No authorization for maintaining

Similar Messages

• Authorization for FBL5n specific customer

  Hi all,
  I have a scenario where we want to restrict sales person to view specific customer. We maintain sales person and customer number relation in a Z table.
  Please advise how I can restrict?

  Hello Ravi
  You can restrict access to master records in order to prevent unauthorized changes from being made. Depending on how you organize your master data, you can assign authorizations for maintaining this data. For example, one user may have authorization to maintain all master data, while another may have authorization to maintain only accounting master data.
  You can also assign different authorizations for different types of processing. All users could have authorization to display master records, while only a limited group of users may be able to create and change master data.
  Authorizations are specified during system configuration and assigned to each user in his or her user master record. If you have any other questions on this subject, you should contact your system administrator. The Implementation Guide (IMG) for Financial Accounting explains how to set up authorizations.
  Suresh

• Authorization for Warranty Maintainance in Service Order

  Hi,
  I am working on CRM 5.0.When user is creating service order at item level under warranty tab, there is option for maintaining the warranty and accounting indicator manually.
  I want to restrict the user from doing it.Can anyone suggest some solution for the same.
  Pls suggest any authorization object instead of Badi's..
  The same should be applicable for PCUI as well.
  Thanks,
  PePe

  Hi,
  If u manage to get related authorization object for fields of warranty tab then also i m not sure with using same object u can control from portal (PCUI).
  Better bet is to create new bliview for u r transaction and hide or make fields read only which u want to restrict.
  Also refer below link for better understanding.
  Authorisation Object to Restrict user  for Manual Wty assignment in Service
  Regards,
  DD's

• Maintain Authorization for Master Data

  Hi Experts,
  We are implementing  PM Module to our client now i want to know.Is there is any relation of PM Team to Maintain Authorization for Master DataPFCG Transaction Code.I want to know for creating the Role for PM Users how the PM team provide the support.
  Regards,
  Kavvya

  Yes, we play a greater role in getting the roles defined. We practically don't do it, the basis team gets it done. But, all the list of tcodes per role, authorization objects are to be listed by us. Check with your seniors, you should see the authorization matrix made during the implementation.
  This sheet lists all the roles to be assigned along with tcodes, authorization objects and list of the users, who will be assigned these roles. Maintenance engineer and Maintenance manager will obviously be two different roles. It again depends on the size and the way the company works and wants authorization.
  Regards,
  Ketul

• What's the best way to do authorization for my app?

  The authorization situation is somewhat complicated for my app.
  Each component of the app is authorized based on not only the user, but also the page number, the value of at least one P0_ITEM.
  From what I've seen so far, there are two different options of setting the authorization for the component:
  1. Set its Condition
  2. Set its Security Authorization Scheme
  Here is my understanding for each (from my limited experience with APEX):
  1. Set its Condition
  + Can pass in parameters such as :APP_USER, page numebr, P0_ITEM. So I can just create one function that does all the authorization
  - Have to combine the SQL query with the component's non-authorization display conditions, if any.
  2. Set its Security Authorization Scheme
  + By name, it seems like it should be used for authorization
  - Cannot take in parameters relating to the page, such as the page number --> therefore I will need to create many different schemes, for all the different pages.
  #2 will end up with a long list of schemes (each with its own SQL queries) for different pages, which doesn't seem as efficient as #1 with far fewer SQL queries and just take in parameters.
  Which one should I pick?
  Thanks!

