How to grant the access t-code : BP by company code or by country

Similar Messages

• How to grant anonymous access on sharepoint document library/list only not for web application

  Hello
  How to grant anonymous access on sharepoint document library/list only not for web application.I have claim based sharepoint site and has to be but i want to grant access on document library/list only.Is this possible?
  Thanks
  Rajesh Kumar "Changing the Face" can change nothing.But "Facing the Change" can change everything.

  As i am using following code
  SPSite site = SPContext.Current.Site;
              SPWeb web = SPContext.Current.Web;
              SPSecurity.RunWithElevatedPrivileges(delegate()
                  using (SPSite ospSite = new SPSite(site.ID))
                      using (SPWeb webs = ospSite.OpenWeb(web.ID))
                          // Enable anonymous access on web application
                          webs.AllowUnsafeUpdates = true;
                          SPUrlZone urlZone = SPUrlZone.Default;
                          SPWebApplication specifiedWebApplication = ospSite.WebApplication;
                          SPIisSettings iisSettings = specifiedWebApplication.IisSettings[urlZone];
                          //iisSettings.AuthenticationMode = AuthenticationMode.Windows;
                          iisSettings.AllowAnonymous = true;                       
                          specifiedWebApplication.Update();
                          // Get document library collection here and fetch all the document urls
                          SPDocumentLibrary docLib = (SPDocumentLibrary)web.Lists["Documents"];
                          if (docLib != null)
                              docLib.BreakRoleInheritance(true, false);
                              docLib.AllowEveryoneViewItems = true;
                              docLib.AnonymousPermMask64 = SPBasePermissions.ViewPages | SPBasePermissions.OpenItems | SPBasePermissions.ViewVersions
                                  | SPBasePermissions.Open | SPBasePermissions.UseClientIntegration | SPBasePermissions.ViewFormPages | SPBasePermissions.ViewListItems;
                              //docLib.AnonymousPermMask64 = SPBasePermissions.EmptyMask;
                              docLib.Update();
  Should working but getting access denied......i am totally stuck at this point.
  Rajesh Kumar "Changing the Face" can change nothing.But "Facing the Change" can change everything.

• Grant the access rights to manager run the work flow history report without edit /delete rights

  I found that only Team Member / Workspace creator / Administrator can run
  the work flow history report. However, we have a Purchase Order request
  which need ask the supervisor for 1st approval and manager for 2nd approval.
  But those managers want to see who prepare the P.O. and supervisor done the
  first approval before their 2nd approval. How can I can grant the access
  right to the manager to run the work flow history report for this purpose? I
  tried grant the role "team member" to those manager, however, it will also
  allow them to modify or delete the entry as they are the team member, but we
  only want allow those managers can approve the entry and view the work flow
  history without other acces such as add/delete/edit to prevent the human
  mistake.
  Pls advise how can I do this? Thanks!
  Regards

  Create a new role in teaming can fulfill this requirement. Thanks!
  "Joey" wrote in message news:_Cvqo.66903$[email protected]. .
  I found that only Team Member / Workspace creator / Administrator can run
  the work flow history report. However, we have a Purchase Order request
  which need ask the supervisor for 1st approval and manager for 2nd approval.
  But those managers want to see who prepare the P.O. and supervisor done the
  first approval before their 2nd approval. How can I can grant the access
  right to the manager to run the work flow history report for this purpose? I
  tried grant the role "team member" to those manager, however, it will also
  allow them to modify or delete the entry as they are the team member, but we
  only want allow those managers can approve the entry and view the work flow
  history without other acces such as add/delete/edit to prevent the human
  mistake.
  Pls advise how can I do this? Thanks!
  Regards

• How to Use the JAVA SCRIPT code in .htm page of the component

  Hi .
  In my requirement i have to use Java Script Function in .htm code ..how to use the java script code and functions in .htm???
  thank you
  B.Mani

  Check this document  [Arun's Blog|http://wiki.sdn.sap.com/wiki/display/CRM/CRMWebClientUI-TalkingwithJava+Script]
  Regards
  Kavindra

