"No authorization to display partner in role".
Hi
We are in SRM4.0 SP12 and we have buyer completion workflow -after which the SC goes for cost center owner approval.
In case of goods SC the cost center owner carries out the approval process as desired. However, in case of service shopping cart when the approver tries to approve the SC he gets an error "No authorization to display partner in role".
Please note that this error is coming for Brazilian approvers only. We recently did Brazil specific configuration in our system.
For all other countries the approval is working fine for goods as well as service SCs.
Please proviide inputs to resolve the issue.
Regards
Ashish
Hi Sanjeev
Org. structure is correct ,attribute user_role is assigned and all other pointers you suggested are inline. Still the problem persists.
The surprising part is the approval is happening for limit shopping cart as well as goods shopping carts.Only for service sc we have an issue.
I managed to find the massage no. (R1-277) and there is a mention of function module BBP_BUPA_EVENT_AUTH1 in the where used tab. The code is commented in German. May be you have some pointers on this.
Awaiting reply.
Regards
Ashish
Similar Messages
-
Role or Profile with Full Authorization in DISPLAY MODE
Hi all,
Can anyone help me or tell me if there is any standard role or profile which has full authorization in display mode.
I wanted to assign this to all our support team for the PRD server who shud only have the display auths so that the pre-production client can be safe.
I have checked many places for this kind of activity, but found no threads on the same and also realted links.
Can anyone tell me how to get this task done....
I have also tried few possible ways which never helped me and all my efforts failed.
Waiting to hear from SDNs, for which i can assure REWARD POINTS.
Thanks to all in advance
Regards
Hari HaranHi,
By enabling the permission level as 'read', the authorized user/group/role can:
1. View the object in the Portal Catalog using the browse and search capabilities.
2. Open the object in its respective primary and secondary editors in read-only mode; the object cannot be modified.
3. Create instances (delta links and copies) from the object.
4. Gain access to and choose templates in the object creation wizards.
This permission level can be used to prevent portal administrators from editing a particular object, while still allowing them create an instance of the source and use the new instance in any way
Regards
Srinivasan T -
Business Partner General Role is not display.
Dear experts,
I need configure for an user by pfcg role can Create/Display/Change BP role type BUP002. This user create a BP (BP General role) but did not assign BP role BUP002 for thí BP. Then, this user can not search the BP (BP General role) that he created before. So, can anyone help me how to make an user display all BP General Role?
Thanks and Regards!
Longnd.Thanks all for your replies,
Hi Shwhetha, My problem is resolved following your instruction.
Hi Denis, i have read this note, but i am a programmer so it is not detail for me and i don not know what must i do following it. Can you show me how can configure to fix a value for assignment when i create a BP?
Thanks and regards!
Longnd. -
Difference between Change Authorization Data / Display Authorization Data
Hello,
My question is wrt to implementation of "principle of treble control" i.e three SAP administrators i.e.
1. Authorization data administrator
2. Authorization profile administrator
3. User Administrator
I have created a role & added a transaction to it e.g. "FAGLL03" or "FF67".
No authorization data is displayed in the authorization tab unless I enter authorization tab with change button and provide inputs for org level field & generate profile. Even when I save the profile with the proposed name, it status still says "No authorization data exists". Since no authorization data is available, administrator 2 is unable to generate profile. If administrator 1 has to generate profile then why is administrator 2 required.
Definition of Administrator 1 is:
The authorization data administrator creates the roles, selects transactions and
maintains the authorization data. He or she simply saves the data in the Profile
Generator since he does not have the necessary authorization for generating the
profile. He or she accepts the proposed profile name T-.... The authorization data
administrator may not change users, nor generate profiles.
Definition of Administrator 2 is:
The authorization profile administrator starts transaction SUPC and chooses All
Roles. He or she then restricts his selection, for example by entering the ID of the
role to be edited. On the next screen, he or she chooses Display Profile to check
the data. If all the data is correct, he or she generates the authorization profile. The
authorization profile administrator may not change users, change the data for roles,
nor generate profiles containing authorization objects beginning with S_USER*.
Thanks.Hasan Saeed Khan wrote:
Actually I started off my question with the "implementation of treble control" that SAP course AD940 suggests.
I had never heard of this treble control and the added value of splitting rolebuilding and profile generation doesn't make much sense to me but that's my personal opinion.
On the technical side of things: in your first post you state "No authorization data is displayed in the authorization tab unless I enter authorization tab with change button and provide inputs for org level field & generate profile."
It is also possible to change the data and save this but not generate the profile yet. I just tried this by doing the following:
Create role
Add transactions to menu
Edit profile, org levels & authroization data.
Hit 'save'.
Accept proposed profile name.
