HR MODULE Authorization

Similar Messages

• Include an authorization check in program

  Hello,
  I am new to SDN .
  I got a requirement where i have to include an authorization check in programs this is required for all custom programs before they are added to roles . I am not sure what i have to do it .
  These programs if i try to open in se38 , i cannot view them .
  How do i include authorisation checks .
  Please let me know step by step .
  i will be grateful.
  thanks
  sumit
  Edited by: sumit123 on Jan 20, 2010 9:52 AM

  Hi Sumit,
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67129f439b11d1896f0000e8322d00/content.htm
  Check this link.
  The following actions are authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid: .
  1.Starting SAP transactions (authorization object S_TCODE)
  2.Starting reports (authorization object S_PROGRAM)
  3.Calling RFC function modules (authorization object S_RFC)
  4.Table maintenance with generic tools (S_TABU_DIS)
  Authority check is done to restrict the execution of a report to certain users.
  Basis creates a authorisation group , includes certain roles in it, to which authorisation should be given.
  If one's id has that role then he is authorised to execute the report..
  IN the report the below code is written to do auth. check
  Authority check on plant
  AUTHORITY-CHECK OBJECT 'ZMMD_PROD'
  ID 'WERKS' FIELD wf_werks.
  Here authorisation is done on plant. and the authorisation object is ZMMD_PROD(to be created by BASIS)

• Authorization Group in se38

  Hi everybody,
  what is the use of Authorization group in se38 attribute? can we create and assign our own one?
  The actual scenerio which i am facing here is My report should not be viewed by some grop of  users. My friend is saying i can do that through the above said one. But i know i can do that using AUTHORITY-CHEK.  What i am asking here is can i accomplish this task by the above said attributes.
  Points will be awarded.
  Thanx in advance.
  Gladiator

  Hi,
  Authorization Checks
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  ·Starting SAP transactions (authorization object S_TCODE)
  Starting reports (authorization object S_PROGRAM)
  Calling RFC function modules (authorization object S_RFC)
  Table maintenance with generic tools (S_TABU_DIS)
  Checking at Program Level with AUTHORITY-CHECK
  Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
  AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
  The access protection system must ensure that only authorized individuals have access to the system and to particular data. For achieving precise application security concerning authorization and to protect confidential data against unauthorized access it is very important to focus on the use of authorization groups.
  The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. They usually occur in authorization objects together with an activity.
  The table that contains all authorization objects is TOBJ.
  The table that contains all activities is TACT.
  The table that contains definition of all authorization groups is TBRG.
  TBRG -- Contains all authorization groups and gives information about relation between authorization object and authorization group. The description of the authorization groups is defined in table TBRGT.
  The field name for authorization group -- BRGRU -- is used to make additional restrictions on authorizations /e.g. for document maintenance/. In authorization objects and authorization checks, there are fields which are checked to verify user authorizations. Customizing objects are combined in authorization groups, and the authorization group is one of the two authorization fields, for example, in authorization object S_TABU_DIS which is in the object class BC_A (Basis - Administration). This object is for displaying or maintaining tables. It controls access using the standard table maintenance tool (transaction SM31), enhanced table maintenance (SM30) or the Data Browser (SE16), including access in Customizing.
  Authorization object S_TABU_DIS has the following fields: DICBERCLS - Authorization group, maximum field length is four characters; and ACTVT - Activity (02: Add, change or delete table entries, 03: Only display table contents).
  Generally, SAP standard tables are assigned to authorization groups. These assignments can be changed. You can then assign tables manually to a suitable authorization group. To do this, start Transaction SM30 for maintenance view V_DDAT, and create an entry for each of these tables. In V_DDAT is stored the assignment of Tables/Views to Authorization Groups. V_DDAT is cross-client; therefore, it can be viewed and used in all clients.
  Note: If you don't make a selection, all tables maintained in Customizing transactions are assigned to authorization groups.
  Reward If Helpfull,
  Naresh.

