002.
This field is getting displayed in various standard reports which are in use by administrators/Managers etc....
We want to disable the access of this field to every one, even the HR administartor.
Kindly suggest if this is possible using authorizations.
I know that we can hide the field in display access for PA20 or PA30, but I am particularly serching the option for various reports.
Regards,
Umesh Chaudhari.Hi Umesh,
Please see the documentations for authorization profile P_ABAP in the R/3 library and the following:
SU03 -> HR Human resources -> position your cursor to P_ABAP HR: Reporting -> choose button "Docu." -> the pop-up "help - P_ABAP" appears.
There is an example, which describes a similar issue regarding RPTIME00 and the Basic pay infotype (0008).
The standard reports of personnel administration are based on logical database PNP I would recommend to set your authorization as follows:
Object HR: Master data (P_ORGIN) (two authorizations)
Infotype 0002 ' '
Subtype * ' '
Authorization level R ' '
Organizational key ' ' 0001YYYYXXX
Object HR: Reporting (P_ABAP)
Report name SAPDBPNP
Degree of simplification 1
Please note, that if a user has authorization for e.g. the birthday list , (s)he will be able to view the birth date through thisquery, although (s)he cannot access to IT0002 through PA20.
Another possibility would be using Customer-Specific Authorization Object P_NNNNN. I have attached a file with a very comprehensive documentation regarding HR authorizations. P_NNNNN is documented on pages 40 ff.
Hope this help
Sarah -
BW Field level Autorizations are not working in the WEBI Reports
Dear All,
1. I have created Authorization roles with Infoobjects Authorization Objects.
2. In Bex Query Authoizations are working on the Infoobjects like for
Ex: For USER1 I have given Company code = 1000 &
User 2 I have given authorization for 1100.....
3. Import those roles into Business Objects-CMC.
4.Users were Imported.
But in the WEBI Reports BW Field level Authorizations are not working i.e for USER1 authorization for Company code is 1000 , in WEBI report it is showing all the Company codes data for USER1.
For USER2 also showing all the data in the WEBI report.
Plz help me on this issue.
Thanks,
Kiran ManyamHi,
For Authorization to work in BO you can check the following:
1. You need to create authorization variables in your BEx query.
Also these variables should not be input ready.
2. While creating universe in BO you need to select "Single Sign On" option available in the parameters iwhile creating a new
connection.
Regards,
Rohit -
Organization level authorization restrictions
Hello All,
Please can you let me know
1) f it is possible to org level authorization restrictions for CLM documents and master data without any development?
- E.g. while creating suppliers the user should only be able to create for the Company assigned to the user id?
2) What is the significance of the company and organization unit fields in the user account information page?
Regards,
Subramaniam IyerHi ,
Could you share about your solution ? I think I have face the same problem as yours. -
Hello everyone,
I have 4 questions, all pertaining to what you can do with a field in APEX:
First, how to enable field-level Edit access in APEX? I understand I can apply authorization scheme on each page. So when a user has only View access, he/she can't edit the page. This is nice but what if out of a page, I want only one field being editable by an Administrator and not by the other groups, how do I do this?
Second, if I want an Administrator to be able to add a row to a pop-up LOV and he's a mere administrative user of the system and not the APEX administator, how best it is to do this?
Third, when a user logs in, how to ensure his login name and perhaps today's date already appear in a field?
Finally, when a field is filled in, how to disable that field from future modification by shading it for example?
Thanks for enlightening me on this.
Best regards,
DanielSagar has the point. You should check the OES and OAM certification for all versions you want to use. AFAIK OAM 11g and OES 10.3.4 run on WLS 10.3.3 only.
See the certifications for details: http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
--olaf -
Plant level authorization control for Internal Order
Dear Sir,
We create Internal Order using tcode KO01 and being a multi plant scenario , we want to have an authorization control on Internal Order creation/change so that plant or profit-center level authorization rights can be given to the users .
We request you to Kindly guide us about the steps to be followed for addressing such requirement .
With thanks and Regards
Sonia AgarwalaSonia-
It can be done. You have two options.
1. SAP security - when your security person can limit a user by plant, profit center etc using authorization objects.
2. Validations - Here you can create a validation where you define you logic. In your logic you can restrict set of users who can access a set of fields (profit center, plant etc). If he deviates, the system can issue error messages which is maintained in validations. Use transaction GGB0 to create validations.
Hope this helps.
Shail -
Why I can not find field:Level in Project Hierarchy in BAPI_BUS2054_NEW?
Dear experts,
Why I can not find the field of "Level in Project Hierarchy" in structure BAPI_BUS2054_NEW?
I only define the data to upload wbs:
PROJECT DEFINITION
PROJECT DESCRIPTION
PROJECT PROFILE
WBS Element
WBS description
Can you tell me which fields must to upload?
Looking forward to your reply.
Many thanks.
MerryzhangAnyone can help me ?I need the field "Level" in BAPI_BUS2054_NEW,But I can not find it.
-
How to populate the Error stack during error records in field level routine
hi,
I am capturing the error records in Field level routine in transformation. now i want these records to reflect in error stack.
i am using 'Append monitor-rec to MONITOR' at the moment but i cant see any records in error stack.
but when i am using the same statement in start routine i am getting records in error stack.
can anyone please help as to how can i populate error stack through field level routine?Hi,
Try to do it in the end routine instead of the field routine.
