New t-codes & auth. objects
Hi All-
we are upgrading form 4.6c to ECC 6.0
Can any pleas give the list of T-codes & Auth. objects that are new in ECC 6.0 compared to 4.6C
Thanks in advance,
Vj
> I guess you can view all the new authorization objects by looking at SAP_NEW profile which contain all the latest modifications.
Or, if you delete SAP_NEW after the previous upgrade, then all of SAP_NEW will be new.
> For new tcode entries may be a download of TSTC tables from both the versions and comparing them will fetch you some new tcodes.
Or use the search to find the table which contains the release dependency of "transactions"... -)
Cheers,
Julius
PS: When searching, if you find any absolutely useless posts which clogg up the search, then please use the "Report Abuse" button and I will investigate them and clean them out.
Similar Messages
-
Can we control Work center group links using auth object UIU_COMP
Hello All,
We are running into an issue while doing our PFCG role configuration.
I need to know if we can control Work center group links in a business role through auth object UIU_COMP.
We can control Workcenter's but not 'Work Center Group Links'.
Here is what we did:
- We have a business role Z_RA_DEFAULT.
- The Nav Bar Profile SRV-PRO for this business role has some work center group links that are checked in menu and visible.
- I'm trying to find the values in the auth object UIU_COMP to restrict Work center group links.
- Even though the values Work center group links are in menu and visible,
I want to remove these Work center group links from the screen using the auth object.
- If we remove the check from in menu and visible in the business role the Work center group links disapper from the screen.
Right now this is only way we are able to controle Work center group links.
Question:
- Can I use UIU_COMP to restrict Work center group links?
- any another auth object that controle Work center group links?
- any document/ website / info available which tells us what can we restrict with auth object UIU_COMP?
- or any other way of doing this... like code change, user exit, ....?
Really appreciate your help.
Thanks,
NasirI am not sure if I have understood the issue correctly, but still what stops you from actually creating a clone business role to your existing business role and deactivating the in menu visible work center group links. Use this new business role for users who need to be prevented from viewing the work center groups links in question.
If you are going to use authorization objects to control the visibility wont it impact all users (still defeating your original purpose?)
Again apologies in case I have got the question wrong. -
HI All,
We are going to implement Authorization Objects to restrict user interaction on the Web UI. I have few doubts to begin with:
1. How we can maintain Authorization in the Objects. I know how we can use the Auth. Obj in the Code, but how we can maintain in the Object itself.
2. Should we create a new Auth Obj for our req or we can customize the std one?
3. How we can create our own auth objects?
is there any reference available on the auth objects, i tried to find on SDN but did not find much information.
Any help is appreciated.
DavePlease check with your Basis team, i guess they will have more visibility on this. Also you can check TR - SU20 and SU21 for doing the same.
Regards,
Harshit Kumar -
Creation of New company code using EC01
Hi
While creating a new company code using EC01, I am getting several messages relating to Number ranges. All the message relate to number range object type 5 & 6. After all these messages, the final message says that 86 number ranges have not been copied. Can some one throw some light on this?
Regards
RaviHi,
You can ignore these messages; if you use EC01 the system copies all possible tables that are registered as company-dependent. Some of these tables might be not in use at all.
Regards,
Eli -
BW Authorizations/Report. Auth Object/KF's vs. Calc. KF's
We implemented a custom/reporting auth. object to protect key figures (1KYFNM) and it works well. The issue is that our user community never ceases to come up with new and even more creative requirements.
Let me illustrate the latest requirement:
I have locked-down access to certain key figures (let's call them 'KF A' and 'KF B') and therefore subsequently secure all combinations involving either one of the two meaning calc. KF D (KF A plus KF C) is locked down as well. I also need to mention that users are supposed to be able to create their own ad-hoc queries, which eliminates the option of limiting them to a query or set of queries that accomplish the following requirement.
There are certain totals, which are calc. KF's that the users are allowed/required to see even though they are not supposed to see what makes up these numbers (they should see calc. KF K which is made up of KF A, KF B, and KF H, etc. but not KF A and KF B).
Without the option of providing the users with rather static queries, I see another option as calculating 'KF K' (from the previous example) at the time of the load and just making it another key figure in the cube which then can be excluded from the auth. check previously mentioned based on the naming convention. The problem with that is that this will make reporting rather inflexible, increase load times as this calculation is rather complicated, and it will also create redundant information in an environment that is already experiencing substantial growth and volume.
