ME21N Material group level authorization is not working in ECC 6.0
Dear Security Experts,
We have created a role Z_ME21N with one Tcode ME21N. The role has to restrict users in the material group level.
For that, we added Authorization object M_MATE_WGR.
1. When we are trying to add field values for {M_MATE_WGR, BEGRU}, generally it should show me the list possible values to be used based on the MM configuration related to Material Authorization Group. We have correctly configured the authorization groups from V_TBRG for M_MATE_WGR. But itu2019s not showing any possible values.
2. However we are able to add values manually, but I guess these are not being considered during authorization check and our restriction on Authorization group level in ME21N is not working.
Test Scenario: We have manually added values 005,007,009,010,013 (which is pointing to specific material group) to BEGRU of M_MATE_WGR. We already assigned this Authorization Object to role Z_ME21N and this role has been assigned to u2018testuseru2019, but the authorization check with the M_MATE_WGR authorization group is not happening. It allows operations on all the material groups.
Anybody came accross same scenario?
SAP Prodcut version : ECC 6.0
Database : SQL Server 2005
Support pack level : 15
Please share your views, thanks in advance.
Regards,
Abu Sandeep
Dear All,
I got a reply just now from SAP regarding the same issue.
I coudnt understand what SAP and you are saying.
Dear Abu
*Apologies for the delay. This message has been turned on to application*
*area of MM from the Basis side just now.*
*Unfortunately, authorization object "M_MATE_WGR " is not checked*
*in the purchasing transactions (PR & PO), the system works as standard*
*functional designed.*
*Only the following objects are checked in PR/PO:*
*M_BEST_BSA Document Type in PO M_BANF_BSA Document Type in PR*
*M_BEST_EKG Purchasing Group in PO M_BANF_EKG Purchasing Group in PR*
*M_BEST_EKO Purchasing Org. in PO M_BANF_EKO Purchasing Org. in PR*
*M_BEST_WRK Plant in PO M_BANF_WRK Plant in PR*
*Setting in check/maintain on in SU24 only means that the profile*
*generator will propose the object when creating a user, however is*
*does not mean that M-MATE_WGR will be checked.*
*Please close this message by pressing the confirm button at your*
*earliest convenience.*
*Many thanks in advance for your understanding.*
So, how can I resolve this problem? John, are you sure that, you implemented this successfully?
SAP says, this cant be done.
Regards,
Abu Sandeep.
Similar Messages
-
BW Field level Autorizations are not working in the WEBI Reports
Dear All,
1. I have created Authorization roles with Infoobjects Authorization Objects.
2. In Bex Query Authoizations are working on the Infoobjects like for
Ex: For USER1 I have given Company code = 1000 &
User 2 I have given authorization for 1100.....
3. Import those roles into Business Objects-CMC.
4.Users were Imported.
But in the WEBI Reports BW Field level Authorizations are not working i.e for USER1 authorization for Company code is 1000 , in WEBI report it is showing all the Company codes data for USER1.
For USER2 also showing all the data in the WEBI report.
Plz help me on this issue.
Thanks,
Kiran ManyamHi,
For Authorization to work in BO you can check the following:
1. You need to create authorization variables in your BEx query.
Also these variables should not be input ready.
2. While creating universe in BO you need to select "Single Sign On" option available in the parameters iwhile creating a new
connection.
Regards,
Rohit -
For MTO scenario,multi level bom is not working sap afs pp
Hi Experts,
We are implementing MTO scenario for our client. I have maintained strategy group for FERT is 40 and strategy group for HALB and ROH are 20.
For single level BOM , requirements is not getting generates properly.
I would like to know What are all the settings is required to create AFS BOM.(single and multi level)
Please suggest me.
Thanks & Regards,
Deepika.Hello Deepika,
As we know AFS materials are planned at SKU level (Grid and stock categories) you can use AFS MRP (/N/AFS/MD02) only.
Please refer OSS note Note 981747 - FAQ - AFS Production Planning
Question 5 Made-To-Order Planning -Multi-Level (MD50) does not work for AFS Materials and Sales Orders containing AFS materials.
Answer: Made to Order Multi level planning functionality was never enhanced for AFS and hence transaction MD50 is not supported.
