Give  authorization object to fm

Similar Messages

• Kindly give authorization object for mrp type in material master

  Hi friends,
  Kind tell me what is the authorization object for MRP type in material master.
  Your help is considered more important.
  thanks in advance
  willaims

  hi,
  check your authorisation objects here:
  Go to PFCG --> Environment (at menu bar) --> authorization objects --> Display...
  Here see for MRP and MM for material managament in the tree structure...
  Regards
  Priyanka.P

• Creation of a user with a particular authorization object (Very Urgent)

  Hi,
  There is a requirement in my project to create a user who can only reset his password. So for this I think a authorization object should be created and assign it to a profile which displays only the tab for reseting the password which is( Logon in SU01). I want to know two things in this regard.
  1. The whole process of creating customised authorization object and assigning it to a profile and
  2. Any other way to achieve the needed scenario.
  Thanks & Regards,
  Sujith
  Edited by: Sujith K on Feb 4, 2008 1:26 PM

  In transaction pfcg ,
  give single/composite role name
  give profile name and description in authorization tab, save it
  enter into change authorization data
  select manually tab
  give authorization objects name (creating auth. objects)
  fields will automatically come inside it
  enter the field values
  save and generate profiles (Profiles created)
  go to su01,
  create users (fill address, logon data, roles )
  In pfcg,
  select the role you created and click on the user comparison for giving the authorization to access.
  award points if useful

• How to restrict provide to a single account(by authorization object)

  Hello, i have two types of accounts.
  Account range 1: 10000000 -19999999
  Account range 2: 20000000 - 29999999
  For range 1 i have assigned authorization group AUT1.
  For range 2 i have assigned authorization group AUT2 (by transaction OB_GLACC12).
  So the general idea is some users will have access only to group 1 , etc. i have used autorization object F_BKPF_BES in  the role btw.
  I have created 4 roles:
  1) RANGE1_ALL (means user can create / modify delete GL from range 1)
  2) RANGE1_DISP(means user can only disp  GL from range 1)
  3) RANGE2_ALL(means user can create / modify delete GL from range 2)
  4) RANGE2_DISP(means user can only disp  GL from range 1)
  If i give RANGE1_ALL + RANGE2_DISP to the user, he can create/modify/delete for range1 and only display GLS from range2.
  Now the problem is if i want user to create/modify/delete for range1 but only display a specific account from range 2 ; say GL 29999000.
  Which authorization object can i use to specify the range 2 GL account directly?thx.

  Hi,
  The only option for you is to have a different authorisation object for that GL alone and assign it to the user. You dont assign RANGE2-DISPLAY object to that user.
  From FS00, you have to change the Auth group of that specific GL.
  Regards,
  Mike

• BI authorization objects not appearing in RAR, error while generating role

  Hi
  I am facing certain problems relating to integration of BI module version 7 with GRC Access Controls version 5.3 and support package 06. I am describing the problems in details below:
  (a)  In Risk Analysis and Remediation (RAR) component, I am creating Functions and
        Risks for Business Intelligence (BI) module. For that I have downloaded the
        descriptive text and authorization object data from BI development system and
        uploaded the same in RAR. Then I have created 2 Function Ids DBI1 (having action
        RSA1) and DBI2 (having actions RSA11, RSA12, RSA13, RSA14, RSA15) and 1
        Risk Id for BI (having Function Ids DBI1 and DBI2) in RAR. But when I checked
        the permission tabs of the Function Ids DBI1 and DBI2, I could not find any
        authorization objects for the actions in them.
  (b)  In Enterprise Role Management (ERM), when I am trying to create a Role TEST-BI
         in DBI 100 and I put the  BI transaction codes in authorization data , I get the
         authorization objects . Risk analysis is also being done successfully. But at the time
         of Role generation in background mode , it is giving an error message :
         Error generating role TEST-BI for system DBI 100: Unable to interpret * as a number.
         I am thus unable to generate any role in DBI 100.
  (c)  In Compliance User Provisioning (CUP), I have imported a standard role from DBI
        100. Then I have added Functional Area, Business Process, Subprocess  and
        Criticality Level to this role in CUP. But when I try to assign this Role to an user, it
         gives an error Error creating request. But requests are getting created and roles are
         being assigned to users in ECC development  systems using the same Initiator, CAD, stage
         and path.
  Can anyone please help me ?

  -

• About authorization object

  Hi basis guys........
  i am not able to give print request.its showing authorization error
  "no authorization for LOCAL PRINTER" and "output could not be issued"
  i checked su53 screen. and i assigned that activity in authorization object.
  even then its showing authorization problem.
  Is there any object to add to get printing ?
  and what is "s_gui" object ? is that works?
  Please tell me your suggestions
  Regards........nagendra.