Does anyone see any other solution?
Thanks,
JoergJeorg,
I'm afraid that there's no special authorization handling for calculated key figures. To my best knowledge, the approach to create another key figure at data load time via transfer rules or update rules would be the only one can work. While this approach may not be flexible, but the load time should not increase significantly if you just add two key figure values into a new one.
If you find this is approach is unacceptable or it is a common requirement among BW community, you might consider submit such requirement through ASUG BI Group or via OSS development request.
Thank you for your question and patience.
Regards,
Amelia Lo
SAP NetWeaver RIG, US
SAP Labs, LLC -
HOW to create new transaction code in SAP
Dear All
Thanking you for your cooperation
Pls help,
how to create a new transaction code and link with the process??????????
Thanking youHi
you can crete Transaction code in Transaction SE93.
To create a transaction code:
Enter a transaction code (up to 20 characters).
Choose Create.
A dialog box appears. Enter a short text and choose the transaction type.
The transaction type can be as follows:
Dialog Transactions
Report Transactions
Object-Oriented Transactions
Variant Transactions
Parameter Transactions
In a report transaction, you use a transaction code to start an executable program (type 1). An executable program usually has three steps - data entry (selection screen), data processing (often using a logical database ), and data output (list).
To create a report transaction, use the Transaction Maintenance transaction (SE93). Once you have entered a transaction code and short description, choose transaction type Program and selection screen (report transaction).
When you define a report transaction, you can specify the selection screen and variant with which you want it to start.
You can also protect the report transaction against unauthorized use. To do this, enter the name of an authorization object in the corresponding field.
Dialog Transactions
In a dialog transaction, the flow of the program is determined by a sequence of screens. The screens that are called within a transaction should belong to a single ABAP program, usually a module pool (type M program).
To create a dialog transaction, use the Transaction Maintenance transaction (SE93). Once you have entered a transaction code and short description, choose transaction type Program and screen (dialog transaction).
You can create transaction codes for Custom query;s created using SQVI also
Thanks & Regards
Kishore -
New tax code transport to one server to another
Hi all,
Could you please let me know for transporting customisation like new tax code from development to testing and testing to production what is the procedure and which type of request it need customisation request or workbench request.
Regards,
nitinImportant note on transporting tax codes -> F1
Message no. F4794
Diagnosis
Transporting tax codes requires manual postprocessing. This postprocessing is also necessary if tax codes have to be transported from one client to another within the system.
Procedure
When tax codes are transported, the tax rates of the tax codes are transported using auxiliary table T007V. Logical transport object FTXP is used to transport the definition data of the tax code from table T007A and the language-dependent name to table T007S.
The tax accounts for the tax codes (table T030K) are not transported.
The internal jurisdiction codes are also not transported.
The transport of tax codes between systems or clients consists of two steps:
1. Step:
Export tax codes from source system or source client
2. Step:
Import tax codes into target system or target client
Export
1. In the source system or client, in Customizing for the Financial Accounting Basic Settings, choose Tax on Sales/Purchases -> Calculation -> Define Tax on Sales and Purchases Code.
2. Choose Tax Code -> Transport -> Export.
3. Assign the export to the relevant transport request and make a note of the request number.
4. Select and save the tax codes to be transported.
5. Make sure that the selected tax codes have the transport number in table T007V.
To check the table, in the SAP menu choose Tools -> ABAP Workbench -> Overview -> Data Browser.
Enter the table name. The tax codes are in the MWSKZ fields, the tax jurisdiction codes in the TXJCD fields.
6. Arrange the transport of the request to the target system.
To transport the request, in the SAP menu choose Tools -> ABAP Workbench -> Overview -> Workbench Organizer -> Environment -> Customizing Organizer.
Import
1. Make sure that the transported tax codes are recorded in table T007V of the target system or target client.
2. In the source system or client, in Customizing for the Financial Accounting Basic Settings, choose Tax on Sales/Purchases -> Calculation -> Define Tax on Sales and Purchases Code.
3. The tax codes should have been created in the target system without a tax percentage rate by the import.
Otherwise you can do this manually:
In the target system, create the tax codes that do not exist there.
Create the tax codes completely, but without tax percentage rates.