Steps are as,
1. Create a MTO/PTO sales order for an AFS material.
2. Run AFS MRP using transaction code /AFS/MD02.
3. Convert the planned order to production order.
Best Regards,
R.Brahmankar -
Multi Level BOm is not working in SAP afs
Hi Experts,
I am facing issue in MRP.For multi level bom's ,Requirements is not getting generates.Is there any settings is there to active multi level bom for afs materials.
please suggest solution
Thanks and Regards,
Deepika.Hello Deepika,
As we know AFS materials are planned at SKU level (Grid and stock categories) you can use AFS MRP (/N/AFS/MD02) only.
Please refer OSS note Note 981747 - FAQ - AFS Production Planning
Question 5 Made-To-Order Planning -Multi-Level (MD50) does not work for AFS Materials and Sales Orders containing AFS materials.
Answer: Made to Order Multi level planning functionality was never enhanced for AFS and hence transaction MD50 is not supported.
Steps are as,
1. Create a MTO/PTO sales order for an AFS material.
2. Run AFS MRP using transaction code /AFS/MD02.
3. Convert the planned order to production order.
Best Regards,
R.Brahmankar -
Search help of material is not working in ECC 6.0 : Urgent
Hi Friends,
I am using ECC 6.0. I have a problem in search help of material by plant. In the search help of material (choosing the tab plant material by descriptions), if i give any plant which is 3 chars long (exp. ABC) it is giving correct combination of plant material. But if i am giving a plant which is 4 chars long (exp ABCD) it firing a message saying no values found, although the combination exist. (if i am giving only material name it is showing both 3 chars and 4 chars long plant).
for ref: please use transaction MD04 and press f4 in material field and choose tab "plant material by descriptions", and give 3 chars and 4 chars long plant.
please help me to trace the problem or any OSS note.
correct answer will be awarded.
I will appreciate to not giving code of search helps because it is a standard SAP functionality that is not working.
Regards
KrishnenduKrishnendu,
Please check your SAPGui frontend i think you are using 7.10 patch level 3.? if not try with some other system that have 7.10 patch level 3.
a® -
Level Based Measures not working
Hi,
I've put an LBM at the second Level (Region) of a Dimension called GeographicDIM.
the Dimension looks like:
Total, Region, Country
The LBM is called #Customer_ID_Region, created as new a Logical column of an existing logical Column of my Fact, aggregation.
If I create a Report with Region, Country, the LBM is correct. then I add another logical Column from the FACT, eg. Revenue_SUM, or Customer_key_Count, the LBM isn't frozen any longer.
This happens also if I switch place any LBM to an other Dimensions.
What could it be?
Thanks in advance
FrankHi,
the Problem is still not fixed.
A LBM at the Grand Total Level works great. If I set a LBM to a Level below its not longer frozen if I add any Fact.
Here is the SQL-Statement generated if I do the following:
I created one LBM and set it to the Grand Total and another one set it to a Level below (Region).
select D1.c1 as c1,
D1.c2 as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5,
D1.c6 as c6
from
(select D1.c1 as c1,
D1.c2 as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5,
D1.c6 as c6
from
(select D1.c2 as c1,
D1.c4 as c2,
D2.c1 as c3,
D1.c1 as c4,
D1.c3 as c5,
D1.c5 as c6,
ROW_NUMBER() OVER (PARTITION BY D1.c2, D1.c4, D1.c5 ORDER BY D1.c2 ASC, D1.c4 ASC, D1.c5 ASC) as c7
from
(select D1.c1 as c1,
D1.c2 as c2,
D1.c3 as c3,
D1.c4 as c4,
D1.c5 as c5
from
(select sum(D1.c1) over (partition by D1.c2) as c1,
D1.c2 as c2,
sum(D1.c3) over (partition by D1.c5, D1.c2) as c3,
D1.c4 as c4,
D1.c5 as c5,
ROW_NUMBER() OVER (PARTITION BY D1.c5 ORDER BY D1.c5 ASC) as c6
from
(select count(distinct T196.MASTER_CUSTOMER_KEY) as c1,
T1365.REGION as c2,
count(distinct T196.MASTER_CUSTOMER_KEY) as c3,
T1365.COUNTRY_NAME as c4,
T1365.COUNTRY_CODE as c5
from
GEOGRAPHIC_DIM T1365,
SALES_FACT T196
where ( T196.COUNTRY_CODE = T1365.COUNTRY_CODE )
group by T1365.COUNTRY_CODE, T1365.COUNTRY_NAME, T1365.REGION
) D1
) D1
where ( D1.c6 = 1 )
) D1,
(select count(distinct T196.MASTER_CUSTOMER_KEY) as c1
from
SALES_FACT T196
) D2
The Grand Total LBM shows the correct Data, the Region-LBM not.
