HR Authorization issue for specfic User

Similar Messages

• Authorization key for a user

  Hi experts,
  How can i get the authorization key for the user.

  thanks for the reply
  when iam creating a sales order , i need to check wheather the user creating the sales order has authorization depending on the authorization key

• Authorization Required for RFC user  in R/3-APO system.

  Could you please help regarding one authorization issue. I want to know the authorization required for one RFC user. Now this RFC user used for RFC connection of SAP R/3 - SAP APO system. user type is given dialog type and SAP_ALL profile has been given to this user  id. Now I have to remove SAP_ALL from this user id in R/3 and APO system and  provide the required the authorization in R/3 and APO system.
  Regard
  Auroshikha

  The RFC authorisation depends completely on what the user is doing (ALEREMOTE?).  We can't tell you what RFC auths your connection requires. 
  There is a guide to doing this here: https://wiki.sdn.sap.com/wiki/display/Security/BestPractice-HowtoanalyzeandsecureRFC+connections

• Authorization Issue for Object CRM_ORD_PR

  Dear All,
  When user search sales orders in PCUI by sales org, Distributional Channel and Division criteria it shows the result list. But it is also throwing the error as "You are not authorized to Display this transaction"
  I am not sure why system is showing this message.
  I have checked the auth objects for this user.Authorization Objects CRM_ORD_PR and Object CRM_ORD_OE are inactive for the Role.
  When I searched the sales order in SAP GUI and when I click on the sales order from Locator it is giving the message as "You are not authorized to Display this transaction". When I checked the SU53 dump it is giving the message "Authorization check failed
  Authorization Obj CRM_ORD_PR Authorization Object CRM Order -Business transaction Type.
  So my question is though we have made the CRM_ORD_PR object inactive why system is showing the message in SU53.
  Also when I checked the trace system is also checking this object.
  Please help.
  Pankaj

  Rika,
  Thanks for taking the time to reply, it's really appreciated.
  I will pass the details of this note over to our Basis team to see if this helps us resolve our issue also (we are trying to prevent unauthorised objects showing in user search result lists).
  We are on CRM 2007 though, so I am not sure whether it will still be relevant.
  Many thanks again,
  Andrew G.

• Authorization Issue for Inventory in warehouse report

  `Hi All
  I face a issue in giving authorization for a single report to a user in the Inventory reports. The report is Inventory in warehouse report.
  Can u please tell what are the preliminary authorizations to be set for the user to execute the report. The thing is he should not be able to see the item cost and Last purchase prices.
  Thanks... Marikannan

  Hi,
  I am not sure if the authorization for such report is available. I just suggest you to check if form settings icon is able to access or not. if you can open the form settings, I think you can set authorization to be no authorization to access the form setting for certain users.
  Rgds,

• When spanning new tabs (firefox) my users are asked to re-authenticate with pages already signed into. Can you tell me how to fix this issue for firefox users?

  With some research I found regedit setting called “TabProcGrowth” that allows tabs to span without re-authenticating with certain browsers. Can you tell me how to fix this issue for my Mozilla Firefox users? Our current version of Mozilla Firefox is: 24.5.0 (x86 en-US). This was first noticed with a product called Confluence that we use in our Tech Support area. Users are having to reenter their password every time they click on a new link in confluence. Any help would be appreciated.
  Thank you,

  Hi Bernie:
  As long as you are accessing your internal server on http:// or https:// then I would expect the normal rules to apply. To see whether some external requests are being blocked, you might try using Firefox's Web Console, Network tab.
  You can open the console in the lower part of a tab using either:
  * Ctrl+Shift+k
  * "3-bar" menu button > Developer > Web Console
  * (menu bar) Tools menu > Web Developer > Web Console
  Click "Network" on the top bar of the Web Console.
  Then use the address bar or a bookmark to launch Confluence in the same tab. Each request made by Firefox should be displayed along with the result. You can click a row for more details.
  When I look up "TabProcGrowth" it seems related to the Protected Mode feature of IE8 and newer, which is not (yet) applicable to Firefox. http://blogs.msdn.com/b/askie/archive/2009/03/09/opening-a-new-tab-may-launch-a-new-process-with-internet-explorer-8-0.aspx
  However, if Confluence is heavily reliant on plugins such as Flash or Java, that could be a factor because plugins are run out-of-process in Firefox. In that case I suggest checking with Confluence for suggestions.