It should work.
Regards,
Joe -
E-Recruitment - Requisition - Infotype Field Level Change Log
Hi Experts,
We are implementing SAP E-Recruitment, and would like to know how to capture the changes made in Requisition at infotype field level.
For example: If a support team member is added/delete in the Requisition (Tab - Support Team), then these changes (NEW/DELETE) at the infotype field level are required.
I have tried to maintain the infotype and the required fields in V_T582A, V_T585A, V_T585B and V_T585C. But didnt get any result when I executed the report RPUAUD00. Is there any additional configuration required for this?
Please adivse.
Thanks and Regards,
Dinakaran RHi,
You can just to that with the infotype table log. Support team is stored in table HRP5131.
Regards,
Nicole -
JDeveloper 11.1.1.2.0 - Help text at field level
Hi,
We are making use of the Help.properties file to produce field level text. I have field's such as the following
<af:inputText value="#{bindings.DocumentName.inputValue}"
label="#{bindings.DocumentName.inputValue eq null ? '' : bindings.DocumentName.hints.label}"
required="#{bindings.DocumentName.hints.mandatory}"
columns="#{bindings.DocumentName.hints.displayWidth}"
maximumLength="#{bindings.DocumentName.hints.precision}"
shortDesc="#{bindings.DocumentName.hints.tooltip}"
id="it4"
autoSubmit="true"
helpTopicId="WORKFLOW_EDITPURCHASEORDER_DOCUMENTNAME"
readOnly="true"
rendered="true"Is there a elegant way to disable the help text? e.g. provide a form level radio button to enable/disable help text? The only way i can think at the moment would
be to set the helpTopidId to a key that doesnt exists using an EL expression.
RegardsHi,
I think what you suggest is the way to go in this case
Frank -
How to fix the field level Error(Invalid Date)
Hi All,
Error: 1 (Field level error)
SegmentID: ACK
Position in TS: 5
Data Element ID: ACK05
Position in Segment: 5
Data Value: 162014
8: Invalid Date
can anyone help me out, How to fix above error? i searched about this but only information about the error is given and no where it is mentioned how to fix it and how is it generated please help me out.
Thanks,
NitishAre you sending or receiving the EDI?
Either way, "162014" is simply not a valid EDI data format. Dates in x12 are expressed as CCYYMMDD so December 30, 2013 would appear as 20131230.
If you are receiving, you need to contact the sender and have them correct the output.
If you are sending, you need to property format that date value. For example:
myDateVar.ToString("yyyyMMdd"); -
Data conversion is necessary at field level
Hi everybody.
Im a BW consultant in a BCS project, and I had to make a change in a objetct that is used in BCS as a custom attribute.
What I made, is to remove the ALPHA routine in the object.
Later, the BCS consultant generetad the data basis again, and now when enter the UCWB a warning is showed, the message below:
But I dont know how to do the procedure showed in the message, does anyone face with the same problem? Any suggestion?
Best Regards,
Thiago
Field /BIC/ZC_EMPBPM: Data conversion is necessary
Message no. UGMD418
Diagnosis
Following a change to the definition of field /BIC/ZC_EMPBPM it is necessary to convert the old data for this field before the new attributes can be activated. This arises, for example, when the following attributes have been changed:
Conversion exit
Version or time dependency of hierarchies
System Response
You cannot start the application. A data conversion is necessary first.
Procedure
Execute the necessary data conversion at the field level. To do this, press the respective button with the symbol in the hierarchical detail display at the level of field /BIC/ZC_EMPBPM. If necessary, the system will prompt you for more information in a separate dialog box.
Regards!
Edited by: Thiago França Carvalho Silveira on Jun 10, 2010 11:13 PMHi,
I quess the following should help.
Execute UCWB01 t-code, goto your data basis, in the tabstrip for assigning roles drag and drop any characteristic, then save. The system will find the change and check and regenerate data structures (that's what you need).
Then either in UCWB or UCWB02 t-code got your ConsArea and regenerate it.
Maybe you are looking for
-
What process goes behind "Return Requisition" in oracle purchasing
Hi Guys, In Oracle Purchasing, When you click "Autocreate", where you will get the form "Find Requisitions Window". You will find the requisitions and then if you want to return a requisition by telling the reason for returning the requisition, the y
-
If you go to http://www.nukaresearch.com/redesign2/services/emergPreparedness.shtml and look at the bullets you will notice that Natural and technological disaster response and the bullets above are a few pixes to the right in IE6. its fine in IE 7 a
-
Since last FF update I can't sign out of Yahoo and when I close FF it tells me it has crashed. When I try to sign out of Yahoo it comes up with: Secure Connection Failed An error occurred during a connection to login.yahoo.com. You have received an i
-
Hi all, I'm a beginner. So far I've created something like a slideshow with some interactive stuff inbetween. For my new project I could use some guidance on how to structure it. And on what kind of things to use in flash 8 The goal is a lineair slid
-
Is it possible to set the YouTube app to require the pin code to open it, rather than having to go in and out of settings every time I want to use it? Reason is that I found some inappropriate content on YouTube and I have children under 13 years of