How to restrict user from deleting record
Dear All,
Kindly share your experience...
Situation: My client have one SOB, used by several branches. Each branch has its own branch code in Chart of Account (accounting flexfield). Currently, to prevent branch accessing other branch's journal in General Ledger Module, we set account security (segment Branch) for each responsibility. In this way, batch header and journal header are still shared. Branch A still can see branch B's batch header and journal header, and even can delete the journals. This is very risky. Client urges to hide 'delete' icon from the toolbars and menu or disable 'delete' journal function for certain responsibility.
Questions: how to solve that problem without modifying the form?
Thanks,
KC
You may want to consider using the CUSTOM.pll. Basically its an "approved" way to do Form customization. You will need to understand basic Forms programming.
Metalink Note 73505.1 is fairly good.
There's also an OAUG white paper (2000) by Brad Goodwin
Ken
Similar Messages
-
How to restrict users from printing documents and exporting to local file
Hi SAP gurus,
I have two questions.
1. How can I restrict users from printing a document? i.e. billdoc? I would like to know if I could block it though authorization. If yes, what auth obj to use?
2. How to restrict certain users from exporting to local file? the System> List>Save-->Local File. I have tried restricting it using auth object S_GUI but it seems it is only applicable to older versions of SAP. im on ecc6.
Thank you in advance.Hi,
Check this:
Create your own gui status and attach it to the list in the event START-OF-SELECTION.
In the menu painter extra -> adjust template.
Make it a list status and you will see all the standard list options appear including list->download
Deactivate the ones you don't want.
If you just want to prevent users from downloading the list you can achieve this with authorization object S_GUI, activity 61. Menu option will still be there though.
Please note that if you remove authorisation for S_GUI activity 61 then all downloads will not be possible.
If you just want to disable downloads only for a particular report, you can try this test program:
Code:
REPORT ztest.
DATA: PROGNAME LIKE SY-CPROG value 'Z_CHECK_AUTH',
FORMNAME LIKE SY-XFORM value 'F_CHECK_AUTH'.
START-OF-SELECTION.
CALL FUNCTION 'SET_DOWNLOAD_AUTHORITY'
EXPORTING
FORM = FORMNAME
PROG = PROGNAME
EXCEPTIONS
OTHERS = 1.
WRITE: / 'TEST'.
You also need this:
Code:
PROGRAM z_check_auth.
FORM f_check_auth USING pe_result TYPE i.
pe_result = 5.
ENDFORM.
Also have a look at the exit SGRPDL00.
Hope this helps you.
Rgds,
Raghu -
Restrict user from deleting issued component in Tcode CN22
1) In T Code - CN22 user can delete issued components ( thru movt type - 281 ) how this can be restricted .
2) Deletion indicator for deleted component not seen in CN22.
Pls tell me what are the settings required to set deleted component indicator on.Hi,
In OPSG u can restrict deletion of withdrawn material component as error.... -
How to restrict users from saving a transaction in PCUI
Hi Experts,
I am working on a requirement where in I have to restrict the user from saving a followup up transaction if an order already exists for the same,in PCUI.I am able to display the error message in the PCUI screen but unable to restrict the user from saving the transaction.
I have implemented the CRM_COPY_BADI ,copy method to check the item copy and populating the message from there...The requirement is fulfilled in GUI by giving a abandon message which restricts the user from saving the transaction.but in PCUI the abandon message is not working..So is there any way to deactivate the save button for a particular transaction in PCUI and this is to be done from within the CRM_COPY_BADI..
I would sincerely appreciate any help provided on the issue..We can do this by populating an error message in the Application log
-
How to restrict users from creation of varients in report transaction
Hi All,
I have a requirement where buisness wants to restrict users in creating varients in report transactions.because of create options users will be creating more screen varients which will be disturbing for the other users to select a particular standard varient.Kindly give ur input regarding this
With regards
Girish AHi,
First edit the role assigned to users using PFCG.
Then go to Authorization tab and click on "Change Authorization Data".
It will opened up the profile of the role. now find the authorization object "S_PROGRAM".
In that edit "User action ABAP/4 program" object.
Remove "VARIANT" check box if it was checked and save. Now press
Generate button or "Shift+F5".
That's it.
You can ask for this to your basis team. They can perform this task easily. -
SM58 - How to restrict users from viewing all the idocs?
Howdy,
The users want to be able to use SM58 to view any idocs that have failed. Unfortunately they currently can access the IDOCS of all countries, in addition to their own country. Does anyone know how we could restrict them?
