Need to restrict users from adding or modifying folders or reports

Similar Messages

• Restricting user from changing price in me22n after goods receipt

  i want to restrict the users from changing the price of the material in me22n after after goods receipt.
  pls tell me the userexit for it with detail.

  Okay, then let me play the role of the bad man.
  Why would you need to restrict users from changing a price after GR ?
  Do you think that users are changing prices just for fun or to mess up the system?
  Have you talked to users why they want change the price after a GR?
  do you have an alternative plan, for the case that the price really needs to be changed to be able to post the invoice?  do you want to cancel always the GR in this case? Is is possible? What if the stock is already issued? do you then want to cancel the entire chain? what if a month end closure was already done?

• I need to restrict users to submit data from Smart view or Excel Addin.

  Hi All,
  I need to restrict users to submit data from Smart view or Excel Addin.
  I cant provision them as read access because I want them to write from the Hyperion Planning Web Form.
  Any help on the same will be highily appriciated.

  John,
  Thanks for the reply . if i dont give them essbase write role user cant submit data through smartview or Excel addin. at the same users want to see adhoc reports making connection in smartview through planning, then users can send data.
  1. I want users to restrict export dataform to smartview, if they can export dataform to smartview it automatically makes connection using planning and users can pretty much change data.
  2. is there any way to restrict users making connection through planning in smartview.
  3. when users make smartview connection through essbase, the secuirty works fine and they cant change the data.
  Please let me know if you any solution ....
  advance thanks,
  NM

• Restrict users from editing and deleting not owned items

  Hello guys.
  I'm trying to restrict users from editing and deleting items created by other users. I know, that it can be achieved by using SPList.WriteSecurity parameter, but if I change its value to 2 or 4 - nothing happens... 
  May be there are some list permissions that can override this security setting? I tried to combine permissions in different ways but users either cannot modify any items or can edit/delete all of them... 
  By the way, setting ReadSecurity=2 works as it should work regardless of user permissions...
  Please help.

  Hi,
  I understand that you want to change the write security for the document library. You can try the PowerShell script below:
  $web = Get-SPWeb http://serverURL
  $list = $web.Lists["Document library"]
  $list.ReadSecurity = 2
  $list.WriteSecurity =2
  $list.Update()
  $web.Dispose()
  This setting will not affect the site collection administrator, he will always be able to edit the documents. You need to sue another account to have a test. If this still doesn't work, I think you need to manually edit the permission for each documents.
  Thanks,
  EnTan Ming
  Entan Ming
  TechNet Community Support

• Restrict users from input

  Hi Experts,
  Is there a way to restrict users from sending data through input schedules ?
  My requirement is to lock the weeks as we go . for example if data has already been sent in week1 no one should be able to modify it through input schedules.
  other weeks should be open for sending data. The weeks that have passed need this restriction.
  Any ideas ?
  Thanks

  Hi,
  You should first maintain the work status at the appset level. Please refer to the below link from help.sap:
  http://help.sap.com/saphelp_bpc75/helpdata/en/f8/d51b881cfa4c5992de481ccfa05db3/content.htm
  Hope this helps.

• How to restrict users from printing documents and exporting to local file

  Hi SAP gurus,
  I have two questions.
  1. How can I restrict users from printing a document? i.e. billdoc? I would like to know if I could block it though authorization. If yes, what auth obj to use?
  2. How to restrict certain users from exporting to local file? the System> List>Save-->Local File. I have tried restricting it using auth object S_GUI but it seems it is only applicable to older versions of SAP. im on ecc6.
  Thank you in advance.

  Hi,
  Check this:
  Create your own gui status and attach it to the list in the event START-OF-SELECTION.
  In the menu painter extra -> adjust template.
  Make it a list status and you will see all the standard list options appear including list->download
  Deactivate the ones you don't want. 
  If you just want to prevent users from downloading the list you can achieve this with authorization object S_GUI, activity 61. Menu option will still be there though.
  Please note that if you remove authorisation for S_GUI activity 61 then all downloads will not be possible. 
  If you just want to disable downloads only for a particular report, you can try this test program:
  Code:
  REPORT ztest. 
    DATA: PROGNAME LIKE SY-CPROG value 'Z_CHECK_AUTH', 
          FORMNAME LIKE SY-XFORM value 'F_CHECK_AUTH'.
  START-OF-SELECTION. 
      CALL FUNCTION 'SET_DOWNLOAD_AUTHORITY' 
           EXPORTING 
                FORM    = FORMNAME 
                PROG    = PROGNAME 
           EXCEPTIONS 
                OTHERS  = 1.
    WRITE: / 'TEST'.
  You also need this:
  Code:
  PROGRAM z_check_auth.
  FORM f_check_auth USING pe_result TYPE i. 
    pe_result = 5. 
  ENDFORM.
  Also have a look at the exit SGRPDL00.
  Hope this helps you.
  Rgds,
  Raghu

