How to restrict payroll users from viewing IT0002 or other personnel data?

Similar Messages

• How to restrict some users from viewing a screen of standard transaction

  Hi All,
  I need to restrict certain user ids from viewing the 'Payment Transactions' screen for the below mentioned transactions.
  FK01, FK02, FK03, MK01, MK02, MK03, XK01, XK02, XK03
  The Basis consultant has tried to configure it. However its not working. So need to find other solution.
  For all transactions other than FK01, MK01, XK01 (create vendor), the BAdi GOS_SRV_SELECT is called before the payment transaction screen appears. But for transactions FK01, MK01and XK0, no such BAdi is there.
  Also I'm not able to figure out how to restrict that particular screen using Badi GOS_SRV_SELECT. What will be the service name for this?
  Please help !!!
  Thanks in advance,
  Radhika

  hi,
  u can do this using user exits.
  identify the appropriate exit for ur transaction and thn put condition like
  if username = ...
  loop at screen.
  hide..
  endloop.
  i was just trying to give u some hint .make it to ur best.
  reward if hlpful.

• How to restrict the user from making any changes in Sales order- item level

  Hi to all
  How to restrict the users from making any changes in sales order at item level if the same sales order is released by senior user through status profile.
  Regards
  Anish Parikh
  Edited by: anish parikh on Jan 24, 2008 5:16 AM

  Hi Anish,
  This can be achieved through the roles and authorization.
  This can be done through the basis team. they can create user profiles and roles.
  For the roles they assign some transaction codes so that they can view the only assigned tr. codes.
  Like that ur requirement can be done.
  Also u can prevent the user to change any fields in the sales order screen (VA02). for that please modify the authorisations.
  Hope i answers.
  Reward points if useful.
  Edited by: kaleeswaran bhoopathy on Jan 24, 2008 9:57 AM

• How to restrict the user from accessing other screens before submittingdata

  Hi All,
    I have some screens developed in Webdynpro ABAP and all these have been linked to Portal as pages. In Portal If i click on the link in detailed navigation i can see the corresponding screen on the right side. Now in one screen i have to input some data and submit the data, Now my problem is if i enter some data and before submitting the data if i click on any other link in the detailed navigation, that corresponding screen is opening and all the data of the previous screen is lost.
  Can any one suggest me, how can i restrict the user from accessing other screens before submitting the data of that screen from portal perspective.

  Hi Prasanna,
  The pages can be restricted from the user access by using the ACL permission or you can restrict the page by making invisible in navigation area which you do not want to show to the user . Open the page properties and select navigation category in the drop down and select the Invisible in navigation area property to yes.By default this property is No.Change the property for all pcd pages which want to hide from user access.
  Hope this helps you...
  Regards,
  Rudradev Devulapalli
  Reward the points if helpful....

• How to restrict a user from deleting a PO

  Dear All,
  I have to restrict some users from deleting a line item in PO. They will be authorised to create & change the PO but they must not be able to delete the line item.
  Further it would be more helpful if it is possible to restrict them from deleting one perticular type of  PO(ex-Capex PO). They can change a capex PO but can not delete it.
  Any of the answars will be highly appreaciated.
  Regards
  Rutabhadra Panda

  Hello,
  Speak to your basis guy, put if you have created Capex PO as a particular document type, then maintain authorisation object M_BEST_BSA (Document Type in Purchase Order) and activity 06 delete.
  You may find that delete is still possible through activity 02 change, so you might need to maintain different roles depending on what you need.
  Thanks.

• How to restrict a user to view the file from web URL

  Hi,
  I want to restrict any user who are trying access any js file or any client side file from web URL.
  For eg. if user put www.test.com/js/sample.js in browser then he will able to view the code.
  Is there any way to restrict the same.
  Please suggest.
  Any suggesion.
  Thanks In Advance
  Manoj
  Edited by: user12780476 on Dec 28, 2011 12:18 AM

  Does the javascript file is really a private resource?
  Assuming it is a private resource, here are the few things you can do :
  1. Don't put it into document root at all.
  2. Put it in a location where access is denied e.g.
  /mydocs/private/
  <If uri =~ '/private'>
  PathCheck fn="deny-existense"
  </If>
  3. Use access control list (acls) to deny access to private resources.
  4. Use <If> else around send-file SAF e.g.
  <If uri !~ "*.js">
  Service fn="send-file"
  </If>
  5. Use htaccess to deny access to those resources.
  So it all depends on what you really want to achieve.

• How to Restrict the users from changing the Default variant of report.