• How to create the Access sequence for the Vendor+material+plant combination

  Hi all
  Please let me know How to create the Access sequence for the Vendormaterialplant combination..
  Whats the use? What its effect in purhcase and taxe..
  brief me please

  Hi,
  you are asked to maintain the access sequence for the tax condition for which you are putting 7.5%.
  goto OBQ1 or img..financial accounting new...global settings.... taxes on sales and purchases ......basic settings.....
  find the tax condition type. see in it which access sequence is attached.
  if there is none then use JTAX used for taxes in India.
  or you can create the similar one for your.
  to create the same goto OBQ2.
  new entry or copy JTAX.
  and assign the access sequence to condition type.
  this will resolve your problem if you just need to assign the access sequence.
  regards,
  Adwait Bachuwar

• How to restrict the access of FUNCTION MODULE for others after transporting

  A Function module needs to be executed in one server and should be executed when others try to access it.how to restrict the access of FM to one application server after being transported using SM59.

  issue resolved

• How to setup the access privilege of flash file in Web Intelligence?

  How to setup the access privilege of flash file in Web Intelligence?   WEBI can set access privilege for single WEBI report file, but it seem cano not set access privilege for one flash file.

  Thank you Maksim,
  I did set the "selectionMode" to "Auto". I don't understand where In supply function I have to set lead selection of nested node to first element. Please elaborate on this. Are you talking about the context attribute bound to the second table? OR do I have to change the Importing parameters "Node" and "Parent_Element" of my supply function?
  Thanks for your time.

• How to get the restriction pass code for iPhone ?

  How to get the restriction pass code for iPhone ?

  if you forgot it you have to restore your phone to get past that code

• How to run the open script code from eclipse?

  Hi,
  How to run the open script code from eclipse.
  Please let me any soulutions on this.

  Hi Konda
  I am not quite sure you can do that and it would even be not supported... Again, what is the purpose? Why do you want to run your openscript code in Eclipse?
  What is the code you try to run?
  As an example, even if you include al the jar files and so on. don't think the function "Launch Browser" could work because it isn't only java code orjar files.....
  If you give us more background. maybe we can guide you to a better solution...
  JB

• How to Maintain the MM Master Data from one company code to other co code

  Hi Experts,
  Can any one pls tell me how to Maintain the MM Master Data from one company code to other co code.
  Presently we created New plants,New Purchase Orgs under different company code.
  1) Material Master data
  2) Vendor MAster data
  3) PIR
  4) Source List
  Is there any standard Transactions...??
  Please reply.
  Brgds,
  KK

  Hi
  Check out the link -
  http://wiki.sdn.sap.com/wiki/display/ABAP/StepstocreateasimpleLSMWusingbatchinput+recording
  lsmw for data migration for  xk01 transaction
  http://www.sap-img.com/general/lsmw-steps-for-data-migration.htm
  Regards
  Anand

• How to read the Java source code (in Netbeans)

  I use OS X10.5.5, NetBeans 6.1 and JSE 6 on a 64 bit mac.
  When I downloaded NB6.1 it had JSE 5 as it's default (and only) java platform. I ran Software Update to get Java 6 from Apple, used the Java Prefrences utitlity to set JSE6 as default. In NB I added the JDK6 platform, registered the JDK6 javadocs and noticed that I also have the option of registering the Java source code.
  I have three questions:
  1) How do I make JDK6 the default in NetBeans. The JDK5 keeps being default after I did the steps above and I don't see anywhere to change that.
  2) How do I read the Java 6 source code? I can see sun provides [source code| http://download.java.net/jdk6/] for their supported platforms. I dont see Apple doing the same for its JDK port. What would I need to do to get to read the java SE6 sources? or is it actually hiding somewhere in the /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home hierarchy?
  3) Where does the JVM look for the binary code to run when I make a call to, say java.util.ArrayList or any other library. In my naivety I would have assumed it would be a .class file somewhere in the java Home folder, but I don't see anything like it.
  thanks in advance,
  chris

