MIGO auth check

Hello all,
In tcode MIGO, i want the authorization check to pass from a specific object, so as if the role has different values than these the user enters, it will display an authorization error.
Auth Obj : M_MSEG_LGO.
Thank you!

maybe your configuration doesn't imply checking the storage location. verify this by going to
SPRO --> Materials Management --> Inventory Management and Physical Inventory --> Authorization Management --> Authorization Check for Storage Locations.
check whether the storage location you want checked is flagged.

Similar Messages

  • Can we give more than one value for an Authorization field in Auth-Check.

    Hi all,
    Can we give more than one value for an Authorization field in Auth-Check.
    Ex: AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD <Value 1> <Value 2> <Value 3>.
    IF SY-SUBRC 0.
    MESSAGE E...
    ENDIF.
    If yes, please help me with exact syntax.
    Think it will be like
    ID 'CUSTTYPE' FIELD: <Value 1>, <Value 2>, <Value 3>.

    Hi,
    yes we can give more than one field.
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object> 
       ID <authority field 1> FIELD <field value 1>. 
       ID <authority field 2> FIELD <field value 2>. 
       ID <authority-field n> FIELD <field value n>. 
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    please reward points, if it is useful.
    satish.

  • Suppress a normal auth check

    I know in most business scenarios this is not normal.  However, please consider this question.
    A developer, at the request of the business partner, wants to create a  custom transaction code like a traditional transaction...say me22n.  It's purpose is to update a standard PO (NB), which the user is not normally authorized to do.   The developer has been asked to only offer 2 fields for update, not all fields.
    So, normally, the user would have me22n, but not have m_best_bsa for updating an NB type of purchase order - but he is allowed to update other types of purchase orders.  However, though this  custom transaction, we would like him to be able to update the standard PO, but only two fields. 
    Because the custom transaction runs the standard program, the normal auth checks are taking place, preventing the person from updating the standard purchase order.  If we grant the access required by the program, we will introduce a problem.  The user already HAS me22n to update other types of purchase orders "legally"...but now we've granted the object they did not have.  Via me22n, they can now update all fields on a standard purchase order (type NB).
    So, do you copy the standard program and make a custom program, and then suppress the auth checks in it?  Therefore, you never have to grant m_best_bsa update to type NB.  And through ME22n, they can't update a standard PO, which is what we want.
    OR, is there another, better way to do this.

    You may want to play around with the SU24 settings for your new transaction.
    See [SAPhelp on Authorization Checks|http://help.sap.com/saphelp_nw04/helpdata/en/52/67129f439b11d1896f0000e8322d00/frameset.htm] for more information.
    Jurjen

  • Need to deactivate structural auth. check for a custom Report

    Hi all experts:
    I have a report that is based on PNPCE logical database and it displays work hours for a project, all non-sensitive information.  We would like a wide range of users to have access to this but since this is based on PNPCE logical database whenever a user runs it, the str. authorization check is performed.  I have tried deactivate this check with P_ABAP object and coers 2 but it only ignores infotype auth. check but still checks the structural.  We don't want to expand str. profile for users. 
    Do you know if there is a way to deactive this just for one report?
    Your help will be greatly appreciated.
    Regards,
    Net

    Thanks Kiran. I had tried that value but still got the same message.  I am having problem understanding exactly when this value 2 ignores structural authorization because it works on some reports and not others.  Anyway, we implemented BADI for this report to ignore structural auth. check and it is working fine.
    Thanks again,
    NT

  • Sec. Optimization self-service - Customer specific auth Checks

    Hi There,
    checking some automatic check like 0750 I see in SolMan there are some tabs like Green, Red, Recommendation (0705)
    checking the Customer specific auth Checks I found out only some of them.... I would be interested to know if it is possible to configure "something" in order to have the  tab Recommendation (9XXX)  for Customer specific auth Checks .
    Thanks
    FedeX.