• User authorization for goods receipt

  What are all the required user authorizations to perform an items goods receipt?
  Something in administration module authorizations is preventing a GRPO if "full authorization" is not given.

  Try Edit Document Tables.
  Thanks,
  Gordon

• How to check if the user has only the display authority of a message

  hi,
  How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
  Best regards,

  hi blake
  though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
  Basically Authorization Management 
  Use
  You can use the following authorization objects to control the authorizations for maintaining business partner data:
  •        Authorization objects for the Business Partner:
  •             B_BUPA_GRP
  •             B_BUPA_ATT
  •             B_BUPA_FDG
  •             B_BUPA_RLT•       
  Authorization objects for relationships:
  •             B_BUPR_BZT
  •             B_BUPR_FDG
  In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
  You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
  In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
  For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developer’s Handbook for the BDT under  Authorizations.
  IntegrationAuthorization management for the Business Partner forms part of the  SAP authorization concept.
  Prerequisites
  You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
  Moving over
  AS ABAP Authorization Concept 
  The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
  To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
  Authorization Checks 
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  •        Starting SAP transactions (authorization object S_TCODE)
  •        Starting reports (authorization object S_PROGRAM)
  •        Calling RFC function modules (authorization object S_RFC)
  •        Table maintenance with generic tools (S_TABU_DIS)
  Checking at Program Level with AUTHORITY-CHECK
  Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
  AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
  Starting SAP Transactions
  When a user starts a transaction, the system performs the following checks:
  •        The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
  •        The system then checks whether the user has authorization to start the transaction.
  The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
  •             The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
  •             If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
  If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
  •        The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
  The check is not performed in the following cases:
  You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
  This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
  •             You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
  •             So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to “Y” (using transaction RZ10).
  All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
  Starting Report Classes
  You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
  We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
  You must consider the following:
  •     •         After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
  •     •         There are certain system reports that you cannot assign to any authorization class. These include:
  •     •         RSRZLLG0
  •     •         STARTMEN (as of SAP R/3 4.0)
  •     •         Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
  •     •         Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
  Calling RFC Function Modules
  When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
  Checking Assignment of Authorization Groups to Tables
  You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
  You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
  please See also:
  •        SAP Notes 7642, 20534, 23342, 33154, and 67766
  guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
  but if u sit with ur BASIS guy then u can learn lot of things in PFCG
  i guess u r a basis guy,then its not a problem
  best regards
  ashish

• OSA - Authorisation Checks

  Hi all:
  In my client's appraisal form, only the employee can fill in the form. They will also have to specify their manager's name as the appraiser.
  I tried to use "Default Manager" BADI for my appraisal form. However, this is not a complete functionality because the appraisee can simply change the appraiser's name, after system defaults. There is no control on the appraiser chosen. I can even choose my subordinate as my appraiser, which is not correct.
  I know that in "Processing" tab, we can de-select "No Authorisation Check for Appraiser". This feature will check if the user (in my case, the appraisee) has authorisation for the appraiser etc. A few questions I would like to find out:
  1) Will this functionality meet my requirement?
  2) To use this functionality, do I need structural authorisation or just non-structural authorisation?
  3) Should i use BADI "Authority Check" instead, to cater to my requirement?
  Many thanks for your advice in advance.
  Thank you,
  Ash

  What is an authorisation checks?
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  ·        Starting SAP transactions (authorization object S_TCODE)
  ·        Starting reports (authorization object S_PROGRAM)
  ·        Calling RFC function modules (authorization object S_RFC)
  ·        Table maintenance with generic tools (S_TABU_DIS)
  How do we provide a basic authorisation check read for a employee? Could anyone help me with the path?
  Go to transaction PFCG and provide the role based authorization.