If you use internal systems in company codes in the USA or Canada, the relevant tax jurisdiction codes should also exist. You make the settings for the tax jurisdiction code in Customizing for Financial Accounting Basic Settings under Tax on Sales and Purchases -> Basic Settings -> Define Tax Jurisdiction Codes.
4. Choose Tax Code -> Transport -> Import.
5. Check the proposed values for the transport request and country.
6. Run the import.
Notes for the transport of tax accounts
When you transport tax codes between different systems or clients, no tax accounts are transported.
Adjust the tax accounts in the source and target system (or source and target client) manually. -
The computer is Windows 7 Professional 64-bit edition version 6.1 Build 7601 service pack 1. The computer is not in a domain environment. I believe this may be a security issue however I completed an in-place windows 7 upgrade to try and fix the problem
but after all of the windows updates, etc the error remains and appears every time the computer is rebooted...
I could use some help with the following error:
Log Name: System
Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
Event ID: 1057
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Description:
The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Object already exists.
Provider Name="Microsoft-Windows-TerminalServices-RemoteConnectionManager"
Guid="{C76BAA63-AE81-421C-B425-340B4B24157F}"
EventSourceName="TermService"
I found {C76BAA63-AE81-421C-B425-340B4B24157F} in my registry in the:
HKey_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> WINEVT -> Channels -> Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin -> OwningPublisher
HKey_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> WINEVT -> Channels -> Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic -> OwningPublisher
HKey_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> WINEVT -> Channels -> Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug -> OwningPublisher
HKey_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> WINEVT -> Channels -> Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational -> OwningPublisher
Microsoft-Windows-TerminalServices-RemoteConnectionManager
%SystemRoot%\system32\termsrv.dll
When I open as administrator a command prompt window and enter the follow: regsvr32 termsrv.dll
I get the following message:
RegSvr32
The module termsrv.dll was loaded but the entry-point DllRegisterServer was not found.
Make sure that termsrv.dll is a valid DLL or OCX file and then try again.
Not sure if this is a problem or if this behavior is expected...
I ran sfc /scannow and check disk on the hard drive with both reporting no errors.
I updated the security profile for:
[Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security]
In the right pane, double click "Require use of specific security layer for remote (RDP) connections", in the security layer list, select RDP.
I modified the policy and there was no change in computer behavior. The error still appears each time the computer is reboot.
===
I found a semi-related webpage that at least lists the same Microsoft-Windows-TerminalServices-RemoteConnectionManager and 1057. However I'm running Windows 7 64-bit edition and I seriously doubt I have a lack of available memory issue.
Event ID 1057 — Terminal Services Authentication and Encryption
http://technet.microsoft.com/en-us/library/cc775192%28v=ws.10%29.aspx
Physical Memory (MB)
Total 24567
Cached 6337
Avaiable 21821
Free 15709
The relevant status code says that the "Object already exists" which I think is far more relevant then some memory issue. Do I have to delete some file or registry entry? Or is it a security issue?
Google search have come up with nothing. Any suggestions would be very helpful!Have a solution for you:
Download makecert.exe and generate new cert for RDP
makecert -r -pe -n "CN=server FQDN" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr LocalMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12"
Change server FQDN with real value.
Go to computer certificates and under remote desktop delete current certificate. Then from personal store move the newly created cert to Remote Desktop. Open the cert and copy Thumbprint.
Open regedit and go to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations
Update SelfSignedCertificate key with new cert tumbprint.
Restart Remote Desktop Services service -
Dear All,
how could I find the auth object being validated in programs?
Using SU24 I am able to find transactions checking auth object...but I am not quit sure sure if there are some other programs using/checking those auth objects.
In general I want to check one specific auth object where is used/checked.
I will appreciate your help.
Regards
FedeXPlease use the standard report RSABAPSC to check the authority check statements used in the program for any TCode. Also you can look into ABAP codes in more details by using the program RSANAL00.
Regards,
Dipanjan -
Deletion of auth objects Corresponding to tcodes
Q1.
If a transaction is deleted from the menu wthr the Corresponding authorization objects are deleted.
Q2.Eg
What if the tcode MM02 is deleted from the role which has MM01/MM02/MM60/MM03 transaction codes, In this case some of the auth objects of MM02 are same as the other tcode auth objects, then how does deletion of MM02 from role ensure that only the corresponding object--> values are removed.?