The Region-LBM is not calculated in a separate statement.
I don't know why? -
Material Type restriction for M_MATE_MAR not working
HI all,
I want to restrict a user to only use the Material Type Waste ABF, but its not working.
Secondly , the Auth Object M_MATE_MAR, is also part of other roles which have this Auth Object.
Can you experts please suggest what to do.
ThanksAdnan,
> I want to restrict a user to only use the Material Type Waste ABF, but its not working.
> Secondly , the Auth Object M_MATE_MAR, is also part of other roles which have this Auth Object.
So that's the explanation.
Authorizations in a SAP system are additive, means, you can't create one profile including all and another trying to restrict that "all" to less. You have to create a separate profile for specific requirements (in your case e. g. none but type WASTE ABF) and assign that.
This is, btw., the wrong forum - use the security forum for those types of questions.
Markus -
GPP item-level targeting filter not working as expected
I am trying to set the Internet Explorer homepage via user Group Policy Preferences (GPP) registry setting for a very specific group of users. I am using item-level targeting to accomplish this but am having trouble getting the logic working as expected.
Here is my item-level targeting filter:
The user is a member of the security group CONTOSO\FireRescueDept
AND this collection is false
The user is a member of the security group CONTOSO\EmergencyManagementDept
OR the user is a member of the security group CONTOSO\PublicSafetyDivision
The user in question is a member of both CONTOSO\FireRescueDept and CONTOSO\EmergencyManagementDept. I believe this means that this particular registry GPP setting should NOT apply to the user in question and that is the outcome I desire.
Here is how I'm thinking about it:
The user is a member of CONTOSO\EmergencyManagementDept; therefore, "The user is a member of the security group CONTOSO\EmergencyManagementDept" evaluates to TRUE.
Since the other item in the collection is connected with the boolean OR operator, the collection evaluates to TRUE regardless of the evaluation of "The user is a member of the security group CONTOSO\PublicSafetyDivision."
The item-level targeting filter is looking for the collection to evaluate to FALSE. Since the collection has evaluated to TRUE, the evaluation "This collection is false" is FALSE.
Because of the AND operator in front of "This collection is false", both "The user is a member of the security group CONTOSO\FireRescueDept" and "This collection is false" must evaluate to TRUE in order for the item-level targeting
filter to determine that the user in question to apply the GPP setting the filter is attached to. However, since "This collection is false" has already evaluated to FALSE, the filter as a whole should evaluate to FALSE and this GPP setting
should not apply.
However, according to gpresult it does apply.
Please advise. I want this particular setting to apply to users in the CONTOSO\FireRescueDept group unless they are a member of CONTOSO\EmergencyManagementDept and/or CONTOSO\PublicSafetyDivision.Am 21.05.2013 16:22, schrieb Scott W. Sander:
> Does item-level targeting not work with Universal security groups
> because the group policy client isn't able to determine that the user
> is a member of groups of that type?
In my experience, it DOES work with universal groups... Are you
suffering from token bloat? How many groups is the user a member of?
http://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspx
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating! -
Disable a mandatory field in ME21N (Material Group)
Hi Experts,
Material group field is mandatory in ME21N. I need to disable the control on this field, how can I do this ?
In fact, I need to disable this mandatory field for a PO creation in reference to a Contract.
Many thanks in advance for your help.
BR,
CesarHi,
If PO is created with material number this field is get defaulted from material master basic data view. But If PO is with short text means without material number, then material group is mandatory anyway..Its stadard SAP program behavior.
You are saying this field should be optional in case of PO with refernce to contract? Does it mean that Contract is not with material and it is with short text? Please elaborate little bit on your requirement so as to answer d same.
Deepak. -
PR Item Level Release WF not working after Release Strategy change
Hi Experts,
I did PR item Level Release Standard Work flow and it was working fine now due to client requirement we changed the release strategy and now when the PR workflow triggers it gives the Below mentioned error.
I really don't understand y after changing the release strategy workflow is not working and giving the following error.
Even if i restart the workflow in SWPR the same error is occuring.