• Enterprise Portal Log off Issue for External User

  Hello
  We are facing a Enterprise Portal log off issue for one of our external users.
  User is logged in and clicks on the "Log Off" link .
  User is prompted as seen below:
  Are you sure you want to logg off?
  Choose Yes or No
  Click on Yes and popup window goes away and nothing else happens.
  These problems logg off issue problem happening on Internet Explorer 6 but from from firefox browser, its working.
  Also  popups are not blocked on IE.
  EP version with SP level is EP 7.00 SP12.
  Even though from Internet explorer 6, i can log in and log off with internal user.
  Please advise for the log off problem .

  Hello
  I added the value ume.logoff.redirect.url =https://poqwas.synenco.com/irj/portal
  on Config Tool Global Paramter settings.
  Then restart the server.
  But I am getting the same problem.when I login with external user ID, then make log off. Nothin Happen...
  Please advise

• Hi All Authorization Issue for CS02

  Hi,
  I have a transaction cs02. I am making changes using by calling this transaction( ie i have used it in program as call transaction cs02.) but for this transaction few user's don't have Authorization .So when these user's run the report they are not able to do the changes using this transaction. Is there any way where we can do these changes eventhough these user's don't have Authority to 'cs02'.

  Hi Jaffer,
  You need to use su53 after the error happen and assign the right roles or access to the objects needed so users can make changes in the required transaction.
  Regards
  Juan
  PS: Please award points if helpful!

• Authorization issue for TR VD01 & VD02

  Hi all,
  In customer master creation for TR VD01 and VD02 basically we have 3 VIEWS( General data, company code and sales area data). My main requirement is we have 3 sets of users. for one set of users we should give authorization only for creating and changing general view., and other set of users to create only company code data and changing this view. Ie based on views i need to give authorization to the end users. Is it possiable to do this through abap( through user exit) or else this requirement can be done by basis.
  Regards,
  Smitha.

  Hi Suvendu,
  Many thanks for your replay,
  here for this scenario i am not able to identify which view currently the user is changing(techinically)
  Ie in userexit i am not able to identify which view he is currently changing.
  How can i distinguish bwtween this 3 views.
  Regards,
  Smitha

• Authorization Policy for Modify user in OIM 11gR2

  Hi Experts,
  Requirement: I want the users in particular org not to modify certain user attributes and users from other org should be allowed to modify user.
  I have created user1 whose organization is org1 and role is role1. I have also created user user2 under same org and same role. I assigned the Admin Role "User Administrator" role to user2.
  So If user2 from same org1 tries to modify certain attributes then OIM should throw error message. I have completed till this.
  But when the user from diff org say org2 with Admin Role "User Administrator" tries to modify user, OIM is not allowing to modify user which should not be the case.
  I want the Auth Policy to trigger only for Org1. I have specified the below condition for my custom policy in OES admin console but it is not triggering.
  The condition is
  IF ( OrclOIMTargetEntity = 'true' AND OrclOIMUserOrganizations = 'true' AND STRING_AT_LEAST_ONE_MEMBER_OF(OrclOIMUserOrganizations,['25','1000000']) = true )
  What am I missing?
  Any help is much appreciated.

  Hi
  Can anyone let me know the steps to restrict modify user operation for the users belonging to specific organization in OIM 11gR2. The condition which I specified under Authorization Policy in APM console is not triggering at all.
  Thanks!

• Authorization-problem for standard users when running WDR_TEST_ZCI

  hi
  we've developed a WDA application incorporating several interactive forms. it all runs fine in QA--environment when a user with developer-role are running the application, but when standard users are running it, it fails.
  the same happens with the demo-app WDR_TEST_ZCI.
  i so belive this to be caused by missing authorizations for the users. can anyone shed any light on which these might be?
  the error as reported in the browser:
  The following error text was processed in the system Q97 : Access via 'NULL' object reference not possible.
  The error occurred on the application server xx-x168_Q97_05 and in the work process 0 .
  The termination type was: RABAX_STATE
  The ABAP call stack was:
  Method: PARSE_XML_SCHEMA of program CL_WD_ADOBE_SERVICES==========CP
  Method: GET_SCHEMA_VERSION of program CL_WD_ADOBE_SERVICES==========CP
  Method: CONSTRUCTOR of program CL_WD_ADOBE_SERVICES==========CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/LADOBE==================CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/LADOBE==================CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L7STANDARD==============CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
  any input appreciated.
  cheers
  tom

