How to restrict authorization for OBC4

Similar Messages

• How to restrict authorization for MMBE

  Hi,
  I need to restrict the authorization for t-code MMBE according to plant wise. Can anybody tell me about the procedure and authorization object used.
  Regards

  M_MATE_WRK Material Master: Plants is the object that is used to control teh display of data at plant level in tcode MMBE

• BASIS--to restrict authorization for a PO document type & 122 movement type

  Dear All,
  Plz guide me how to restrict authorization for a PO document type & for a movement type 122 i.e. for eg. if a user has authorization for PO document type IC then he should not be able to rum movement type 122 for any T-code he runs.
  Thanks in advance
  Arpit
  Basis

  Hi,
  Your request was not too clear to me.. As per my unde
  Here is some details of Authorization object related to Purchase Order:
  Document Type in Purchase Order( M_BEST_BSA )
  Purchasing Group in Purchase Order (M_BEST_EKG )
  Purchasing Organization in Purchase Order  (M_BEST_EKO)
  Plant in Purchase Order  (M_BEST_WRK )
  Document Type in Outline Agreement (M_RAHM_BSA )
  Purchasing Group in Outline Agreement (M_RAHM_EKG )
  Purchasing Organization in Outline Agreement ( M_RAHM_EKO )
  Plant in Outline Agreement ( M_RAHM_WRK )
  This can be helpfull to you to restrict authorization to PO..
  In Organization Level, it can be restricted by Purchasing group, Purchasing organization and plant..
  Regards,
  Sandip

• !!!How to restrict user for making  changes in Sales order , partner level

  Hi all,
  Can anybody tell me how to restrict user for making  changes in Sales order  at partner level, is it through user exit?

  Hi Ruchi
  I hope u had gone to the screen fields which u want them not to be editable. So there u select all the fields contents which u do not want to to be changed and check the boxes with W.content and Display and save it. Once evrything is done u have to activate the particular transcation going in to the standard variants and put the name and click the activate button.
  Hope its clear
  Reward if help ful
  Sri

• How to give authorization for create and change particular Condition Type

  Hi...
     In my requirement is , Only one user can be authorized to create and change a particular condition type 'ZABC' in vk11 and vk12 .
  For remaining condition type can be used as in normal .
  How to do this ? How to give authorization for a particular user for particular condition type ?
  Plz guide me ..
  Thanks in advance .
  Deepa .

  Hi Deepa ,
  u can check A.Object V_KOND_VEA, in user profile u can assign condition type or tables.
  have a word with ur basis guy , so he can help u in better way.
  aand also ref FM SD_COND_AUTH_CHECK
  Regards
  Prabhu

• To restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.

  Hi,
  We have  a requirement where we need to restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.
  Presently we can restrict authorization at Purchasing organization level but not at Plant level.
  Any pointer please!
  Regards,
  Chetan

  First of all, this is not the right forum to post such a question.  Coming to the requirement, this can be achieved by creating a role in PFCG where you can restrict plant and assign this role to each user id.  Your basis team can do this.
  thanks
  G. Lakshmipathi

• How to Control authorization for users with certain status for level 2 WBS Element

  Dear All,
  Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
  Pre-requisite:
  There is only 2 level of project i.e.
  Lev_ WBSE_______Description
  1___ 7-14.E_______summay outage controller
  2___ 7-14.E.2310__ Plant/unit # 2310
  2___ 7-14.E.2310__ Plant/unit # 2220
  Project Controller  (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
  Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
  User ID_ Plant #
  123345_ 2310
  122455_ 2220
  Issue:
  After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
  Solution required: 
  Can any one tell how to control this scenario either by standard or enhancement available to control authorization
  BR
  Saqib Usman   

  Hi,
  Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
  Thank you and regards,
  Varshal Kachole
  The SCN Rules of Engagement

• Restrict authorizations for loads from HR to BW for certain data

  Hi,
  our customer wants protect some data in the HR productive system. This data are defined/restricted by certain personal areas.
  It is not enough to use reporting authorizations in BW to restrict presentation in queries or use filters in infopackets during load to avoid this data.
  The requirement is to make load of such data from HR to BW absolutely impossible, even BW administrator cannot see them and must not be able to load them.
  We will probably have to somehow limit ALEREMOTE users authorizations in BW. I do not know how and I even doubt, that extractors in HR source system perform authorizations checks for fields.
  Is there any way to do this?
  Thank you very much,
  Petr

  Hi Petr,
  Create a general enhancement program (restricted authorization) with generic name, which should be called dynamically for every datasource.
  Refer-
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/2d99121a-0e01-0010-e78c-b1ae566a2413?overridelayout=true
  Not personally tested but check following.
  In that program, you may try applying following logic:
  1) You may need to use TYPE ANY field symbols
  2) In While Loop until all fields of C_T_DATA checked, may be a counter based on total number of fields.
      DELETE C_T_DATA where <TYPE_ANY1> EQ (OR use IN) specific value(s) of Personnel Area
      DELETE C_T_DATA where <TYPE_ANY1> CS (Contains, check pattern) specific value(s) of Personnel Area
  ENDWHILE.
  Optionally: For Standard Daatsources in the same program you can add logic based on standard field only "WERKS".
  Note: You may need to research on dynamic pointing using field symbols for every field.
  Thanks
  Arun Purohit

