Field Level Authorization

Similar Messages

• SM30 Field level authorization check

  Hi,
  I have a requirement to add the authorization check in SM30 for the company field in the custom table. Please suggest.
  Thanks,
  Gagan Chodhry

  Hi,
  I have this requirement for both type of tables i.e. custom as well as standard. Tables has got field profit center.. I need to show the table based on the loggedin user authorization to the profit center.
  If it is a custom table then as mentioned by Siva, there is a way I heared that we can check the authorization in PAI event, but when I tried to do a small test, I could get the field symbol with the values, but I was not able to skip that record for disply.
  If anyone can send the sample or the way to skip the record based on the check.
  Also is there any other way to add the field level authorization to custom and standard tables...
  Thanks,
  Gagan Chodhry

• Field level Authorization configuration in SAP BO issue !!!

  Hi gurus,
  I want to create field level authorization at query level and use the same at BO web Intelligence. (Ex if i h ave company code as A,B,and C. and if i have created a rolehe users  where only A and C is assigned so when i crreate a webi where users should only able to select comapny code as A and C only.)
  Now i want to know the steps to configure the same in BO for roles import and SAP authentication setting.Please do tell the pre-requisites .I got lot of links but am still confused.
  So please provide exact steps and setting to configure the same.
  Thanks &Regards,
  Montz
  Edited by: montz2006 on Jun 27, 2011 9:05 PM

      AUTHORITY-CHECK OBJECT 'S_TABU_LIN'
        ID 'ORG_CRIT' FIELD 'MOLGA'
        ID 'ACTVT' FIELD '03'
        ID 'ORG_FIELD1' FIELD '10'
        ID 'ORG_FIELD2' FIELD '*'
        ID 'ORG_FIELD3' FIELD '*'
        ID 'ORG_FIELD4' FIELD '*'
        ID 'ORG_FIELD5' FIELD '*'
        ID 'ORG_FIELD6' FIELD '*'
        ID 'ORG_FIELD7' FIELD '*'
        ID 'ORG_FIELD8' FIELD '*'.
      IF sy-subrc NE 0 .
        MESSAGE e000 WITH 'No Authorization for area' v_text.
      ENDIF.
  Use S_TABU_LIN authority object for field level authorizations.

• We need to give field-level authorization for some fields

  The schenario is as follows :
  1. There are various storage locations within a plant.
  2. There is one or more people incharge of creating PO and receiving
  stocks for every storage location.
  3. We dont want to authorise the person incharge of one storage
  location to receive stock in another storage location or even view the
  other storage locations at the time of creating the PO or any other
  transaction. The user incharge of one storage location should not be
  able to view any other storage location in any storage location field's
  drop down.
  regards
  Manish
  +91 9811647727

  Hi Umesh,
  Please see the documentations for authorization profile P_ABAP in the R/3 library and the following:
  SU03 -> HR Human resources -> position your cursor to P_ABAP HR: Reporting -> choose button "Docu."  -> the pop-up "help - P_ABAP" appears.
  There is an example, which describes a similar issue regarding RPTIME00 and the Basic pay infotype (0008).
  The standard reports of personnel administration are based on logical database PNP I would recommend to set your authorization as follows:
  Object HR: Master data (P_ORGIN) (two authorizations)
    Infotype                  0002             ' '
    Subtype                   *                ' '
    Authorization level       R                ' '
    Organizational key        ' '              0001YYYYXXX
  Object HR: Reporting  (P_ABAP)
    Report name                SAPDBPNP
    Degree of simplification   1
  Please note, that if a user has authorization for e.g. the birthday list , (s)he will be able to view the birth date through thisquery, although (s)he cannot access to IT0002 through PA20.
  Another possibility would be using Customer-Specific Authorization Object P_NNNNN. I have attached a file with a very comprehensive documentation regarding HR authorizations. P_NNNNN is documented on pages 40 ff.
  Hope this help
  Sarah

• Field level Authorization for IT0002

  Hi All,
  We have a requirement to control the authorization for the field NI Number/Social Security number from IT0002.
  This field is getting displayed in various standard reports which are in use by administrators/Managers etc....
  We want to disable the access of this field to every one, even the HR administartor.
  Kindly suggest if this is possible using authorizations.
  I know that we can hide the field in display access for PA20 or PA30, but I am particularly serching the option for various reports.
  Regards,
  Umesh Chaudhari.

