Hiding costing related information to external users
Hi
We have several transcations where we have internal and external users using the transcation where we have financial information and would not like to make it visible to external users.
Can you please let me know the various options available to avoid external users with the financial data.
Few of the transcations are MIGO,CORT,CORS.MI03
Thanks in advance.
Regards
Praveen
Hi Praveen,
The best answer to this would be to restrict this at the transaction level itself. The business should decide not give access to any of the tcodes to the users which can expose data related to costing etc.
But, then if the tcode needs to be given but restricted then you may have to use your security expertise to find out which are the objects that could be restricted in the user's role. for eg in MIGO it would be :
F_BKPF_BUK Accounting Document: Authorization for Company Codes
Regards,
Subbu
Similar Messages
-
Hi,
Is it possible to list information , that i have shared(i.e documents, sites etc) with external user.Hi
We have two version of SharePoint, one the online version and the other on-premise installation
In online version, we can invite external users(liveID and google users) to have access to site and documents. This feature is provided by ADFS server already configured OOB in online version
Onpremise version does not have by default the feature to share with external users or customers. we have to extend the site and provide different identity providers.The identity provider can be Active directory,SQL server,Claims,ADFS server which
will support liveID
http://technet.microsoft.com/en-us/library/cc261698(v=office.14).aspx
Thanks
Whenever you see a reply and if you think is helpful,Vote As Helpful! And whenever you see a reply being an answer to the question of the thread, click Mark As Answer -
ERecruiting - External Users in a distributed scenario
In an integrated scenario, I understand the relationship between, US, CP, P, NA and other objects.
Just for informational purposes, if I am on a distributed scenario, where I have ECC and ERC on different systems, is there a difference in how the external users (US) object and the related object relationships are created?
Thoughts appreciated.Hi Sunil,
As per my understanding there is not much difference.
When an external user registers, NA,BP & CP are created.
If this person is hired, during the hiring action, P,BP & CP are created. But the NA object needs to be now connected to the newly created CP. This is usally done during synchronization. I also think the BADI HRSYNC_P needs to be active to take care of this. The older connection of NA to the old CP will then be obsolete.
If i am not mistaken, before the setting up of ALE(one of the steps), it is required to activate the above mentioned BADI in the your main HR system.
Regards,
Sowmya -
LSO External Users booking courses from Learning Portal !!!
Hi Gurus,
We want external user book a course using LSO. In order to do that, we have created the same user in Portal and R3 (using SSO). This user has related an External Person object "H" using infotype 1032, subtype 0001. The problem comes when this user booked from R3, and thru Portal we are not able to see any course at all..... If the user books from portal, R3 is booked as "US" object instead of "H" object. My questions are:
1. Is this configuration OK ? What else I am missing ?
2. Can results from courses be saved for external user in R3 (H object) ?
3. How can we save final results for external user using Portal ?Hi Chandra,
Thank you for your information, but is showing courses in portal. The problem comes with external user from portal, when users book a course from Portal, is register (R3) with the object "US" instead of "H" External Person. If we book the user from R3 with object "H" (External user) it does not showing any course in Portal. I believe it has something to do with the BADI (Assignment User ID to Learner)
"In this IMG activity you make the settings required for deriving the learner from the user ID. In the standard system, the user ID is used to find the person, who in turn represents the learner. If the SAP system cannot determine a related person, the user ID is used as the learner. For example, you can determine a business partner or an external person as learners with the help of the user ID and use these in the Learning Portal "
Any ideas???
Regards
David Corté -
Is it possible to hide the All site content button and shared with button?
Although the external users don't have rights to browse user information it is still possible to see user information when you hover on a person en from there you can browse the rest of the organization. How can I hide this on hover information.Hi ,
Based on your description, my understanding is that you want to hide user information to prevent
external users having access to browse user information.
To hide the All site content button, you can limit logged person only have permission to a
special library and set the permission as edit.
For the Shared With button, I suggest you make it unavailable instead of hiding it. You can set the logged user
have Edit permission.
Best Regards,
Lisa Chen -
Configure external users phones and tablets in exchange 2013
I have a single Exchange 2013 server that i cannot seem to make external users work by configuring the phones.
using exchange connectivity analyzer i have RPC Ping problems i cannot seem to find a proper answer.
I only have port 443 incoming from the internet to the Exchange 2013.
The Microsoft Connectivity Analyzer is testing Exchange ActiveSync.