  Hello everybody,
  The requirement is to restrict the users to save and overwrite  the default layout variant (Layout for higher managenet)set for the report, but at the same time they should be able to change and save the other layouts for which they are having access.
  I have written the logic in the program which is working fine for all the scenario when we execute the report. But the logic doesnt work if the user is selecting the layout on the output screen of the report.
  for e.g if the user runs the report using the layout varaint for which he is having the authorization then he gets the all 4 options so he then he can select the layout for which he is not authorized and he can overwrite.
  i have debugged and check as i have found that after the report output is shown all the layout paramater is controllled by the statndard SAP objects.
  Can anyone help me out in this issue.
  Thankyou in advance.
  *to get the default layout variant.
    w_save = 'A'.
    if p_vari is initial.
      clear disvariant.
      disvariant-report = sy-repid.
      w_variant = disvariant.
      call function 'REUSE_ALV_VARIANT_DEFAULT_GET'
        exporting
          i_save     = w_save
        changing
          cs_variant = w_variant
        exceptions
          not_found  = 2.
      if sy-subrc = 0.
        p_vari = w_variant-variant.
      endif.
    endif.
  *logic to check user authorization to change the layout setting.
    if p_vari = c_layout.
      if not sy-uname is initial.
        select single * from agr_users
                where agr_name = c_role
                and   uname    = sy-uname.
        if sy-subrc = 0.
          w_save = 'A'.
        else.
          w_save = ' '.
        endif.
      endif.
    endif.
  Regards,
  Satish.

  Hi Maine,
  Thanks for your reply.
  As you mentioned for your own program, you can control the parameter "I_SAVE", when calling "REUSE_ALV_GRID_DISPLAY".
  so already i have use the same logic and control the parameter through I_SAVE and here i am calling method ALV_GRID->SET_TABLE_FOR_FIRST_DISPLAY instead of "REUSE_ALV_GRID_DISPLAY".
  and it works fine when we execute the report but the logic doesnt work when the user tries to change and save the layout variant on the output screen of the report.
  Regards,
  Satish

• How to restrict the user from Closing the PO when it is not matched yet

  Hi,
  Actually PO is finally closed in lines level without matching. Now the problem is how to restrict this in future so that the user can not finally close it when it is not matched.
  Thanks
  Kavya

  Kavya,
  Check the setup of Line Type . Check for Receipt Tolerance on the Line Type . It should not be 100%
  Please let me know if you have any questions
  Thanks
  Navin

• How to restrict two employees from viewing each others' activities in a particular account?

  Dear Experts,
  I have a scenario here and request your kind input to bring a solution to it.
  I have two sales org. in one company. One is SO1 and other one is SO2. I want to restrict the sales employee of SO1 and SO2. Both of them are working in the same national account. I don’t want the SO1 sales employee to see what the SO2 sales employee does in that particular account; and the vice versa. So, it’s just restricting the view of particular account for both of them. Is it possible in CRM? If yes, how do you do that?
  Looking forward to the right solution.
  Thanks & Regards,
  SMTP

  Hi SMTP,
  This can be done by using authorization profiles. Here we need to crete two Authorization objects separately such a way that each of them should be allowed to one sales organization. And then assign these Authorization objects to users, based on their sales organization(Your requirement).
  You need to reach your Basis Consultant and explain the scenario.Basis people can easily do this.
  Thanks & Regards
  Ravi

• How to restrict end-user from not using certain movement-types in MB1B

  Dear Gurus,
  My client wants that end user has access to only particular movement types in MB1B.i.e only to 311 and 412,421E.
  They do not want any other movement types to be access by end-users in MB1B
  How to go about this requirement?
  Thanks in advance
  Regards
  Ram
  Edited by: RAMKUMAR WARIYAR on Jun 27, 2009 2:14 PM

  hi,
  This is possible you can restrict and allow user for movement type which they can do through any t code.
  Contact yours BASIS consultant for that
  Regards,
  Vishal
  Edited by: VS on Jun 27, 2009 5:46 PM

• How to restrict end user from modifying/saving the workbook?

  <Moderator Message: As you deleted my comment in this thread by editing it again, I am locking it now>
  Hi,
  We have created few workbooks. The requirement is that the end user should not be able to modify or save the workbook. We tried using S_RS_Tools authorization object with "themes" in the Command ID. But this does not seem to solve our problem. Please suggest whether it is possible to enter any other value in this field to restrict access to the end user.
  We also tried including the following authorization objects with the corresponding values :
  1.S_GUI with the value Activity=60(import)
  2.S_USER_AGR with Activity = 03 and * in Role.
  3.S_BDS_DS with Activity = 03(display) and 30 ; Class Type = OT.
  4. S_USER_TCD with tcode = RRMX.
  But still the end user is able to modify the workbooks. (The end user must not be able to make changes to settings of any of the buttons in the design mode, must not be able to save the workbook).
  Please suggest the corrections required. Also kindly suggest if there are any other ways to resolve this issue <removed by moderator>.
  Your help is appreciated.
  Thanks.
  Edited by: Siegfried Szameitat on Nov 26, 2008 12:55 PM
  Edited by: suresh naidu on Nov 26, 2008 1:19 PM
  Edited by: Siegfried Szameitat on Nov 26, 2008 1:23 PM