• Authorisation checks

  hello frnds
  I have a a document number and listbox on selection screen. There are 5 vales in listbox ( create, save, cancel, park, post), my program works according to the vale selected in listbox.
  Now i have to add authorisation check in it, means if some user does not have the role to cancel/create it then it shuld give the message ' you are not authorised to cancel/create it' and for other values in listbox.
  In other words i have to give authorisation according to roles.
  Kindly suggest how can i do it???
  regds

  Hi,
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  Starting SAP transactions (authorization object S_TCODE)
  starting reports (authorization object S_PROGRAM)
  Calling RFC function modules (authorization object S_RFC)
  Table maintenance with generic tools (S_TABU_DIS)
  The authorization objects S_TCODE, S_PROGRAM, S_RFC, and S_TABU_DIS are standard SAP provided.
  data: wa_tstc type tstc.
  parameters: p_tcode type tcode.
  authority-check object 'Z_TCODE'
  id 'ACTVT' field '03' " read access
  id 'ZTCODE' field p_tcode. " actual value
  if sy-subrc eq 0. " check authorization
  * fetch record
  select single *
  from tstc
  into wa_tstc
  where tcode eq p_tcode.
  write:/ wa_tstc-tcode,
  wa_tstc-pgmna,
  wa_tstc-dypno,
  wa_tstc-menue,
  wa_tstc-cinfo,
  wa_tstc-arbgb.
  else.
  * bad authorization
  write:/ 'Bad Authorization'.
  endif.

• Want Sap Business One Material

  Hi All,
  Please any body have Sap Business one Material to learn all Modules,authorizations,approvals,securities ect... on PDF file
  if any body have plzzz send it.
  Regards,
  Arbaaz.

  Hi Arbaaz,
  You may check this thread first:
  Re: B1 study materials
  Thanks,
  Gordon

• What authorization required to deploy module from NWDS 7.1

  Hi Experts,
  Need to deploy custom adapter module from NWDS 7.1 to PI server, Please help me to know exact access/authorization role required one developer to publish the module.
  I have gone through many blogs and thread but not able to find exact administrator role which help to deploy the custom module on PI server.
  Error I am getting in NWDS 7.1, while deploying module:
  Could not establish connection to AS Java on [<server detail>]. Authentication did not succeed. Wrong or missing security credentials (password) for principal [PIUSER], or the specified principal has no permissions to perform JNDI related operations.
  Regards
  Raghav
  Edited by: RaghavTiwari on Feb 4, 2012 8:25 AM

  Hi Raghav,
  Check this [SAP Help link|http://help.sap.com/saphelp_nw73ehp1/helpdata/en/43/1e1bbc5d9206fde10000000a422035/frameset.htm] for User Roles for Adapter and Module Development.
  Regards,
  Raghu_Vamsee.

• Authorization check on Function module return values

  Hi,
  I have a tricky situation. In our BW implementation, many of the FI infoobjects are authorization relevent. One of the objects is 0COSTCENTER.  A user has been assigned with authorization profile, in which the user is authorised for COST CENTER = A* and #.  All planning templates were working nice.
  We were on SP 12 earlier, now we upgraded to SP 20. Now came a issue, the user gets error that user is not authroised for the data. After our analysis, we found nothing wrong as such, so contacted SAP. They came back with a root cause
  In my planning function, an ABAP function module is used. The function module returns a COSTCENTER value. This return value is then assigned to a variable, this variable is of type 0COSTCENTER.
  SAP said there was a bug in their own design. The bug was, if the cost center value is directly used in planning function for other calculations, it will throw an authorization error.  But, if the COST CENTEr value is given to a variable and that variable is used for other calculations,  it works fine. Thats why it worked for us earlier.
  Now, they have removed that bug, so variables are also checked against authorizations and they said we need to either change the code or give * for the COST CENTER authorization.
  So we have a problem. It is not straight forward to give * for COSTCENTER in FI BW implementation. SAP theory is that they cannot say which value the functional module will return. So they will check against ALL the values for COSTCENTER but not the authorised values.
  Has anyone seen this issue before? is it only specific to planning function or its just ABAP concept? Any suggesations to come out this problem?

