"No authorization to display partner in role".

Similar Messages

• Role or Profile with Full Authorization in DISPLAY MODE

  Hi all,
  Can anyone help me or tell me if there is any standard role or profile which has full authorization in display mode.
  I wanted to assign this to all our support team for the PRD server who shud only have the display auths so that the pre-production client can be safe.
  I have checked many places for this kind of activity, but found no threads on the same and also realted links.
  Can anyone tell me how to get this task done....
  I have also tried few possible ways which never helped me and all my efforts failed.
  Waiting to hear from SDNs, for which i can assure REWARD POINTS.
  Thanks to all in advance
  Regards
  Hari Haran

  Hi,
  By enabling the permission level as 'read', the authorized user/group/role can:
  1. View the object in the Portal Catalog using the browse and search capabilities.
  2. Open the object in its respective primary and secondary editors in read-only mode; the object cannot be modified.
  3. Create instances (delta links and copies) from the object.
  4. Gain access to and choose templates in the object creation wizards.
  This permission level can be used to prevent portal administrators from editing a particular object, while still allowing them create an instance of the source and use the new instance in any way
  Regards
  Srinivasan T

• Business Partner General Role is not display.

  Dear experts,
  I need configure for an user by pfcg role can Create/Display/Change BP role type BUP002. This user create a BP (BP General role) but did not assign BP role BUP002 for thí BP. Then, this user can not search the BP (BP General role) that he created before. So, can anyone help me how to make an user display all BP General Role?
  Thanks and Regards!
  Longnd.

  Thanks all for your replies,
  Hi Shwhetha, My problem is resolved following your instruction.
  Hi Denis, i have read this note, but i am a programmer so it is not detail for me and i don not know what must i do following it. Can you show me how can configure to fix a value for assignment when i create a BP?
  Thanks and regards!
  Longnd.

• Difference between Change Authorization Data / Display Authorization Data

  Hello,
  My question is wrt to implementation of "principle of treble control" i.e three SAP administrators i.e.
  1. Authorization data administrator
  2. Authorization profile administrator
  3. User Administrator
  I have created a role & added a transaction to it e.g. "FAGLL03" or "FF67".
  No authorization data is displayed in the authorization tab unless I enter authorization tab with change button and provide inputs for org level field & generate profile. Even when I save the profile with the proposed name, it status still says "No authorization data exists". Since no authorization data is available, administrator 2 is unable to generate profile. If administrator 1 has to generate profile then why is administrator 2 required.
  Definition of Administrator 1 is:
  The authorization data administrator creates the roles, selects transactions and
  maintains the authorization data. He or she simply saves the data in the Profile
  Generator since he does not have the necessary authorization for generating the
  profile. He or she accepts the proposed profile name “T-...”. The authorization data
  administrator may not change users, nor generate profiles.
  Definition of Administrator 2 is:
  The authorization profile administrator starts transaction “SUPC” and chooses All
  Roles. He or she then restricts his selection, for example by entering the ID of the
  role to be edited. On the next screen, he or she chooses Display Profile to check
  the data. If all the data is correct, he or she generates the authorization profile. The
  authorization profile administrator may not change users, change the data for roles,
  nor generate profiles containing authorization objects beginning with S_USER*.
  Thanks.

  Hasan Saeed Khan wrote:
  Actually I started off my question with the "implementation of treble control" that SAP course AD940 suggests.
  I had never heard of this treble control and the added value of splitting rolebuilding and profile generation doesn't make much sense to me but that's my personal opinion.
  On the technical side of things: in your first post you state "No authorization data is displayed in the authorization tab unless I enter authorization tab with change button and provide inputs for org level field & generate profile."
  It is also possible to change the data and save this but not generate the profile yet. I just tried this by doing the following:
  Create role
  Add transactions to menu
  Edit profile, org levels & authroization data.
  Hit 'save'.
  Accept proposed profile name.
  Go back to PFCG main screen and ignore message of profile not being generated. (Click 'continue')
  And this leaves me with a role with yellow traffic light on the authorization tab an the profile status is: "Current version not generated"
  So it should be possible to maintain roles and profiles separately.

• Error: No authorization to display the message

  Hello
  Users are getting error : No authorization to display the message,
  when they are trying to view the content of the message.
  When checked in the error logs, I see teh below log:
  Message: Failed (javax.management.MBeanPermission,*,DISPLAY)java.lang.reflect.InvocationTargetException
  Category: com.sap.security.core.role.PermissionData
  Location: com.sap.security.core.role.PermissionData.get(ClassLoader)
  Application: sap.com/tclmitsamcouinwalocalnavigation~wd
  Can you please advice , as what actions has to be added to user.