Exception occurred - Error when starting work item 000000390118
PROCESS_NODE - Error when processing node '0000000003' (ParForEach index 000000)
CREATE - Error when creating a component of type 'Step'
CREATE_VIA_WFM - Agent determination for step '0000000003' failed
EVALUATE_AGENT_VIA_RULE - Error in resolution of rule 'AC00000148' for step '0000000003'
AC00000148 - Object type 'TS' not valid
Executing flow work item - Work item 000000390118: Object FLOWITEM method EXECUTE cannot be executed
Executing flow work item - Error when processing node '0000000003' (ParForEach index 000000)
Regards,
HariHello Hari,
please set a breakpoint at function module
ME_REL_GET_RESPONSIBLE
and see what happends in section
CASE t16fc-frgwf.
* keine Ermittlung
WHEN space.
RAISE nobody_found.
* Ermittlung über T16fW
WHEN '1'.
If using the T16FW-table, it should go to '1', otherwise it may that a user exit under '9' is used. So please check this.
Best wishes,
Florin -
Nested AD User Groups in Workgroup Manager not working in Mavericks
The setup is the traditional Golden Triangle, so Active Directory for users and groups, Open Directory for Managed Preferences. Both Apple clients and server are running 10.9.0
While I can successfully manage the Mac's via OD computer groups, the OD user groups with nested AD groups no longer appear to work. If I nest an AD user it works fine, but not the AD users group.
This is a new AD and new OD, no migrations. This is a setup I've done countless times over the years, but since Mavericks has been introduced, I can no longer make this work.
Any help would be greatly appreaciated.
Thanks,
Alex PriceHello
I have been having the same problem, when adding an AD Group to an OD group the users in the AD group are not managed, but if i add the user to the OD group it works fine, (with about 5000 active users this is not an option) this has been a problem with 10.9 and has not been fixed with 10.9.1, i assume we need a update to Workgroup manager?
Maverick server is useless at the moment, cant upgrade the clients to Maverick if i cant manage them, are Apple just tring to make my job more difficult than it needs to be, i was happy that they provided Workgroup Manager for Mavericks because Profile Manager is simple not an option, but it would be good if it worked properly, its not a small problem so you would think apple would make it a priority. -
ISE authorization Policy not working
Hi ,
I have configured the ISE as per the belwo link
https://supportforums.cisco.com/document/110031/central-web-authentication-cwa-guests-ise
but my authorization policy is not working as when user get connected to guest wlan it get authneticated but when it look for authorization
it going to default policy it should hit on above policy created screen shot as belowWhat version of ISE + patch are you running?. Could you please send an screenshot of AUTH policies including the default --- > USE part?. Are you using customized portal for the first authentication process?
CWA is pretty straightforward. Only issues I faced was multiple VM (ISE Personas) running on one single server was not replicating properly the AUTHZ policies so I added the PSN persona into the PAN Node and everything worked fine immediately. In addition to that, I realized that I needed at least ONE ENTRY into the ISE PAN Internal Endpoints DB so I could hit the AUTH Policy for MAB & user not found condition which sent me to the AUTHZ = User Unknown + Redirect. Once I authenticated the user using the Default Portal that meant I hit the GUEST FLOW policy. If you are using customized portals for the first authentication process, check: web portal mgmt. --- > Guest --- > MultiPortal Configurations --- > Customized Portal -- > Authentication part. -
JRE System-level settings does not work - JRE1.6.30
Good day,
I need to set deployment.security.mixcode parameter to "DISABLE" within of deployment.properties configuration file.
Also I wish to place the deployment.properties configuration file is not user-specific path. The default location is
<User Application Data Folder>\Sun\Java\Deployment\deployment.properties.
TO change the default location I read about possibility to use the deployment.config for specifying the System-Level
deployment.properties in the infrastructure.
Unfortunatelly seems does not work. Someone have got experience about system level settings of deployment.properties?
This is the configuration I have used.
deployment.config:
deployment.system.config.mandatory=FALSE
deployment.system.config=file/:C:\Program Files\Java\jre6\lib\deployment.properties
deployment.properties:
#deployment.properties
#Fri Feb 17 15:54:57 CET 2012
deployment.version=6.0
deployment.capture.mime.types=true
deployment.browser.path=C\:\\Program Files\\Internet Explorer\\iexplore.exe
#Java Deployment jre's
#Fri Feb 17 15:54:57 CET 2012
deployment.javaws.jre.0.product=1.6.0_31
deployment.javaws.jre.0.registered=true
deployment.javaws.jre.0.osname=Windows
deployment.javaws.jre.0.platform=1.6
deployment.javaws.jre.0.path=C\:\\Program Files\\Java\\jre6\\bin\\javaw.exe
deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
deployment.javaws.jre.0.enabled=true
deployment.javaws.jre.0.osarch=x86
deployment.security.mixcode=DISABLE <<====
Thank you in advance
Adriano C.