Attempting the FolderSync command on the Exchange ActiveSync session.
Exchange ActiveSync returned an HTTP 500 response (Internal Server Error).
Diagnostics:
AAA==_S111_Error:ADOperationException1:Active Directory operation failed on VM-DC-002.ourdomain.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521E1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 _Mbx:VM-EXCH13-001.ourdomain.com_Dc:VM-DC-002.IFARHU.GOB.PA_Throttle0_DBL7_DBS1_CmdHC-
Also,
Attempting to ping RPC proxy correo.ourdomain.com.
RPC Proxy can't be pinged.
Additional Details
A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
Headers received:
request-id: 1711b40e-d416-4f8f-ada1-876c5e8719e0
X-CasErrorCode: EndpointNotFound
X-FEServer: VM-EXCH13-001
Content-Length: 0
Cache-Control: private
Date: Tue, 24 Dec 2013 06:57:50 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 222 ms.
Suggestions?EAS problems were traced to permissions problems because in our AD we do not use the normal OU called "users" and we use a different OU name.
However the RPC Ping problem still remains. no matter what permission we set:
Attempting to ping RPC proxy correo.ifarhu.gob.pa.
RPC Proxy can't be pinged.
Additional Details
A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown.
Headers received:
request-id: 1e075c85-5cfb-4ff2-9fb6-59b3eaf102b8
X-CasErrorCode: EndpointNotFound
X-FEServer: VM-EXCH13-001
Content-Length: 0
Cache-Control: private
Date: Tue, 31 Dec 2013 12:28:29 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Elapsed Time: 190 ms.
I do not know if this is related, but just to let you know, we use the same DNS name for both internal and external access (correo.ifarhu.gob.pa). At internal level the internal DNS resolves
to internal address. at external level public DNSs resolves to external internet addresses.
Also, we are using form based OWA. Can someone tell me how the settings look like at exchange powershell level and at IIS level?
thanks, -
Public SharePoint Online Site with External User Portal
Hello Everyone,<o:p></o:p>
My company switched over to Office 365 a few months ago, and now would like to start using our Public SharePoint site to share information (documents
pertaining to their orders/drawings/etc.) with our customers (external users).<o:p></o:p>
<o:p> </o:p>
I have seen documentation on how to share documents with individual users, but we were looking to do something a little bit different. We would ultimately
like to have a public site with generic company information (like hours, about us,directions etc.) that anyone can see.
We would also like to use SharePoint as almost an "FTP type" service where we could post documents and share them with individual
external
users. HOWEVER, instead of sharing individual documents, we were wondering if there was a way that an external user (that we have granted
access) could sign into the public SharePoint site, and then see information that ONLY pertains to them.
I have been doing some research on this, and I haven't seen that anyone else has tried this. Has anyone had any luck? Or would you have suggestions on how to make
this work? I had originally posted this question on the Office 365 SharePoint forum, and they suggested posting this question here. Any help would be appreciated. Thanks!Hi,
did you finally manage to get what you requested here above ? Indeed, I am also struggling to set up the same (public website with individual content sharing with external authentified user).
For external user, I am quite sure that we need to go through MS ID creation (I have created some test users using https://login.live.com).
Our public website is done and (almost) working. I have then created a sub-site for the same, this one to manage permission based on authentified user
But I am stuck when trying to assign a document library with relavant permission.
Would be great to share our feedback and I have searched a lto on the web and did not find any satisfying answer to this design (If there is any... here is my doubt...)
Thanks in advance
stef -
Hi TechNet,
I have an MS SharePoint Online (SharePoint Plan 2) team site, quite simple, one document library etc.
I have successfully added all users (E3) within the organisation to groups, and permissioned correctly.
I have added myself (separate organisation, also Office 365 E3) as an External User, and have access to the website without any problems by authenticating with my Organization account e-mail address.
I have a single user (separate organisation, also Office 365 E3), who's setup is identical to mine (Also Office 365 E3).
However, when this user is added as an External User, they are unable to login, and get "Sign In is not complete":
That didn't work
We're sorry, but [email protected] can't be found in the CLIENT1.sharepoint.com directory. Please try again later, while we try to automatically fix this for you.
Correlation ID: dc1f7f9c-092b-20b8-7b35-89348ba22f71
Date and Time: 3/20/2014 7:06:55 AM
URL: https://CLIENT1.sharepoint.com/
User: [email protected]
Issue Type: Partner User Invalid.
