Manually added Authorization object

Similar Messages

• Manually added auth objects and Derived roles

  If there are manually added auth objects in the parent role do they come across to the derived roles?
  Also if you manually added auth objects into a derived role will they be overwritten by the parent role if you auto derive from the parent role?

  yes, any auth objects will come across to derived roles when you click 'generate derived roles'  from your parent role. basically its copying your parent role authorizations to derived roles  except org. level data( if you had maintained them thru 'org. maintainence' button and not adding in individual objects).
  yes. manually added auth objects in your derived roles will be overwritten by the parent role authorizations when you click 'generate derived roles'  from your parent role.
  if you just derived the role menu and din't copy the authorizations(generate derived roles) then there will not be any interlink between the parent and derived roles for authorizations.
  http://help.sap.com/erp2005_ehp_02/helpdata/en/1c/c38028816c11d396bc0000e82de14a/content.htm

• Adding authorization objects to Report Painter reports

  Hello Everyone,
  Is there way to add authorization objects to report painter reports ? I know it is possible to add auth group at the header level but I need to limit access at run time to specific objects, say for example, Cost Center. Is this possible ?
  I have seen the Get_Reporter.pdf document and it seems to discusses adding auth group but not auth objects.
  Thanks in advance.
  Dorothy

  hi
  good
  use this tcode to create authorization
  SU21  Maintain Authorization Objects
  this link ll give you idea to create the authorization object for the report painter.
  http://www.virtuosollc.com/PDF/Get_Reporter.pdf
  Award points if helpful.
  thanks
  mrutyun

• Adding authorization object for "Function Group"s ?

  Is it possible to add any authorization object for any function group ?
  We have an issue i.e. whenever user "XYZ" is getting some Windows Excel related error whenever trying call an excel report from BW server. System log related to "XYZ" user shows that -> User "XYZ" has no RFC authorization for the function group "ABCD". The RFC authorization object is S_RFC.
  Function Group you can check through SE37->GoTO->Display Function Group
  Now is it possible to add authorization for any "Function Group" ?

  You give authorisation for all function groups by giving auth object S_RFC a * value in field RFC_NAME
  However I do not recommend this as giving wide access to RFC's can bypass a lot of the security you have implemented for the users.
  In this case, add only the function group that the user requires in this instance into S_RFC

• Assigning authorization through assigning authorization objects

  hi all,
  can anybody tell me the whole procedure for assigning authorizations by assigning authorization objects from the scratch along with the example with guide for assigned authorizaon using this method.b'coz this is the requirement of our organization.
  I mean to say assign authorization manually without assigning trnsaction codes.
  suggestion are always accepted.
  if you want to send me the documents then my email id is [email protected]
  thanks in advance,
  waiting for reply............
  hardik patel.

  hi kumar,
          thanks for your help.
          ok i got it and i agree that i can find the authorization object by your suggested way.
      now my point is that i find that this perticulat object is corresponding to this particular trnsaction code. now if i want to aloow only four transaction code out of all transaction codes belongs to that authorization objects. so, for this how can i maintain authorization for this authorization objects.
  It means on " Change authorization tab" it shows fields of that added authorization objects. so what values should i give to those fields so that i can allow only particular transaction codes which i want. so, how can i determine these values for allowing particular transaction codes, not all transaction codes. can you guide me regarding this?
  Please help me regarding this?
  thanks for your support,
  waiting for your reply...............
  Regards,
  Hardik Patel.

• Obsolete authorization objects in APO

  Hi Experts,
  I have to create one role in APO in which I have to manually insert authorization objects.When I try to do so, for some authorization objects I get error message "Authorization object is obsolete" and the authorization object does not get inserted.This might have happened because of upgrade.
  Is there anyway to determine how to find authorization object corresponding to obsolete authorization objects in upgraded system?
  Edited by: AnikaGupta on Dec 20, 2011 1:41 PM

  Hi
  I don't have much experience with APO security specifically or with regards to do what do with obsolete objects; but in general - I would say that obsolete auth object's description/documentation would provide hints to the object which should replace the object in context (for example object S_XMB_DSP). I would like to ask as to why are you trying to add this object manually - accepting if its an exception/necessary but see if you can resolve it by t-code addition in menu and checking what all auth objects are pulled - and building a solution based on SU24 proposals (depends if the obsolete object is called for this transaction in SU24 - maybe it does not)  -  if its an obsolete object you might want to edit its status in SU24 as do not check (apart from basis/hr objects)
  Best Regards
  Prashant