RakeshQ1.
If a transaction is deleted from the menu wthr the Corresponding authorization objects are deleted.
It depends..
If the auth object's status is 'standard' and it is coming from only one t-code which is being removed, then it gets removed. If the status is 'changed', then it doesn't get removed.
Q2.Eg
What if the tcode MM02 is deleted from the role which has MM01/MM02/MM60/MM03 transaction codes, In this case some of the auth objects of MM02 are same as the other tcode auth objects, then how does deletion of MM02 from role ensure that only the corresponding object--> values are removed.?
No, the auth object won't get removed as that is coming from su24 from other t-codes also.
If different t-codes are bringing different field combination values, then the instance which is coming from MM02(if it is being deleted) will get removed, again assuming that the instance is standard and not changed. -
Custom TCODE-Auth Object Assignment
Hello All- I see a very weird thing with custom TCODE assignment, here is what I see:
1)We have Display role which has all functions tcodes in it, which goes to every one on PRD.
2)Usually we assign custom tcodes which are not critical to this role, and this custom tcode would have no auth objects assigned or checked during access.
3)When I assign custom tcode to test role, I see its not pulling auth objects in PFCG which is what I expected.
***4)However when I assign this custom tcode to 'Display role' which have many standard tcodes in it, I see many of the auth objects "lights turning in to Yellow" (as you know its asking me to maintain value)
5)I checked in SU24/SU22, to see if its pulling any auth objects...no objects are tied to this tcode.
I dont know why this is happening?
Again if I assign to test role, no objects is showing up in PFCG which is what I want!
Any suggestions of to handle this issue, I will really appreciate your thoughts.
Thanks,
AJAJ wrote:>
> Hello All- I see a very weird thing with custom TCODE assignment, here is what I see:
> ***4)However when I assign this custom tcode to 'Display role' which have many standard tcodes in it, I see many of the auth objects "lights turning in to Yellow" (as you know its asking me to maintain value)
> 5)I checked in SU24/SU22, to see if its pulling any auth objects...no objects are tied to this tcode.
>
> I dont know why this is happening?
>
> Again if I assign to test role, no objects is showing up in PFCG which is what I want!
>
This is happening not because of the Custom TCodes you have added. The reason are either of the following:
1. In previous cases when some other TCodes (SAP Standard) were added, the the profile regeneration was not carried out by entering Authorization data through "Expert Mode for Profile Generation" (or used with option "Edit Old Status" only). Instead, "Change Authorization Data" was used. And thus the Object proposals for New entries in Menu were not pulled into Profile Generator at that time. Now it's coming. Surely you entered with Expert Mode for Profile Generation --> Read Old status and Merge with New data.
2. Other option can be: Earlier some Objects were changed which were present there only with "Standard" status. It should have been done by copying the Object and change the copied one. Then make the standard one "Inactive".
3. The Inactive Object described in the 2nd point has been Deleted and the object with status "Changed" is left only. Now when you are entering with "Expert Mode for Profile Generation" it's pulling those standard proposals again.
Let me know if the probable reason of Yellow traffic lights are clear to you or need more details.
Regards,
Dipanjan -
Query field, Auth object (characteristic variable)
Please bare with me as I am a little new to this and dont really know what im asking. I have been asked to populate an Auth object for a BW query field via a user exit. Basically when you add a field to the row section of the query designer, say i add 'Grant' you then get a number of characteristics, one of which is Grant(Auth), which you can set to be processing by 'Customer exit'. I have been given the user exit but am a little unsure how i would go about populating this auth object field. Any help would be much appreciated
Regards
Martinhi Mart,
check if helps
http://help.sap.com/saphelp_nw04/helpdata/en/6d/58f438114ee836e10000000a114084/frameset.htm
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/media/uuid/696affac-0701-0010-f7b5-cc431fc9365d -
Populating auth object of a BW field
Please bare with me as I am a little new to this and dont really know what im asking. I have been asked to populate an Auth object for a BW query field via a user exit. Basically when you add a field to the row section of the query designer, say i add 'Grant' you then get a number of characteristics, one of which is Grant(Auth), which you can set to be processing by 'Customer exit'. I have been given the user exit but am a little unsure how i would go about populating this auth object field. Any help would be much appreciated
Regards
MartinHello Martin,
you can do this in i_step = 1 (called directly before variable entry) in Exit ZXRSRU01. There you can fill your auth object with FM RSSB_AUTHORIZATIONS_OF_USER. See also thread Re: BW Authorizations, examples and infos you can find in these docs: https://websmp210.sap-ag.de/sapidb/011000358700005475101999 and https://websmp210.sap-ag.de/sapidb/011000358700005475091999.
