Implement new authorization object in MRBR (SU24)
Hi,
I'd like to add a new authorization check in transaction MRBR.
I tried with SU24 -> MRBR -> adding object M_RECH_BUK with "CM" check ID.
When testing : nothing appened (no check made).
After reading all SDN posts about SU24, i think i'd to implement an "authority-check" on M_RECH_BUK in MRBR coding. And i don't like this....
Do you think i can do this check in MRBR using user-exit ?
Thanks a lot for your response.
Etienne
Hi,
Below are the User-Exits for the T.CODE MRBR
Exit Name Description
<b>LMR1M001</b> User exits in Logistics Invoice Verification
<b>LMR1M002</b> Account grouping for GR/IR account maintenance
<b>LMR1M003</b> Number assignment in Logistics Invoice Verification
<b>LMR1M004</b> Logistics Invoice Verification: item text for follow-on docs
<b>LMR1M005</b> Logistics Inv. Verification: Release Parked Doc. for Posting
<b>LMR1M006</b> Logistics Invoice Verification: Process XML Invoice
<b>MRMH0001</b> Logistics Invoice Verification: ERS procedure
<b>MRMH0002</b> Logistics Invoice Verification: EDI inbound
<b>MRMH0003</b> Logistics Invoice Verification: Revaluation/RAP
<b>MRMN0001</b> Message output and creation: Logistics Invoice Verification
it is better if you write a Field exit on the Field <b>M_RECH_BUK</b>
For the Field exits,
http://www.sapgenie.com/abap/fieldexits.htm
http://www.sap-img.com/abap/field-exits-smod-cmod-questions-and-answers.htm
Thanks
Sudheer
Similar Messages
-
New Authorization objects When Adding New tcodes
Hi Guys
I have two Identical R3 Productiosn Systems One is Called Prd and the Othe RPP.
When Going into Pfcg on PRD and adding A tocde I.e Mi02. It already has mi01 and mi03.the authorization tab chnages from green to Yellow,.When Going into The Authorization Tab,( option change authoirazation tab), there aer new authoiration object that has a yellwo status and needs to be filled in.
When doing the same i.e go into Pfcg on RPP and adding A tocde I.e Mi02. It already has mi01 and mi03.the authorization tab chnages from green to Yellow,.But when Going into The Authorization Tab,( option change authoirazation tab), there are no new authorization object that has a yellwo status They are all greeen, but there are some with status updated.This looks right.
Am I doing anything wrong,.I have not tried to go into the authorizatin tab with the expert option.
Pls adviseHi Moods,
Did you check the objects before adding MI02?
Check with SU24 for objects in PRD and RPP if you have same objects then check as below.
Check what new objects are comming up in PRD.
Check for the Additional T-codes which are having the new objects which are populating in PRD. if you have additional T-codes in PRD, then their may be chances of new objects populating
If you check in authorization tab options with expert mode and choose merge with new data this might reslove the issue.
Cheers
Soma -
Add new authorization object for production order creation/change/display
As mentioned. I definded new authorization object using "Production scheduler" (Field Name : FEVOR) by SU20. then use SU21/SU24 to add authorization object for some transaction code such as COOIS. use PFCG maintain new role and assign a fixed production scheduler value and assgin transaction code COOIS to this role. create new user ID and assign to that role.
logon system with new ID, run COOIS. but system don't check new authorization object(production scheduler). who can tell me why it is and how i can add new new authorization object for standard transaction code?
Thanks.
Kevin.WUHi,
there is an icon of generation. just click there in PFCG and also in su21.
then add this object in new role.
Assign this role to user id
while assigning the role also there is a generation.
Please take a help of BASIS consultant also as this is entire a BASIS process.
Regards
Amit parkhi -
Adding new authorization objects to transactions
Hi experts,
i would like to add new authorization objects to specific transactions, for example the object K_CCA for checking the cost element in the transaction KB15N.
What do we have to maintain, except the transaction code with (SU22). What do we have to do with the program behind the transaction?
Is it "just" adding two line of code into the auth object check in the program, similar or like described for client specific ABAP-programs???
Any experiences on that?
Regards
FlorianHi,
First add the objects in DSO then in Info Cube.
Map the same with transformation.
Move the objects to production then DSO.
Load the DSO first. then delete the data from cube in production.
Now move the modified cube and transformation to production.
Now load the Cube from DSO.
No need to change any thing in existing query.
I hope this will help.
Thanks,
S -
Query on new Authorization Objects after Upgrade&SAP_NEW profile
Dear Experts,
We have upgraded our system from 4.5 to 7.0 version, i was checking what are the new authorization Objects introduced after upgrade comparing older system ojects. I got few objects which are new in upgraded system,
But when i check SAP_NEW profile, and in the latest profile SAP_NEW_7000 profile i can not see all those new Ojects which are new.
generally SAP_NEW should contain all new objects which come after upgrade? i can see those in SAP_ALL but not in SAP_NEW
is there any issue in system? how should I know and where should i check what are the new Objects come in upgrade,
Please advise.