  This is taken from the help included with netbeans. In response to question 1.
  By default, the IDE uses the version of the Java SE platform (JDK) with which the IDE runs as the default Java platform
  for compilation, execution, and debugging. You can view your IDE's JDK version by choosing Help > About and clicking the
  Detail tab. The JDK version is listed in the Java field.
  You can run the IDE with a different JDK version by starting the IDE with the --jdkhome jdk-home-dir switch on the command line
  or in your IDE-HOME/etc/netbeans.conf file. For more information, see IDE Startup Parameters.
  In the IDE, you can register multiple Java platforms and attach Javadoc and source code to each platform. For example, if you
  want to work with the new features introduced in JDK 5.0, you would either run the IDE on JDK 5.0 or register JDK 5.0 as a
  platform and attach the source code and Javadoc to the platform.
  In  , you can switch the target JDK in the Project Properties dialog box. In  , you have to set the target JDK in the Ant script itself,
  then specify the source/binary format in the Project Properties dialog box.
  To register a new Java platform:
  Choose Tools > Java Platforms from the main window.
  Click New Platform and select the directory that contains the Java platform. Java platform directories are marked with a  
  in the file chooser.
  Use the Sources and Javadoc tabs to attach Javadoc documentation and source code for debugging to the platform.
  Click Close.
  To set the default Java platform for a standard project:
  Right-click the project's root node in the Projects window and choose Properties.
  In the Project Properties dialog box, select the Libraries node in the left pane.
  Choose the desired Java platform in the Java Platform combo box.
  Switching the target JDK for a standard project does the following:
  Offers the new target JDK's classes for code completion.
  If available, displays the target JDK's source code and Javadoc documentation.
  Uses the target JDK's executables (javac and java) to compile and execute your application.
  Compiles your source code against the target JDK's libraries.
  If you want to register additional Java platforms with the IDE, you can do so by clicking the Manage Platforms button.
  Then click the Add Platform button and navigate to the desired platform.
  To set the target Java platform for a free-form project:
  In your Ant script, set the target JDK as desired in the javac, java, and javadoc tasks.
  Right-click the project's root node in the Projects window and choose Properties.
  In the Sources panel, set the level of JDK you want your application to be run on in the Source/Binary Format combo box.
  When you access Javadoc or source code for JDK classes, the IDE searches the Java platforms registered in the
  Java Platform Manager for a platform with a matching version number. If no matching platform is found, the IDE's default platform is used instead.
  See Also
  Managing the Classpath
  Declaring the Classpath in a Free-Form Project
  Stepping Through Your Program
  Legal Notices

• How to restrict the user id to a specific company code?

  Hi,
  I want to restrict a user id to access a specific company code only for both customizing and application data creation. This means that the user id can do customizing and create application data for that company code only and not for any other company codes.
  how can i do this?