  Hi Tom,
  When you are familiar with authorizations in PFCG trabsaction you are finaliar with S_DEVELOP if not ask the authorization team on your project.
  Basically this authorization object handles the read/write etc authorization related to devlopment objects. If you implement Adobe forms you will probably develop your own forms or at least copy the SAP forms to customer namespace.
  For Adobe you will therefore have 2 custom development objects (1 for the form and 1 for the interface that is automatically generated). The end-user shoulf have at least READ access to these objects. If not the portal will trow an error on this.
  To determine the tech names of the objects find the form and related interface in transaction SFP. These should be inserted in the object S_DEVELOP in the role for the end users.
  You may want to consider to put the value Z* in the object which will give authorization for all the custom developed objects.
  If you can't find the object reply again and i will send a screenshot.
  Finally, make use of the splended transaction ST01!! It will make your life a lot more easy in portal! It traces all the authorizations needed and missing for any user you specify. After activating the trace and running a portal scenario the log will tell you want went OK and what not on an authorization object level.
  Good luck,
  Thomas
  ps. Thanks for the appreciation you gave in my other thread. Now we have the answers in both threads as well. Take Care.

• Privacy issues for end user

  The interactive form I have designed will be completed by people who are very conscious of their privacy. I imagine that most of them will not be happy to email their data, as this leaves easily found "breadcrumbs" on their computer.
  Is there any way this data can be sent without going through the email process? Would submitting to a URL overcome this problem, or are there other "privacy issues" for the end user which may come into play?

  Thanks Danmaster - after investigation I find I have been using SOAP for some time now. I've just never been conscious of its acronym. So if I have been communicating between applications using a communication protocol I have been using SOAP (Simple Object Access Protocol).
  I am starting to think I'm really clever now.
  Just because I have been submitting forms through http and then using CGI scripting on the server to convert and email me the results, I never thought that SOAP was such a vital component.
  So perhaps the LiveCycle Designer will just allow me to create automatically what I have been hard-coding for years.
  I really should have asked that "if the client submits via http through the LiveCycle form, will they be shown any hints that the data has been submitted".
  Cheers

• Authorization key for the user profile

  In SAP, there is a provision where we can create the authorization key and assign this key to the various user statuses in the user status profile.
  The application is that when the user status is changed from one to other and if to the user status, the authorisation key is assigned then the authorised person should be only able to change the status.
  But my query is that i have not come across any customization where a SAP user can be assigned to the auth. key so that he can only change the user status.
  Can anybody let me know that whatever i understood, is it correct? And if yes, let me know where to assign the user to the authorisation key?
  Thanks

  Hi Iyer ,
  Please see the below,if it solves your requirement
  M/CS Autorisation Objects
  SAP Standard Authorisation Objects:
  I_ALM_ME: Mobile Asset Management  (ACTVT)
  I_AUART: Order Type  (IWERK, AUFART)
  I_BEGRP: Authorization Group  (TCD, BEGRP)
  I_BETRVORG: Business Operation  (BETRVORG)
  I_CCM_ACT: Configuration Control authorization object  (CCACT, ACTVT)
  I_CCM_STRC: Structure gap maintenance authority  (ACTVT)
  I_ILOA: Change location and accounting data in order  (IWERK, AUFART)
  I_INGRP: Maintenance Planner Group  (TCD, IWERK, INGRP)
  I_IWERK: Maintenance Planning Plant  (TCD, IWERK)
  I_KOSTL: Cost Centres  (TCD, KOKRS, KOSTL)
  I_QMEL: Notification Types  (TCD, QMART)
  I_ROUT: Task List  (ACTVT)
  I_ROUT1: Task Lists by PM Planning Plant, Work Sched., Status  (TCD, IWERK, VAGRP, STATU)
  I_SOGEN: Permit  (SWERK, PMSOG)
  I_SWERK: Maintenance Plant  (TCD, SWERK)
  I_TCODE: Transaction Code  (TCD)
  I_VORG_MEL: Business Operation for Notifications  (QMART, BETRVORG)
  I_VORG_MP: Business Operation for Maintenance Planning  (MPTYP, BETRVORG)
  I_VORG_ORD: Business Operation for Orders  (AUFART, BETRVORG)
  I_WPS_MEB: Maintenance Event Builder  (DIWPSMEBAR)
  I_WPS_REV: Revision authorization object  (REVTY, ARBPL, WERKS, WPS_REV_AC)
  S_NUMBER: Number Range Maintenance  (NROBJ, ACTVT)
  C_TCLA_BKA: Authorization for Class Types  (KLART)
  *Authorisation Tables:*
  TOBJ: Authorisation objects
  TOBJT: Authorisation object texts
  AGR_1250: Authorisation object assigned to role
  AGR_USERS: Users assigned to a role
  AGR_TCODES: Assignment of roles to Tcodes
  Authorisation Objects for System-Statuses:
  Order: I_VORG_ORD  (AUFART, BETRVORG)
  (REL = BFRE, TECO = BTAB, delete component = RMKL)
  Notification: I_VORG_MEL  (QMART, BETRVORG (NOPR = PMM2, NOCO = PMM4))
  Maint. plan: I_VORG_MP  (MPTYP, BETRVORG)
  User-Exits:
  CPAU0001: Enhancement for Authorization Check in Task Lists
  IMRC0005: Measure point: Exit in AUTHORITY_CHECK_IMPT
  IWOC0003: PM/SM authorization check of ref. object and planner group
  QQMA0026: PM/SM: Auth. check when accessing notification transaction
  QQMA0030: Check validity of status change
  BADIs:
  DIP_SET_USERSETTINGS: Initial Object Check in DP Processor
  INST_AUTHORITY_CHECK: PM/CS Enhanced Authorization Checks
  IWO1_ORDER_BADI: Maintenance, Service, and Refurbishment Order
  NOTIF_AUTHORITY_01: Additional Authorization Checks for the Notification
  WORKORDER_GOODSMVT: PM/PP/PS/PI orders: auto. goods movement
  Authorisation Groups:
  These can be created via TCode SM30 and table T370B. They can then be assigned to the following objects:
  a.     Equipment (IE02)
  b.     Functional Locations (IL02)
  c.     Maintenance plans (IP02)
  d.     Entry List for Measurement Documents (IK32)
  e.     Object links (IN05, IN08)
  f.     User-statuses
  Authorisation Debugging:
  TCode SU53: Evaluate Authorization Check