  Hi Umesh,
  Please see the documentations for authorization profile P_ABAP in the R/3 library and the following:
  SU03 -> HR Human resources -> position your cursor to P_ABAP HR: Reporting -> choose button "Docu."  -> the pop-up "help - P_ABAP" appears.
  There is an example, which describes a similar issue regarding RPTIME00 and the Basic pay infotype (0008).
  The standard reports of personnel administration are based on logical database PNP I would recommend to set your authorization as follows:
  Object HR: Master data (P_ORGIN) (two authorizations)
    Infotype                  0002             ' '
    Subtype                   *                ' '
    Authorization level       R                ' '
    Organizational key        ' '              0001YYYYXXX
  Object HR: Reporting  (P_ABAP)
    Report name                SAPDBPNP
    Degree of simplification   1
  Please note, that if a user has authorization for e.g. the birthday list , (s)he will be able to view the birth date through thisquery, although (s)he cannot access to IT0002 through PA20.
  Another possibility would be using Customer-Specific Authorization Object P_NNNNN. I have attached a file with a very comprehensive documentation regarding HR authorizations. P_NNNNN is documented on pages 40 ff.
  Hope this help
  Sarah

• BW Field level Autorizations are not working in the WEBI Reports

  Dear All,
  1. I have created Authorization roles with Infoobjects Authorization Objects.
  2. In Bex Query Authoizations are working on the Infoobjects like for
  Ex: For USER1 I have given Company code = 1000 &
  User 2 I have given authorization for 1100.....
  3. Import those roles into Business Objects-CMC.
  4.Users were Imported.
  But in the WEBI Reports BW Field level Authorizations are not working i.e for USER1 authorization for Company code is 1000 , in WEBI report it is showing all the Company codes data for USER1.
  For USER2 also showing all the data in the WEBI report.
  Plz help me on this issue.
  Thanks,
  Kiran Manyam

  Hi,
  For Authorization to work in BO you can check the following:
  1. You need to create authorization variables in your BEx query.
       Also these variables should not be input ready.
  2. While creating universe in BO you need to select "Single Sign On" option available in the parameters iwhile creating a new
      connection.
  Regards,
  Rohit

• Organization level authorization restrictions

  Hello All,
  Please can you let me know
  1) f it is possible to org level authorization restrictions for CLM documents and master data without any development?
  - E.g. while creating suppliers the user should only be able to create for the Company assigned to the user id?
  2) What is the significance of the company and organization unit fields in the user account information page?
  Regards,
  Subramaniam Iyer

  Hi ,
  Could you share about your solution ? I think I have face the same problem as yours.

• Field-level Edit Access

  Hello everyone,
  I have 4 questions, all pertaining to what you can do with a field in APEX:
  First, how to enable field-level Edit access in APEX? I understand I can apply authorization scheme on each page. So when a user has only View access, he/she can't edit the page. This is nice but what if out of a page, I want only one field being editable by an Administrator and not by the other groups, how do I do this?
  Second, if I want an Administrator to be able to add a row to a pop-up LOV and he's a mere administrative user of the system and not the APEX administator, how best it is to do this?
  Third, when a user logs in, how to ensure his login name and perhaps today's date already appear in a field?
  Finally, when a field is filled in, how to disable that field from future modification by shading it for example?
  Thanks for enlightening me on this.
  Best regards,
  Daniel

  Sagar has the point. You should check the OES and OAM certification for all versions you want to use. AFAIK OAM 11g and OES 10.3.4 run on WLS 10.3.3 only.
  See the certifications for details: http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
  --olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

• Plant level authorization control for Internal Order

  Dear Sir,
  We create Internal Order using tcode KO01 and  being a multi plant scenario , we want to have an authorization control on Internal Order creation/change so that plant or profit-center level authorization rights can be given to the users .
  We request you to Kindly guide us about the steps to be followed for addressing such requirement .
  With thanks and Regards
  Sonia Agarwala

  Sonia-
  It can be done. You have two options.
  1. SAP security - when your security person can limit a user by plant, profit center etc using authorization objects.
  2. Validations - Here you can create a validation where you define you logic. In your logic you can restrict set of users who can access a set of fields (profit center, plant etc). If he deviates, the system can issue error messages which is maintained in validations. Use transaction GGB0 to create validations.
  Hope this helps.
  Shail

• Why I can not find field:Level in Project Hierarchy in BAPI_BUS2054_NEW?

  Dear experts,
      Why I can not find the field of "Level in Project Hierarchy" in structure BAPI_BUS2054_NEW?
  I only define the data to upload wbs:
  PROJECT DEFINITION
  PROJECT DESCRIPTION
  PROJECT PROFILE
  WBS Element
  WBS description
  Can you tell me which fields must to upload?
  Looking forward to your reply.
  Many thanks.
  Merryzhang

  Anyone can help me ?I need the field "Level" in BAPI_BUS2054_NEW,But I can not find it.