  953006 wrote:
  Thanks fac586 for the detailed response, and also everyone else who replied. You guys are very helpful and respond promptly. And we'd appreciate it if you changed "953006" into a real handle promptly.
  Andre mentioned using conditions:
  The way I work around this is to have two functions, one which is used at the page level as a normal authorization scheme and one which can be passed variables which is called as a Condition and the name of the item is one of the variables, in effect giving it "self awareness".But fac586 said:
  You can't pass "parameters" to authorization schemes. Use application items, APEX collections or application contexts to set current context before the authorization scheme is evaluated, and access these values in the functions.Does this mean, fac586, that we can avoid conditions altogether? No, it means that I prefer to use Authorization Schemes to control access to resources based on user privileges and security, and Conditions to control rendering and processing for functional reasons. Using the approach described above I have found it possible to maintain this separation.
  Say if a page has two buttons, Button_A and Button_B. Button_A has a set of requirements for displaying and Button_B has its own set of requirements (some of which are shared with Button_A). So far, the only way that I can see of using pure authorization is to write 2 different authorization schemes, and set the authorization schemes for the two buttons respectively.What's the problem with that? Consider a more concrete example using a standard APEX report/form pattern for customer maintenance. Page 6 contains the report, and page 7 is the maintenance form with P7_CREATE and P7_SAVE buttons. Only users entitled to create new customers should have access to P7_CREATE, and only users able to edit customers access to P7_SAVE. This would be controlled by the CREATE_CUSTOMER and EDIT_CUSTOMER authorization schemes respectively. Functionally, conditions are used to show P7_CREATE if the P7_CUSTOMER_ID is null, and P7_SAVE if it's not null. We don't mix non-functional security considerations with functional requirements.
  The CREATE_CUSTOMER and EDIT_CUSTOMER authorization schemes are of type PL/SQL Function Returning Boolean. These are implemented using package functions. Exactly how a user has create/edit customer privilege is determined in the package. Determinants that are shared by multiple schemes can be combined at this level. These implementations can be changed as necessary without requiring changes to the application.
  The authorization schemes are reusable across pages and components. On page 6, CREATE_CUSTOMER can be used on the "Create New Customer..." button; EDIT_CUSTOMER on the report column containing the "Edit" links.
  Each component of the app is authorized based on not only the user, but also the page number, the value of at least one P0_ITEM. So I guess this goes back to my original concern with Authorizations:
  [Using purely authorizations] will end up with a long list of schemes (each with its own SQL queries) for different pages [and page items] ....
  Re: VPD policies. Note that in the example above there's no need for the authorization schemes to "know" which pages/items are being evaluated. The P7_SAVE button and the page 6 link column are involved with the EDIT_CUSTOMER operation, so that authorization scheme is applied to them.

• Maintenance of Authorization for transactions in CRM 5.0.

  Hi Experts .
  We are using CRM 5.0 with PCUI.
  TheBusiness  requirement is to maintain authorization for own transactions.the users who is involved in transactions should only be authorized to  Open & see the transactions.Other users who are not involved in partner function like "Assigned to" & "Account responsible " should not be able to open &  see the transactions like Activity .Lead , Opportunity ,Sales orders.& Service orders.System should give error message saying no authorizations.
  We tried with below authorization objects to achieve this
  CRM_ORD_OP (your own documents)
  - CRM_ORD_LP (organization levels)
  - CRM_ORD_PR (transaction type)
  - CRM_ORD_OE (sales area/service Org).
  - CRM_ORD_RL
  - CRM_ORD_RS
  But still system allows to open transaction belong to others.
  Is there any alternative to control this.
  Helpful answers would be rewarded max points.
  Thanks in Advance.
  Regards,
  Basavaraj Patil

  Hello
  in order to check authority object CRM_ORD_OE,
  CRM_ORD_OP and CRM_ORD_LP must not give authority. Please see
  online documentation for detailed information:
  http://help.sap.com/saphelp_crm40/helpdata/en/e9/
  b29a39e7aee372e10000000a11402f/frameset.htm
  Under the chapter 'Process Flow of Authorization Check in Business
  Transactions' you will find detailed explanations.
  I hope that I could be of help with that information. 
  Gerhard

• No authorization for this transaction with movement type 601

  Dear All,
  This is chandra i am getting this error in delivery level " No authorization for this transaction with movement type 601. If give the authorization for SAP ALL its working fine. If give the authorization for SAP SD T.Codes i am getting this error. Plz help me.
  Thanks and regards
  Chandra

  Dear Chandra,
  Check with -
  T. Code: OMJJ
  Select Movement Type: 601 and Double-Click: "Allowed Transaction" (From Left-hand side) .
  Check whether the Transaction is allowed for Movement Type 601 or not
  Note: if Transaction is not listed (i.e. not allowed) and you wanna allow this Transaction with Movement type 601, then -
  Up-there, Tab: New Entry. Click on it.
  Maintain entry as:
  MovTy: 601
  TCode: As reqd.
  and Save.
  Best Regards,
  Amit

• Authorizations for Hierarchies in BW-BEx

  Hello, Experts!
  I am having some problems in order to give specific access for specific nodes on the hierarchy on the profiles creation. For example, we need to give permission to the profile "Profile_one" (that can be viewed on the PFCG transaction) to access only the node "Node_one" of our hierarchy ("E_ERP01" - object 0city_code) and we need to give this authorization to a range of users.
  We have studied some options like the one suggested on RSSM transaction and we have already tried creating an authorization object named "ZHIER". But the problem found on this transaction is that we have to create a profile authorization for EACH user that is mentioned on the range of authorization and then we need to link it on the transaction PFCG. But the users assigned on PFCG transaction don't receive all the same profile authorization (ZHIER), only the one that was mentioned on RSSM transaction.
  Could you please help us to find a way to assign specific nodes of a hierarchy to a specific range of users? We have already searched and studied some notes without success.
  Many thanks for your help.
  Best regards,
  Isabela.