  Where do you get this error?  Basically user is not having proper credentials to view the message. Talk to Basis team.

• Create business partner with role 'Internet User' via BP

  Hi,
  We want to create business partner with role 'BUP005 Internet User'
  for purpose to link with created early user su01.
  It's work via isauseradm application, Web UI.
  Now I want to create new role 'BUP005 Interner user' via GUI. I started Tcode BP.
  I filled USERNAME, password, roles. I tried to save BP.
  I got this error:
  Enter the Internet user
  Message no. R11214
  You have maintained attributes (logon data, roles and/or fixed values) for the Internet user, without having entered the Internet user itself.
  But,
  Field 'INTERNETUSER' is not changeble.
  Denis.

  Hi, DJ
  Thank you for answer)
  1. Have you saved the BP. If Yes, just see if the INTERNET USER maintained is available in SU01.
  Yes, but I can not see  INTERNET USER in the BP.
  2. If you are not able to assign the INTERNET USER, please try to maintain the INTERNET USER in BP.
  I can not do it, because I can not change field INTERNET USER
  3. If the INTERNET USER field is not available, just check the authorization for the same.
  I has all authorization: sap_all.
  Denis

• Personal ID : You have no authorization to display.

  Hi,
  we have EP 7.0 and have deployed ESS/ MSS 1.0 buisness package.
  When i go to Personal IDs in Personal information workset of ESS. It gives me following error :-
  You have no authorization to display
  com.sap.pcuigp.xssfpm.java.FPMRuntimeException: You have no authorization to display
       at com.sap.pcuigp.xssfpm.java.MessageManager.raiseException(MessageManager.java:112)
       at com.sap.pcuigp.xssfpm.java.MessageManager.raiseException(MessageManager.java:122)
       at com.sap.xss.per.helpers.MessageHelper.raiseException(MessageHelper.java:43)
       at com.sap.xss.hr.per.in.pid.fc.FcPerPidIN.readRecord(FcPerPidIN.java:269)
       at com.sap.xss.hr.per.in.pid.fc.wdp.InternalFcPerPidIN.readRecord(InternalFcPerPidIN.java:535)
       at com.sap.xss.hr.per.in.pid.fc.FcPerPidINInterface.readRecord(FcPerPidINInterface.java:146
  For some of the employee it is working, but for some its not working.. i tried giving them Administrator role still it shows same error.
  I dont know what authorization i am missing..

  Hi Supraja,
  Thanks for replying...the link you provided talk about NWDI and CMS.....i am not importing my package into NWDI..
  I get following error when an employee is trying to view his personal id from ESS role in portal..
  i mean..when a user clicks on Personal ID link in portal..it gives me :-
  You have no authorization to display.
  Thanks and regards,
  Jigar Oza

• Authorization for display only in tx MIGO

  Dear Guru's,
  can we give an authorization for display (i.e.Display material document ) only in Tcode MIGO for particular user ,
  if possible please let us know the authorization object for the same.
  Thanks,
  Ashish.

  Hi,
  Create a custom profile via tcode PFCG.
  Add the required tcode 'MIGO' to the 'Menu' tab.
  Then goto 'Authorizations' and open expert mode for authorization. Here you can control the field values for authorization object. Once done, generate the profile and assign user to role along with user master comparison run.
  Regards,
  Srikishan

• How to create business partner with Role : "Loyalty Partner"

  Hello,
  During the creation of Loyalty Program, we can add loyalty partners which are Business Partners created with Role --> "Loyalty Partner". In standard package I could not see the the Role "Loyalty Partner"
  For this role to be available during the creation of Business Partner, does any business functionality needs to be activated or should we create new role "Loyalty Partner" through BDT
  Thanks
  Ram

  Hi Vishal
  Thanks for your explanation but I think it has not answered my question fully.
  Yes, I do agree that only Loyalty Partners can be added in a Loyalty Program and those are Business Partners.
  If you read through my question, I have asked how the system differentiates between Business Partners for example a sold to party and Loyalty Partner.  In other words, which part of data in the Business Partner is the one which actually differentiates a Loyal Partner with other Business Partners. I think, just creating a Business Partner with Role --> Loyaly Partner will not serve our purpose.
  The BP view is the same and the BP Role category does not contain my customization to differentiate this
  Hope you understand what I am trying to say. Please let me know if you have any questions !!
  Regards
  Ram