Go back to PFCG main screen and ignore message of profile not being generated. (Click 'continue')
And this leaves me with a role with yellow traffic light on the authorization tab an the profile status is: "Current version not generated"
So it should be possible to maintain roles and profiles separately. -
Error: No authorization to display the message
Hello
Users are getting error : No authorization to display the message,
when they are trying to view the content of the message.
When checked in the error logs, I see teh below log:
Message: Failed (javax.management.MBeanPermission,*,DISPLAY)java.lang.reflect.InvocationTargetException
Category: com.sap.security.core.role.PermissionData
Location: com.sap.security.core.role.PermissionData.get(ClassLoader)
Application: sap.com/tclmitsamcouinwalocalnavigation~wd
Can you please advice , as what actions has to be added to user.Where do you get this error? Basically user is not having proper credentials to view the message. Talk to Basis team.
-
Create business partner with role 'Internet User' via BP
Hi,
We want to create business partner with role 'BUP005 Internet User'
for purpose to link with created early user su01.
It's work via isauseradm application, Web UI.
Now I want to create new role 'BUP005 Interner user' via GUI. I started Tcode BP.
I filled USERNAME, password, roles. I tried to save BP.
I got this error:
Enter the Internet user
Message no. R11214
You have maintained attributes (logon data, roles and/or fixed values) for the Internet user, without having entered the Internet user itself.
But,
Field 'INTERNETUSER' is not changeble.
Denis.Hi, DJ
Thank you for answer)
1. Have you saved the BP. If Yes, just see if the INTERNET USER maintained is available in SU01.
Yes, but I can not see INTERNET USER in the BP.
2. If you are not able to assign the INTERNET USER, please try to maintain the INTERNET USER in BP.
I can not do it, because I can not change field INTERNET USER
3. If the INTERNET USER field is not available, just check the authorization for the same.
I has all authorization: sap_all.
Denis -
Personal ID : You have no authorization to display.
Hi,
we have EP 7.0 and have deployed ESS/ MSS 1.0 buisness package.
When i go to Personal IDs in Personal information workset of ESS. It gives me following error :-
You have no authorization to display
com.sap.pcuigp.xssfpm.java.FPMRuntimeException: You have no authorization to display
at com.sap.pcuigp.xssfpm.java.MessageManager.raiseException(MessageManager.java:112)
at com.sap.pcuigp.xssfpm.java.MessageManager.raiseException(MessageManager.java:122)
at com.sap.xss.per.helpers.MessageHelper.raiseException(MessageHelper.java:43)
at com.sap.xss.hr.per.in.pid.fc.FcPerPidIN.readRecord(FcPerPidIN.java:269)
at com.sap.xss.hr.per.in.pid.fc.wdp.InternalFcPerPidIN.readRecord(InternalFcPerPidIN.java:535)
at com.sap.xss.hr.per.in.pid.fc.FcPerPidINInterface.readRecord(FcPerPidINInterface.java:146
For some of the employee it is working, but for some its not working.. i tried giving them Administrator role still it shows same error.
I dont know what authorization i am missing..Hi Supraja,
Thanks for replying...the link you provided talk about NWDI and CMS.....i am not importing my package into NWDI..
I get following error when an employee is trying to view his personal id from ESS role in portal..
i mean..when a user clicks on Personal ID link in portal..it gives me :-
You have no authorization to display.
Thanks and regards,
Jigar Oza -
Authorization for display only in tx MIGO
Dear Guru's,
can we give an authorization for display (i.e.Display material document ) only in Tcode MIGO for particular user ,
if possible please let us know the authorization object for the same.
Thanks,
Ashish.Hi,
Create a custom profile via tcode PFCG.
Add the required tcode 'MIGO' to the 'Menu' tab.
Then goto 'Authorizations' and open expert mode for authorization. Here you can control the field values for authorization object. Once done, generate the profile and assign user to role along with user master comparison run.
Regards,
Srikishan -
How to create business partner with Role : "Loyalty Partner"
Hello,
During the creation of Loyalty Program, we can add loyalty partners which are Business Partners created with Role --> "Loyalty Partner". In standard package I could not see the the Role "Loyalty Partner"
For this role to be available during the creation of Business Partner, does any business functionality needs to be activated or should we create new role "Loyalty Partner" through BDT
Thanks
RamHi Vishal
Thanks for your explanation but I think it has not answered my question fully.
Yes, I do agree that only Loyalty Partners can be added in a Loyalty Program and those are Business Partners.
If you read through my question, I have asked how the system differentiates between Business Partners for example a sold to party and Loyalty Partner. In other words, which part of data in the Business Partner is the one which actually differentiates a Loyal Partner with other Business Partners. I think, just creating a Business Partner with Role --> Loyaly Partner will not serve our purpose.
The BP view is the same and the BP Role category does not contain my customization to differentiate this
Hope you understand what I am trying to say. Please let me know if you have any questions !!