• Authorization Objects in BI 7

  Hi
  PFGC>Role>Authorizations (Tab)>Change Authorization Data>Manually Enter Authorization Objects.
  Where can I Create the required Authorization Objects and view the definition of existing Authorization Objects in BI 7
  Thanks

  Hi,
  The t-code to main the authorization Object in BI is rsecadmin.
  Here you can create the object according to your requirement.
  You can check the missing authorisation object by running the t-code
  su53.
  You can either add the auth object directly in su01 ,user master data
  or You can do the same in PFCG.
  Could you please explain your requirement in more detail.
  Thanks,
  Saveen Kumar

• Assign authorization objects

  HI ,
  1. When i create new set of WS do i need to create to them authorization object ?
  2. if i create new set of users from scratch in the system and i want to provide to them one role that
  I create and contain for instance all the report and transaction that i want to provide,
  do i need to add to them another authorization objects ?
  3. if i create authorization object in the system how i add it to certain role ,i don't see these
  option in PFCG.
  Best Regards
  Michael

  HII,
  Yes u can aad  other authorization object to the existing role if the role needs it because user is unable to perform any task releated to it because of missing authorization object after seeing it in su53 because sometimes tcode assigned but corresponding authorization is not added by system automatically this creates prob for the user to perform task as far as adding up an authorization object u can added it  throught su24 or pfcg in pfcg u need to click on manuaally option u can added upto 8 authroziation objects and if u want to added it through su24 u click on add authorization object feild
  but never forget to save and generate the profile after adding authorization object and also do user comparsion and complete comparsion so this object gets added to the role
  byeeeeeeeeeeee
  takecare

• Manual assignment of object into Transport request

  Hi Experts,
  Very recently I saw in my developement system that one object ( ABAP Report ) has been assigned directly to the Transport request number not into the task number . I have also checked that the object is not locked into TR which should be normally locked.
  My Question is that how it is possible and is their any advantage / disadvantage to follow this type of way ?
  Also if another user wants to change the same report , then will another new TR be generated or new task of same TR be generated ?
  Thanks in  adv. Waiting for youe kind response.
  Thanks.
  A Miter.

  Arit,
  Ideally the objects should get included in a TR when we change/create a object assigned to a package.But while manually adding an object to a TR one needs to be sure about the PROGRAM ID and OBJECT TYPE of that object and the rest of the subobjects related to it.If we manually add an object in a TR there is a chance that the related subobjects will not get transported.
  So.the best way is only to get the objects added to the TR automatically while creating the TR.But,sometimes it will be helpful if we know the mechanism of adding the objects in the TR manually.Sometimes
  Thanks,
  K.Kiran.

• Adding new authorization objects to transactions

  Hi experts,
  i would like to add new authorization objects to specific transactions, for example the object K_CCA for checking the cost element in the transaction KB15N.
  What do we have to maintain, except the transaction code with (SU22). What do we have to do with the program behind the transaction?
  Is it "just" adding two line of code into the auth object check in the program, similar or like described for client specific ABAP-programs???
  Any experiences on that?
  Regards
  Florian

  Hi,
  First add the objects in DSO then in Info Cube.
  Map the same with transformation.
  Move the objects to production then DSO.
  Load the DSO first. then delete the data from cube in production.
  Now move the modified cube and transformation to production.
  Now load the Cube from DSO.
  No need to change any thing in existing query.
  I hope this will help.
  Thanks,
  S

• New Authorization objects When Adding New tcodes

  Hi Guys
  I have two Identical R3 Productiosn Systems One is Called Prd and the Othe RPP.
  When Going into Pfcg on PRD and adding A tocde I.e Mi02. It  already has mi01 and mi03.the authorization tab chnages from green to Yellow,.When Going into The Authorization Tab,( option change authoirazation tab), there aer new authoiration object that has a yellwo status and needs to be filled in.
  When doing the same i.e go into Pfcg on RPP and adding A tocde I.e Mi02. It  already has mi01 and mi03.the authorization tab chnages from green to Yellow,.But when  Going into The Authorization Tab,( option change authoirazation tab), there are no new authorization object that has a yellwo status They are all greeen, but there are some with status updated.This looks right.
  Am I doing anything wrong,.I have not tried to go into the authorizatin tab with the expert option.
  Pls advise

  Hi Moods,
  Did you check the objects before adding MI02?
  Check with SU24 for objects in PRD and RPP if you have same objects then check as below.
  Check what new objects are comming up in PRD.
  Check for the Additional T-codes which are having the new objects which are populating in PRD.  if you have additional T-codes in PRD, then their may be chances of new objects populating
  If you check in authorization tab options with expert mode and choose merge with new data this might reslove the issue.
  Cheers
  Soma