• Restricting Authorizations for GL Account

  Hi
  We have created 2 profit centers in our company code (Profit Center 1000 and profit center 2000). User for both the profit centers are different. User1 is responsible for profit center 1000 and user2 is responsible for profit center 2000.
  There are 5 bank accounts and we create separate GL accounts for the all 5 bank accounts. (1 main bank account and 2 sub accounts).
  Out of 5 bank accounts, 3 bank accounts pertains to profit center 1000 and 2 bank accounts pertains to profit center 2000.
  But by mistake user2 posts in bank of profit center 1. So i want to restrict the access of GL accounts of profit center 1000 to user2 and vice a versa. Please tell me how we can restrict the authorizations.
  I tried with some field as "authorization group" in GL master data - FS00. But i am unable to use it properly. Please help me and let me know how to use "authorization group" in GL master data - FS00.

  Hello,
  If it is a matter of authorization. the Atif's answer is right.
  If it is a mater of validation.
  To restrict G/L Account(s) with Profit center(s)
  You need to use GGB0 Validation in Accounting Documents.
  then you need to activate it through this path:
  SAP Customizing Implementation Guide - Financial Accounting (New) - Financial Accounting Global Settings (New) - Tools -Validation/Substitution - Validation in Accounting Documents.
  Note event is very important you can make it on line item level
  Regards,
  Edited by: Tarek Elkiki on Dec 11, 2011 10:51 AM

• How to create authorization for WAD in bw 3.5??

  Hi all,
  I would like to create a authorization for the WAD(web templates in bw 3.5) i cant find any authorization object for the WEb templates.
  I have included the Wad in the menus in the PFCG but still it is of no use.
  Can any one guide me how to carry out authorisation for WAD in bw 3.5 ?
  Thanks
  Pooja

  Please refer to below thread:
  BEx Web Application Designer Tool  with OLD Version 3.5
  I am sure for 7.0 and above S_RS_TOOLS object can provide the restriction.

• How to set authorization for BW Workspace in backend and Portal ?

  Hello Expert,
                       I have developed one BW Workspace in development environment . I have some query regarding BW workspace authorization for access in portal . Some of the queries are as  follows:
  1) How many composite provider we can build up inside of one workspace that we can go by Tcode ---RSWSPW ?
  2) After activating the workspace it shows in RSWSPW ,but this workspace/composite provider will be available in Info Area(in RSA1) or some area else from where we can see this ?
  3) Now our requirement is like that -- we have to provide some workspace for SD power user ,Finace Power user & Marketing Power users, in this situation how can we put authorization in bw workspace like SD power user should not see the FI Power user's & Marketing Power user's Workspace rather than his own workspace ?
  4) In our requirement, we are going to produce some bex query on top of bw worksapce composite provider . For creating this query ,we searched provider by puting provider name directly in serach option , but is there any option to search the bw worksapce related composite provider by putting info area name in query search ?
  5) In another senerio, we gone to create BO AA OLAP report on top of bw workspace composite provider but in source option we cant see the provider ,infact we could not search the composite provider in search option in source selection ----   do i need to navigate any step in compostie provider to make it enable for BO AA OLAP creation on top of composite provider ?
  Expecting and appreciating your guidence and suggestion asap .
  Thanks & Regards,
  Surajit Pal

  Hello Expert,
                   Do you have any idea regarding below questionaries about BW Workspace ?
  1) How many composite provider we can build up inside of one workspace that we can go by Tcode ---RSWSPW ?
  2) After activating the workspace it shows in RSWSPW ,but this workspace/composite provider will be available in Info Area(in RSA1) or some area else from where we can see this ?
  3) Now our requirement is like that -- we have to provide some workspace for SD power user ,Finace Power user & Marketing Power users, in this situation how can we put authorization in bw workspace like SD power user should not see the FI Power user's & Marketing Power user's Workspace rather than his own workspace ?
  4) In our requirement, we are going to produce some bex query on top of bw worksapce composite provider . For creating this query ,we searched provider by puting provider name directly in serach option , but is there any option to search the bw worksapce related composite provider by putting info area name in query search ?
  5) In another senerio, we gone to create BO AA OLAP report on top of bw workspace composite provider but in source option we cant see the provider ,infact we could not search the composite provider in search option in source selection ----   do i need to navigate any step in compostie provider to make it enable for BO AA OLAP creation on top of composite provider .
  Appreciating your early responds and thanks in advance .
  Regards,
  Surajit

• How to restrict data for selection

  Hi, folk,
  I've faced with the following issue.
  I have set of items. There are, for example, income items and expense items.
  Items are distinguished by value of attribute.
  According to business process, planning for income and expense items is quite different. Due to this reason I've created two planning folders to process ones.
  Item was placed into header of planning format.
  Before planning I should select item. More over, for income planning I should select item from income subset.
  So, how to based on value of attribute I can restrict items for selection in the planning folder.

