How i know Authorization object in system?

Similar Messages

• How to know which object is in which transport requeset

  hi frnds
  how to know which object is in which transport request

  hi Preethi
  try with transaction se01 then clic on the tools icon under the menu you will get a list of function.
  then select search for object in transport request (maybe the text is a bit different) then enter information like for example R3TR  OSOA and the name of a datasource. if you don't know the meaning of R3TR use the match code and use it also for objects you want to find infosource infoobject etc... don't forget to mark the flag select if your transport request is released or not and then execute you will get the list of all transport requests containing your search object.
  hope this could help you
  best regards
  Boujema

• How to use authorization object P_PERNR ?

  Hi, Gurus~
  In our system, there is a user whose User ID is "00041", and she can modify her own 0008, we want to control it so that she can only display her own 0008, but process 0008 for all other employees
  So, i use the authorization object P_PERNR to do this, i set the fields value like this (totally copy from the SAP help for P_PERNR....):
  Authorization level:  W,S,D,E
  Infotype: 0008
  Interpretation of assignment personnel number: E
  Subtype: *
  and then, i maintain her master data 0105's subtype 0001-system user name as 00041
  i think she shouldn't maintain her own 0008 now ,but she still can maintain it
  i want to know why and how to solve it, did i do it in the right way?
  Thank you in advance!

  P_PERNR   HR: Master Data - Personnel Number Check
  You use the HR: Master Data - Personnel Number Check authorization object if you want to assign users different authorizations for accessing their own personnel number. If this check is active and the user is assigned a personnel number in the system, it can directly override all other checks with the exception of the test procedures.
  The following values are possible for the PSIGN field:
  I   =          Authorization for personnel number assigned, that is for own personnel number
  E  =          Authorization for all personnel numbers excluding own personnel number
  You can assign a user a personnel number using infotype 0105, subtype 0001 (in earlier releases using the V_T513A view).
  This check does not take place if the user has not been assigned a personnel number, or if the user accesses a personnel number other than his or her own. In other words, this check is completely irrelevant for personnel numbers that are not assigned to the user.
  Example of Personnel Number Check P_PERNR
  The authorization checks for P_ORGIN and P_PERNR are activated in the system. In addition, there are user assignments for some personnel numbers.
  The user in our example is assigned a personnel number and is administrator responsible for the Basic Pay infotype (0008) of a personnel area (that is, the user has the corresponding P_ORGIN authorization). The employee should also be able to display his or her own data but not change his or her basic pay, irrespective of the personnel area for which the employee is responsible. The corresponding authorizations for the P_PERNR authorization object must be set up as follows: AUTHC = R, M
  PSIGN = I
  INFTY = *
  SUBTY = * AUTHC = W, S, D, E
  PSIGN = E
  INFTY = 0008
  SUBTY = *
  In our example, the user is an administrator responsible for the basic pay (infotype 0008) of a personnel area (since the administrator has the corresponding HR: Master Data authorization). The employee should also be able to display his or her own data at all times but not change his or her basic pay, irrespective of the personnel area for which the employee is responsible. You need to set up the appropriate authorizations for the HR: Personnel Number Check object as shown in this example.
  The first authorization grants the employee read authorization for all infotypes that are stored under the employee's personnel number. The second authorization denies write access to all data records of infotype 0008 for the employee's own personnel number in case the administrator is responsible at some point in the future for the personnel area to which he or she belongs.
  As the following examples illustrate, inconsistent authorizations can be granted.
  Example 1:
  AUTHC = *
  PSIGN = I
  INFTY = 0014
  SUBTY = M* AUTHC = W, S, D, E
  PSIGN = E
  INFTY = 0014
  SUBTY = *
  The first authorization grants the employee read authorization (AUTHC = R) for the Recurrent Payments/Deductions infotype (0014), subtype M120, which allows the employee to access the data stored under his or her personnel number. In this case, the second authorization is irrelevant.
  The first authorization grants the employee write authorization (AUTHC = W) for the Recurrent Payments/Deductions infotype (0014), subtype B030, which denies the employee access to the data stored under his or her personnel number. In this case, the first authorization is irrelevant.
  The first authorization grants the employee write authorization for the Recurrent Payments/Deductions infotype (0014), subtype M120, the second authorization denies the employee this authorization. The desired system response is unclear from this example. According to the documentation, the system response is undefined in such situations. In reality, the authorization check always denies authorization in unclear situations, that is E is stronger than I and therefore the authorization is not granted.
  Example 2:
  AUTHC = *
  PSIGN = *
  INFTY = *
  SUBTY = *
  This type of authorization is required by superusers with unlimited access, for example. The above authorization is appropriate if an employee wants to access an infotype. However, since PSIGN = * and * can be substituted for any value, PSIGN and E can also be interpreted as I. This can also lead to an undefined situation. In earlier releases, the authorization was denied on the basis of the rule E is stronger than I. This meant that superusers with assigned personnel numbers were not able to access their own personnel number. The programs have since been changed and now * is interpreted as I and is stronger than E. In other words, * is stronger than E and E is stronger than I, whereby * is interpreted as I.
  As already indicated in Example 1, the combination of different authorizations can produce a complicated result. We therefore recommend that you avoid combinations where P_PERNR authorizations can be interpreted differently for the same combination of AUTHC(Authorization Level), INFTY(Infotype) and SUBTY (Subtype).
  Misunderstandings arising from the complex situations described above are not the most frequent causes of customer inquiries, however. The most frequent cause is the incorrect assumption that authorizations by personnel number affect authorizations for non-assigned personnel numbers. This is not the case at all.
  If you use authorizations by personnel number, you should always first set up all non-personnel number-related authorizations. As soon as you have done this, you should create different access authorizations for the personnel numbers that are assigned to users using appropriate P_PERNR authorizations. This is always possible since the P_PERNR authorizations override all other authorizations directly (except Test Procedures).
  P_PERNR authorization checks cannot bypass test procedures directly. For instance, a test procedure is only carried out on the Recurring Payments/Deductions infotype (0014) if a corresponding P_PERNR authorization (with PSIGN = I) exists. If an appropriate authorization for the corresponding subtype of the infotype 0130 exists, it can be used effectively to carry out the test procedures.