  Hi
  Check whether for the user a printer is assigned or not. Only the printer which is assigned to the user in SU01 can be used by the user.
  What u can try is assign the Local Printer in default printer for that particular user.
  Also if you have assigned the authorization object that was missing then there should not be a problem.
  Regards
  Sumit Jain
  [reward with points if the answer is useful]

• Creation of Authorization Object

  Dear All,
  Can anyone of you guide me on how to create Authorization Object?
  My Knowledge on this concept:-
  1) Mark required object as Authorization Relevant
  2) Use of T-code RSSM
  3) Select marked Authorization Object
  4) Assign fields to it, for authorization.
  thats all i know.
  There are few more additional settings we need to do for it.
  Request you to provide with step by step procedure for the same.
  Thanks & Rgds,
  Anup

  hi
  To create an authorization object:
  1) Execute transaction SU21
  2) Double-click an Object Class to select a class that should contain
  your new auth object
  3) Click on CREATE (F5)
  4) (If creating custom field) - Click the 'Field Maintenance' button -->
  Click on CREATE (Shift+F1)
  5) Enter the Name for the New Authorization field and the corresponding
  Data Element and SAVE
  6) Confirm the Change Request data for the new Authorization Field
  7) Go back two screens (F3-->F3)
  8) Enter the Authorization field name and document the object:
  9) SAVE and ACTIVATE the documentation
  10) Save the new Authorization Object
  11) Confirm the change request data for the Authorization Object and
  EXIT SU21
  12) Finally, the SAP_ALL profile must be re-generated
  the following link will be helpful
  http://209.85.175.104/search?q=cache:BigTSV4_olEJ:www.gingle.com/glenaccess%255CsdnAuthorizationObjectsimple.docHowtocreatauthorisation+object&hl=en&ct=clnk&cd=10&gl=in
  http://aroundsap.blogspot.com/2008/02/sap-bw-70bi-70-new-authorization.html
  Use of T-code RSSM
  Through BIW Authorizations (TCode RSSM)
  Authorization check log. This gives information on
  missing authorizations for reading data.

• Re: Regar Authorization objects

  Dear all,
  Pl. find my sol for my query which is shown in below
  My client want to give payslip authorization i.e PC00_M40_CEDT.  they have personnel areas are like East, West, North & South.
  and personnel subarea are Hyd, Bagnlr, Pune , Mumbai, Delhi, Goa...like that.  Here the thing is Hyd authorized person has to see only for his area employees payslip only and for rest of the areas he could not able to see...Like that for all sub area wise they want to restrict.
  can u please give clear answer to solve this issue....
  Regards
  Bachi

  Hi,
  Use P_ORGIN authorization object on PERSA (personnel area) authorization field.
  You can find list under below link.
  http://help.sap.com/saphelp_470/helpdata/en/5c/73ba3bd14a6a6ae10000000a114084/content.htm
  Thanks,
  Ameet

• How to add authorization field to a standard authorization object

  Hi All,
  I'm trying to limit user to can only create & change X type of order type in PM module. This can be fullfill by creating suer with assigned role with only allow X type of order type.
  But when I assigned a display role which has authorization to display all order type (maintained as authorization object), now my user can create and change all order type.
  How to limit user to can only create & change X order type and only display the rest of order type?
  I assume by adding authorization field: AUFART(order type) in authorization object: I_TCODE will solve the problem, is it right? and is it possible to do that?
  regards,
  Andre

  Hi,
  your assumption is incorrect. First of all, adding a new field to standard authorization object is a bad idea. You would have to modify all checks for that object. For standard SAP object it means that you would have to modify many SAP programs.
  The authorization object I_TCODE is checked in PM transactions. It gives you authorization to run that transactions. That object can't be used to limit what you do in that transaction or what order type you can process. You are looking for some other authorization object(s). You need to go to SU24 which gives you what authorization objects are checked in particular transaction. It does not have to cover all objects but it's a good starting point.
  Cheers

• How to give authorization for create and change particular Condition Type

  Hi...
     In my requirement is , Only one user can be authorized to create and change a particular condition type 'ZABC' in vk11 and vk12 .
  For remaining condition type can be used as in normal .
  How to do this ? How to give authorization for a particular user for particular condition type ?
  Plz guide me ..
  Thanks in advance .
  Deepa .

  Hi Deepa ,
  u can check A.Object V_KOND_VEA, in user profile u can assign condition type or tables.
  have a word with ur basis guy , so he can help u in better way.
  aand also ref FM SD_COND_AUTH_CHECK
  Regards
  Prabhu

• Authorization object  for PLANNING PLANT

  Hi all,
  My client has different Planning plant & Production plant.
  If I need to give access to GR for order (MB31), how do I know the authorization object for the Planning plant.
  User should be given access to MB31 to the Planning plant & NOT to the Production plannt.
  Any idea where we could find the authoriz. objects for a particular field?
  Pls advise.