  Easier impossible,
  Rather than using a variable of type attribute I would use an variable of type exit.
  The exit returns the full list of item in income or expense. (This depends on another variable, that could be a simple digit base or based on some other infoobject).
  The variable should be assigned to your level and also available in the planning folder for selection.
  The user will see the full list values and select the one he nedes to plan.
  I hope it's clear.
  Cheers,
  Alberto

• Restrict authorizations for payment item transaction

  Hi All,
  This is regarding authorizations for a banking system.
  The requirement is the users need to be restricted for the following transaction based on the Bank Posting Area or the contract managing unit.
  BCA_PAYMITEM_CREATE
  When the user goes to create payment item the user should be allowed to enter an account which has been created with the contract managing Unit ZSUM007 or Bank Posting area ZSUM. The user should not be allowed to go in for any other values of contract managing unit and Bank Posting Area
  BCA_PAYMITEM_MAINTN
  The user should be allowed to enter an account which has been created with the contract managing Unit ZSUM007 or Bank Posting area ZSUM .The user should not be allowed to go in for any other values of contract managing unit and Bank Posting Area.
  I checked the transactions in SU24 and found only authorization object S_TCODE associated with the transcations BCA_PAYMITEM_CREATE and BCA_PAYMITEM_MAINTN.
  Can someone please suggest a way to acheive this.
  Regards,
  Thamarai.

  Hi Shiva,
  I tried assigning the org unit using PFCG ORGFIELD CREATE.
  Now the org unit in pfcg shows Org. level Contract-Managing Organizational Unit (Encrypted) but there is no coresponding field in the authorization objects in the role.
  Can you please help since the project is very critical.
  Regards,
  Thamarai.

• Restricting Authorization for a specific Info-object

  Dear All,
  I have a scenario where I have to restrict the account managers by specific channels.
  I have 2 info-objects, Sold-to party and Sales Channel. Sales Channel is defined as attribute of the the Sold-To Part info-object.
  I was exploring the BI authorizations concept in SCM 2007.
  I created a authorization called "Test" and assigned the info-object Sales Channel in the authorization and restricted it for one value. This authorization along with 0BI_ALL I have added to the role under BI authorizations.
  However in interactive demand planning, I cannot restrict by the sales channel. It allows me to load data for all the channels.
  If I remove 0BI_ALL object, then I cannot load anything in interactive planning.
  Does anyone have a step by step proceedure for using the BI authorization concept?
  Regards,
  Kedar

  Yes, 0TCAACTVT (activity), 0TCAIPROV (InfoProvider) and 0TCAVALID (validity) have to be made authorization relevant. For the info objects you want to use to control security, also make them authorization relevant in RSD1, imagine the object you want relevant is ZZ_VKORG (sales organization).
  Then use RSCEADMIN transcation and 0BI_ALL will include the objects from above, copy 0BI_ALL into a object such as Z_1000 and then change the value for the specific info object that you want to control, imagine that you want sales org 1000 only to be allowed within Z_1000.
  Now, you have 2 choices: You can use the normal security maintenance (SU01, PFCG) and you can asssign RSRS_AUTHBIAUTH and set BIAUTH requal to Z_1000 or you can use user maintenance directly within RSCEDAMIN and assign Z_1000 to the user. Either way, it becomes part of the authorization of the user.
  You may find that you need to introduce colon authorization concept ( for mixed levels of data and that is just a matter of adding a second line to the allowable values and setting it like "EQ :".
  Things to consider:
  1. This authorization concept is water tight and will do everything you need, but will do at the expense that if you don't model it first, you will kill yourself trying to make it right. This becomes evident when you trace a security issue (via RSCEADMIN) because the way BI7.0 works is that it will build a minimized superset of authorizations, so it is best to know where you want to get to, rather than starting off by where you know you need to go.
  2. To control change or display mode, you will need to influence 0TCAACTVT, even though you might think to use C_APO_SEL3 for ACTVT, the BI7.0 concept works within the BI space and 0TCAACTVT doesn't impact it.
  3. If you activate more info objects, 0BI_ALL will get updated automatically but your custom  authorization objecst will not. So, it is best to activate them all at the same time so that you don't have to manually change them.
  4. Do the work in development and transport it to the TEST/QA/PROD environments, there are transprt tools within the RSCEADMIN.
  This is probably enough to get you going, reply back if you have specific questions or issues.
  I've been thru this in a painful way, sometimes the best things learned are learned the hard way

• How to remove authorizations for a particular transaction

  Hi,
  I have an SAP_ALL authorisation for a user. I need to remove authorization for a particular transaction (FK01) for this particular user.
  How do i make that.

  Hi Marcus ,
  u can remove authorization Objects for a given tcode ,but what i am thinking is SAP_ALL will get ride of this child objects , may be i am wrong.
  But what i am saying is check that are the authorization which are required to run FK01/XK01 and remove them from that Role .
  2.Otherwise check for Object S_Tcode and remove FK01 and XK01.
  Regards
  Prabhu