    Hi,
    I still test and no quit sure if I am doing the right process...what I have done:
    use st13 to create my own alerts > 9000.
    use st14 for creating the report on target system... I check on the target system and by viewing data of the generated report there is a list of users because security specification > 9000.
    export report to SolMan ... successfully
    on SolMan ... what are the steps that I have to do?..I am not quit sure ... I go to session workbench ...here there are already some info of the previous check that I did days before ......  I click on the option collect data (ST13, ST14)..I delete the old number and introduce the new GUI Number and click on collect button... the rest of the fields are filled in ... and no additional message appear..
    one of the existing entries on the left side  is Customer specific Auth check ...it is in red..
    being on the collect data (ST13, ST14) entry I just click on save + next open check an the focus/cursor jump automatically to the last entry check session consistency  I do not identify any change in the entry Customer specific Auth check which still red and not showing the expected list ( what I see in target system)
    well hope this give some idea about the issue and possible solution
    Thanks
    FedeX

  • ABAP Query Auth-Check

    Hello,
         I have an issue in regards to ABAP Queries that are accessed via SQ00.  The issue was that a lot of the reports (based on a sample) do not have any authorization check.
    There is over a 1000 queries, is there any way for me to check the code for the auth check on mass ?  It is very tedious and time consuming going in one at a time to look for the auth check.  Any help would be greatly appreciated.
    Thank you

    Hi Chris,
    As standard there is no data level auth check in SAP Queries.  Just one reason why they are often a poor solution for reporting.
    Those based on Logical Databases have any checks that are present in the LDB.
    Auth checks are placed in the infoset code, so it's only the infosets that you need to review to see if auth checks are included.  If you have lots of queries hanging off a small number of infosets, this will be a fair bit easier.  Your dev team should be able to point you towards the relevant section of the infoset that contains any additional validation code.

  • EHSM: Use Auth Check BAdI to hide Incident

    Hi all,
    I have enhanced the standard Auth Check BAdI BADI_EHHSS_INC_EXT_AUTH_CHECK for EHSM. Works like a charm.  But I just got another requirement and thought maybe someone else has done this before.
    Right now, I have it set up so people with out the correct access can only view incidents.  Is there a way to use the BAdI to completely hide an incident when a user clicks on it?
    Hope this makes sense.
    Cheers,
    Kevin

    Hey all,
    Our requirements ended up changing a bit but ended up putting authorization checks into class methods that control visibility for the sections of EHSM that we wanted to hide.  So, we got the result we were looking for.
    Cheers,
    Kevin

  • Deselect auth. check for infocubes (Checks for infocubes) in RSSM

    Hi,
    An infocube I installed contains an authorisation relavant object (already exists) in BW3.5 system. By default the infocube is selected for auth. check in RSSM.
    After I transported the cube to target system I realised the auth check in RSSM has also been transported with the cube.
    Hence, I have deselected the auth. check for the infocube "Checks for infocubes" in RSSM and saved it. Then, I created a second transport and only transported the cube. But the changes I made in RSSM hasn't been transported.
    Please can you advise me how to transport the changes I made in "Checks for infocubes" in RSSM?
    Thanks a lot
    Murali

    Hi,
    check this threads:
    Re: RSSM: Checks Authorization Objects for Infoprovider are not activ
    Re: RSSM Transports
    Normally system would check all the authorization relevant objects whenever a new Info cube is imported and in case if you want to transport these changes to Production system manually then follow the below listed steps:
    1) In Development system, check or un-check the authorization relevancy using the transaction RSSM on a given Info provider
    2) These changes are stored in table RSSTOBJDIR
    3) Create a manuall transport request and include these entries covering the required Authorization objects manually.
    R3TR TABU RSSTOBJDIR
    Ex: If Info object 'A' is authorization relevant in Development system but not in Production system and you want to transport this change to Production system then include object 'A' table entries manually.
    Regards
    Andreas

  • No auth checks for custom transactions

    Hi,
    In my SAP system there are many custom trasanactions in which there are no auth checks in their respective programs,
    Is their any way to restrict these transactions based on the organisational levels without doing any changes to the program.
    Can we restrict these transactions by adding a authorization through se93 ?
    If any documents are there on the same issue please share.
    Thanks,
    Sanketh.

    I would take a slightly different approach, as a least worste option.
    > Assuming that there is reluctance/inability to modify the code
    In that case the code is modularized, but the security front-end is lazy.
    What you can do is assign an authorization group to the report type program as well which has the org.value in the P_GROUP field of S_PROGRAM in it, and create a variant for it protected by P_ACTION = VARIANT. The users can submit reports if they are authorizated for the variant action as well, but not directly.
    Then create an myriad of parameter transactions per org level and submit the report via transaction START_REPORT (so, via the varint!) with the variant set for the org. level in the selection screen.
    But this completely defies thze concept of modularizing code and not maintaining redundant code, as well as redundant variants, and redundant menus of roles which could have been modularized as well.
    The only potential "up side" of this is maintaining the SU24 data of the parameter transactions, but who does that?
    Yes, if you maintained SE93 then the system would do it for you (automatic adjustement) but the scalability and flexibility of org. level maintenance in roles and well as the modularization (and maintainability) of code would be toasted.
    Probably developers would not make authority-checks at all anymore, and that would be like going back to the conceptual stone ages.
    Even the Commodore 64 was more modularized than that....
    Cheers,
    Julius

  • BRFPlus - Control Rule maintenance using Auth checks (BADI?)

