How do I restrict PT60 Schema transaction to Personal Area?

Similar Messages

• How to call Country specific applications based on personal area ?

  Hi all,
  Though in R/3 for all employees country grouping maintained for all employees is 40 (India), As per project requirement we need to pull country specific screens for employee in portal. Screens vary mainly for personal data, address, bank details, family members data as per country .
  We need to pull the respective countries page based on the personal area of employee.
  Reagrds
  Rajendra

  Hi,
  Please go through the blog below:
  /people/amir.madani/blog/2007/01/05/create-dynamic-xss-homepages-with-static-services-using-a-simple-proxy-class
  Hope this helps.
  Cheers-
  Pramod

• How to restrict a schema owner from granting privileges to other users.

  How can we restrict a schema owner from granting privileges to other users on his objects (e.g. tables). Lets say we have user called XYZ and he has tables in his schema TAB1, TAB2 an TAB3. How can we restrict user XYZ from granting privileges on TAB1, TAB2 and TAB3 to other users in the database. Is it possible in Oracle 10g R2? Any indirect or direct way to achieve this? Please help on this.
  Thanks,
  Manohar

  Whenever someone is trying to prevent an object owner from doing something, that's generally a sign of a deeper problem. In a production database, the object owner shouldn't generally have CREATE SESSION privileges, so the user shouldn't be able to log in, which would prevent the user from issuing any grants.
  As a general rule, you cannot stop an object owner from granting privileges on the objects it owns. You can work around this by creating a database-level DDL trigger that throws an exception if the user issuing the statement is XYZ and the DDL is a GRANT. But long term, you probably want to get to the root of the problem.
  Justin
  Edited by: Justin Cave on Nov 6, 2008 9:52 PM
  Enrique beat me to it.

• How can I restrict options result to only one cost center?

  In transaction KS03 (Display cost Center), when I search for a cost center (hit F4), I have an option to drill down by Company code, controlling area, Cost Center Category, Person Responsible etc.
  My question is, how can I restrict users to select only controlling area they are authorized for ? Is there any authorization object I can use to restrict user's access to particular value in the table CSKS ?
  Thanks,
  Karan.

  Hi Karan,
  If you want to restrict on the values users can return when using F4 lookup then there may be some useful info in the following link:
  Authorization object for capacity planning CM03

• Need to restrict HR payroll Roles on Payroll area

  Hi,
  Can anybody pls guide me how can i restrict HR payroll roles on Payroll area Level.As of now system is not checking the payroll area value as authorization relevant.
  if the solution is through org key, pls explain the detail process of using org key.
  if it is through custom object, pls clarify the implication on the system once we run the standard program.
  Secondly i also want to restrict the  roles on Personal Sub area level and OM roles on Org.ID level.
  appericiate your early response.
  Regards,
  Ramakrishna

  Hi Ramakrishna,
  According to the documentation it seems to be possible to check authorizations for the payroll area with the authorization field VDSK1 of the authorization Object P_ORGIN if the feature VDSK1 is mapped to the payroll area. (However, I'm not sure about this because I never have worked with this option myself.)
  Online help
  [VDSK1 (Organizational Key)|http://help.sap.com/saphelp_470/helpdata/en/17/4bba3b3bf00152e10000000a114084/frameset.htm]
  If you use this authorization field VDSK1 this way I suggest to turn it into an "Org. Level" field using report PFCG_ORGFIELD_CREATE, too. This enables you to work with derived roles instead of normal roles. See note [323817 |https://service.sap.com/sap/support/notes/323817] "Creating org.level fields for the Profile Generator" .
  Kind regards
  Frank Buchholz

• How can i restrict the Expenditure Type values at a specific OU ?

  Dear Guys,
  I would like to ask about the Expenditure Types,
  I have implemented two projects for different Operating Units ,
  when navigating to any Projects responsibilty,and navigating the Expenditure Type field
  the values exist are all the values implemented across the OU not the values entered at this OU
  How can i restrict the Expenditure Type values at a specific OU
  Regards
  Amr Hussien

  Hello
  When you set up a project there is an option called Transaction Control.
  This option allow you to list the allowed or restricted elements of costs for the project.
  You may enter the transaction control on a project template and that will be copied to any new project.
  The cost elements may be expenditure types, expenditures categories, suppliers, employees, etc.
  In your case, I suggest to set up specific project templates for each operating units. On each template enter the list of allowed expenditures types for that OU.
  Doing so, the system restricts users from entering any expenditure item, supplier invoice, purchase cost etc, against an expenditure type, which is not allowed.
  Dina