• How to populate the Error stack during error records in field level routine

  hi,
  I am capturing the error records in Field level routine in transformation. now i want these records to reflect in error stack.
  i am using 'Append monitor-rec to MONITOR' at the moment but i cant see any records in error stack.
  but when i am using the same statement in start routine i am getting records in error stack.
  can anyone please help as to how can i populate error stack through field level routine?

  Hi,
  Try to do it in the end routine instead of the field routine.
  It should work.
  Regards,
  Joe

• E-Recruitment - Requisition - Infotype Field Level Change Log

  Hi Experts,
  We are implementing SAP E-Recruitment, and would like to know how to capture the changes made in Requisition at infotype field level.
  For example: If a support team member is added/delete in the Requisition (Tab - Support Team), then these changes (NEW/DELETE) at the infotype field level are required.
  I have tried to maintain the infotype and the required fields in V_T582A, V_T585A, V_T585B and V_T585C. But didnt get any result when I executed the report RPUAUD00. Is there any additional configuration required for this?
  Please adivse.
  Thanks and Regards,
  Dinakaran R

  Hi,
  You can just to that with the infotype table log. Support team is stored in table HRP5131.
  Regards,
  Nicole

• JDeveloper 11.1.1.2.0 - Help text at field level

  Hi,
  We are making use of the Help.properties file to produce field level text. I have field's such as the following
  <af:inputText value="#{bindings.DocumentName.inputValue}"
                                  label="#{bindings.DocumentName.inputValue eq null ? ''  : bindings.DocumentName.hints.label}"
                                  required="#{bindings.DocumentName.hints.mandatory}"
                                  columns="#{bindings.DocumentName.hints.displayWidth}"
                                  maximumLength="#{bindings.DocumentName.hints.precision}"
                                  shortDesc="#{bindings.DocumentName.hints.tooltip}"
                                  id="it4"
                                  autoSubmit="true"
                                  helpTopicId="WORKFLOW_EDITPURCHASEORDER_DOCUMENTNAME"
                                  readOnly="true"
                                  rendered="true"Is there a elegant way to disable the help text? e.g. provide a form level radio button to enable/disable help text? The only way i can think at the moment would
  be to set the helpTopidId to a key that doesnt exists using an EL expression.
  Regards

  Hi,
  I think what you suggest is the way to go in this case
  Frank

• How to fix the field level Error(Invalid Date)

  Hi All,
  Error: 1 (Field level error)
    SegmentID: ACK
    Position in TS: 5
    Data Element ID: ACK05
    Position in Segment: 5
    Data Value: 162014
    8: Invalid Date
  can anyone help me out, How to fix above error? i searched about this but only information about the error  is given and no where it is mentioned how to fix it  and how is it generated please help me out.
  Thanks,
  Nitish

  Are you sending or receiving the EDI?
  Either way, "162014" is simply not a valid EDI data format.  Dates in x12 are expressed as CCYYMMDD so December 30, 2013 would appear as 20131230.
  If you are receiving, you need to contact the sender and have them correct the output.
  If you are sending, you need to property format that date value.  For example:
  myDateVar.ToString("yyyyMMdd");

• Data conversion is necessary at field level

  Hi everybody.
  Im a BW consultant in a BCS project, and I had to make a change in a objetct that is used in BCS as a custom attribute.
  What I made, is to remove the ALPHA routine in the object.
  Later, the BCS consultant generetad the data basis again, and now when enter the UCWB a warning is showed, the message below:
  But I dont know how to do the procedure showed in the message, does anyone face with the same problem? Any suggestion? 
  Best Regards,
  Thiago
  Field /BIC/ZC_EMPBPM: Data conversion is necessary
  Message no. UGMD418
  Diagnosis
  Following a change to the definition of field /BIC/ZC_EMPBPM it is necessary to convert the old data for this field before the new attributes can be activated. This arises, for example, when the following attributes have been changed:
  Conversion exit
  Version or time dependency of hierarchies
  System Response
  You cannot start the application. A data conversion is necessary first.
  Procedure
  Execute the necessary data conversion at the field level. To do this, press the respective button with the  symbol in the hierarchical detail display at the level of field /BIC/ZC_EMPBPM. If necessary, the system will prompt you for more information in a separate dialog box.
  Regards!
  Edited by: Thiago  França Carvalho Silveira on Jun 10, 2010 11:13 PM

  Hi,
  I quess the following should help.
  Execute UCWB01 t-code, goto your data basis, in the tabstrip for assigning roles drag and drop any characteristic, then save. The system will find the change and check and regenerate data structures (that's what you need).
  Then either in UCWB or UCWB02 t-code got your ConsArea and regenerate it.