• Authorization object for manual condition type in sale order

  Hi experts
  I want ask them, If exist an authorization object for manual Condition type (KOMV-KSCHL) in the sales order (VA01/VA02), that the user don' t can create neither modify the sale orden with a specific manual condition type (payment term) by stardard way.
  Best regards
  John Angulo

  HI John,
  I would be surprised to know that someone uses the Payment terms as a condition in the Pricing procedure for sales orders. The payment terms define when the customer agrees to pay, (15, 20, 45 ,....days or 5 years or 10 years....whatever it be)
  this detail for what i know is in the sales order header,and ideally has nothing to do with the Item level material price conditions.
  its ok, If you mean something else by payment terms.....in principle you can have a conditon type restrcited such that manual entries on the condition are not possible. this cane be done in SPRO customizing, i am sure your functional consultants would know what to do (SPRO->Sales and Distribution->Basic Function->Condition Types), in the tab "Changes that can be made" have a value that says manual Processing is not allwowed
  The ABAP route mentioned above is for a different scenarion and i dont think it is necessary for your requirement

• Manually added Values in the info-object

  Hi there,
  I have manually added 1 value in the info-object.
  But if I view in the P table I am not able to find it.
  But I am able to find this value in the SID table.
  When I do my dropdown in the query selection screen, it does not show me this value what I manually created and when I just enter this value it gives me error as invalid value.
  Please advise.
  Many Thanks,
  Kate

  Hi AHP,
  I have done both of them.
  But still the same result ? Any further suggestion ?
  kind regards
  Kate

• Authorization object creation manual method

  hi gurus
  I have a requirement to create authorization objects for my project. The scenario is, we have a query which gives the profit center data on a weekly basis.the users for this report are the project management people. we have not created the project management hierarchy, but presently supposed to use a role as Project Management. We have a set of users for this Project Management role.
  Now based on this scenario i am supposed to create the authorization objects.
  can anybody suggest me the right step by step method for creating the authorization objects.
  I would like to have steps as what i need to do in RSD1, in PFCF, in RSSM and in the BEx.
  you answers will be rewarded accordingly
  thanks in advance
  regards
  vijaykumar

  hi!
  1) identify the infoobject which must have restricted access. I think it is Profit Center in your case or may be PSP element
  2) in infoobject maintainance screen check Whether it is marked as Authorization relevant(RSD1)
  3) goto RSSM and create a new authorization object and add your infoobject to it.
  4) in PFCG role maintainance screen add create a new role Project Management and addt eh users to it. under the authorizations tab go to maintaina authorizatioons and add your authorization object that you create in RSSM. and maintain the correct values with in it.
  with regards
  ashwin

• How to add custom authorization object to a SAP standard transaction

  Hi All,
  I have a standard tcode IW22 (change PM Notification) and I would lock changing when some users modify the field Functional Location (field TPLNR).
  Since this field does not have an authorization object associated, I've tried to solve this problem with the following steps:
  - tcode SU20 - creation of new authorization field TPLNR with data element TPLNR
  - tcode SU21 - creation of  a new auth object in transaction SU21 with name ZPM and field (TPLNR, ACTVT and TCOD)
  - tcode SU24 - insert of new authorization field e check indicator (green)
  - tcode SU22 - check indicator - check (green)
  After this we have created a new role with PFCG and add transaction IW22; the new auth.ZPM was added manually.
  We have try to analyze log (ST01 trace) but it seems no check was made in the trace file.
  It seems new authorization object was not checked.
  My question is: "Is it possible to add a custom authorization object into standard transaction and implementing authorization check without writing abap code in exit or badi ?"
  Thanks
  Maurizio

  > My question is: "Is it possible to add a custom authorization object into standard transaction and implementing authorization check without writing abap code in exit or badi ?"
  >
  No .. not possible. The list of Auth. objects SAP proposed in SU24 for each Stnd. SAP TCodes are basically documentation of the Authority-Checks in the program for that TCode. The extra advantage of SU24 is to set the object status (means the proposal for availability in PFCG) among any of the four check indicators. So that we can provide our own value (customer specific values which are basically defined and separate from sap provided values) and reinforce the authorization concept of the organization.
  So you need to provide a Authority-Check for ZPM in the program of IW22 to make sure that the fields you want to be checked are really being checked during execution of the tcode.
  Regards,
  Dipanjan