• New Authorization Objects after system upgrade

  Hi All ,
  I require the list of all new Authorization Objects that have been added to the system after System Update.
  Regards
  Anthony D'souza

  Hi Jurjen Heeck ,
  see my previous post
  I did 'nt get this.
  SAP_NEW is your friend here
  does the SAP_NEW profile contains all the new authorization Objects.
  Regards,
  Anthony

• Authorization object per systems

  HI,
  1. There is different authorization  object in different systems (like R3 BW CRM) .
  2. When we get  R3 system we get out of the box authorization object  and roles like for admin ...
  or we have to build it?
  Regards

  The Netweaver "Basis" AS ABAP for example has it's objects, regardless of which components are installed. E.g. S_DEVELOP, S_DATASET, S_RFC, etc etc etc. See the BC* classes.
  The application components also have their own objects (assigned to the packages of those components).
  SAP does provide some roles as templates and profiles to get you started if you have nothing else (E.g. the SAP* roles and SAP_ALL profile), as well as portal roles for which you need to build the backend authorization for, as well as nothing other than the SU24 check proposals from which you need to building your own role from scratch depending on your business process design (choice of transaction).
  In some cases, absolutely nothing is delivered except the coding. Those are the real buggers.
  Cheers,
  Julius

• How to assign authorization objects to a cube

  Hello,
  My cube includes 0profit_ctr which is marked as authorization relevant. Still in RSSM my cube is not included in the list of infocubes for an authorization object (zprofit) linked to 0profit_ctr. I'm therefore not able to enable that authorization object for my cube. I have a few ODSs which are included in the list. Why is my cube missing? Is there something I must do to include it, or is it a bug?
  When checking the infocube for authorization objects in RSSM this list is empty as well. I don't see any option to add authorization objects in that list.
  I have read the following document:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b849e690-0201-0010-9b88-c00cca40736f
  I'm using BW 3.5.
  Regards,
  Christoffer

  Hi Christoffer,
  In RSSM  you will find a button  "Update Check Status ( Authorization Objects, Info providers) ". After this update you should find your cube in the list.
  Jaya

• How to know which SPS a system has?

  Hi,
  Because Support Package Stack (SPS) is a sum of Kernel + ABAP patches + Java patches, so how can I know which Support Package Stack (SPS) a system currently has?
  Thanks,

  Hi Toan,
                 There are diffenent way's to find out which stack are you now? but it's depent's on the SAP release too. If you are using NW04 or NW04s and using EP you can check it from http://<host name>:50xxx/index.htm  then go to system admin there you find all the information.
    If you want to get it from ABAP stack, check SAP_APPL patch no, It is the SP stack no. Yo can get good doc at the following link.
  http://service.sap.com/sp-stacks
  Regards,
  Hari.