  Bindu, thanks,
  The error is coming at the program compile level itself i.e. before executing the planning group itself. As per the F1 help on forumla editor and from their support, the system reads all the reference data,  So when it sees the function module and its export parameter, it captures all the data for COST CENTER as reference data.
  Thus even I am sure that the return value will be always authorized, the reference data is checked for the full authorization. Thus its failing

• To overcome Authorization error while executing a Function module

  Hello Friends,
  In my custom workflow , I need to execute a validation  function module ( SAP standard ) in a dialog step  - Approval step.
  But the issue is approvers will not have authorization to the FM ( They have minimum authorization - Just to approver the custom workflow ) .
  So , I need to know is ther a option to execute the FM using another user ID ( a BATCH user ID ) .
  thanks
  Raghu V

  make the validation task before the dialogue step. a general task will run in background from user WF-BATCH and that wont need to authorization issue...  after completion of this validation you can go for the dialogue step i.e the approval step..
    |
  __u2193__
  | u25BA__| Validation task
    u2193
  __|___
  |_?u25BA_| User decision
    |
    u25CF_______
    u2193       u2193reject
    |
  approve

• NO Authorization error when accessing Functional module RH_CUT_OBJECT

  Hi,
  I am getting NO AUTHORIZATIOn error when I am executing SE37-->FUNCTIONAL OBJECT-RH_CUT_OBJECT.
  I also checked SU53 screenshot which says AUTHORIZATION CHECK SUCCESSFUL and there are no errors or missing authorizations highlighted in SU53.
  I switched on the TRACE-ST01 then also the error is not captured.
  I would like to know WHY am I getting NO AUTHORIZATION error.
  I am already having access to T-CODE SE37, SE11, SE80, SMARTFORMS and authorization object S_DEVELOP.
  I need to know this ASAP on why I am getting NO AUTHORIZATION error when I am trying to access the FUNCTIONAL MODULE RH_CUT_OBJECT whereas I am having all the required authorization required for ABAP Developer including SE37.
  Is it something I need change at ABAP code level.
  Please advise ASAP.

  The reason is ..You do not have acess to see/acess the data this FM is trying to acess ...Debug the function module keep a breakpoint at The Raise statement see which authorization you do not have ....BTW this is my guess you are trying to demilit certain objects /infotypes using this FM and delimit basically makes that object non-usable in that system  .So it is quite evident that every one will not have authorization for that .Please post in detail that what is it that you are trying to achieve using this function module .....
  Also you can check with debugging  which authority object is being checked before raising the message and can ask security team to get that added to your profile ....
  Thanks,
  Anjaneya

