How to restrict the user id to a specific company code?

Hi,
I want to restrict a user id to access a specific company code only for both customizing and application data creation. This means that the user id can do customizing and create application data for that company code only and not for any other company codes.
how can i do this?

Hello Raja,
You requirement of restricting users for application data can solved by adding the company code in the organization level button and the user will be restricted to mainatin application (transaction) data for the org element for which he is authorized for, if the transaction has objects which check company code.
Customizing data authorization can be very tricky, as most of the customizing transactions are for maintaining customizing tables will not necessarily have an authorization check for org elements. In this case you may to manually insert a object called S_TABU_LIN alongwith S_TABU_DIS it will perform the job of restricting authorizations.
In cases where the end user is accessing tables directly with SE16 S_TABU_DIS is the object that is check and maintained in PFCG.But,Such a restriction cannot be made with S_TABU_DIS alone. Fortunately SAP provides us with another authorization object S_TABU_LIN (Authorization for Organizational Unit), which can be used in conjunction with S_TABU_DIS to enforce such a restriction.
This authorization object works only with Maintenance Views and Customizing tables. Also note that an Organization Criterion is a prerequisite for implementing the same
A detailed step by step procedure to be followed is given below:
1. The first step in implementation of line authorization is defining an Organization Criterion. For this we need to access the u201CSAP Reference IMGu201D customization page from SPRO transaction.
2. From the IMG display screen select SAP Web Application Server -> System Administration -> Users and Authorizations -> Line Oriented Authorizations. Select the execute ( ) button for the u201CDefine Organization Criteriau201D.
3. The resulting table display show all available Org Criteria values existing in the system. For our purposes we will create a new Org Criteria to suit our needs. Select the tab u201CNew Entriesu201D as shown below.
4. Give an appropriate name starting with Y or Z for the new value. Note that a name starting with another letter will not be accepted by the SAP system. Click on u2018Saveu2019 button to save the newly created Org Criteria. This opens a new window asking for a Workbench Transport Request. This would be required so as to transport the new Line authorization restrictions further to the test and production systems.
5. Now select the new Org Criterion u201CY_TESTu201D and double-click the u201CAttributesu201D tab as below to define the various Org Attributes.
6. Provide the new Attribute name and Description for the same. Also fill the Authorization field value from the provided dropdown (1st Org Criterion Attribute u2026. 8th Org Criterion Attribute). The search help field is an optional field which can be filled if a search criterion exists or has been created earlier for the specific purpose. This field enables the u201CF4u201D when filling entries in the authorization object
7. We already have a search help (C_T001) available, which provides as an F4 help the list of all available Company Codes in the system.
Note that we can create up to 8 Org Attributes as per our requirements (by selecting u201CNew Entriesu201D tab), each corresponding to a column in the target table.
8. Selecting the attributes link again will show us a list of all defined attributes and the authorization Field it will appear in. Now that we have defined the Attribute Field that we require, we need to associate each attribute to the corresponding Table Field in the target table.
Select one of the attributes as below and double-click on the u201CTable Fieldsu201D button to define the field associations.
9. Select the u201CNew Entriesu201D tab to create a new table field association.
10. The View/table field must be filled with the target table which we need to control.
11. The u201CField Nameu201D will require the field name of the target table which be linked with the specific Org Attribute. Performing an F4 on this field will display the list of all possible fields available in the View/table provided earlier. Here we will select the field name BUKRS (Company Code). Save the entries in the same workbench request created earlier.
12. The next step would be to activate this new Org Criterion so that SAP now checks the authorization for S_TABU_LIN for every user
13. In the u2018IMG displayu2019 go to SAP Web Application Server -> System Administration -> Users and Authorizations -> Line Oriented Authorizations. Select execute ( ) button for the u201CActivate Organization Criteriau201D.
14. From the resulting customization screen tick the check-box for the Org Criterion that we have created. On saving the settings the system then asks for a Customizing Transport Request for further transport into test and development systems.
15. Any user without this authorization will not be allowed in to the SM30 display/change screen for this table.
16. In the role for which the S_TABU_DIS provides maintenance access for the table , we will now also need to maintain the object S_TABU_LIN.
17. On selecting change button besides any authorization field you will need to select the Organization criterion which needs to be maintained here. Note that only one Org Criterion can be maintained in one instance of S_TABU_LIN object.