• How to know whether object is locked

  Hi All Experts,
  Which table holds the dynamic objects(Lets say a PP order) which are locked. I mean lets say I am editing some PP order 012344567 through tcode CO02 and after this in another session this PP order is also in use in some other transaction or some report.
  How can I get the information about this PP order which is currently being editied in another session.
  Which table can give me this information or is there any function module which takes the object id as the PP order number and gives the information back that PP order is currently locked or being edited.
  Kindly suggest me as how to go about this.
  Thanks,
  Mark

  Hi Mark,
  Using SM12 and by giving the user name you can find the Lock entries i.e. the objects currently accessed by that user.
  You can use the following function module to get the list of all the objects locked by a particular user.
  ENQUEUE_READ
  Award points if helpful
  Regards,
  Ravi G

• How to add Business Objects to system landscape smsy?

  Hi there,
  at the moment I configure the system landscape (smsy) in our solution manager. We have also BO XI 3.1 installations and I like to add them to the landscape. In transaction smsy I'm going to "Landscape components" -> "Product System" -> "Create New Product System" .. But now I'm not sure about the product and the product version.
  Any idea?
  Thanks and have a nice weekend,
  Max

  Hello,
  You may want to review  SAP Note 1507629   Preparing a BOE system for Service Sessions in Sol. Manager
  There are two PDF files EGI_SBOP_EWA_Part1.pdf and EGI_SBOP_EWA_Part2.pdf attached.
  They show how to define the system in SMSY.
  Additionally you will need Note  1357901 CA: Managed System Setup for SAP BusinessObjects Enterprise
  Because this is how the data will be collected.
  And lastly once you have setup the managed system and setup  the entries in SMSY, you then can create an EWA.
  Hope this helps you out.
  Regards,
  Paul

• How to know corresponding info object for R/3 field and viceversa

  Hi....
  How to know corresponding object for a filed in r/3 data source and viceversa..While defining transformations.
  We can't do mapping of all objects to fields with the definition......!!!
  In 'rsosfieldmap'' what information we should give to know the proper tranformation...?
  thank u.....

  Hi,
  There are two ways to know the corresponding info objects in R/3 fields:
  1)  goto se11 t-code, enter RSOSFIELDMAP and enter display button. in the next screen click contents and give the field name or info object name as per your requirement, and excute.
  2)  first go through the field description in r/3 and identify the similar description in BI. For your easy understanding use excel sheet , in that you can copy the data source fields and target info objects ( master data or transaction data ). then it will be easy to identify the similar description.
  Thank you.

• Authorization object  on Promotion Type  ( WAK1)

  Dear Gurus,
  This my first question.
  I want to know, How to put AUTHORIZATION OBJECT on Promotion type in t code WAK1. 
  I want , a user  let say would not create Promotion order other then ( RC10). How can i do it.
  Please help.
  Best Regards
  sachin chauhan

  Hi,
  Are you telling me that you have a z auth, object built with SU21? If it's true, you can insert in SE38 with the push 'Pattern' and option AUTHORITY CHECK. The system insert it. After, set the parameters as variables and if the return code isn't zero (you don't have auth) you must set an error message, for instance in LIPW4F58:
  *... Auth check movemnt. plant
    authority-check object 'M_MSEG_WWA'
             id 'ACTVT' field '01'
             id 'WERKS' field mseg-werks.
    if sy-subrc eq 4.
      message e199 with mseg-werks.
    endif.
  Remember set the object in PFCG, and check that in case of rejection of auth. the tcode SU53 works right.
  I hope this helps you
  Eduardo

• Creation of Authorization Object

  Dear All,
  Can anyone of you guide me on how to create Authorization Object?
  My Knowledge on this concept:-
  1) Mark required object as Authorization Relevant
  2) Use of T-code RSSM
  3) Select marked Authorization Object
  4) Assign fields to it, for authorization.
  thats all i know.
  There are few more additional settings we need to do for it.
  Request you to provide with step by step procedure for the same.
  Thanks & Rgds,
  Anup