  If the account type keep changing every month , you must have to maintain that field out side the cube though.
  I guess you can use the hierarchies (or) add the flag as an attribute to the GL account master data,then you can filter on this field in reports.
  But hierarchies gives more visibility on data/navigation.
  Hope this helps.
  cheers
  Martin

• Insufficient authorization for sales document

  Insufficient authorization for sales document
  We are getting an error message as insufficient authorization in spite Sales Order fully approved. We are using Credit Card Processing without clearing house as payment process on sales order processing. Sales Order is process correctly with credit card pre-authorization.
  Creating delivery and billing document is giving an error as Insufficient authorization.
  We have completed configuration related to payment card. Also Maintain Clearing House...
  Chart of Accounts              ***
  Payment card receivables       ####        CASH CLR-CREDIT CARD
  Clearing account               ####        CASH - PNC
  Authorization                            CCARD_AUTH_SIMULATION
  Initialization Authorization SET
  Result Authorization (SET)               SD_CCARD_AUTH_CALL_RFC
  RFC destinations of functions
  Settlement                               CCARD_SETTLEMENT_SIMULATION
  RFC destination of functions
  Settlement answer                        CCARD_SETTLEMENT_RSP_EXECUTE
  Thanks
  PP

  Yadav,
  The new documents are working fine. The documents already created when try to release billing to accounting getting
  message..Insufficient authorization for sales document 90000055
  Message no. V/032
  Procedure
  Check the authorization amounts in the payment card plan and repeat authorization. Or reauthorize at a later time.
  Thanks
  PP

• Display authorization for particular line of table

  Hi Experts,
  I have a Z table contains sales area data. I want to display those records only which user has authorization for the sales area. It is possible through the table maintenance event or there is any other way to achieve this.
  Quick response will be appreciated.
  Thanks in advance for your sincere help.
  Cheers,
  Anil

  Hi Anil,
  Yes,Its possible through table maintainance event itself.
  Only thing u need to do is check for the sales area the user is authorized..using
  FM: SUSR_USER_AUTH_FOR_OBJ_GET
  SEL_OBJECT:- CRM_ORD_OE.
  Hope it helps!!
  Regards,
  PePe

• How many ways we can create authorization for user groups in sap query reports

  Hi Gurus, I am getting a problem when I am assigning users to user group in sap query report .The users other than created in user groups are also able to add &change  the users .So please suggest me how to restrict users outside of the user group.
  Please send me if u have any suggestions and useful threads.
  Thank You,
  Suneel Kumar.

  I don't think it can be done. According to the link below 'Users who have authorization for the authorization object S_QUERY with both the values Change and Maintain, can access all queries of all user groups without being explicitly entered in each user group.'
  http://help.sap.com/saphelp_46c/helpdata/en/d2/cb3f89455611d189710000e8322d00/content.htm
  Although I think you can add code to your infoset and maybe restrict according to authority group, i.e.:
  Use AUTHORITY-CHECK to restrict access to the database based on user.
  Press F1 on AUTHORITY-CHECK to find out how to use it in the code

• Hr Authorization For End User

  Dear Experts,
  The scenario,in PA30 and also in PA40 HR end user should not have access to edit his own data but he/she can able to view his own data and he should have access to edit,create,copy for other employees. Kindly let me know authorization object for the same.
  Regards,
  Deepan
  Message was edited by: Sikindar A

  Hello
  P_PERNR: will prevent or let a user to maintain/see its own data  cfr: P_PERNR (HR: Master Data ? Personnel Number Check) (SAP Library - Authorizations for Human Resources)
  then depending if you use Contextual Authorization or not
  P_ORGIN or P_ORGINCON lets a user to maintain/display the employees' master data.
  Cfr:
  P_ORGIN (HR : données de base) - Autorisations pour HR (Gestion des Ressources Humaines) - SAP Library
  https://help.sap.com/saphelp_erp60_sp/helpdata/en/4c/197c8fad6671459b9dde3e915336b8/content.htm
  regards
  Hadrien

• No authorization to maintain relationships of category BUR010

  Hi All
  While doing a HR PFAL from ECC 6 to SRM 5, we get error No authorization to maintain relationships of category BUR010
  Also the BP For the user has following errors
  Error determining address for employee NNNNNNNNNNNNNNNNNN
  Employee relationship between BP NNNNNNNNNN and BP(Org) NNNNNNNNNN missing
  I do see relationship in ECC, not sure if the BUR010 error is causing the issue
  Thanks
  Gamad