I then remove the user using the Site Collection, and using the PRofile Manager, and using Remove-SPOUser, and using Remove-SPOExternalUser. Which is great, he's gone. However when I go to add him back to a group, as soon as I type his e-mail address, it
'Resolves' into his full name! If I have completely(?) removed him form the site, how is he being resolved? And therefore me trying to remove him to re-add him to try and solve the user/directory/auth issue is not working.
Furthermore, upon clicking on said client's username inside SharePoint (after I've 'added him back' of course), his ID, in format: i:0#.f|membership|live.com#[email protected] has an entirely different e-mail address, his Microsoft Account!
I'm assuming he must have been already signed into his Microsoft Account when he clicked on the External User e-mail invite? If so, I clearly do not want this, how can I remove lal traces of his Microsoft Account, given that I have gone to the lengths as
detailed above?
I have already completed these steps: http://community.office365.com/en-us/forums/148/p/228263/709905.aspx
Some possible further reading regarding Microsoft ID's and Organization ID's:
http://sergeluca.wordpress.com/2013/09/23/sharepoint-online-and-external-users-this-invitation-has-already-been-accepted-with-another-account-bug-or-feature/
Please let me know if you need any more information regarding this issue, and thanks in advance to anyone who can shed some light on this situation for me and anyone whom encounters it in the future.
Regards,
Evanly.Hi Scott,
Thank you so much for taking the time to read and respond to my issue.
Certainly, it makes sense that regardless of where the invitation it sent, the user would authenticate with their Microsoft ID.
In my case, I want the user to authenticate using their Microsoft Organisation ID, that they use for their seperate Office 365 account.
This is the way I was able to log in, and worked great. With my client, they are unable to access Sharepoint because once they sign in with their Microsoft Organisation / Office 365 ID, they are told they are not in the directory, because their Microsoft
ID is in the directory and it doesn't match up.
I am simultaneously trying to 1) Remove all traces of this users Microsoft ID, which so far using the above steps, has been unsuccessful; and 2) Invite the user using his Microsoft Organisation ID, and have him authenticate with that (which is proved to
work, as my account uses this).
Looking forward to any more suggestions. Thanks in advance! -
Unable to message external user
Hi All,
When attempting to message an external user, I see the error:
When contacting your support team, reference error ID 504 (source ID 239)
Turning on Event Logging shows:
A SIP request made by Lync failed in an unexpected manner (status code 80ef01f8). More information is contained in the following technical data:
RequestUri: sip:[email protected]
From: sip:[email protected];tag=removed
To: sip:[email protected];tag=removed
Call-ID: removed
Content-type: application/sdp;call-type=im
v=0
o=- 0 0 IN IP4 removed
s=session
c=IN IP4 removed
t=0 0
m=message 5060 sip null
a=accept-types:text/plain multipart/alternative image/gif text/rtf text/html application/x-ms-ink application/ms-imdn+xml text/x-msmsgsinvite
Response Data:
504 Server time-out
ms-diagnostics: 1041;reason="Peer server pool is out of service";Peer="sip.externaldomain.com";Port="5061";source="sip.mydomain.com";OriginalPresenceState="0";CurrentPresenceState="0";MeInsideUser="No";ConversationInitiatedBy="6";SourceNetwork="5";RemotePartyCanDoIM="Yes"
From what I've read, it seems I need to do something with certificates. Is that correct?Hi Lisa, thanks for the reply.
Which certificate? Is it a certificate from the other organisation?
The certificate for external edge interface.
You need to assign a public certificate to external edge interface.
Please also check the federated organization have public certificate for their external edge interface and the DNS SRV record for federation is created correctly for the federated organization.
Best Regards,
Lisa Zheng
Lisa Zheng
TechNet Community Support -
Hello all, first of all thank you for reading this post. Please bare with me, I am new with this environnement. I have had several problems in past week trying to configure a local sharepoint server 2013, most of it went well but now I am stuck and I badly
need help! I intend to make sharepoint available through the Ethernet connection in my office.
Here is my config:
Sharepoint 2013 (local)
Microsoft SQL 2012
Microsoft Server 2012
I am able to access the sub-site I created in the Sharepoint Central Administration Web Application.