  Goods Receipt for Production Order: Movement Type            M_MSEG_BWF
  Goods Receipt for Production Order: Plant                    M_MSEG_WWF
  these are the authorisation objects with activities as  ACTVT and WERKS
  Maintaine the values for ACTVT  as
  01 Create or generate,
  02  Change
  03 Display
  04 Print, edit messages
  and maintaine the values WERKS   (ur plants 4 which u want to give authorisations)
  and BWAR ( movement types 4 which u want to give authorisations)

• Authorization object for ABC Indicator

  HI Experts,
  May we know what is the Authorization Object we can use for ABC Indicator in Equipment?
  Thanks,

  Hi bonsai,
  Sorry for delay response..
  Authorization keys which you can use to set up authorization checks when you manually set or delete a user status.
  After creating the status profile.create individula authorization key in the lower menu node  where u hv created the User status .
  Then assign the authorization key to the each status codes(Last column of the status profile).(Crete authorization key same as the status codes).
  Then maintain the authorization key value in the field BERSL where u want to give the authority for change /Delete user status.
  Regards
  Dhiren

• Authorization object to view Maintain Performance Documents on MSS

  Hi Experts,
  Would like to know which authorization object would require to view Maintain Performance Documents on MSS. Currently, we removed SAP_ALL access from MSS user and not able to peform Maintain Performance Documents.We are on EP 7 and ECC 6.
  It gives following error :
  java.lang.NullPointerException
       at com.sap.xss.hr.mbo.blc.BMboStatusComp.resetGlobalMboR3Data(BMboStatusComp.java:260)
       at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusComp.resetGlobalMboR3Data(InternalBMboStatusComp.java:195)
       at com.sap.xss.hr.mbo.blc.BMboStatusCompInterface.resetGlobalMboR3Data(BMboStatusCompInterface.java:150)
       at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:168)
       at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface$External.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:224)
       at com.sap.xss.hr.mbo.vac.VMboStatusComp.onBeforeOutput(VMboStatusComp.java:227)
       at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusComp.onBeforeOutput(InternalVMboStatusComp.java:185)
       at com.sap.xss.hr.mbo.vac.VMboStatusCompInterface.onBeforeOutput(VMboStatusCompInterface.java:143)
       at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface.onBeforeOutput(InternalVMboStatusCompInterface.java:136)
       at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface$External.onBeforeOutput(InternalVMboStatusCompInterface.java:212)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.callOnBeforeOutput(FPMComponent.java:603)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:569)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:438)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:196)
       at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:110)
       at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
       at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
       at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:733)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:668)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
       at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
       at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
       at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:860)
       at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:220)
       at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1288)
       at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:355)
       at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:548)
       at com.sap.portal.pb.PageBuilder.wdDoInit(PageBuilder.java:192)
       at com.sap.portal.pb.wdp.InternalPageBuilder.wdDoInit(InternalPageBuilder.java:150)
       at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
       at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
       at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
       at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  Would appreciate kind guidance to resolve issue.
  Thanks in advance.
  Aashish

  I am closing this thread as opened at wrong place.
  Thanks,
  Aashish

• Restricting the authorization Object for B2B Transactions

  Hi All
  we are facing the problem in the ISA b2b app, actually the scenario is as below.
  we have various transaction types like b2b sales,Peoplesoft order,Request for Order change, RMA ,Request for Quotation(RFQ) and metel order.
  As per the requirement, The client wants only a few functionalities for a particular user.
  Example:
  Transaction Type Authorization
  PeopleSoft order View only View only
  B2B:Req. OrderCh x x
  B2B: Req. RMA
  B2B: Req. Quote x x
  Metel Order x
  For b2b sales transaction a lower level employee would only be able to view the order and he should be restricted to make any changes. Is there a posibility to restrict in this manner? This is Urgent. Please respond immediately. Thanking you in anticipation.
  Message was edited by:
  Sunil Kumar

  >
  Viral741 wrote:
  > Hi All
  >
  > I have a requirement in SAP Security to restrict the authorization object S_ALV_LAYO to a particular set of users.
  >
  > Background:
  >
  > We use composite roles which is shared accross all areas(Finace,marketing,work managment).Now the requirement is for from Work managment to restrict S_ALV_LAYO so that user cant change default layout and can create user specific layout,but other areas are not ready for this.So please let me know if there is any way i can restrict this auth object only for work managment area only.
  >
  > Thanks,
  >
  > Nitesh
  Nitesh,
  Remove access to S_ALV_LAYO for general users and give access to F_IT_ALV instead.  Keep S_ALV_LAYO for the users who will be maintaining the default layout.
  Good Luck!

• Transaction to check authorization objects that failed

  I am trying to test a report, but I get an authorization error when running a standard function.
  I have already used a transaction which shows what authorization object failed if you call this transaction right after you got the error. Does anybody know the code of this transaction?
  Thanks in advance,
  Carol

  Hello,
  use /nsu53 and send the print screen to your basis team....they will modify your profile role to give you the permissions.
  Bye
  Gabriel P-