How to restrict / limit users NOT to view a particular type of costs !
Hi,
EBS - R12.1
One of the requirements from our client is that, they want to cost employee salaries onto Projects (as overheads).
Now, how to limit/restrict visibility (view) of these costs to all users (except PM).
I mean, can we restrict a particular type of costs to everyone except PM.
Please let me know.
Thank you,
Vish
Hi
Here is the explanation from Oracle Help:
Project and Labor Cost Security in Oracle Projects
Oracle Projects provides three levels of project-based security to protect data ownership and sensitivity in relation to a given project or project template. For each level of security, Oracle Projects enforces default business rules depending on an employee's relationship to a project, as illustrated below:
Action Key Member Cross- Project Other Users
Query project information YES YES YES
Update project information and perform functions on a project YES YES
View labor costs of detail expenditure items (@) YES YES
(@) Only if the user's project role type is configured to view labor costs.
You can override the default logic or add additional security criteria via the Project Security Client Extension. For a detailed description of the project security extension, see: Project Security Extension.
Key members are responsible for the management and administration of the project to which they are assigned. Each key member is assigned a project role type, which describes the type of role that the employee has on the project. Project role types include Project Manager and Project Administrator. You define whether each role type can view labor costs online and in reports.
Cross-project users can view expenditure details and update information for any project, even if they are not assigned as a key member to the project. Cross-project users log in to Oracle Projects under a cross-project responsibility. You define an Oracle Projects responsibility as a cross-project responsibility by setting the PA: Cross-Project Responsibility profile option value to Yes.
View Labor Cost Allowed
This level of security determines whether or not you can view labor costs (both raw and burdened). The default business rule in Oracle Projects is that you may view labor costs if you are:
### A key member for the project and your project role type allows you to view labor costs
### A cross-project user
If you are not permitted to view labor costs, the amount is not shown in the form field; that is, the field will be blank.
Dina
Similar Messages
-
How to restrict the users not to change receiving batch no. in 305 mov.type
Dear MM Guru,
We are using mov.type 303 & 305 for transferring the materials from one plant to another plant. t.code is MB1B (Non split valued item)
While receive the goods through 305 mov.type the user having the chance to change the receiving batch number. To control this changes, is there a way where we can restrict the users not to do the changes in receiving batch no. or can we do the GR with reference to the material document 303 mov.type.
Regards,
SivanandanHi,
Generally there is a possibility to change the batch no. If you want to restrict it means go for enhancement. Use BADI to acheive this.In MB_MIGO_BADI you can set not to change the batch no. Hope it works. Thanking you. -
How to Restrict a user to a access a particular table
HI ,
how to restrict an user to a one particular table and he should have only dispaly authorization for that , can anyone suggest me how to do this.Hi,
Is it a standard table ? S_TABU_DIS (Client Dependant) and S_TABU_CLI (Cross client) are the the authorization objects that controls table maintenance. With Authorization group and activity 03, you can give user access only to Display.
You can look at table TDDAT to find the authorization group of the table. If it is a custom table for which original t-code is SM30 ( You can look at SU24 to verify that) and it does not have authorization group assigned to it, then you can ask your developer to assign authorization group to the table using t-code SE54. then again make use of S_tabu_dis with activity 03 and Auth group as designed to restrict access.
Also something to look for is Note 1481950 - New authorization check for generic table access using new auth object S_TABU_NAM. Remember Bernhard talking about it.
Edited by: Nishant Sourabh on Oct 1, 2010 8:13 PM -
Restriction for users NOT to viewa particular table/Infotype..
Hi All,
We have a requirement where employee's salary details need to be uploaded into the SAP HR database.
But in our scenario, someof our consultants have Production login and can access SE16 Tcode to view the database table entries.
Now since we need to upload the salary details into an Infotype, this infotype should not be made accssable to the consultant logins. In the meanwhile, the logins should not be restricted to user SE16 Tcode.