Similar Messages

  • How to restrict the user in MIRO for not modifying  price

    Hi All 
    My requirement is How to restrict the users in MIRO screen for not modifying Material Prices  of only the for specific  ROH types .
    For example :
    Valuation class             RM description
      3021                             RM - A
      3022                             RM - B
      3024                             RM - C
    when ever we procure  the above Raw materials A,B and C and
    the Quantity of each Raw material @ 10 units  and value @ 1 INR  for each unit
    RM - A procured qty 10 @1 total price is INR  10
    RM - B procured qty 10 @1 total  price is INR 10
    RM - C procured qty 10 @1 total  price is INR 10
    total price of PO is INR 30
    when we received invoice material prices are  assume it INR 1 is excess for each material.Now the invoice price for each RM has become INR 11.
    in MIRO we want restrict the user to change the price from INR 10 to 11.
    suggest the best possible ways to restrict in MIRO screen
    Thanks & Regards
    Mala

    Dear:   
                      Take help of ABABPER fo implement exit using INVOICE_UPDATE or MRMH0003 Logistics Invoice Verification: Revaluation/RAP exit. If this does not help then seek help of MM functional who will help you to find exit for the required task.
    rEGARDS

  • How to restrict the user from making any changes in Sales order- item level

    Hi to all
    How to restrict the users from making any changes in sales order at item level if the same sales order is released by senior user through status profile.
    Regards
    Anish Parikh
    Edited by: anish parikh on Jan 24, 2008 5:16 AM

    Hi Anish,
    This can be achieved through the roles and authorization.
    This can be done through the basis team. they can create user profiles and roles.
    For the roles they assign some transaction codes so that they can view the only assigned tr. codes.
    Like that ur requirement can be done.
    Also u can prevent the user to change any fields in the sales order screen (VA02). for that please modify the authorisations.
    Hope i answers.
    Reward points if useful.
    Edited by: kaleeswaran bhoopathy on Jan 24, 2008 9:57 AM

  • How to restrict the user to enter only numeric values in a input field

    How to restrict the user to enter only numeric values in a input field.
    For example,
    i have an input field in that i would like to enter
    only numeric values. no special characters,alphabets .
    reply ASAP

    Hi Venuthurupalli,
    As valery has said once you select the value to be of type integer,once you perform an action it will be validated and error message that non numeric characters are there will be shown. If you want to set additional constraints like max value, min value etc you can use simple types for it.
    On the project structure on left hand side under local dictionary ->datatypes->simple types create a simple type of type integer
    The attribute which you are binding to value property ;make its type as simple type which you made
    Hope this helps you
    Regards
    Rohit

  • How to Maintain the MM Master Data from one company code to other co code

    Hi Experts,
    Can any one pls tell me how to Maintain the MM Master Data from one company code to other co code.
    Presently we created New plants,New Purchase Orgs under different company code.
    1) Material Master data
    2) Vendor MAster data
    3) PIR
    4) Source List
    Is there any standard Transactions...??
    Please reply.
    Brgds,
    KK

    Hi
    Check out the link -
    http://wiki.sdn.sap.com/wiki/display/ABAP/StepstocreateasimpleLSMWusingbatchinput+recording
    lsmw for data migration for  xk01 transaction
    http://www.sap-img.com/general/lsmw-steps-for-data-migration.htm
    Regards
    Anand

  • How to restrict the user(Schema) from deleting the data from a table

    Hi All,
    I have scenario here.
    I want to know how to restrict a user(Schema) from deleting the values from a table created in the same schema.
    Below is the example.
    I have created a table employee in abc schema which has two values.
    EMPLOYEE
    ABC
    XYZ
    In the above scenario the abc user can only fire select query on the EMPLOYEE table.
    SELECT * FROM EMPLOYEE;
    He should not be able to use any other DML commands on that table.
    If he uses then Insufficient privileges error should be thrown.
    Can anyone please help me out on this.