My first problem is, I created another Web Application with the following URL config http://intranet.[domain].com but I am not able to access it through my browser. It seems to point to bad IP I probably configured accidentally a CNAME on my hosting Cpanel
with the IP 192.168.1.199. So, When I ping the URL I do not get any connection. Just that it couldn't connect to 192.168.1.199. Now I added a CNAME on my CPANEL for the URL http://intranet.[domain].com --> 127.0.0.1. Is this the correct way to do it?
More information: The DNS manager has been configured following this tutorial:
Create SharePoint 2013 Web Application
http://www.youtube.com/watch?v=yW7LT99eUMs
I am not too sure of the proper configuration for the IIS Manager.
Anomymous Authentication is enabled
Windows Authentication is enabled
Everything else is disabled.
My second problem is that I cannot invite any user to the site. Even the one that have the email corresponding to our domain. Will I be able to invite parent domain users if the Web Apllication is properly configured with the CNAME on the Cpanel?
I tried to activate the External user invitation feature from Site Collection Features but it's not in the list. I am logged in as an administrator but next to the wrench it says "System Account" (with an arrow pointing down) so I guess this is
the "logged in user as..."? Am I missing something here?
Any advices would be greatly welcomed. I've run out of ideas.
Much appreciated,
HerbHello Ramu, thank you for your fast reply.
Quote Ramu: "You have to create A record called intranet.your-domain.com points to your SharePoint Server
IP and also loop back ip address in the host file entry on the SharePoint server(127.0.0.1 intranet.SharePoint.com)"
Is this a record on our corporate website Cpanel? What should I put in the "Address" field of
the Record (we do not have static IP)?
For the loop back, is this on the DNS Manager of our local Sharepoint 2013 server?
Quote Ramu: "3.
if you want to publish this externally, then your site needs to publish in your Network and it should points to your public static IP in your public domain control panel(Cpanel)."
In the first scenario where I only want intranet access, should everything be OK with the above mentionedconfiguration a DNS Record:
Which address should it be for the record?
Should I assign a fix IP to our server like 192.168.1.55?
What if another desktop computer gets an IP conflict with the server
fix IP, or what if we have to shut down the server everyday will the server IP change ?
General question: From what I understand, it is possible to put a DNS Record on the public Cpanel from our corporate website with a local IP that will only be resolved
if accessed through the local network? Ex.: Name: intranet.[our-corporate-public-domain].com, Address: 192.168.1.55 ?
Much appreciated RAMU.
Regards,
Herb -
SharePoint tool to create External Users and Groups
Our organization is currently looking for a product that will allow us to create user account and group for users outside the organization (e.g Clients, subcontractors, etc.) and that will only need to access to our external SharePoint Collaboration site.
We have one product right now but it is very problematic. For example if one of our clients need to change their email address which is their username it won't allow it so the account has to be re-created with the new email address and the permissions re-configured
all over again. The groups created using the tool called Roles most of the times don't work. We are testing our SharePoint 2013 environment so we thought it is a good time to find something new. If you know of some products that I can check please let
me know. I will really appreciate itHi,
According to your post, my understanding is that you wanted to create user account and group for users outside the organization.
External User Management seems to be a solution. It allows for easy management of external users and roles.
More information:
http://ventigrate.codeplex.com/wikipage?title=External%20User%20Management
Best Regards,
Linda Li
Linda Li
TechNet Community Support -
Lyncdiscover reports HTTP 500 Internal Server Error for external users
Hello,
I have a problem providing lyncdiscover information for external Lync users. The same address works internal (prompts for file download) so I believe the problem is UAG/TMG providing the site which is not my cup of tea. I have a working external lyncdiscover
for other domain in the same Lync + UAG/TMG server environment. I have also checked the public DNS records few times and everything should be fine. Firewall also shouldn't be an issue since it reports the internal server error, right? Any suggestions what
should I check?more information based on Lync Autodiscover Web Service Remote Connectivity Test.
Testing HTTP authentication methods for URL https://lyncdiscover.domain1.com/Autodiscover/AutodiscoverService.svc/root/user.
HTTP authentication methods successful.
Additional Details
Testing HTTP content for URL https://lyncdiscover.domain1.comi/?sipuri=[email protected] has
token="User".
HTTP content isn't verified.
<label for="testSelectWizard_ctl12_ctl06_ctl00_ctl04_tmmArrow">Tell
me more about this issue and how to resolve it</label>
Additional Details
HTTP 200 status received from server, but no token="User".