• RFC Lookup error :No RFC authorization for function module

  Hi All,
  I have created RFC in the PI system and enabled it as remote. I am working on PI7.1
  I have imported RFC into Repository.But when i am trying to execute RFC lookup function in the graphical mapping I am getting No RFC authorization for function module error.
  Unhandled RFC exception: <rfc:Z_MAIL_LOOKUP.Exception xmlns:rfc="urn:sap-com:document:sap:rfc:functions"><Name>RFC_ERROR_SYSTEM_FAILURE</Name><Text>No RFC authorization for function module Z_MAIL_LOOKUP.</Text><Message><ID>RFC_ERROR_SYSTEM_FAILURE</ID><Number>341</Number></Message><Attributes><V1>RFC_NO_AUTHORITY</V1></Attributes></rfc:Z_MAIL_LOOKUP.Exception> com.sap.aii.mapping.api.StreamTransformationException: Unhandled RFC exception: <rfc:Z_MAIL_LOOKUP.Exception xmlns:rfc="urn:sap-com:document:sap:rfc:functions"><Name>RFC_ERROR_SYSTEM_FAILURE</Name><Text>No RFC authorization for function module Z_MAIL_LOOKUP.</Text><Message><ID>RFC_ERROR_SYSTEM_FAILURE</ID><Number>341</Number></Message><Attributes><V1>RFC_NO_AUTHORITY</V1></Attributes></rfc:Z_MAIL_LOOKUP.Exception> at com.sap.aii.mappingtool.flib7.RfcLookup.cacheMore(RfcLookup.java:95) at com.sap.aii.mappingtool.tf7.rt.AMultiResIterator$MultiOutIterator.gotoNextContext(AMultiResIterator.java:95) at com.sap.aii.mappingtool.tf7.AMappingProgram.processNode(AMappingProgram.java:315) at com.sap.aii.mappingtool.tf7.AMappingProgram.processNode(AMappingProgram.java:406) at com.sap.aii.mappingtool.tf7.AMappingProgram.start(AMappingProgram.java:496) at com.sap.aii.mappingtool.tf7.Transformer.start(Transformer.java:133) at com.sap.aii.mappingtool.tf7.AMappingProgram.transform(AMappingProgram.java:626) at com.sap.aii.ibrep.server.mapping.exec.ExecuteXiMappingCommand.transformInternal(ExecuteXiMappingCommand.java:197) at com.sap.aii.ibrep.server.mapping.exec.ExecuteXiMappingCommand.execute(ExecuteXiMappingCommand.java:94) at com.sap.aii.ib.server.mapping.exec.CommandManager.execute(CommandManager.java:43) at com.sap.aii.ibrep.server.mapping.ServerMapService.execute(ServerMapService.java:40) at com.sap.aii.ibrep.server.mapping.MapServiceBean.execute(MapServiceBean.java:40) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at com.sap.engine.services.ejb3.runtime.impl.RequestInvocationContext.proceedFinal(RequestInvocationContext.java:43) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:166) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_StatesTransition.invoke(Interceptors_StatesTransition.java:19) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_Resource.invoke(Interceptors_Resource.java:71) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_Transaction.doWorkWithAttribute(Interceptors_Transaction.java:38) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_Transaction.invoke(Interceptors_Transaction.java:22) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:189) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_StatelessInstanceGetter.invoke(Interceptors_StatelessInstanceGetter.java:16) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_SecurityCheck.invoke(Interceptors_SecurityCheck.java:21) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.Interceptors_ExceptionTracer.invoke(Interceptors_ExceptionTracer.java:16) at com.sap.engine.services.ejb3.runtime.impl.AbstractInvocationContext.proceed(AbstractInvocationContext.java:177) at com.sap.engine.services.ejb3.runtime.impl.DefaultInvocationChainsManager.startChain(DefaultInvocationChainsManager.java:133) at com.sap.engine.services.ejb3.runtime.impl.DefaultEJBProxyInvocationHandler.invoke(DefaultEJBProxyInvocationHandler.java:164) at $Proxy1005_10002.execute(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at com.sap.engine.services.rmi_p4.P4DynamicSkeleton.dispatch(P4DynamicSkeleton.java:234) at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:351) at com.sap.engine.services.rmi_p4.server.ServerDispatchImpl.run(ServerDispatchImpl.java:70) at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:62) at com.sap.engine.services.rmi_p4.P4Message.execute(P4Message.java:37) at com.sap.engine.services.cross.fca.FCAConnectorImpl.executeRequest(FCAConnectorImpl.java:872) at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:53) at com.sap.engine.services.cross.fca.MessageReader.run(MessageReader.java:58) at com.sap.engine.core.thread.execution.Executable.run(Executable.java:108) at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:304) Runtime exception when processing target-field mapping /ns0:MT_FileDummy/File; root message: Unhandled RFC exception: <rfc:Z_MAIL_LOOKUP.Exception xmlns:rfc="urn:sap-com:document:sap:rfc:functions"><Name>RFC_ERROR_SYSTEM_FAILURE</Name><Text>No RFC authorization for function module Z_MAIL_LOOKUP.</Text><Message><ID>RFC_ERROR_SYSTEM_FAILURE</ID><Number>341</Number></Message><Attributes><V1>RFC_NO_AUTHORITY</V1></Attributes></rfc:Z_MAIL_LOOKUP.Exception>
  13:42:37 End of test
  Edited by: Rams on Apr 17, 2009 1:43 PM