Or if there another transaction that we could ask them to use?
Many Thanks!Hi,
You can restrict by the Transactional RFC Destination which should be different.
regards
Aveek -
How to restrict users from uploading malicious files(exe, dll,etc) & limit file size in a webform
Hello, please i have a file atachment field in a form on my site. I want to restrict the size of the file that can be uploaded and the type. It's a vacancy page and I want candidates to only upload doc and pdf files. I want to also limit the file size to 50mb only. How can this be done within the BC system.
Thanks.The file extension can't be trusted, like the mime-type it can be faked by a malicious user. Also this method can just be avoided altogether by anyone who has javacript turned off. Using javascript for this is not even remotely secure.
Isn't there a way to allow file uploading but specify a whitelist of filetypes (preferably checked using byte headers or some effective method) somewhere in admin?
Liam Dilley wrote:
Hey there,
You can do the file extension with jquery for example. The basic aspect of that is:
var ext = $('#my_file_field').val().split('.').pop().toLowerCase();
if($.inArray(ext, ['exe','dll','jpg','jpeg']) == -1) {
alert('invalid extension!');
So what is hapepning there is that it checks the value of the field when someone has added the file and checks the file extensiona and produces an alert but you can do as you need.
You could run this on hover of the submit button, on change of the actual file attachement field or on click of the submit button in the checks before it submits.
BC limits files to 100mb anyway so you should be ok on that front, they wont be able to be crazy uploading. -
Restrict Users for Deletion of Components in MFBF
Dear All,
How to restrict users from deleting components in post with correction screen in MFBF in REM?
Regards,
TejasDear Tejas,
Check this link
[Deleting components in MFBF|Deleting BOM components, while backflushing in REM]
Apart from this you can go for a screen variant,as per to my knowledge i dont think you can restrict
through an user exit.
Regards
Mangalraj.S -
How to restrict a user from deleting a PO
Dear All,
I have to restrict some users from deleting a line item in PO. They will be authorised to create & change the PO but they must not be able to delete the line item.
Further it would be more helpful if it is possible to restrict them from deleting one perticular type of PO(ex-Capex PO). They can change a capex PO but can not delete it.
Any of the answars will be highly appreaciated.
Regards
Rutabhadra PandaHello,
Speak to your basis guy, put if you have created Capex PO as a particular document type, then maintain authorisation object M_BEST_BSA (Document Type in Purchase Order) and activity 06 delete.
You may find that delete is still possible through activity 02 change, so you might need to maintain different roles depending on what you need.
Thanks. -
Dear All,
We are having an infrastructure setup of around 500 client computers managed through group policy.
Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
It would be great if you can assist me with the following query.
How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
Can we disable Network Tab on the left hand pane ?
explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.> * explorer.exe is blocked already, but users are able to enter the
> Windows Explorer by clicking on the name which is visible on the
> Start Menu.
You cannot block explorer.exe when you do not replace the shell - the
desktop you see effectively IS explorer.exe...
Your requirement sounds like you need a custom shell:
http://gpsearch.azurewebsites.net/#2812
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
How to restrict users in separate OU's from seeing each others presence
We have an Enterprise Lync 2010 server environment in place, and are using msRTCSIP-GroupingID to restrict address book lookups. We are now looking to restrict presence viewing to only user within the same OU. In other words it should not be possible
to see the presence of a user outside of your own OU, unless that user allows it explicitly.
It seems that the Multitenant pack for Lync can arrange that, but it's just not feasible to install that when you already have an active Lync environment in production. Is it possible to achieve this separation another way? Maybe with msRTCSIP-TenantId?
(which is already available in our current schema)Hi,
Using the GroupingID will completely separate the users into unique address books. But searching by SIP URI will always work and you cannot prevent the users from communicating with other Lync users in the same organization. If you want
to restrict presence viewing to specific users, you can try ABS Configuration Tool.
http://www.justin-morris.net/how-to-hide-users-from-the-lync-address-book/
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found
there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Kent Huang
TechNet Community Support -
Restrict users from editing and deleting not owned items
Hello guys.
I'm trying to restrict users from editing and deleting items created by other users. I know, that it can be achieved by using SPList.WriteSecurity parameter, but if I change its value to 2 or 4 - nothing happens...
May be there are some list permissions that can override this security setting? I tried to combine permissions in different ways but users either cannot modify any items or can edit/delete all of them...
By the way, setting ReadSecurity=2 works as it should work regardless of user permissions...