• Authorization restriction for BP transaction

  Hi,
  We need to restrict the BP transaction access to user in the below mentioned way in our SRM system.
  1. Restricting BP access to all the users with display access.
  2. Restricting BP access to security users with create, change and display access.
  What is the main object for BP transaction for restricting access in the above mentioned scenarios?
  Here, we have observed one more issue like....
  Let say object-B_BUPR_BZT(not sure) is a main object for transaction-BP. If we restrict activity to 03 in that object, it will give display access when we are executing transaction-BP.
  Some of other transactions(like PPOMA_BBP) are there in SRM, those are also maintaining same object with all activities(create,change,Display).
  In this scenarios, how the above mentioned restriction is going to help the user.
  Please check and advice in this.
  Thanks & Regards,
  KKRao.

  > Let say object-B_BUPR_BZT(not sure) is a main object for transaction-BP.
  It may be a "main object" for BP, but that doesn't tell you much at all about the security aspects or where in the logic of the transaction it is used. This object is for example not a part of the business logic of transaction SE80, or that I am sure.
  If you have no clue, then start in SU21 and read the application help documentation on the transaction (to understand it's context) and the use-cases of the object - also to find the other transactions. Then you will become more sure.
  You also need to understand that in the same way the transactions, reports and the "real checks" are layers in the security, objects themselves can also be selective and layered in a conceptually consistent way, or (to make it more interesting...) transaction dependently.
  There are lots of shortcuts (even out-of-the-box roles which someone might try to sell you...) but ultimately if you use a SAP system to "build" your business processes, then you need a concept to secure your build. SAP owns the authority-checks in standard programs to enable the process to comply with legal requirements and some common sense.
  => So, you need to choose your transaction (or other entry point) carefully and understand the objects which they use.
  Cheers,
  Julius

• Restrictions on the transaction GR55

  Hi gurus
  can you help? need to implement restrictions on the transaction GR55, the group reports that the user will access, to put a report a group of authorization and put in the role in all fields BRGRU, but does not work, the user has access to all the Infomed .... anyone can give me an idea of how Restrict adcional this?
  thanks

  Dear guru,
  Even I was wondering about the same recently and used the search to revert back.
  What have you tried so far?
  Or do you want us to flame your controllers for you?
  Cheers,
  Julius

• How to exclude restricted-use batch from batch-determination in backflushin

  Hello,
  In the Goods-Movement screen during confirmation transaction (i.e. backflushing), we see that SAP has selected some batches that are restricted-use stock.  This must be due to some setting in batch-determination functionality.  We want to know how to exclude restricted-use stocks from being considered in batch-determination.  What setting, in which config transaction, can help us achieve this ?  Kindly help.  Thanks.
  - Chetan

  Thanks Manoj,
  That was a very good information and I learnt something new.
  However, I checked, and in that config, we are already "not-allowing" restricted-use stock for MvT-261.  So what else can be used to prohibit its selection during backflushing.  Thanks.
  - Chetan

• CRM PCUI how can I restrict Users

  hi all,
  We are having 5 Portal Users for each User I assigned role in Portal called sales representative which is a part of standard CRM 5.0 Business package.
  Each user use to create Account, lead and opportunity.
  My requirement is, whenever User created account, lead and opportunity, the other Users should not see those details.
  So how can I restrict them?
  In CRM GUI we have created new role and changed,its working fine, But in CRM-Portal (PCUI)  its showing all other users details.
  There is any other way without using Access Control Engine (CRM-ACE), I can restrict the User.
  regards,
  Naresh

  Hi Naresh,
  While working on one project we had faced same problem for this we had used diffrent approch.
  for achiving this u can do below things:
  1) Create diffrent iview for each user. (Assign it for each user for PCUI Portal)
  2) In each iview in Show Advance Search window u have to make "Belonging To " field Freeeze with Value "Me"
  3) Using MAC(CRMC_BLUEPRINT_C) u can achive above steps.
  After doing above step u'll come to know that the respective user can only search and access only their Transaction and not others.
  Hope it'll help u, let me know if u want further help.
  Thanks,
  Dipesh.
  Edited by: Dipesh Date on Oct 8, 2008 1:21 PM