  Hi,
  Only few people have authorization to create S.O. w.r.t. quotation (as in our case, sales ppl create quotation and Finance ppl create S.0., with reference to Quotation Only - T.Code: VTAA).
  Others have only authorization to View/ Display, VA03.
  Consult your Basis-Admin, he will create appropriate role & assign T. Code: va03 for list of user, provided by you.
  Best Regards,
  Amit.
  Note: You can't restrict anyone with T. Code: VA02, to change qty or price in Sales order, directly.

• How to restrict some Users from certain fund centers & commitment items....

  HI Experts
  I want to implement authorization in my FV60 and Fb60 tranactions, my Funds managment is active and i want to restric user in Funds Center and as well as some commitment item. I have some idea of Authorization group and after defining a Authorization group in customizing, i assigned Authorization group in fund center.and give its name in Authorization object in User roles. but still i am unable to achive correct control. by this way the system restrict every fund center.
  Can anyone help me out....Thanks in Advance
  Full point will be awarded...
  MAZ

  check tolerance groups for employees, are they excluded in the tolerance group?
  regards,

• How to restrict a user from using the transaction code SU01?

  How can I grant a profile to a user with the profile SAP_ALL except running the transaction code SU01?
  I know how to lock the transaction code using SM01 but is there any other way to do it.

  Go to S_TCODE
  Double click on it and give the combinations like        A*  -   X*
                                                                               SU00
                                                                               SU02 - Z*
                       Try this one definately it will work.

• How to restrict the user(Schema) from deleting the data from a table

  Hi All,
  I have scenario here.
  I want to know how to restrict a user(Schema) from deleting the values from a table created in the same schema.
  Below is the example.
  I have created a table employee in abc schema which has two values.
  EMPLOYEE
  ABC
  XYZ
  In the above scenario the abc user can only fire select query on the EMPLOYEE table.
  SELECT * FROM EMPLOYEE;
  He should not be able to use any other DML commands on that table.
  If he uses then Insufficient privileges error should be thrown.
  Can anyone please help me out on this.

  Hi,
  kumar0828 wrote:
  Hi Frank,
  Thanks for the reply.
  Can you please elaborate on how to add policies for a table for just firing a select DML statement on table.See the SQL Packages and Types manual first. It has examples. You can also search the web for examples. This is sometimes called "Virtual Private Database" or VPD.
  If you have problems, post a specific question here. Include CREATE TABLE and INSERT statements to create a table as it exists before the policies go into effect, the PL/SQL code to create the policies, and additonal DML statements that will be affected by the policies. Show what the table should contain after each of those DML statements.
  Always say which version of Oracle you're using. Confirm that you have Enterprise Edition.
  See the forum FAQ {message:id=9360002}
  The basic idea behind row-level security is that it generates a string that is automatically added to SELECT and/or DML statement WHERE clauses. For example, if user ABC is only allowed to query a table on Sunday, then you might write a function that returns the string
  USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'So whenever any user says
  SELECT  *
  FROM    table_x
  ;what actually runs is:
  SELECT  *
  FROM    table_x
  WHERE   USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'
  ;If you want to prevent any user from deleting rows, then the policy function can return just this string
  0 = 1Then, if somone says
  DELETE  employee
  ;what actually gets run is
  DELETE  employee
  WHERE   0 = 1
  ;No error will be raised, but no rows will be deleted.
  Once again, it would be simpler, more efficient, more robust and easier to maintain if you just created the table in a different schema, and not give DELETE privileges.
  Edited by: Frank Kulash on Nov 2, 2012 10:26 AM
  I just saw the previous response, which makes some additional good points (e.g., a user can always TRUNCATE his own tables). ALso, if user ABC applies a security policy to the table, then user ABC can also remove the policy, so if you really want to prevent user ABC from deleting rows, no matter how hard the user tries, then you need to create the policies in a different schema. If you're creating things in a different schema, then you might as well create the table in a different schema.

• Prevent user from view line item details in KSB1 report

  Hi,
  how to restricting user from view line item details by double-click on it or highlight an item click on Document?
  Regards,
  Kelvin

  Hi,
  This issue got resolved.
  SAP suggested to execute the program "FAGL_CORR_0001" for company code wise.
  In ECC 5.00 from support pack 10 onwards two new fields has been added to table FAGLFLEXA.  (earlier we are on support pack 9, recently we applied the latest support pack)
  If we can execute the above program FAGL_CORR_0001, the two new fields will filled with relevant data and then we can able to use drill down option.
  This is for your information.
  Message was edited by:
          prasad naga