Elapsed Time: 203 ms.
The same result goes for the other domain that provides the lyncdiscover information correctly for external users. It doesn't seem to solve the root cause but might help to understand
the problem. -
Error in Account related information sections Access denied.(SBL-DAT-00553)
Hi,
I have 2 users, 1 from Spain and the other from Italy.
The spanish user is the owner of an account and adds the user from italy to the account team section with full access to the account.
The italian user is able to view the account. However the italian user is not able to view any of the custom objects in the related information sections below the account information.
The error is as follows:
Access denied.(SBL-DAT-00553)
Both users have the same role. However, if he/she is not the owner of the account but only a 'Team' member, he's able to view the account but not the CO's below the account. I've checked the access profiles and roles and it all seems fine. Oracle support confirmed this as well as both users were able to search and view the CO records without any issues. It's just that it hits the error if it's in the related information section.
I was just wondering if I'm missing any settings for customer team.
Currently, I'm not even sure if Customer team functionality was built for use with custom objects in related information sections.
Any help would be greatly appreciated!Hi, What i meant is, if you are using C04 - C015 objects, then ensure under related sections of Accounts in "Full" access profile, you set it as "View" or "Read-Only" instead of "No Access". "No Access" is what being set by OnDemand by default even though the access profile is named as "Full"
-- Venky CRMIT -
Unable to select SOME external users in person or group column in SharePoint O365
Here's a head scratcher.
We have an O365 SharePoint(G3) instance.
Sent external users invites to join the site from the SharePoint Group that the external user will be placed.
External users accepted invitations and now have access to the site with the correct permissions.
Permissions assigned to SharePoint Group.
Some external users can be selected for "Assigned to" field (person or group column type).
Some external users canNOT be selected for "Assigned to" field (person or group column type).
When typing external users name that canNOT be selected, the error message "No results found" appears.
Went to Site Settings > Site Permisisons > Check Permissions and typed in external users name that canNOT be selected, the error message "No results found" appears.
I have no idea why this would happen for some external users and not others.
External users that can be selected and those that canNOT be selected are in the same SharePoint Group and have the same permissions.
Could this be due to how the external user set up their account?
Help me please. This is driving my crazy.
Thanks in advance.
Tamara
The Stumped SharePointer
Tamara Bredemus SharePoint Minion...working up to MavenHi Miikka,
can you try cleaning up the user information list via powershell and reconfigure the userprofile sync. following url contains the powershell script for user information clean up
http://blog.fpweb.net/how-to-clean-up-sharepoint-user-information-list-with-powershell/#.VPrbn_mUeSo
Regards Roy Joyson
Please remember to mark your question as "answered"/"Vote helpful" if this solves/helps your problem.
Roy Joyson -
How can i create a report showing the where external users have been granted access to content in each of the sites in our tenant?
Dean MCTS-SQL 2005 Business Intelligence, MCITP SharePoint 2010This option is not available for SharePoint online but it is available on premise.
If you find this information helpful then please propose this as answer and vote.
Thanks.
Maybe you are looking for
-
Question 1: Basically, whenever i see a tutorial or example featuring OpenGL or JOGL and see the method; glVertex3f, the values are always floats and always below OR equal to 1.0f. Now, the models i am using i first rendered using java.awt.Graphics,
-
IChat AV 3.1.9 (v446) HOW 2 USE IT? - NEVER USED IT - I'D LIKE 2 USE IT!
Till today, I separately use msn messenger and yahoo messenger. I'd like to only use iChat AV 3.1.9 (v446) I already have installed but got no idea how to use it. When I click iChat the Buddy List window opens together with AOL Instant Messenger Logi
-
Using AppleScript with Toast to burn MP3 disc
I'm trying to get Toast to add all the subfolders of a chosen folder to a new MP3 Disc. The attached script works fine except it adds the source folder, then puts all the subfolders inside it. IE Disc layout becomes Source Folder ----> subfolder 1 --
-
Dear All, I created a production order with forward type scheduling with past date as the start date. At the time of 2nd operation confirmation the date of confirmation is overwriiten on the start date as well as finish date in the production order.
-
I downloaded your update sent about 10 minutes ago. Ever since I did so, my computer started freezing up for a few seconds, and then it starts going again. This is annoying!!!!!!!!!!!!!!!!! Do something to fix this. It started happening with your upd