• Profile issue for internet user

  Hi,
  I am new to ICH. I have an issue with the internet user of the supplier.  The issue is
  "When user connects to ICH portal, he can able see all the orders and not only the orders sent to his company". He should not  see all other orders which are not relevant to him.
  I checked the roles and profiles for this user and also relation ship with the BP. He has assigned only to his company.
  Can anyone suggest/ advice the solution how to resolve. what are the other checks to  be done to restrict this user.
  Please help me out on this issue.
  Regards
  Kishore

  Hi Kishore
  Check if supplier Business partner (Org Type) has been assigned in supplier location.
  Then assign the supplier internet user to supplier BP (Org Type). Please confirm that Supplier business partner is not assigned to any other location. He should be assigned to only his location.
  Use the std roles provided by SAP for supplier users. This set up should solve your purpose.
  Best Luck
  Pravin

• Lync 2013 - Address Book Synchronization Issues for External Users

  I recently deployed Lync Server 2013 in my organization. Everything works fine except for the address book synchronizing issues and the mobility access. I would really appreciate if someone could share their knowledge as I have done lot of troubleshooting,
  not sure if I have missed something. Please note my setup below for the External Web Services.
  Lync Front End:
  Listening: 8080 4443
  Published: 80 443
  I have published my External Web Services URL and the following ports are open: 4443, 443, 8080
  When I look at the Lync Client Configuration, ABS Server External URL is pointing to https://lyncexternalweb.domain.com:443/abs/handler. However, GAL Status is still pointing to my internal Front End FQDN: https://internal.domain.com:443/abs/handler.  
  For machines that are joined to the domain, the address books synchronizes with no issues. For machines that are not joined to the domain and for external users, GALContacts and GALContacts.DB files are not event generated for the users profiles. 

  Hi Anthony,
  Please note the findings below:
  1. I was checking the Lync Client configuration on one of the PC that is not joined to the domain, still on the domain network via site to site VPN connection. I noticed that the Connected Lync Server varies: sipinternal.domain.com, sipexternal.domain.com,
  lync.domain.com (Pointing to the Edge Server IP).  
  2. Edge Server External Settings: Single IP address with the FQDN set to lync.domain.com for all 3 services and the following ports configured. Access Edge Service: 5061, Web Conferencing Edge Service: 444, A/V Edge Service: 443 with NAT enabled public
  IPv4 address. I have checked the replication status between the Front End and Edge Server, it is up to date.
  3. In regard to the https://lyncdiscover.domain.com, I don't have the lyncdiscover.domain.com published, but it is pointing to the NAT enabled public IPv4 address which is assigned for A/V Edge Services.
  4. For the port forwarding, I am using the Cisco Meraki router. 
  Please advise if there are there is something that I am missing.
  Thanks!