Please help.Hi,
I understand that you want to change the write security for the document library. You can try the PowerShell script below:
$web = Get-SPWeb http://serverURL
$list = $web.Lists["Document library"]
$list.ReadSecurity = 2
$list.WriteSecurity =2
$list.Update()
$web.Dispose()
This setting will not affect the site collection administrator, he will always be able to edit the documents. You need to sue another account to have a test. If this still doesn't work, I think you need to manually edit the permission for each documents.
Thanks,
EnTan Ming
Entan Ming
TechNet Community Support -
Restricting the user from deleting a personel number
Hi All,
Can anyone help me in restricting the user from deleting a personel number.
Thanks & regards,
VenkatHi Venkat,
The utility menu will ultimately calls to PU00 so it doesnt matter , system wont allow him to delet.
You can try it out in quality if you want.
Award points if useful
Regards,
Bhupesh Wankar -
Restricting User from creating new records using when-validate-record
Hi,
I have a requirement for which I have to restrict he user from creating a record in the Supplier Master form if the suppliier type is 'Affiliate Supplier'.
I have done the following setups
Seq 10
Description Restricting user from creating Affiliate records
Level Function
Enabled Yes
Condition:
Trigger Event WHEN-VALIDATE-RECORD
Trigger object VNDR
Condition "${item.VNDR.VENDOR_TYPE_DISP_MIR.value} is NOT NULL
and
${item.VNDR.VENDOR_TYPE_DISP_MIR.value} LIKE 'Affiliate%'
Processing Mode BOTH
Context
Level User
Value User Name
Action Sequence 1
Type Message
Action Description Saving Affiliate record
Language ALL
Message Type Show
Message Text You Cannot Create Affiliate records Here
Action Sequence 2
Type Builtin
Action Description Stop Proceesing
Language ALL
Action Enabled Yes
Builtin Type RAISE FORM_TRIGGER_FAILURE;
This is working good on one instance but when I moved it to another instance
when I query the form and try to navigate to the bank accounts tab of the form which is based on a differnt block i.e VNDR_USES block, the when-validate-record trigger fires there also and stops the processing.
Any suggestions on this would be higly appriciated.
Thanks in Advance.Hi Srini,
Yes, it does work...but in a Form Session if i Create more then one Item, in some cases it fires for the first records and not sleeps for the second.
Sometimes it doesn't give any response.
Appreciated if you divert to the link to check the Pacthes for 11.5.10 on Form Personalization.
Please share any ideas/example if yiou have to achieve the below requirement.
Requirement:
Once New record is created , a Custom Procedure should be invoked.
with out closing Form i am able to create n number of Items, so for every Item it should invoke Custom PLSQL Code on Save.
Let me know if i can achieve the same in Custom.pll .....as i can use either of Options.(Form Personalization/Custom.pll)
Thanks & regards,
Edited by: user632004 on Mar 16, 2010 7:50 PM
Edited by: user632004 on Mar 16, 2010 8:09 PM -
Windows 2008 : How to Restrict Users to Copy file from Shared Folder
Hello All,
I need to Restrict Users to Copy file from Shared Folder. Please let me know is there any method to achieve this requirement.If user have Read permission, they can copy it. So actually you cannot restrict user from copy your files if they could read/edit.
Some programs could help restrict users from edit/modify/copy the content of their files such as Office files, PDF files etc as Oscar said above.
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected]
Maybe you are looking for
-
I was able to see the lyrics while playing the audio when my iOS was 6.1.4 now i do not know what to do to see the lyrics while playing the audio or a karaoke after upgraded(?) to iOS 7 Is there any chance to see the lyrics in iOS 7 or i want to degr
-
I am a registered owner of Photoshop CS6-the full free-standing version. I was recently traveling in Europe and was restricted to a satellite internet connection. Although fully installed on my computer, I was unable to open Photoshop. The reason giv
-
PDFs not displaying text properly when going Mac- PC
We have a serious issue all of a sudden where AI files using Futura being converted to PDF are NOT showing up properly when viewed on PCs. This user is running 10.4.11, CS3 and Font Reserve. When she exports to PDF, random letters will be missing fro
-
What are the steps in RMAN Backup & Recovery 10 G
Hi All Please list out What are the steps in RMAN Backup & Recovery 10 G Regards
-
Can't use my car's bluetooth hands free set up when Bionic is synched
I don't know the tech jargon. I was able to pair my Bionic to my car's bluetooth hands free set up, but can't seem to use voice dialing. My car's display says that the phonebook has downloaded, and I can still take calls, but that's about it. It's