  Hi Gamad,
  I am assuming you are using the SAP delivered distribution model with the standard filters.  
  01)  Check the distribution model for the infotype 0006 and sybtype 0001
  02)  Maintain the address subtype 0001 in the HR record in ECC
  03)  Check the BP number range and T77s0 table entries.
  04)  Check the authorizations of the RFC user.
  05)  Execute PFAL in the insert mode with the evaluation path P-S-O. (for the first time)
  I am not sure regarding OSS notes as we have done this SRM 5.0 and ECC 6.0 with out applying any notes few years back.  It has to work.
  Thankyou,
  DV

• FTP_CONNECT: User ------- has no access authorization for computer -------.

  Hi, could anyone please help me resolve the following issue:
  When i run the code below, it comes back saying "could not connect to "host". When tried to run in debug or test the FM "ftp_connect" it says "user ..... has no access authorization for computer .....
  REPORT  ZALB_FTP_TEST.
  types: begin of t_ftp_data,
           line(132) type c,
         end of t_ftp_data.
  data: lv_ftp_user(64)                value 'branch'.     "change this
  data: lv_ftp_pwd(64)                 value 'careful'. "change this
  data: lv_ftp_host(50)                value '10.50.1.199'.     "change this
  data: lv_rfc_dest like rscat-rfcdest value 'SAPFTP'.
  data: lv_hdl    type i.
  data: lv_key    type i               value 26101957.
  data: lv_dstlen type i.
  data: lt_ftp_data type table of t_ftp_data.
  field-symbols: <ls_ftp_data> like line of lt_ftp_data.
  *describe field lv_ftp_pwd length lv_dstlen.
  lv_dstlen = strlen( lv_ftp_pwd ).
  call 'AB_RFC_X_SCRAMBLE_STRING'
    id 'SOURCE'      field lv_ftp_pwd
    id 'KEY'         field lv_key
    id 'SCR'         field 'X'
    id 'DESTINATION' field lv_ftp_pwd
    id 'DSTLEN'      field lv_dstlen.
  call function 'FTP_CONNECT'
    exporting
      user            = lv_ftp_user
      password        = lv_ftp_pwd
      host            = lv_ftp_host
      rfc_destination = lv_rfc_dest
    importing
      handle          = lv_hdl
    exceptions
      not_connected   = 1
      others          = 2.
  if sy-subrc ne 0.
    write:/ 'could not connect to', lv_ftp_host.
  else.
    write:/ 'connected successfully. session handle is', lv_hdl.
    call function 'FTP_CONNECT'
      exporting
        handle        = lv_hdl
        command       = 'dir'
      tables
        data          = lt_ftp_data
      exceptions
        tcpip_error   = 1
        command_error = 2
        data_error    = 3
        others        = 4.
    if sy-subrc ne 0.
      write:/ 'could not execute ftp command'.
    else.
      loop at lt_ftp_data assigning <ls_ftp_data>.
        write: / <ls_ftp_data>.
      endloop.
      call function 'FTP_DISCONNECT'
        exporting
          handle = lv_hdl
        exceptions
          others = 1.
      if sy-subrc ne 0.
        write:/ 'could not disconnect from ftp server'.
      else.
        write:/ 'disconnected from ftp server'.
      endif.
    endif.
  endif.
  Thanks in advance for the help.

  It doesn't work for me if I just maintain * entry.
  But it works after I maintained specific IP address into the table,
  ref notes:2072995 - User has no access authorization for computer
  Cause
  The message comes after the implementation of note '1605054 - Restriction in access to FTP Servers & usage of test reports' or upgrading to a
  support package that contains this note. This note was created to prevent malicious users from accessing remote FTP servers.
  Resolution
  1. Please ensure that all manual steps from note 1605054 are implemented in your system along with the code corrections
  2. Then please enter the allowed FTP servers into the table SAPFTP_SERVERS or enter ‘*’ to allow all FTP servers.

• Authorizations for View Cluster

  Hello all,
  I need to maintain authorization for View cluster.
  Example : I have a view cluster say 'VC_TEST' , now I should have an authorization where other employees can only display it.
  Steps which I have followed:
  1. Assigned authorization object to the views of view cluster then created role for the object S_TABU_DIS and assigned all the activites (Create,Change,Display)
  2. Assigned user to the role
  But still other people can edit or maintain the view cluster.
  So could you please guide me.
  Thanks and regards,
  Anil

  HI,
  Reg:Authority Check object
  http://www.techrepublic.com/article/comprehend-the-sap-authorization-concept-with-these-code-samples/5110893
  Ram.