    Hello BRFPlus gurus,
    We are reviewing BRFPlus for use in our global project and here is our question.
    We want to develop some rules, for use in Business Workflow, using BRFPlus and make them available for change to users. Some of these rules are going to be based on company code and we want to control rule maintenance based on company code to ensure users can only modify/create/display rule (e.g. decision table entries) entries only for the company code that they belong to. e.g. user for company code 0001 should not be able to change decision table entry for company code 0002.
    currently we have similar rules maintained using ECC custom table maintenance and we use  table maintenance Events' to code authority checks for custom auth objects.
    I am wondering if BRFPlus has any BADI (or similar mechanism) available to allow us program these auth checks depending on 'Element' values.
    I would greatly appreciate your response.
    Thanks,
    Saurabh

    Hi Carsten,
    Thanks for making us aware of that hidden feature that we could use.
    would you mind sharing some high-leve steps that we could follow to complete the BRFPlus prototype we are doing?
    Ability to control modification of these objects using auth is one of the key criteria for prototype success .
    Looking forward to learn more about this rule engine.
    Thanks,
    Saurabh

  • MIGO BADI - Check line item after clicking on  ITEM_OK Field in MIGO

    Hi,
                I am looking for Enhanacement option for MIGO Transaction . What i found it, there is one Badi MB_MIGO_BADI at the creation of material document. When i click on ITEM_OK Field at material line item level. and click on CHECK Button, i want to check material master if that material is having QM View or not . That i can write in one of the method in badi which i found is CHECK_ITEM bt that method is having parameter called I_LINE_ID which have line item no. bt how should i get material doc. no and material no. at that line item?
    Plz try to give me solution.
    Thanks & Regards,
    Saurin Shah

    Hi,
    When you are posting a GR against PO when you check the document
    Method Line_modify of the badi MB_MIGO_BADI is gettin triggered and if you check the importing parameter cs_goitem
    it is getting populated wit the values of the lime item
    Like you said material no, po number, batch no, item no etc.
    Since you can get this details as you said you can check for the view maintained.
    Hope this help you.
    Regards,
    Ranjith N

  • HR Auth check

    Hi
    Our HR department are restricted to running reports and HR transactions based on basic pay on all org keys other then their own. Therefore HR employees are not allowed to view each others salaries.
    A new person has recently joined the HR department as a re-entry and this problem has now arisen that all HR employees can now see this persons salary if they run a transaction or report based on basic pay. The auth restrictions are still in place for all of the other members of the HR department.
    This problem is really strange and I’m not 100% sure if it’s an authorisation issue or not as it only effects one HR employee from the HR department. It’s as if this employee has fallen outside of the authorisation check.  
    I have checked the new HR employess MASTER DATA record under organisational assignment and everything looks perfect. That is Personnel Area, Employee Group, Employee Subgroup and Organisational Key are as they should be in our company. The only thing that has happened is this HR employee has come from another department as a reentry. Therefore the employee’s record was changed from leaver to reentry.
    If someone could please take a look I would be very grateful
    Thanks
    Siobhan

    Hi,
         Please refer to the SAP Note 1150762 - Authorization objects with many fields: Long runtime.
    Symptom:
    A report or query terminates because the maximum runtime was exceeded. The error message often specifies the program CL_HRPAD00AUTH_CHECK_STD======CP as the cause of the error.
    Reason and Prerequisites:
    Kernel patch 7.00 level 143 introduced a new algorithm  to accelerate the authorization check, particularly when you call a transaction (see Note 1124615).
    However, this new algorithm is slower for authorization objects that have multiple fields, since the assigned authorizations are rarely defined in all fields that have single values but they are defined in some fields that have templates or areas.
    Solution:
    These corrections combine both algorithms. For authorization checks with a field, the system first checks all of the authorizations for a suitable single value. If this is unsuccessful, the system then searches for authorizations with templates or areas. For authorization checks that have several fields, the system does not perform a direct search for single values, but it completely checks all of the authorizations in the same way.
    Kernel patch 7.00 is scheduled to be available as of calendar week 12/2008. As a workaround, you can downgrade to patch level 142 or lower.
    Implement the following SAP Note 150762.
    BR
    Tanmoy