Thanks#Regards,
VijayHi Jurjen Heeck ,
see my previous post
I did 'nt get this.
SAP_NEW is your friend here
does the SAP_NEW profile contains all the new authorization Objects.
Regards,
Anthony -
Addition of New Authorization Objects in DMS
Dear All,
How to add new authorization objects in DMS?
For ex: I have defined Projects in additional data through class/characterstics, now i want to bring that field in to authorization control and want control document creation with respect to characterstics values(Projects).
Looking for documents or step by step procedures
Kindly help me.
Thanks in advance
[email protected]Hi
Im not so sure but you can create an Auth Key using BS52
You can add it to Auth obj of Class/ characteristic
You can get a list of auth obj in SUIM
Niranjan
Let me know if it helps...!!! -
When to create new authorization objects
Hi Experts,
I am learning SAP Security.
I have one question , what is the necessity of creating new authroization field and object , when SAP gives a huge list of objects /fields.
Is there any reason behind like, whenever a customised transaction is created, a new authorization object or filed has to be created?
Regards,
RekharajTrick is to find not only a standard authorization object with the same field you are looking for, but an object already assigned to the users with those roles with the same semantic for all it's fields - so that you can simply reuse the existing concept which is also assigned to the sets of users.
Often you will find "base" function modules and classes you can use to do all that work for you. Just call them at the correct location in the code and dont forget to check the return code and react to it.
If you use BAPI APIs to access or process data, then many of them make these same semantically correct checks "out of the box".
Cheers,
Julius -
New Authorization Objects for latest releases
Dear Colleagues,
Do you happen to know how to find out the objects that should be added when using a role from a previous SAP version in a new one. That is, we have imported a role from a previous SAP version into our system and would like to update it with the latest objects. How should I find out which are the new objects?.
Thanks in advance for your help.
Best regards,
CMPTCharles,
If you role has transactions in the menu the new authorization objects will be pulled in when you go to change the authorizations (select read old and merge with new under expert mode).
If the transactions are not in the menu you will need to do a compare of the usobt_c and usobx_c between the old and the new system.
During new auth objects analysis is performed via transaction SU25.
Cheers,
Ben -
New Authorization Objects after system upgrade
Hi All ,
I require the list of all new Authorization Objects that have been added to the system after System Update.
Regards
Anthony D'souzaHi Jurjen Heeck ,
see my previous post
I did 'nt get this.
SAP_NEW is your friend here
does the SAP_NEW profile contains all the new authorization Objects.
Regards,
Anthony -
New Authorization Object within Role
hi everybody,
does anyone know how can i get New Authorization Objects for any Role for the new release that did not exist in the same Role from former release?
tables AGR_1250 and AGR_1251 do not show if object is new for this role. they only show if object is new itself.
thanks a lot,
javier rubiopandu,
se54 is not related with this topic.
thank you very much for your answer, very hepful -
Creation of a new Authorization object
Hi ,
I need to create a new Authorization group and add three existing tables to it.
Kindly suggest a way.
Regards.Authorization Field
Smallest unit in an authorization object. An authorization field either represents data, such as a key field in a database table, or activities, such as Read or Create. Activities are specified as identifiers, which are stored in the database table TACT and the customer-specific table TACTZ.
Maintenance using transaction SU20.
Authorization Object
Repository object that forms the basis for authorizations. An authorization object comprises up to 10 authorization fields. The combination of authorization fields, which represent data and activities, is used for authorization assignment and to check authorizations. Authorization objects are grouped together in authorization classes.
Maintenance using transaction SU21.
Authorization
Enter in the user master record or part of an authorization profile. An authorization comprises complete or generic values for the authorization fields in an authorization object. The combination determines the activities with which a user can access certain data.
Maintenance in transaction SU03 or generation from transaction PFCG (profile generator for role maintenance).
Authorization Profile
Grouping of several individual authorizations or further authorization profiles. Can be entered in the user master record instead of individual authorizations. An authorization can be assigned to authorization profiles as often as you wish.
Maintenance in transaction SU02 or generation from transaction PFCG (profile generator for role maintenance). -
How to Use new Authorization Objects
Hi guys i need to implement the new schema of authorizations and i have created an authrization and add the 0comp_code characteristic (previously i set i it up as authorization relevant) and i need to add the restrictions for infoprovider but i need to add the new infoobjects 0TCAIPROV, 0TCAACTVT, 0TCAVALID, but this infoobjects i ve activated are not authorization relevant and i am not using them in any infocube, thats the reason why i cant use them in an authorization.....
Do i need to add them in my infocube or theres another configuration in order to use them?
RegardsHello Oscar,
You do not have to add the 0TCA* characteristics to your InfoCube. Instead you have to set these characteristics to authorization relevant. Then everything should work as intended.