Hence can we put a restriction, so that these consultants can not view the particular infotype which as salary details?
They should be given access to browse SE16. But at the same time, they should not be allowed to browse PAXXXXX Infotype which contains SALARY details..
How to handle this kind of problems????
Regards
PavanHi All,
I have got a response from another user as follows. But can anyone explain me how exactly move ahead....???
We have recently dealt with a similar scenario.
What we have done is we have used the authorization object S_DEVELOP with OBJTYPE TABL(means table access).
Unfortunately we could not find a way to exclude one or several tables from selection.
Thus we have given two intervals to OBJNAME field.
First interval starts from the very first table in the system /1CN/AMFSAPH1FDT (please check your system for this) to the table just before the one we are trying to restrict (P593R).
Second interval starts from the first table after the restricted one (PABASN) to the last table in the system(ZZXXX) (please check your system for this).
In the solution above we had restricted access to all PAXXXX tables.
Regards
Pavan -
How to restrict some users from viewing a screen of standard transaction
Hi All,
I need to restrict certain user ids from viewing the 'Payment Transactions' screen for the below mentioned transactions.
FK01, FK02, FK03, MK01, MK02, MK03, XK01, XK02, XK03
The Basis consultant has tried to configure it. However its not working. So need to find other solution.
For all transactions other than FK01, MK01, XK01 (create vendor), the BAdi GOS_SRV_SELECT is called before the payment transaction screen appears. But for transactions FK01, MK01and XK0, no such BAdi is there.
Also I'm not able to figure out how to restrict that particular screen using Badi GOS_SRV_SELECT. What will be the service name for this?
Please help !!!
Thanks in advance,
Radhikahi,
u can do this using user exits.
identify the appropriate exit for ur transaction and thn put condition like
if username = ...
loop at screen.
hide..
endloop.
i was just trying to give u some hint .make it to ur best.
reward if hlpful. -
How can i restrict a user not open more than 3 sessions in database
how can i restrict a user not open more than 3 sessions in database.For this i have already create a profile and set CONCURRENT_SESSIONS=3 and assing that profile to user but the problem is there.
You will simply need to use the following parameter in your CREATE PROFILE syntax.
CREATE PROFILE normal_user
LIMIT SESSIONS_PER_USER 2;
but the resource limits set for a profile are enforced only when you enable resource limitation for the associated database.
you could do this either by having an initialization paramater which will invoke as soon as the database starts or try using ALTER SYSTEM command -
How to restrict the user in MIRO for not modifying price
Hi All
My requirement is How to restrict the users in MIRO screen for not modifying Material Prices of only the for specific ROH types .
For example :
Valuation class RM description
3021 RM - A
3022 RM - B
3024 RM - C
when ever we procure the above Raw materials A,B and C and
the Quantity of each Raw material @ 10 units and value @ 1 INR for each unit
RM - A procured qty 10 @1 total price is INR 10
RM - B procured qty 10 @1 total price is INR 10
RM - C procured qty 10 @1 total price is INR 10
total price of PO is INR 30
when we received invoice material prices are assume it INR 1 is excess for each material.Now the invoice price for each RM has become INR 11.
in MIRO we want restrict the user to change the price from INR 10 to 11.
suggest the best possible ways to restrict in MIRO screen
Thanks & Regards
MalaDear:
Take help of ABABPER fo implement exit using INVOICE_UPDATE or MRMH0003 Logistics Invoice Verification: Revaluation/RAP exit. If this does not help then seek help of MM functional who will help you to find exit for the required task.
rEGARDS -
How to restrict the user(Schema) from deleting the data from a table
Hi All,
I have scenario here.
I want to know how to restrict a user(Schema) from deleting the values from a table created in the same schema.
Below is the example.
I have created a table employee in abc schema which has two values.
EMPLOYEE
ABC
XYZ
In the above scenario the abc user can only fire select query on the EMPLOYEE table.