Hope this helps
Martin -
Make a posting in a new company code say XYZ
Hi,
I have created a bew company code and did all the necessary assignments.I want to make a posting in a new company code say XYZ.
Where can I find those settings in spro?Hi,
You will have create new CO/PCA objects (master data) for XYZ company. All your current objects are by default defined in the company code you had before defining additional one.
Regards,
Eli -
Job role design - transaction role and auth object role
Hi all, please kindly comment following job role design:
(1) transaction role:
Keep transactions in single job role to represent business processes in different application areas, e.g.MM: maintain PR, PO, OA. CO: maintain cost center, internal order HR: maintain org structure, personnel management.
The single job role will only keep role menu, object S_TCODE and inactivated all other application related authorization objects.
(2) authorization role
Keep application component related authorzation objects except S_TCODE in single job role by different application area, e.g. Objects of MM_B, MM_E, MM_G in MM role. Objects of K_CCA, K_CSKS_SET in CO role. Objects of HR in HR role.
Then maintain org level of MM, CO, HR roles for different companies, e.g. Company A MM role, company A CO role, company A HR role, company B MM role.;....
User will be assigned transaction role + auth object role. For example, user of company A to perform MM and CO functions will be assigned
with MM transaction role + company A MM role + company A CO role.
Please let me know the pros and cons of above design. Thanks.
Regards,
Donald
* I can see the disadvantage of this design is during SAP upgrade (SU25), revised of authorization object will not reflect in authorization roleBrent Van Dyck wrote:
Keep in mind the project was for an HCM implementation where there's already hardly any connection between tcodes and authorization values so it may have made more sense in that context than it would in a classic SD/MM.
That is correct - but it still exceeds "horrible" beyond imaginable boundaries if you try to split the fields of the objects into different roles and expect it to work or that there will be less roles.
In the case of HCM and also BW the auths admin needs to know more about the data and organization than what classic ERP auths admins can get away with. That is why they take longer to migrate away from manual profiles and have a greater tendency to have manual authorizations inserted into roles - which could however also be achieved by maintaining fields proposed without values and at least proposing those (such as activity type fields) which are known.
But splitting cube / characteristics / key figures or infotype / personel group / auth code into different roles can only go wrong.
Another mistake some "value role experts" sometimes make is that they don't want Su24 proposals in PFCG because they don't understand them. So what they do is that they clean out the SU24 tables completely... Well... the side affect of that is that all SU24 check indicators flagged as "no check" suddenly become alive in their system although there are mostly good reasons not to have the checks active.
Cheers,
Julius
Maybe you are looking for
-
Hi I've had my iphone 5 about 8 months now and all of a sudden the other day it won't let me call or txt and won't let me receive them either, what can I do
-
Handling misalignment errors on Solaris 8 - Sparc
I have some legacy code which will be rather difficult for me to change (it's not so much changing it; it's finding all the places that the code does misaligned access). I'm using GCC 2.95.3 on Solaris 8 on a SunBlade. It'll be hard for me to use Sun
-
Ios8 with iphone 6 in BMW 2011 323i - plugged in
when i plug in my iphone and am listening to a song and i receive a message/text, i bounces out of music mode, and goes to the radio on the bmw. it is like it stops the music program on the iphone, the car doesn't know what to do, and then reverts ba
-
HELP- Need to set up Elements 10 as external editor from LR3, but layers aren't available
Help! I am trying to set up Elements10 to open as external editor from LR3 but I must not be doing something right. When I "edit in" and select elements10 from LR3, it brings the photo up. However, none of the layers options are available. They are a
-
Video renders to 3x normal length DUE 2 DAYS TIME
I am so frustrated with this, When I render a 1 minute keyed video (Keylight) in after effects it takes about 6 minutes but when I look at the rendered video it doesnt play and says it is 13 MINUTES LONG!!! This is due on Wednesday so PLEASE HELP!!!