General information on how to use the new analysis authorizations can be found here: https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144
Kind regards,
Stefan -
Authorization objects in web dynpro ABAP and SU24 transaction
Hi,
I have created a new authorization object to check a storage location for certain activities. I have added the authorization object in a specific web dynpro ABAP and I have created a new role in PFCG for my web dynpro ABAP.
The organization level for storage location is not recognized in PFCG. Someone told me I have to maintain my authorization object in SU24 as it is done for transaction.
I wanted to maintain my web dynpro in SU24 but I found no way to do that.
It seems that we can maintain authorization for TADIR service and in those services there is R3TR WDYA but when I use the search help for OBJ_NAME I don't find may web dynpro ABAP. I suppose I have to create a TADIR service for my web dynpro ABAP or something like that but I don't know how to do ?
Does anybody know how to deal with specific authorization in web dynpro ABAP and t ohave the organizational level recognized in PFCG.
Thanks for your help,
EmmanuelHi,
Please RUN the function module as "AUTH_TRACE_WRITE_USOBHASH" with following parameter
R3TR
"custom webdynpro application"
SERVICE TYPE and Service can be kept blank
after this try SU24 it will be available in SU24 list.
Thanks & regards -
How to add custom authorization object to a SAP standard transaction
Hi All,
I have a standard tcode IW22 (change PM Notification) and I would lock changing when some users modify the field Functional Location (field TPLNR).
Since this field does not have an authorization object associated, I've tried to solve this problem with the following steps:
- tcode SU20 - creation of new authorization field TPLNR with data element TPLNR
- tcode SU21 - creation of a new auth object in transaction SU21 with name ZPM and field (TPLNR, ACTVT and TCOD)
- tcode SU24 - insert of new authorization field e check indicator (green)
- tcode SU22 - check indicator - check (green)
After this we have created a new role with PFCG and add transaction IW22; the new auth.ZPM was added manually.
We have try to analyze log (ST01 trace) but it seems no check was made in the trace file.
It seems new authorization object was not checked.
My question is: "Is it possible to add a custom authorization object into standard transaction and implementing authorization check without writing abap code in exit or badi ?"
Thanks
Maurizio> My question is: "Is it possible to add a custom authorization object into standard transaction and implementing authorization check without writing abap code in exit or badi ?"
>
No .. not possible. The list of Auth. objects SAP proposed in SU24 for each Stnd. SAP TCodes are basically documentation of the Authority-Checks in the program for that TCode. The extra advantage of SU24 is to set the object status (means the proposal for availability in PFCG) among any of the four check indicators. So that we can provide our own value (customer specific values which are basically defined and separate from sap provided values) and reinforce the authorization concept of the organization.
So you need to provide a Authority-Check for ZPM in the program of IW22 to make sure that the fields you want to be checked are really being checked during execution of the tcode.
Regards,
Dipanjan -
Hi all,
I have created a custom authorization object to define a data security based on the Company code field.
These are the steps I did:
- I create a new authorization object containing the Company code field (BUKRS).
- I create a new role with this authorization object, and I have assigned a specific value to the Company code field.
- The role contains also the standard authorization object HR Master data which contains the field: infotype, personnel area...
- I have assigned the new role to a user and I have executed a report, but I had not the expected result.
- I had assigned the custom authorization object to the report transaction through SU24 and SU22, but I had not the expected result.
As expected result I was expecting that the data are filtered based on the Company code I put in the authorization field.
Any idea about the problem?
thx!Please check that you have followed all of the steps listed here when creating your object:
<a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/9e/74ba3bd14a6a6ae10000000a114084/content.htm">http://help.sap.com/saphelp_erp2005vp/helpdata/en/9e/74ba3bd14a6a6ae10000000a114084/content.htm</a>
- April
Maybe you are looking for
-
JDeveloper 10.1.3.2 - Nullpointer in Embedded OC4J Preferences
When I want to have a look at the jazn-data file holding the users and policies I'm getting the followin error in the dialog-screen: java.lang.NullPointerException at oracle.jdevimpl.xml.oc4j.jazn.PolicyPanel.onEntry(PolicyPanel.java:38) at
-
I addesd a lot of songs in my itunes, now when I synced my ipod this message appear "elma's ipod cannot be synced because there is not enough free space to hold all the items in the itunes library (additional 382m is required). Then I uncheck a lot o
-
My creative Cloud desktop app just keeps spinning and I can't sync my computers
I have been trying to sync my desktop to my laptop and my creative could app just keeps spinning and spinning. Internet works. I am signed in. When I say to sync now, it take a long time and goes through the process and then says it can't connect
-
Assign partner determination procedure to Item Category/Sales document type
Hello All, How can I assign a partner determination procedure to an item category or sales document type? That field is disabled in item category config step. Please suggest. Thanks, lavanya
-
How to pass arguments to a java program.
I want to pass a file name to java program while it is going to execute. ex: c:\>java <.class> <filename> so that i have to take that filename into a string. Is it possible? If it is possible please help me. and how can i check whether the filename a