SELECT * FROM EMPLOYEE;
He should not be able to use any other DML commands on that table.
If he uses then Insufficient privileges error should be thrown.
Can anyone please help me out on this.Hi,
kumar0828 wrote:
Hi Frank,
Thanks for the reply.
Can you please elaborate on how to add policies for a table for just firing a select DML statement on table.See the SQL Packages and Types manual first. It has examples. You can also search the web for examples. This is sometimes called "Virtual Private Database" or VPD.
If you have problems, post a specific question here. Include CREATE TABLE and INSERT statements to create a table as it exists before the policies go into effect, the PL/SQL code to create the policies, and additonal DML statements that will be affected by the policies. Show what the table should contain after each of those DML statements.
Always say which version of Oracle you're using. Confirm that you have Enterprise Edition.
See the forum FAQ {message:id=9360002}
The basic idea behind row-level security is that it generates a string that is automatically added to SELECT and/or DML statement WHERE clauses. For example, if user ABC is only allowed to query a table on Sunday, then you might write a function that returns the string
USER != 'ABC'
OR TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'So whenever any user says
SELECT *
FROM table_x
;what actually runs is:
SELECT *
FROM table_x
WHERE USER != 'ABC'
OR TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'
;If you want to prevent any user from deleting rows, then the policy function can return just this string
0 = 1Then, if somone says
DELETE employee
;what actually gets run is
DELETE employee
WHERE 0 = 1
;No error will be raised, but no rows will be deleted.
Once again, it would be simpler, more efficient, more robust and easier to maintain if you just created the table in a different schema, and not give DELETE privileges.
Edited by: Frank Kulash on Nov 2, 2012 10:26 AM
I just saw the previous response, which makes some additional good points (e.g., a user can always TRUNCATE his own tables). ALso, if user ABC applies a security policy to the table, then user ABC can also remove the policy, so if you really want to prevent user ABC from deleting rows, no matter how hard the user tries, then you need to create the policies in a different schema. If you're creating things in a different schema, then you might as well create the table in a different schema. -
How to restrict the user from making any changes in Sales order- item level
Hi to all
How to restrict the users from making any changes in sales order at item level if the same sales order is released by senior user through status profile.
Regards
Anish Parikh
Edited by: anish parikh on Jan 24, 2008 5:16 AMHi Anish,
This can be achieved through the roles and authorization.
This can be done through the basis team. they can create user profiles and roles.
For the roles they assign some transaction codes so that they can view the only assigned tr. codes.
Like that ur requirement can be done.
Also u can prevent the user to change any fields in the sales order screen (VA02). for that please modify the authorisations.
Hope i answers.
Reward points if useful.
Edited by: kaleeswaran bhoopathy on Jan 24, 2008 9:57 AM -
How to restrict the user for re-submitting the same form
Hi All,
I would like to know, How to restrict a user for re-submitting the same page.
I have a jsp page with submit button... and should not allow the user to save the same data again ..
AnilTry the followings. If user disable cookies, this will not work. You need to modify to detect such situation!
String processed = "mycooke";
Cookie[] cookies = request.getCookies();
Cookie c = null;
if (cookies!=null) {
for (int i=0; i < cookies.length; i++) {
if (cookies.getName.equals(processed)) {
c = cookies[i];
break;
if (c!=null) {
// already processed.
// send error message and exit.
// set cookie;
c = new Cookie(processed , "yourdata");
c.setMaxAge(-1);
response.addCookie(c);
// process as it is the first; -
How to restrict the user to enter only numeric values in a input field
How to restrict the user to enter only numeric values in a input field.
For example,
i have an input field in that i would like to enter
only numeric values. no special characters,alphabets .
reply ASAPHi Venuthurupalli,
As valery has said once you select the value to be of type integer,once you perform an action it will be validated and error message that non numeric characters are there will be shown. If you want to set additional constraints like max value, min value etc you can use simple types for it.