• Restrict Users from saving files on Local PC but forced to Network Shared Location

  Hi,
  We have the Domain in Windows 2003 Standard.
  How can I restrict users from saving files in their Local PC? 
  Also, need to forced them to save the files in Network Location with permissions...
  Thanks.
  ~CoolPra~

  Hi,
  You can create a file screen to prevent users from saving files on a certain volume. File screens are used to block specific types of files from being saved on a volume or in a folder tree. A file screen affects all folders in the designated path. You need
  to update the server to Windows Server 2003 R2 to install the File Server Resource Manager.
  File Screening Management
  http://technet.microsoft.com/en-us/library/cc772675(v=ws.10).aspx
  Best Regards,
  Mandy 
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Restricting users from removing EFB paramter

  Dear all,
  We have defined user parameter EFB in OMET to ensure users have reference documents when creating a PO. This EFB parameter is then added to the user profile via SU3's parameter tab.
  However, all users have access to SU3 to define their own set of parameters. With that, we run into the risk of users removing the assigned EFB parameter themselves, thus allowing creation of PO without reference.
  Is there anyway that we can restrict users from removing this parameter or are there any alternatives?
  Thanks.

  Hello,
  Sorry, but there´s no option to prevent the change if the user parameters.
  I could find the answer from a developer:
  "the maintenance of PIDs is designed without any authorization check. The background is that every user should have the possibility to fit his/her own PIDs for daily work.".
  Best Regards,
  Arminda Jack

• Restricting User from creating new records using when-validate-record

  Hi,
  I have a requirement for which I have to restrict he user from creating a record in the Supplier Master form if the suppliier type is 'Affiliate Supplier'.
  I have done the following setups
  Seq 10
  Description Restricting user from creating Affiliate records
  Level Function
  Enabled Yes
  Condition:
  Trigger Event WHEN-VALIDATE-RECORD
  Trigger object VNDR
  Condition "${item.VNDR.VENDOR_TYPE_DISP_MIR.value} is NOT NULL
  and
  ${item.VNDR.VENDOR_TYPE_DISP_MIR.value} LIKE 'Affiliate%'
  Processing Mode BOTH
  Context
  Level User
  Value User Name
  Action Sequence 1
  Type Message
  Action Description Saving Affiliate record
  Language ALL
  Message Type Show
  Message Text You Cannot Create Affiliate records Here
  Action Sequence 2
  Type Builtin
  Action Description Stop Proceesing
  Language ALL
  Action Enabled Yes
  Builtin Type RAISE FORM_TRIGGER_FAILURE;
  This is working good on one instance but when I moved it to another instance
  when I query the form and try to navigate to the bank accounts tab of the form which is based on a differnt block i.e VNDR_USES block, the when-validate-record trigger fires there also and stops the processing.
  Any suggestions on this would be higly appriciated.
  Thanks in Advance.

  Hi Srini,
  Yes, it does work...but in a Form Session if i Create more then one Item, in some cases it fires for the first records and not sleeps for the second.
  Sometimes it doesn't give any response.
  Appreciated if you divert to the link to check the Pacthes for 11.5.10 on Form Personalization.
  Please share any ideas/example if yiou have to achieve the below requirement.
  Requirement:
  Once New record is created , a Custom Procedure should be invoked.
  with out closing Form i am able to create n number of Items, so for every Item it should invoke Custom PLSQL Code on Save.
  Let me know if i can achieve the same in Custom.pll .....as i can use either of Options.(Form Personalization/Custom.pll)
  Thanks & regards,
  Edited by: user632004 on Mar 16, 2010 7:50 PM
  Edited by: user632004 on Mar 16, 2010 8:09 PM

• Restrict users from archiving PST to local computer

  Hi all,
  I would like to restrict users from archiving emails in outlook to the local computer. We have a serious problem that users are archiving emails to the local computer and then they can copy those emails to external devices or that they can attach this local
  pst file to their personal outlook profile which they can forward it to external recipients. We have ran into a serious problem now and I am try to resolve this problem by restricting users to archive the emails to their local computer. Is there any way I
  can do this?
  Only designated users should be able to archive the outlook emails (from the support team) and they can save it to a central file server.
  Please share me your thoughts. Thank you all for taking time to read this and for your suggestions.