Regards
Ram -
No business partner found for ERP partner "Vendor" (role:LF)
Dear Experts,
When we create Inbound Delivery in ERP, it is getting distributed.
But the IBD is not created in EWM.
We checked in SLG1 and the deliveries were failed in the queue.
The error message says "No business partner found for ERP partner EWM_TEST (role:LF)".
We have maintained Business partner and IT type = CRM004 in Identification Tab.
Still, no idea how we can solve this issue.
Please suggest with your valuable inputs.
Thanks,
ShettyHi Ulf ,
Yes i have CIF ed vendor and seems ok now , but while task creation am getting error Please refer below screen shots and kindly guide me on error message . -
Insufficient authorization to display object Message Mapping
Hi there
Every now and then when I try and open a message mapping object I get this error: Insufficient authorization to display object Message Mapping. I then restart my Integration Builder then it works again.
Any Idea how I would fix this?
Thanks,
Janhi,
apart from what was said you can try changing
com.sap.aii.ib.util.server.auth.activation
parameter in exchangeprofile to false
if you don't use any data-dependent authorizations
then you should never see this error
maybe this will help
but remember that if you want to use data-dependent authorizations
in the future you need to put it back to true again
Regards,
Michal Krawczyk -
Change authorization object in a derived role
Hi Gurus,
What's happen if someone has added a new authorization object in a derived role?
He has only changed some derived role, not the parent role, he added manually a new value in the authorization field. The parent role didn't changed.
<u>Note:</u>The field was not an organizationnal field, it was S_DATASET.
What do you think about this ?
Thanks
Hery-zoDo i understand this right??? do functional teams have access to PFCG to create roles???
If so that is your real problem, as that shoudl never been doen that way. You are completely right functional consultants have no clue about how roles should be build. advise:
1 take away the access to PFCG in ALL systems for anybody other than security consultants administrators.
2 ask all functional teams to describe the roles points to be adressed:
A TRX in every role
B all wanted restrictions on every TRX (described functionally)
C orglevels on which restrictions should be build.
D Test process for every TRX in every role (both positive and negative)
E check all roles against table USOBT and look for manually added objects,
if they can not give a good reason for adding these REMOVE them.
3 retest all roles based on point 2D, ask the funcxtional consultants to assist where needed. Adjust roels during testing where needed, but create a good auditable record for every change.
4 Update USOBT_C (use TRX SU24) for all changes you apply during testing
5 check your roles for the corrected TRX after this change and update the other roels involved as well.
6 ONLY allow roles that have followed the above process to go to Production.
The above steps are the only way to create a secure SAP Production system for you! -
Authorizations: On Business Partner, there is no "read only" option
Hi everybody,
I am trying to allow users to see a Business Partner (for example, when creating a sales order, they should be able to search for a customer and to see details about it), but I don't want them to be able to create or update a Business partner.
In SBO, there is no option "Read only" fro Business partner.
We have "addind a business partner" No or Full authorization
and "Business partner type" Customers No or Full authorization
Do you have a solution for me ?Thats correct if you give ADD / UPDATE it applies to both Customers and Vendors.
There is no setting by BP type, it applies for all BP's.
I did not understand this "I didn't see that there is an authorization at "chapter" level..."
In the Authorization window when you expand Business Partners you would see
<li>Adding Business Partner
<li> <h3> Business Partner Master Data </h3>
At the Business Partner Master Data change the setting to Read-Only -
How to control the authorization as display only in ECC system?
Hi all,
I want to control the IT users' authorization as display only for each Authorization Object.
As i know, there are 177 Item of field "ACTVT" in ECC system, But i'm not ture which the value can limited the authoirzation as display only.
Im worry about IT users have not authorization for the work if just keep "03-display" in authorization object, I plan to remove below value of ACTVT:
01-create, 02-change, 05-Lock,06-Delete,07-Activate, generate
But i'm not sure whether should be removed for below values:
52-Change application start
60-Import
61-Export
62-Create automatic Ledger
63-Activate
64-Generate
70-Administer
75-Remove
C3-Maintenance of manual auth.
C4-Develope Payment Card
FP-Change customer field selectn
Could anyone can tell me, Which values of ACTVT can limited the authorization as display only. at the same time, it havent an effect on work of IT users.Yep, I agree with Jurjen. It is not only limited to ACTVT, but rather fields of other objects as well which are "action" or "activity" related.
I would start the other way around - give them '03' only and investigate any transaction specific claims that it is not enough. There will be a few...
Cheers,
Julius -
Why "You do not have authorization to display company codes" ? Thanks
Hello,
Using the Tutorial BAPI which comes with the JCO Tutorial,I just wanna call the first function.
When I run the code, it display "You do not have authorization to display company codes".