On the project structure on left hand side under local dictionary ->datatypes->simple types create a simple type of type integer
The attribute which you are binding to value property ;make its type as simple type which you made
Hope this helps you
Regards
Rohit -
How to hide ribbon from all item view for particular user group
hi friends
how to hide ribbon from all item view of particular list for specific user group.
using OOB functionality or javascript.Hello,
Use this codeplex tool to hide ribbon to user group:
http://spribbonvisibility.codeplex.com/
If you don't want to use above tool then you have to add SPSecuritytrimming in "Rajiv Kumar" code for filtering based on user group permission.
http://www.topsharepoint.com/hide-the-ribbon-from-anonymous-users
Hope it could help
Hemendra:Yesterday is just a memory,Tomorrow we may never see
Please remember to mark the replies as answers if they help and unmark them if they provide no help -
How to restrict the st loc list applicable to particular plant mm01
Hi,
While creating material master user after selecting a particular plant user sees all the storage locations available in the system.How to restrict the storage location list applicable to particular plant while material creation
Best Regards,
BMHi,
As Mahesh said , you need to put validation there, please contact your development team for this.
Though you are able to see all storgae location you are not able to create the material master, it throws as error if you select incorrect storage location which is not maintained for that particulare plant.
It gives an error message
Entry Plant SL does not exist in T001L (check entry)
So user will not be able to create material master for improper plant SL combination.
Thanks,
Ravi -
How to restrict a User to access only 2-3 views in MM01/MM02 ???
Hi,
Can anyone tell me how can I restrict a User to access only 2-3 views in MM01/MM02 and also the User should not be allowed to change the View selection by clicking on the Select Views button ?.
Regards,
LuckyHi Prashant,
Can this only be done through changes in Authorization Objects ? Is not there any setting which can be done in SPRO for this ?
Hi Sheshagiri,
I could not exactly understand how the access to MM Views can be restricted to User through TCode OMT3B i.e. in SSeq. 01 and Screen 07 ? Subscreen 2154 is for Mat. Groups ? Please explain your answer in detail.
Regards,
Lucky -
How to restrict end-user from not using certain movement-types in MB1B
Dear Gurus,
My client wants that end user has access to only particular movement types in MB1B.i.e only to 311 and 412,421E.
They do not want any other movement types to be access by end-users in MB1B
How to go about this requirement?
Thanks in advance
Regards
Ram
Edited by: RAMKUMAR WARIYAR on Jun 27, 2009 2:14 PMhi,
This is possible you can restrict and allow user for movement type which they can do through any t code.
Contact yours BASIS consultant for that
Regards,
Vishal
Edited by: VS on Jun 27, 2009 5:46 PM
Maybe you are looking for
-
my iphone 4 i bought was jailbroken to ios 6.0.1 redsn0w but i tried to restore the iphone and now it keeps saying connect to itunes but when i connect and try to restore an "unknown error" occurs and it will not boot up whatsoever. please help!
-
How do i change songs from mp4 to mp3
Hi i hope some can help because i'm getting stressed out. I new to i tunes and have recently bought some music from i tunes store. I am trying to copy them to cd which as intrustions tell you how too, but when i try to play the cd it wont work beacus
-
Parameter event - to be set according to EWA report
Good day fellas, I have a problem on my EWA report : event 10027 trace name context forever, level 1 10028 trace name context forever, level 1 10142 trace name context forever, level 1 10183 trace name context forever, level 1 10411 trace nam
-
I realize that appending to a text file has been covered on a few other discussions, but I am new to JSP and I am in dire need of assistance. What I am trying to do is append to a text file a tab delimited string that is coming from a form submission
-
[SOLVED] Network Manager Applet
One of the things I got used to from Ubuntu is the network manager applet, which allows managing connections with ease. As instructed in the Wiki, I tried installing it with the following commands: pacman -S networkmanager pacman -S network-manager-a