  Hi! Rams,
  I think the issue is related to Authentification Issue..Even though u did correctly please check once the below
  1) Check any Typo Erros are there while configuring or giving names in Lookups.
  2) please check Authorizations like ID and PWD and Sufficient Roles
  3) Also please check did u given paramters correctly while doing RFC look up I mean paramers , Binding parameters and RFC channel name and adapter type or Simple type it must be an  adapter
  4) In ID part while configuring Interface determinaition you need to give your RFC look Up name there also..Hence check whether u given or not if yes correctly or not
  5) Also remember one thing if your scenario is correct mostly you can know the result in mapping itself it seems while testing Message mapping and Interface mappings give your RFC look up paramters in the parameters tab present in TEST tab and later in Document tab give Input...and execute it works if it doesn;t works and if there is an issue with RFC you can get there only..ok
  Also go through the below document::
  [https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/20befc9a-aa72-2b10-ae9b-b0988791d457]
  I hope this will give u brief idea...
  Also check with basis while taking SAP_ALL authorization so that first u ill came to know whether issue is related to authentification or RFC module itself remote enabled and also do SXI_CACHE also ocne to refresh ESR and ID objects..
  Regards::
  Amar Srinivas Eli

• Deactivate authorization checks in BSP or function modules?

  Hi all
  I have a BSP application that seems to use a standard function module that performs an unwanted authorization check on object M_MATE_VKO (Material check on sales organization)
  I know it is possible to globally deactivate authorization checks in certain SAP transactions (SU24)
  Does anyone know if there is a similar functionality for BSP applications or function modules? Any suggestions on how to deactivate such authorization checks in BSP applications?
  Regards
  Mike

  > I will also check with my developer if this function module has any return codes etc that can be useful for a custom authorization check. However, I thought these checks were all done within the function module and that it will only return a true/false authorization, sort of... and I am not sure it's a good idea to override all standard authorization checks in this function module
  Sometimes you can handle the messages, but your developer will be able to help you decide whether that is a good idea or not.
  Globally deactivating the object for the whole system is most likely not a good idea, as you seem not to want to grant it because you need it somewhere else...
  Deactivating all checks for the function module is probably not wise either, as I would think that it applies to the whole function group. Developers can do such things sometimes, but often it results in all end users being able to do the same.
  I know that proposal indicators can be set for function modules, but have not tried check indicators. Again, I suspect that it would apply to the whole function group.
  I would think that a carefull choice of function module and consulting with your functional guru about config which will not interfer with other requirements is the best route to take.
  I like threads like this. If I bump into a specific solution I will remember it. Try using the search here at SDN on the names of some of the FM's which you are considering - someone might already have solved it...
  Cheers,
  Julius

• Mass authorization for Property Manager (PN) module

  Hello,
  We are examining this module in a 12.1 environment and are wondering if there is a way to mass authorize Payment Schedule lines that will be exported to AP.  We are using a 3rd party system currently to manage 900+ leases and so far it looks like we would need to click the Approve button for each lease, and do so each month.  The authorize screen is found in the seeded responsibility menu path Leases and Documents->Payments->Authorize.  If there is not a seeded Concurrent request that is run, could one be easily developed?
  Thanks for any insight.
  Ryan

  Hi Ryan,
  You can run the seeded "Approve or Cancel Approval of Schedules" program to authorize/approve multiple schedules. Based on the parameters entered by you, qualifying draft schedules will be approved. You can use the same program to un-approve schedules (in case you inadvertently approve some schedules).
  After approving, you can either use the Export to Payables screen OR run the "Export Payment Items to AP" concurrent program to export eligible items to AP.
  Regards,
  Mukul