Could any body please help me to explain why?
Thanks a lot
BELOW IS THE CODE:
package com.sap.slc.teamweb.test;
import com.sap.mw.jco.*;
public class TestBapi1 extends Object {
JCO.Client mConnection;
JCO.Repository mRepository;
public TestBapi1() {
try {
// Change the logon information to your own system/user
JCO.createClient("001", // SAP client
"<userid>", // userid
"****", // password
null, // language
"<hostname>", // application server host name
"00"); // system number
mConnection.connect();
mRepository = new JCO.Repository("SAPJCO", mConnection);
} catch (Exception ex) {
ex.printStackTrace();
System.exit(1);
JCO.Function function = null;
JCO.Table codes = null;
try {
function = this.createFunction("BAPI_COMPANYCODE_GETLIST");
if (function == null) {
System.out.println("BAPI_COMPANYCODE_GETLIST" + " not found in SAP.");
System.exit(1);
mConnection.execute(function);
JCO.Structure returnStructure = function.getExportParameterList().getStructure("RETURN");
if (!(returnStructure.getString("TYPE").equals("") || returnStructure.getString("TYPE").equals("S"))) {
System.out.println(returnStructure.getString("MESSAGE"));
System.exit(1);
codes = function.getTableParameterList().getTable("COMPANYCODE_LIST");
for (int i = 0; i < codes.getNumRows(); i++) {
codes.setRow(i);
System.out.println(codes.getString("COMP_CODE") + '\t' + codes.getString("COMP_NAME"));
catch (Exception ex) {
ex.printStackTrace();
System.exit(1);
try {
codes.firstRow();
for (int i = 0; i < codes.getNumRows(); i++, codes.nextRow()) {
function = this.createFunction("BAPI_COMPANYCODE_GETDETAIL");
if (function == null) {
System.out.println("BAPI_COMPANYCODE_GETDETAIL" + " not found in SAP.");
System.exit(1);
function.getImportParameterList().
setValue(codes.getString("COMP_CODE"), "COMPANYCODEID");
function.getExportParameterList().
setActive(false, "COMPANYCODE_ADDRESS");
mConnection.execute(function);
JCO.Structure returnStructure = function.getExportParameterList().getStructure("RETURN");
if (!(returnStructure.getString("TYPE").equals("") ||
returnStructure.getString("TYPE").equals("S") ||
returnStructure.getString("TYPE").equals("W"))) {
System.out.println(returnStructure.getString("MESSAGE"));
JCO.Structure detail =
function.getExportParameterList().
getStructure("COMPANYCODE_DETAIL");
System.out.println(detail.getString("COMP_CODE") + '\t' +
detail.getString("COUNTRY") + '\t' +
detail.getString("CITY"));
catch (Exception ex) {
ex.printStackTrace();
System.exit(1);
mConnection.disconnect();
public JCO.Function createFunction(String name) throws Exception {
try {
IFunctionTemplate ft = mRepository.getFunctionTemplate(name.toUpperCase());
if (ft == null)
return null;
return ft.getFunction();
catch (Exception ex) {
throw new Exception("Problem retrieving JCO.Function object.");
public static void main(String args[]) {
TestBapi1 app = new TestBapi1();Hi Mao,
R/3 comes with some predefined Company Codes and we also
can define our own Company Codes.
visit this link this may help you.
http://help.sap.com/saphelp_erp2004/helpdata/en/8e/1a5217171311d28e1d080009b6ab29/frameset.htm
Regards,
Narinder Hartala
Maybe you are looking for
-
How to Install Adobe Flash player without Google Chrome?
I am using IE9 with Bing as my search engine on a 64bit Windows Vista System. When I tried to watch a video while online I received the error msg that I needed to download Adobe Flash Player. When I tried to download the Flash Player I saw that Go
-
BBM group chat question - from time to time, additional chats show up in our group that have no messages in them. When someone posts in one, the whole group sees it and the admins can delete it, but otherwise they tend to be localized to one or two m
-
CRM line item status not updated when delivery is deleted in ECC
Hi All, When order is created in CRM it gets replicated to ECC.When delivery is created in ECC, the System Status in CRM at the line item level is changed to completed and also Delivery completed status is created in CRm.. Now when we delete the del
-
Old orders not showing in "My orders" section
Hi, I hope someone can give me a hand on this problem. I bought a copy of Photoshop in July 2011 from the adobe shop, I downloaded it and have been using it. Over the weekend my computer was stolen so I need to reinstall Photoshop onto my new machine
-
IPhone stays black after reboot/restore. No logo on reboot.
My girlfriend dropped her iPhone 4 and the screen went black. I tried a reboot, restore, putting it in DFU mode...nothing seems to work. I'm afraid she may have busted something internally. It still rings when you call, still vibrates and still activ