  hi
  To create an authorization object:
  1) Execute transaction SU21
  2) Double-click an Object Class to select a class that should contain
  your new auth object
  3) Click on CREATE (F5)
  4) (If creating custom field) - Click the 'Field Maintenance' button -->
  Click on CREATE (Shift+F1)
  5) Enter the Name for the New Authorization field and the corresponding
  Data Element and SAVE
  6) Confirm the Change Request data for the new Authorization Field
  7) Go back two screens (F3-->F3)
  8) Enter the Authorization field name and document the object:
  9) SAVE and ACTIVATE the documentation
  10) Save the new Authorization Object
  11) Confirm the change request data for the Authorization Object and
  EXIT SU21
  12) Finally, the SAP_ALL profile must be re-generated
  the following link will be helpful
  http://209.85.175.104/search?q=cache:BigTSV4_olEJ:www.gingle.com/glenaccess%255CsdnAuthorizationObjectsimple.docHowtocreatauthorisation+object&hl=en&ct=clnk&cd=10&gl=in
  http://aroundsap.blogspot.com/2008/02/sap-bw-70bi-70-new-authorization.html
  Use of T-code RSSM
  Through BIW Authorizations (TCode RSSM)
  Authorization check log. This gives information on
  missing authorizations for reading data.

• Obsolete authorization objects in APO

  Hi Experts,
  I have to create one role in APO in which I have to manually insert authorization objects.When I try to do so, for some authorization objects I get error message "Authorization object is obsolete" and the authorization object does not get inserted.This might have happened because of upgrade.
  Is there anyway to determine how to find authorization object corresponding to obsolete authorization objects in upgraded system?
  Edited by: AnikaGupta on Dec 20, 2011 1:41 PM

  Hi
  I don't have much experience with APO security specifically or with regards to do what do with obsolete objects; but in general - I would say that obsolete auth object's description/documentation would provide hints to the object which should replace the object in context (for example object S_XMB_DSP). I would like to ask as to why are you trying to add this object manually - accepting if its an exception/necessary but see if you can resolve it by t-code addition in menu and checking what all auth objects are pulled - and building a solution based on SU24 proposals (depends if the obsolete object is called for this transaction in SU24 - maybe it does not)  -  if its an obsolete object you might want to edit its status in SU24 as do not check (apart from basis/hr objects)
  Best Regards
  Prashant

• Authorization Object: P_ORGXX - fields can be from a custom infotype ?

  I need to create a customer-Specific Authorization Object, but the documentation states that we can use any of the fields in IT0001, and also customer-specific additionald fields. But we need to know if those additional fields can be from a custom infotype.
  If it is not possible, we need to replicate the std P_ORGXX and the way it validates the field pa0001- SACHZ. But with fields from a custom infotype. Is there any way to do it?
  I hope you can help me with this.
  Regards,

  Hi,
  Try the link from SAP as reference for authorization object creation and how functionality for authorization object works w/ infotype.
  http://help.sap.com/saphelp_470/helpdata/en/9e/74ba3bd14a6a6ae10000000a114084/content.htm
  http://help.sap.com/saphelp_470/helpdata/en/16/b8b83b5b831f3be10000000a114084/content.htm
  Thanks,
  Ameet

• How can I get objects of multiple instances of InDesignServer

  Hello,
  We need to have InDesignServer running in more than one configuration. And we need to script them. So to keep easy let's pretend there are 2 instances of InDesignServer running. One startet with 'indesignserver -configuration conf0' and the other started with 'indesignserver -configuration conf1'.
  So we try (Visual Basic):
  dim myIndApp0 as InDesign.Application
  dim myIndApp1 as InDesign.Application
  myIndApps0 = CreateObject("InDesignServer.Application.CS2")
  myIndApps1 = CreateObject("InDesignServer.Application.CS2")
  But both objects referring to the instance with conf0. How can we get an object of the second instance?
  We tried to solve this using System.Diagnostics.Process.GetProcesses(). So we got both processes. But did not find a way to get an object of class InDesignServer.Application by using an object of System.Diagnostics.Process. Any ideas about that way?

  Hi Ian,
  The problem is not to start different instances. In the Windows Task Manager and the console output of InDesign Server I can see, that both instances are running with different configurations. When I use Systems.Diagnostics.Processes.GetProcess() I get both processes too.
  But I don't know how to get objects of both instances using the Interop Assembly or (as a runaround) how to cast an object of System.Diagnostics.Process into an object of InDesignServer.Application.
  When you talking about SOAP, do you know how to start InDesignServer twice with diffrent ports from inside VB and getting the InDesignServer.Application objects of it?
  This should be solve our problem too.