    Hi,
    kumar0828 wrote:
    Hi Frank,
    Thanks for the reply.
    Can you please elaborate on how to add policies for a table for just firing a select DML statement on table.See the SQL Packages and Types manual first. It has examples. You can also search the web for examples. This is sometimes called "Virtual Private Database" or VPD.
    If you have problems, post a specific question here. Include CREATE TABLE and INSERT statements to create a table as it exists before the policies go into effect, the PL/SQL code to create the policies, and additonal DML statements that will be affected by the policies. Show what the table should contain after each of those DML statements.
    Always say which version of Oracle you're using. Confirm that you have Enterprise Edition.
    See the forum FAQ {message:id=9360002}
    The basic idea behind row-level security is that it generates a string that is automatically added to SELECT and/or DML statement WHERE clauses. For example, if user ABC is only allowed to query a table on Sunday, then you might write a function that returns the string
    USER  != 'ABC'
    OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'So whenever any user says
    SELECT  *
    FROM    table_x
    ;what actually runs is:
    SELECT  *
    FROM    table_x
    WHERE   USER  != 'ABC'
    OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'
    ;If you want to prevent any user from deleting rows, then the policy function can return just this string
    0 = 1Then, if somone says
    DELETE  employee
    ;what actually gets run is
    DELETE  employee
    WHERE   0 = 1
    ;No error will be raised, but no rows will be deleted.
    Once again, it would be simpler, more efficient, more robust and easier to maintain if you just created the table in a different schema, and not give DELETE privileges.
    Edited by: Frank Kulash on Nov 2, 2012 10:26 AM
    I just saw the previous response, which makes some additional good points (e.g., a user can always TRUNCATE his own tables). ALso, if user ABC applies a security policy to the table, then user ABC can also remove the policy, so if you really want to prevent user ABC from deleting rows, no matter how hard the user tries, then you need to create the policies in a different schema. If you're creating things in a different schema, then you might as well create the table in a different schema.

  • How to Restrict the users in oracle applications

    Hi,
    I want to Restrict the users in oracle applications without using database
    can any one please expalin me how to resttrict the users using middletier
    Thanks
    Gita

    HI srini ,
    my application version 12.0.4 and database is 10.2.0.4
    and i want to restrict the No of users
    exp i have have 500 users and i want restrict to 100 only
    how can i do that please explain
    Thanks,
    Sudheer

  • How to restrict the user for re-submitting the same form

    Hi All,
    I would like to know, How to restrict a user for re-submitting the same page.
    I have a jsp page with submit button... and should not allow the user to save the same data again ..
    Anil

    Try the followings. If user disable cookies, this will not work. You need to modify to detect such situation!
    String processed = "mycooke";
    Cookie[] cookies = request.getCookies();
    Cookie c = null;
    if (cookies!=null) {
       for (int i=0; i < cookies.length; i++) {
           if (cookies.getName.equals(processed)) {
    c = cookies[i];
    break;
    if (c!=null) {
    // already processed.
    // send error message and exit.
    // set cookie;
    c = new Cookie(processed , "yourdata");
    c.setMaxAge(-1);
    response.addCookie(c);
    // process as it is the first;

  • How to restrict the user from accessing other screens before submittingdata

    Hi All,
      I have some screens developed in Webdynpro ABAP and all these have been linked to Portal as pages. In Portal If i click on the link in detailed navigation i can see the corresponding screen on the right side. Now in one screen i have to input some data and submit the data, Now my problem is if i enter some data and before submitting the data if i click on any other link in the detailed navigation, that corresponding screen is opening and all the data of the previous screen is lost.
    Can any one suggest me, how can i restrict the user from accessing other screens before submitting the data of that screen from portal perspective.