  Hi Friend,
  Use Group Policy Feature and enable the “DisablePST” Reg value as it will not allow users to create new  PST file or even remove the Archive function from their Outlook interface.
  Registry path to disable PST File authentication (Group policy):
  HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook
  Take a brief explanation about various restrictions over PST File:
  https://www.simple-talk.com/sysadmin/exchange/using-group-policy-to-restrict-the-use-of-pst-files/
  Note: Improve community discussions by marking the answers helpful otherwise respond back for further help.
  Thanks
  Clark Kent

• Restrict users from using Manual series

  Hi SAP,
  Is there a way to restrict users from using the Manual series?
  Thanks,
  Janice

  Hi Rahul,
  Ok, i have seen already the authorization for document manual numbering and it is available only for 8.8 versions and not on 2007 version of SAP.
  Anyway, when im doing the testing i found out that for banking transactions like incoming, user can still use the manual series even if he has no authorization for manual document numbering.
  Another concern from our client was  the use of manual series only, is it also possible in SAP? I tried to give user authorization in the manual document numbering and no authorization to series group no but user cannot already open the transaction window. Let us know if their inquiry is possible so i could inform them that only manual series can be restricted.
  Thanks for your help.
  Regards,
  Janice

• Restrict users from changing roles

  Is there a way to restrict users from changing roles
  themselves? If a user goes to My Connections and then clicks Edit,
  they could, in theory, change to any group they want--except to the
  administrator group because you have to enter a password. If the
  admin isn't watching the site 24/7, the user can change their roll,
  let's say from a writer to a publisher, and publish something
  before the admin can notice.
  Is there anything that can be done to restrict that?

  You can use connection keys...this will only allow a user to
  change their name and email address (I think...I can check on this
  tomorrow). We use these at my work and it allows for a lot more
  control over who is assigned to the proper groups.

• Is their any way to restrict user from overriding  the graphs in SAP APO?

  Dear All,
  As we know, we can copy the graphs to other users using /n/sapapo/sdp_graph. But is their any way to restrict user from overriding the graph to particular user.
  Scenarios:
  In a project we have super user and semi-super user, whenever super user uses above t-code to copy graph to all users (he has included semi-super user id to target user list) but semi-super user does not want to override his graph by super user.
  Do we have such function in APO to restrict?
  Hope it is clear to understand.
  Regards,
  Pravin Tikar

  Hi Amol,
  thanks,
  I have checked SP Note 400434 - Authorizations in APO demand planning Also.
  Will check the authorization and will update the same.
  regards,
  Pravin Tikar

• Disable users from adding-deleting row/columns

  we are running sharepoint 2010 and I would like to setup some type of persmission that will disable certain users from adding-deleting  rows/columns.
  any suggestions will be appreciated
  thank you

  Each list in sharepoint can be assigned certain roles.YOu can break the inheritance for that list and assign a group as a new role to the list.The users belonging to that group will only have access to that list depending to what permissions you give that
  group.The code goes something like this:
  SPWeb web = (SPWeb)properties.Feature.Parent;
  string ListName = "C";
  SPList list = web.Lists[ListName];           
              list.BreakRoleInheritance(true);           
  string GroupName = "Owners";
  SPGroup group = web.SiteGroups[GroupName];
  SPGroupCollection removeGroups = web.SiteGroups;
  foreach (SPGroup removeGroup
  in removeGroups)
  if(removeGroup.Name != GroupName)
  SPPrincipal principal = (SPPrincipal)removeGroup;               
                      list.RoleAssignments.Remove(principal);
  SPRoleDefinition rDefination = web.RoleDefinitions.GetByType(SPRoleType.Administrator);
  SPRoleAssignment rAssignment =
  new SPRoleAssignment(group);
              rAssignment.RoleDefinitionBindings.Add(rDefination);
              list.RoleAssignments.Add(rAssignment);
              list.Update();

• How do I restrict users from installing applications?

  Or more specifically, yahoo messenger. I can't seem to figure this one out. Two user settings on our machines (public and admin), public does not have admin priveleges, so cannot make modifications like installing applications, but someone seems to keep installing messenger all the same. I investigated and figured out that it seems like when logged onto the public account, one can still install applications in their user/applications folder without needing to authenticate. or maybe Yahoo Messenger doesn't read as an application, so it doesn't need authetication? I am trying to make it so no one can install any application without admin priveleges.

  "Parental Controls" works on a "white list" principle, so if an app isn't available in the "Accounts" pref pane, it shouldn't be accessible for the "managed" user because the default is to deny everything not on the list.
  But also be aware that the type of "Parental Controls" you have selected may affect the user's ability to use a given programme. For example, if the "Allow supporting programmes" checkbox is selected, it may be possible to launch indirectly a programme that hasn't been approved explicitly.
  Also, note that a "Simple Finder" account doesn't (and isn't intended to) restrict application access at all, whereas a "Some Limits" account does.
  And as "Keith Gaboury1" points out, if a given service allows access through a web interface, restriction of a programme on the local computer won't have any effect.
  "Parental Controls" are somewhat effective in preventing users from using unauthorized programmes, but as far as preventing the installation of apps, that is something that would be fairly difficult to do if the user is to have a functional account. If a user can save files to a directory (such as their home folder or "/Users/Shared" or the "admin" user's "Drop Box"), it would be possible for them to install an application there. There are ways of preventing executables in the user's own "home" from functioning, but then they could always run an app from a CD or a flash drive or a disk image instead (I'm not sure how to block those). So the "white list" approach of controlling application use (as opposed to installation) is probably the best compromise.