Edited by: user12025469 on Feb 20, 2012 6:23 AM
Edited by: user12025469 on Feb 20, 2012 7:48 AMuser12025469 wrote:
This is the configuration I have used.
deployment.config:
deployment.system.config.mandatory=FALSE
deployment.system.config=file/:C:\Program Files\Java\jre6\lib\deployment.propertiesHm, try using a file URL like this:
file\:C:/Program Files/Java/jre6/lib/deployment.propertiesI believe that the file is interpreted as a properties file, which means the colon and slashes need to be escaped. This would be it if you want to use a proper Windows path:
file\:C:\\Program Files\\Java\\jre6\\lib\\deployment.properties -
Hi all,
I used to have level 1 alerts on my BB to notify me of special emails that I needed to respond to urgently. Recently my company got acquired and we changed over to a new Exchange Server with a new Enterprise Activation (which wiped my BB completely before restoring all the data again).
In the process, I lost all my level 1 alerts. I installed Desktop Manager (4.2) and tried to setup again using my old .rfi files but this has not worked. The Desktop Manager confirms all ok but when I test my BB does nothing at all. Originally I would have had a special tone (Sonar, I love that tone! Sad I know!) and the BB would vibrate and the messages would be in RED. Now, nothing happens. I have set the level 1 messages to Sonar & Vibrate but nothing happens (and it's not on mute!).
I have also downloaded Desktop Manager 5.0 to see if that does anything but that's not working either.
I'm hoping that someone else has had this issue in the past and has overcome it by doing something simple that I have overlooked. Can anyone help? I'm quite desperate.
Many thanks for your help.You might wanna search for the thread where I asked for a SelctCmDevices example.. then use that as a starting point. That's how I finally managed to get things working on my CCM 5.1 and 6.1.
-
Level 1 Notification Not working on Folder Emails.
Hello Everyone
I am in a strange situation where my Level 1 Notification doesnt work.
Not working.
1. If there is an email which comes into my inbox and if there is a rule which is set on my Lotus Domino (Desktop) to save a copy in lets says XYZ folder then the filter added on my BB doesnt works.
2. If i sync a paticular folder of Lotus Domino (Desktop) I am able to see the emails in that folder however if I set a Level 1 notification on these emails then those emails are just getting red with 1 vibrate and no sound ( no matter what tone i choose ).
Working :
1. Level 1 notification set on paticular email address ( if there is no filter criteria set on Desktop ).
To better make you understand i have a Automatic folder on my desktop where all priority tickets emails comes 4,3,2,1 however if its 1 it gets copied to Sev1 folder. Now i am trying to sync this Sev1 folder on my BB so that whever there is Sev 1 ticket opened i get a notification but this bugger is just getting red and no sound.
Guys Please help !! Any suggestion would be appreciatedInstructions for Level 1 Priority Messages and Notifications are here
http://docs.blackberry.com/en/smartphone_users/deliverables/61550/mwa1372084676021.jsp
and
http://helpblog.blackberry.com/2014/03/how-to-create-a-level-1-alert-using-blackberry-10-os-version-...
Mike
Maybe you are looking for
-
Hi, I have the problem which iTunes cannot detect my iPhone 4s. I tried the steps you have provided in your troubleshooting, but it won't work for me because the Apple Mobile Devilce is perfectly installed on my windows. However, the driver "Microsof
-
How can I transfer a small batch of photos from the new ipad to macbook pro? In theory, I should be able to keep my albums together this way (once uploaded to macbook pro, i can easily file them into a new album on macbook pro.) Not working for me!
-
Starting Desktop impossible in Virtual Box: Unable to delete desktop
Hi @all, another recurring problem is that some desktop won't start. Trying to do so neither implicitly via regular login nor explicitly via VDI-Manager works. Error throuwn by the Job says: The desktop VDI3-VBox-Adm01 could not be deleted from host
-
In EM 10g, i didn''t see alert like index rebuild(same was in 9i)
in EM 10g, i didn''t see alert like index rebuild(same was in 9i) Do you know, which alert was being obsoleted in EM 10g grid
-
does anybody know of any webcams other than isight that will work with a mac, all i can find are ones for pc's?? or do webcams for pc's work with a mac?? thanks! powerbook G4 Mac OS X (10.4.6)