    Hi Prasanna,
    The pages can be restricted from the user access by using the ACL permission or you can restrict the page by making invisible in navigation area which you do not want to show to the user . Open the page properties and select navigation category in the drop down and select the Invisible in navigation area property to yes.By default this property is No.Change the property for all pcd pages which want to hide from user access.
    Hope this helps you...
    Regards,
    Rudradev Devulapalli
    Reward the points if helpful....

  • How to Restrict the users from changing the Default variant of report.

    Hello everybody,
    The requirement is to restrict the users to save and overwrite  the default layout variant (Layout for higher managenet)set for the report, but at the same time they should be able to change and save the other layouts for which they are having access.
    I have written the logic in the program which is working fine for all the scenario when we execute the report. But the logic doesnt work if the user is selecting the layout on the output screen of the report.
    for e.g if the user runs the report using the layout varaint for which he is having the authorization then he gets the all 4 options so he then he can select the layout for which he is not authorized and he can overwrite.
    i have debugged and check as i have found that after the report output is shown all the layout paramater is controllled by the statndard SAP objects.
    Can anyone help me out in this issue.
    Thankyou in advance.
    *to get the default layout variant.
      w_save = 'A'.
      if p_vari is initial.
        clear disvariant.
        disvariant-report = sy-repid.
        w_variant = disvariant.
        call function 'REUSE_ALV_VARIANT_DEFAULT_GET'
          exporting
            i_save     = w_save
          changing
            cs_variant = w_variant
          exceptions
            not_found  = 2.
        if sy-subrc = 0.
          p_vari = w_variant-variant.
        endif.
      endif.
    *logic to check user authorization to change the layout setting.
      if p_vari = c_layout.
        if not sy-uname is initial.
          select single * from agr_users
                  where agr_name = c_role
                  and   uname    = sy-uname.
          if sy-subrc = 0.
            w_save = 'A'.
          else.
            w_save = ' '.
          endif.
        endif.
      endif.
    Regards,
    Satish.

    Hi Maine,
    Thanks for your reply.
    As you mentioned for your own program, you can control the parameter "I_SAVE", when calling "REUSE_ALV_GRID_DISPLAY".
    so already i have use the same logic and control the parameter through I_SAVE and here i am calling method ALV_GRID->SET_TABLE_FOR_FIRST_DISPLAY instead of "REUSE_ALV_GRID_DISPLAY".
    and it works fine when we execute the report but the logic doesnt work when the user tries to change and save the layout variant on the output screen of the report.
    Regards,
    Satish

  • How to restrict the users not to change receiving batch no. in 305 mov.type

    Dear MM Guru,
    We are using mov.type 303 & 305 for transferring the materials from one plant to another plant. t.code is MB1B (Non split valued item)
    While receive the goods through 305 mov.type the user having the chance to change the receiving batch number. To control this changes, is there a way where we can restrict the users not to do the changes in receiving batch no. or can we do the GR with reference to the material document 303 mov.type.     
    Regards,
    Sivanandan

    Hi,
    Generally there is a possibility to change the batch no. If you want to restrict it means go for enhancement. Use BADI to acheive this.In  MB_MIGO_BADI you can set not to change the batch no. Hope it works. Thanking you.

  • How to restrict the user to change the project structure but not the documents?

    Hi,
    I have created one project assigning different users in Solution manger. I want to risitrict some of the users to change the project structure but simultaneously allwoing the project documents to be created, edited or deleted using solar01 under Project documentation tab. For that I have followed the steps provided in the follwoing link.
    http://wiki.scn.sap.com/wiki/display/SM/Howto+Restrict+Changes+to+Project+Nodes+to+Assigned+Team+Members
    I am able to restrict the users to change the project structure, but I am not able to allow access to the project documents. It gives me the message "You are not authorised to change the project". This fulfills my one of the requirements. But, Is there any way  to restrict the user to change the project structure but not the documents?. Any help will be apperitiated.
    Thanks,
    Rutvik Uapdhyay. 