  • Migo & Miro Check

    Hi all,
    My client requirement is to check the pending Miro at the time of Migo.
    The flow is when end user doing migo, if there is any miro pending for any migo at plant level then the system should propose an error.
    is it possible in standard or i have to go for Z-programs
    helpful solutions ll be rewarded.
    regards
    Dhinakar

    Hi
    You can use the BAdi - MB_MIGO_ITEM_BAdI .
    Perform the Check for the IR based on the Purchase order & goods recipts.
    You can trigger the exception message
    In the standard system, the Business Add-In is not active.
    There is no default code that would run without an active implementation.
    The Business Add-In is not filter-dependent.
    The Business Add-In cannot be used more than once.
    To activate the Business Add-In, you must create an active implementation. Do this in Inventory Management and Physical Inventory Customizing and choose the relevant activity under Maintain Customer-Exits and Business Add-Ins.
    For more information about this procedure, see the SAP Library under
    Basis Components -> ABAP Workbench -> Changing the SAP Standard -> Business Add-Ins -> Implementing Business Add-Ins.
    Thanks & Regards
    Kishore

  • User exit in MIGO when check is pressed

    Hi I'm working on 4.6b
    I checked the program thru which we get user exits from transaction
    My problem here is I want to display pop up when check button is pressed in MIGO transaction.
    Can anyone suggest any user exit....
    Thanks in advance
    Hema.

    hi hema,
    you can use the badi
    Badi MB_MIGO_BADI is used for adding new subscreen ( User defined subscreen )in the Migo transaction
    i donno weather it exists in ur verson r not?
    you can also check....
    You can use exit EXIT_SAPMM07M_001.
    This exit is executed before the document is posted.
    Also you can use exit EXIT_SAPLMBMB_001 after the document has been posted.
    ~~Guduri

  • Check while MIGO, to check document is attched through SERVICE FOR OBJECT

    Hi,
    While creating a document through MIGO,
    I want to apply a check that during 101 movement type if document is not attached , system should throw a error message
    'Attach document first'.
    Is it possible ?
    If yes , then through which progess BADI or user-exit ?

    Hi
    The authorization objects for attachment to material are as following:
    Object Class BC_Z Basis - Central Functions
    Authorization Object: S_BDS_DS  
    Authorizations for Document Set
    Authorization Field ACTVT :  30
    Authorization Field CLASSNAME:BUS1001
    Authorization Field CLASSTYPE:BO
    other ACTVT
    01     Create or generate
    02     Change
    03     Display
    04     Print, edit messages
    05     Lock
    06     Delete
    24     Archive
    25     Reload
    30     Determine
    70     Administer
    78     Assign
    82     Supplement
    Note: That to be able to attach user should have MM02 authorization..
    Best Regards
    Hope it helps

Maybe you are looking for

  • Unable to open web interface. No 8080 listener.

    Hey folks. I have searched through the forum and seen similar issues to mine but none of their solutions have fixed my issue. When I click on Get Started, an Internet Explorer 9 window opens showing it can't display the webpage at http://127.0.0.1:80

  • 9.1.1 Sample edit/factory menu definite crash bug!!

    this is a definite/repeatable bug in 9.1.1 which causes crash goto sample edit window then select time and pitch or any Factory menu items exiting window by pressing screen set 1 key command crash happens evey time 1 track of audio no plugins cannot

  • The use of CL_ABAP_CONV_OUT_CE to create an unicode-16 (UTF-16) file

    Hello, I have to create a file iwth normal text in UTF-16 format. In ABAP the creation of an UTF-8 file is very easy (open dataset for output in UTF-8). However UTF-16 is barely documented. and the normal open dataset does not support utf-16. The onl

  • Code PAge 1250

    Hi! Can anybody help me? I would like to load with sqlldr a text file into the database, and it is in code page 1250. How can I load it under Linux? I am using Debian 2.0, with kernel 2.2.13. The database type is code page 1250. Thanx for your answer

  • Add-on Identifier

    Hi, I have approx. 9999 SDK Tools License showing in my SAP B1. But when I generate a key of Add-on Identifier it shows message no license. Is it mean I have to purchase another license to develop my own add-on. or I can still self generated forms in