  Hello Raja,
  You requirement of restricting users for application data can solved by adding the company code in the organization level button and the user will be restricted to mainatin application (transaction) data for the org element for which he is authorized for, if the transaction has objects which check company code.
  Customizing data authorization can be very tricky, as most of the customizing transactions are for maintaining customizing tables will not necessarily have an authorization check for org elements. In this case you may to manually insert a object called S_TABU_LIN alongwith S_TABU_DIS it will perform the job of restricting authorizations.
  In cases where the end user is accessing tables directly with SE16 S_TABU_DIS is the object that is check and maintained in PFCG.But,Such a restriction cannot be made with S_TABU_DIS alone. Fortunately SAP provides us with another authorization object S_TABU_LIN (Authorization for Organizational Unit), which can be used in conjunction with S_TABU_DIS to enforce such a restriction.
  This authorization object works only with Maintenance Views and Customizing tables. Also note that an Organization Criterion is a prerequisite for implementing the same
  A detailed step by step procedure to be followed is given below:
  1. The first step in implementation of line authorization is defining an Organization Criterion. For this we need to access the u201CSAP Reference IMGu201D customization page from SPRO transaction.
  2. From the IMG display screen select SAP Web Application Server -> System Administration -> Users and Authorizations -> Line Oriented Authorizations. Select the execute ( ) button for the u201CDefine Organization Criteriau201D.
  3. The resulting table display show all available Org Criteria values existing in the system. For our purposes we will create a new Org Criteria to suit our needs. Select the tab u201CNew Entriesu201D as shown below.
  4. Give an appropriate name starting with Y or Z for the new value. Note that a name starting with another letter will not be accepted by the SAP system. Click on u2018Saveu2019 button to save the newly created Org Criteria. This opens a new window asking for a Workbench Transport Request. This would be required so as to transport the new Line authorization restrictions further to the test and production systems.
  5. Now select the new Org Criterion u201CY_TESTu201D and double-click the u201CAttributesu201D tab as below to define the various Org Attributes.
  6. Provide the new Attribute name and Description for the same. Also fill the Authorization field value from the provided dropdown (1st Org Criterion Attribute u2026. 8th Org Criterion Attribute). The search help field is an optional field which can be filled if a search criterion exists or has been created earlier for the specific purpose. This field enables the u201CF4u201D when filling entries in the authorization object
  7. We already have a search help (C_T001) available, which provides as an F4 help the list of all available Company Codes in the system.
  Note that we can create up to 8 Org Attributes as per our requirements (by selecting u201CNew Entriesu201D tab), each corresponding to a column in the target table.
  8. Selecting the attributes link again will show us a list of all defined attributes and the authorization Field it will appear in. Now that we have defined the Attribute Field that we require, we need to associate each attribute to the corresponding Table Field in the target table.
  Select one of the attributes as below and double-click on the u201CTable Fieldsu201D button to define the field associations.
  9. Select the u201CNew Entriesu201D tab to create a new table field association.
  10. The View/table field must be filled with the target table which we need to control.
  11. The u201CField Nameu201D will require the field name of the target table which be linked with the specific Org Attribute. Performing an F4 on this field will display the list of all possible fields available in the View/table provided earlier. Here we will select the field name BUKRS (Company Code). Save the entries in the same workbench request created earlier.
  12. The next step would be to activate this new Org Criterion so that SAP now checks the authorization for S_TABU_LIN for every user
  13. In the u2018IMG displayu2019 go to SAP Web Application Server -> System Administration -> Users and Authorizations -> Line Oriented Authorizations. Select execute ( ) button for the u201CActivate Organization Criteriau201D.
  14. From the resulting customization screen tick the check-box for the Org Criterion that we have created. On saving the settings the system then asks for a Customizing Transport Request for further transport into test and development systems.
  15. Any user without this authorization will not be allowed in to the SM30 display/change screen for this table.
  16. In the role for which the S_TABU_DIS provides maintenance access for the table , we will now also need to maintain the object S_TABU_LIN.
  17. On selecting change button besides any authorization field you will need to select the Organization criterion which needs to be maintained here. Note that only one Org Criterion can be maintained in one instance of S_TABU_LIN object.

• How to change the Access for Database views

  Hello Experts,
  My requirement is to copy the records of a standard database view BDCPV (which is a combination of BDCP & BDCPS) to a custom view and then compare the records with a new table BDCP2.
  I copied the BDCPV view to a table and used the custom view in the program. While executing the program, I'm getting an error message like "The database view <View Name> is write protected, so it cannot be changed".
  I'm unable to change the Access under Maintenance Status Tab from Read only to "Read and Change". Could anyone help me how to resolve this issue".
  Also please share teh sample code if you have any for the above requirement. We are using it in a SP upgrade to one of the systems.
  Regards,
  Rajesh.

  Hi,
  Change the status in the given way.
  Choose Extras ® Maintenance status. A dialog box appears, in which you can select the maintenance status for the view. If more than one table is involved in the view, the maintenance status read only cannot be altered.
  Regards,
  Srinivas.