    Hi Rutvik,
    Basically there are 2 different authorization role ...you should look for and customize as per requirement in Z* namespace.
    role  - SAP_SOLAR01_ALL
    this take care of objects in Solar01 like tab access etc
    role -SAP_SOL_KW_ALL
    this takes care of entire documentation within solman
    hope this helps
    Regards
    Prakhar

  • How to restrict the Users at Page level

    Hi Gurus,
                         I want to restrict the users page to page.I am having 3 pages and 3 set of users.If any user having access to page1 then he will not see Page2 & Page3 .For Page2 & Page3 it is same case i.e page2 will displayed to user2 and not to user1 & user3.Same for page3 which will be displayed to user3 only.
    Waiting for reply..
    Thanks & Regards
    Ganesh

    Hi,
    There is PCDFilter, which can be used to filter role and workset content depending on the context.
    I think this can solve your usecase.
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/3367e690-0201-0010-d285-c69bd884c9f3
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/17968de1-0a01-0010-1f9f-c090fbc7001a
    Greetings,
    Praveen Gudapati
    [Points are always welcome for helpful answers]

  • How to restrict the user input textfield to an Integer?

    Hello there;
    Here is my problem, and i need your help.
    I have a mssql 2005 server as my back end database;
    I have designed a web application from which i can load a specific table in my database.
    One of my table column is of integer type and i want to restrict the user to only entered an integer in the textfield.
    I have try the integer converter from the "converters" section of the pallete. The result is that its actually restrict the user input to be an integer, but i can't load the database, obtaining a java.lang.Int error message.
    Next i have tried using int theid=int.parseInt........ but i am receiving a syntax error of the type cannot find symbol parseInt.
    I can't just work this out!
    Could anybody help please.

    As has been stated in previous replies you can check that the value in the TextField is parseable as an Integer by using Integer.parseInt(fieldVariable.getText()). However, you can also restrict what characters can be entered into the text field, like so:
    Assume your field variable is textField1 then the KeyTyped event for the text field:
    private void textField1KeyTyped(java.awt.event.KeyEvent evt) {
         if (evt.getKeyChar() < '0' || evt.getKeyChar() > '9') {
              evt.consume();
    }will only allow the numeric characters (i.e., 0-9) to be typed into the field. Keep in mind that in this case the backspace, delete, home, arrow, etc, keys will not delete characters, move the cursor, etc, so if you want those you have to test for them as well.

  • How to calculate no.of records for a specific company Code and Transaction

    Hi All,
    Could you please help me how to calculate or count no.of records, in a table which are having a specific Company Code and Transaction Code and populate  in an output table displaying that these many records are present for this company code and Transaction code.
    The table is having the data like this:
    LOB   TRAN CODE    COUNT
    X1                             1   
    X1                              2   
    X1                              3   
    X1                              4   
    F1   NB                      5   
    F1   NB                     6   
    F1   NB                     7   
    F1   NB                    8   
    F1   NB                    9   
    F1   NB                    10  
    F1   NB                    11  
    F1   NB                    12  
    F1   NB                     13  
    F1   NB                     14  
    F1   NB                     15  
    F1   NB                     16  
    F1   NB                     17  
    F1   NB                     18
    F1   NB                    19  
    F1   NB                    20  
    F1   NB                   21  
    F1   NB                   22  
    F1   NB                   23  
    F1                          24  
    F1                         25  
    F1                         26  
    F1                         27  
        In the above table there are totally 27 records,where as the no.of records with F1 as company code and NB as transaction code are 18..so i have to display like F1 NB and 18 as one record as output.
    Thanks and Regards,
    Johny