• How to set restriction for user in sap

  Hi,
      I have created a user,now i need to restrict the user to work only for 8 hrs per day.HOw can i set timing for the user.Kindly help out regarding this.
  Regards
  sekar

  Sekar,
  If you use external authetnication for users when they logon to SAP, then you can control the times they can logon and which days of week (if required). For example, it is possible to use Active Directory authentication to authenticate users to SAP application via SNC or using a custom login module in WebAS Java, and in AD you can set times when logons are allowed. This might be what you are looking for ?
  If you want to log somebody off SAP when they have been using it for a period of time, then this can be dangerous if they are in the middle of a complex transaction when they are logged off. Also, I don't think this functionality is included in SAP product. If you don't want somebody to use SAP at certain times of day, then it might be better to force a screen saver at workstation instead, if this is what you want.
  Regards,
  Tim

• How can I restrict maintaining the same customer for different CC Areas?

  Hi All,
  I have a problem about maintaining customer credit limits via tcode FD32.
  User can maintain a customer in different credit control areas (CCA) and these CCAs are belong to different company codes.
  How can i restrict the user not to update another countries' credit limit?
  Your fast reply will be highly appreciated.
  Regards,
  Bilal

  Hi,
  I donu2019t think so there is any configuration for this kind of purpose.
  You can only do by the authorisation.
  Just give the user authorisation that only this person can change the value of the credit control area.
  And I think so that will be usefull also because if every body has authority then any body can change the limit which is not good.
  First they have to take permission from the authorised person and if he approved then only he should change limits.
  So just try out the user authorisation for your purpose.
  Regards
  Raj.

• How to cancel an order if transaction not complete

  How to cancel an order if transaction not complete

  Presuming you're referring to a purchase from the iTunes Store, go here:
  http://www.apple.com/support/itunes/contact/
  and follow the instructions to report the issue to the iTunes Store. Refunds are not guaranteed, but iTunes support should be able to help you in one way or another.
  Regards.

• How can I restrict Adobe Creative Cloud to run for just one mac user?

  Can anyone help with this please ...
  (This is about how the Adobe Creative Cloud app works with OS X User accounts.  I have posted it on Adobe's Support forums, but nobody there had the solution.  Perhaps someone from the Apple/OSX end can help?)
  I'm running Adobe CC on a 2010 iMac (OS X Yosemite).  I'm delighted with it, however ...
  Several family members share the same iMac using separate user accounts.  Adobe CC seems to run on startup for all of them which is annoying for them as they get messages about updates etc, plus it takes up unnecessary system resources (particularly as we tend to use 'switch user' and Activity Monitor shows an instance of Adobe CC running for each user).
  It's not listed in the Login Items list under System Preferences->Users & Groups, so I can't disable it there for other users, However it appears as an icon in the menu bar for any/all users a few moments after logging in - so something is triggering it to run, but I can't see what. 
  How can I restrict Adobe CC to run just for my user account please?
  Thanks
  Richard

  The startup item is likely inside the /Library/LaunchAgents folder.
  It will be something named like com.adobe.creativecloud.plist.
  Move it out of the /Library/LaunchAgents folder into the User/Library/LaunchAgents folder for all the users that need it.
  I don't know if it will work, but as long as Adobe wrote the launch agent correctly, it will work. Given that it is Adobe we're talking about, my bet is no.

• SSH login- how do I restrict access to a shared folder?

  I have created Shares in WGM for SMB and AFP access on my OS X 10.4.8 Server. However when I connect via SSH it's not restricting access to the folder based on the User Name I login with- I see the entire volume! How do I restrict access to a specific folder based on a user name setup in WGM? ACL's?

  Hey George,
  It sounds like you are trying to limit ssh/sftp users to a specific area, aka jails. The FTP server lets you 'chroot' users to a certain area making it appear as the root thus preventing them from navigating up the hierarchy, which is what I think you, and me and many others are trying to accomplish.
  The ssh compiled into OS X is missing this very needed feature. There have been a few documented workarounds, but they've either been too insecure or too clunky for me.
  I've dealt with the fact that my users can get to the root of the hard drive, and have just been very careful about my privileges (by using ACLs), thus preventing them from getting inside areas they shouldn't.
  There's a good write up here: http://www.schwie.com/brad/macosxsftpchroot/ and if you include the term 'chroot' in your searches, you should find a bit about it here too.
  And Roger, I think George meant the file sharing protocol used by ssh. man sftp.