• How to make the Access Gate SDK work with Web Gate

  When we want control the display of one area in one page, we can define this area as one resource then control the access of it. But when the user has been authenticated in the application, how can we get the user session and then call Access Gate SDK to check if the user is authorized? The following is one utility class to archive it.
  * $Id: CreateUserAction.java,v 1.1 2005/10/11 23:19:34 jason Exp $
  * $Revision: 1.1 $
  * $Date: 2005/10/11 23:19:34 $
  * Copyright (C) 1972 - 2005, Oracle Co. All Rights Reserved
  * The program(s) herein may be used and/or copied only with
  * the written permission of Oracle Co. or in accordance with
  * the terms and conditions stipulated in the agreement/contract
  * under which the program(s) have been supplied.
  package oblix.view;
  import com.oblix.access.ObAccessException;
  import com.oblix.access.ObConfig;
  import com.oblix.access.ObResourceRequest;
  import com.oblix.access.ObUserSession;
  import javax.servlet.http.Cookie;
  import javax.servlet.http.HttpServletRequest;
  * @author zhoujian
  public class OblixUtil {
  private static String ObSSOCookie = "ObSSOCookie";
  private OblixUtil() {
  * Check if the user is Authorized
  * @param request
  * @param rescourceUrl
  * @return
  public static boolean isAuthorized(HttpServletRequest request,
  String rescourceUrl) {
  return isAuthorized(request, "http", rescourceUrl, "GET");
  * Check if the user is Authorized
  * @param request
  * @param resourceType
  * @param rescourceUrl
  * @param resourceMethod
  * @return
  private static boolean isAuthorized(HttpServletRequest request,
  String resourceType, String rescourceUrl, String resourceMethod) {
  try {
  ObConfig.initialize();
  ObResourceRequest resource = new ObResourceRequest(resourceType,
  rescourceUrl, resourceMethod);
  ObUserSession session = getObUserSession(request);
  return session.isAuthorized(resource);
  } catch (ObAccessException oe) {
  oe.printStackTrace();
  ObConfig.shutdown();
  return false;
  * Get the Oblix user session from the request.
  * @param request
  * @return
  * @throws ObAccessException
  private static ObUserSession getObUserSession(HttpServletRequest request)
  throws ObAccessException {
  String token = getCookieValueByName(request.getCookies(), ObSSOCookie);
  if (token != null) {
  return new ObUserSession(token);
  return null;
  private static String getCookieValueByName(Cookie[] cookies, String name) {
  for (int i = 0; i < cookies.length; i++) {
  if (cookies[i].getName().equalsIgnoreCase(name)) {
  return cookies[i].getValue();
  return null;
  }

  Couple of options. You seem have to taken the Access Gate based approach. I will throw this in any way and you can make a call which one you want to use.
  If its a web application you can control authorization based on Resource by defining policy in the Access Manager.
  You mentioned aout display of one area in one page. That should be driven off of User attribute or custom logic. If it is driven off of User attribute then you can return header variable and you can check in the code as opposed to writing custom access gate.
  Now if you do want to write custom access gate when the resource is already protected by a Web gate,
  you can get the ObSSOCookie from the users browser session.
  You can pass the URL to the IsAuthorized method and call.
  Now here you have to install the Access Server SDK on the server, create custom access gate and then write the code and deploy it on that server.
  THanks
  Ram

• How to make the Access Gate work

  have been following the developers guide to write an access gate. my application(simple html) is running on JBoss, want to protect this resouce using the access gate. JAccessGate.java is working fine however the access gate is not intercepting the resource request.
  how do i configure Jboss with the Access Server so that the Access Gate process the request.
  the servlet example isn't working ... constants.REQUEST isn't being recognised despite adding all the pkg's.
  it would be helpful if someone could share the steps to achieve this.
  that apart any idea about how the reverse proxy works ?
  thanks and regards
  Edited by: user642640 on Jun 6, 2009 4:14 AM

  Couple of options. You seem have to taken the Access Gate based approach. I will throw this in any way and you can make a call which one you want to use.
  If its a web application you can control authorization based on Resource by defining policy in the Access Manager.
  You mentioned aout display of one area in one page. That should be driven off of User attribute or custom logic. If it is driven off of User attribute then you can return header variable and you can check in the code as opposed to writing custom access gate.
  Now if you do want to write custom access gate when the resource is already protected by a Web gate,
  you can get the ObSSOCookie from the users browser session.
  You can pass the URL to the IsAuthorized method and call.
  Now here you have to install the Access Server SDK on the server, create custom access gate and then write the code and deploy it on that server.
  THanks
  Ram