    You can go for Control Breaks for your requirement.
    First sort the internal table by company code and transaction. Declare a counter variable.
    Now loop the internal table and increment the counter variable. within the loop use AT END OF tcode.......ENDAT. Within the control break append the counter variable as well as the company code and tcode to some other ITAB and clear the counter.
    This will give you the total number of records for a combination of co code and tcodes.
    This will be a good reference for your requirement. What I am doing here is, for each Vendor i am calculating total number of deliveries and amounts for that vendor. For every new vendor i am writing the ouput on to a list and clearing the counter variables.
      LOOP AT t_vend_prod_grp INTO fs_vend_prod_grp.
        w_total_delv = w_total_delv + 1.
        w_total_amt = w_total_amt + fs_vend_prod_grp-dmbtr.
        AT NEW matkl.
          w_mat_grp = fs_vend_prod_grp-matkl.
    * To display the material group and the header texts for the data
    * grouped by material group and vendor.
          SKIP 1.
          WRITE:  text-mtk  COLOR COL_HEADING
                                  INTENSIFIED,
                / w_mat_grp COLOR COL_NORMAL
                                  INTENSIFIED OFF.
          SKIP 1.
          FORMAT COLOR COL_HEADING ON INTENSIFIED.
          ULINE  1(54).
          WRITE:/ sy-vline,
                2 text-ven,
               12 sy-vline,
                  text-dlv,
               26 sy-vline,
               38 text-amt,
                  sy-vline,
               46 text-cur,
               54 sy-vline.
          ULINE /1(54).
          FORMAT COLOR COL_HEADING OFF INTENSIFIED.
        ENDAT.                             " AT NEW MATKL
        AT END OF lifnr.
    * To display the actual data for the grouping based on Material group
    * and Vendor.
          FORMAT COLOR COL_NORMAL ON INTENSIFIED OFF.
          WRITE: / sy-vline,
                 2 fs_vend_prod_grp-lifnr COLOR COL_KEY,
                12 sy-vline,
                   w_total_delv,
                26 sy-vline,
                   w_total_amt CURRENCY text-usd,
                   sy-vline,
                46 text-usd,
                54 sy-vline.
          FORMAT COLOR COL_NORMAL OFF INTENSIFIED OFF.
          CLEAR: w_total_amt,
                 w_total_delv.
        ENDAT.                             " AT END OF LIFNR
      ENDLOOP.                             " LOOP AT T_VEND_PROD_GRP

Maybe you are looking for

  • Unable to Install SQL Server 2008 R2 64 Bit on clean install of Server 2008 R2 64 Bit Error CLR20r3

    Hi, I'm trying to install SQL Server 2008 R2 64  on a clean install of Server 2008 R2 64 Bit. Shortly after double clicking on the setup I get a Windows error message saying the installer has stopped working with the details below. Suggestions welcom

  • Image processing doesn't show

    Hi! I am trying to do image processing, where it will detect the object and box it up when detected.  However, I did not manage to detect the object, which in this case, a masking tape. Can anyone tell me what is wrong and how to solve it? Below is t

  • IPhone4 - Exchange Mail works on WiFi but not Cellular Network

    I am not getting much help from my network admin so I am asking you guys. My mail works beautifully while connected to my corporate network via wifi. When I try to connect via the cellular netweork I get the "connection to the server failed" message.

  • Wireless connects via MAC address, but not with essid.

    I have an eee 901 using the zeneee901 kernel. I got wireless to work out of the box to an extent. This will probably be easier to exlain just posting the commands. ifconfig ra0 up iwlist ra0 scan iwconfig ra0 essid *essid here* dhcpcd ra0 TIMEOUT GOE

  • Error WUC-5

    I configured my WebUtil Demo and now it has a problem. When I run the forms shows me an error WUC-5: No WebUtil Configuration File specified. Where can I configure this?