• No business partner found for ERP partner "Vendor" (role:LF)

  Dear Experts,
  When we create Inbound Delivery in ERP, it is getting distributed.
  But the IBD is not created in EWM.
  We checked in SLG1 and the deliveries were failed in the queue.
  The error message says "No business partner found for ERP partner EWM_TEST (role:LF)".
  We have maintained Business partner  and IT type = CRM004 in Identification Tab.
  Still, no idea how we can solve this issue.
  Please suggest with your valuable inputs.
  Thanks,
  Shetty

  Hi Ulf ,
  Yes i have CIF ed vendor and seems ok now , but while task creation am getting error Please refer  below screen shots and kindly guide me on error message .

• Insufficient authorization to display object Message Mapping

  Hi there
  Every now and then when I try and open a message mapping object I get this error: Insufficient authorization to display object Message Mapping. I then restart my Integration Builder then it works again.
  Any Idea how I would fix this?
  Thanks,
  Jan

  hi,
  apart from what was said you can try changing
  com.sap.aii.ib.util.server.auth.activation
  parameter in exchangeprofile to false
  if you don't use any data-dependent authorizations
  then you should never see this error
  maybe this will help
  but remember that if you want to use data-dependent authorizations
  in the future you need to put it back to true again
  Regards,
  Michal Krawczyk

• Change authorization object in a derived role

  Hi Gurus,
  What's happen if someone has added a new authorization object in a derived role?
  He has only changed some derived role, not the parent role, he added manually a new value in the authorization field. The parent role didn't changed.
  <u>Note:</u>The field was not an organizationnal field, it was S_DATASET.
  What do you think about this ?
  Thanks
  Hery-zo

  Do i understand this right??? do functional teams have access to PFCG to create roles???
  If so that is your real problem, as that shoudl never been doen that way. You are completely right functional consultants have no clue about how roles should be build. advise:
  1 take away the access to PFCG in ALL systems for anybody other than security consultants administrators.
  2 ask all functional teams to describe the roles points to be adressed:
     A TRX in every role
     B all wanted restrictions on every TRX (described functionally)
     C orglevels on which restrictions should be build.
     D Test process for every TRX in every role (both positive and negative)
     E  check all roles against table USOBT and look for manually added objects,  
         if they can not give a good reason for adding these REMOVE them.
  3 retest all roles based on point 2D, ask the funcxtional consultants to assist where needed. Adjust roels during testing where needed, but create a good auditable record for every change.
  4 Update USOBT_C (use TRX SU24) for all changes you apply during testing
  5 check your roles for the corrected TRX after this change and update the other roels involved as well.
  6 ONLY allow roles that have followed the above process to go to Production.
  The above steps are the only way to create a secure SAP Production system for you!

• Authorizations: On Business Partner, there is no "read only" option

  Hi everybody,
  I am trying to allow users to see a Business Partner (for example, when creating a sales order, they should be able to search for a customer and to see details about it), but I don't want them to be able to create or update a Business partner.
  In SBO, there is no option "Read only" fro Business partner.
  We have "addind a business partner"               No or Full authorization
  and         "Business partner type"  Customers  No or Full authorization
  Do you have a solution for me ?

  Thats correct if you give ADD / UPDATE it applies to both Customers and Vendors.
  There is no setting by BP type, it applies for all BP's.
  I did not understand this "I didn't see that there is an authorization at "chapter" level..."
  In the Authorization window when you expand Business Partners you would see
  <li>Adding Business Partner
  <li> <h3> Business Partner Master Data </h3>
  At the Business Partner Master Data   change the setting to Read-Only

• How to control the authorization as display only in ECC system?

  Hi all,
  I want to control the IT users' authorization as display only for each Authorization Object.
  As i know, there are 177 Item of field "ACTVT" in ECC system, But i'm not ture which the value can limited the authoirzation as display only.
  Im worry about IT users have not authorization for the work if just keep "03-display" in authorization object, I plan to remove below value of ACTVT:
  01-create, 02-change, 05-Lock,06-Delete,07-Activate, generate
  But i'm not sure whether should be removed for below values:
  52-Change application start
  60-Import
  61-Export
  62-Create automatic Ledger
  63-Activate
  64-Generate
  70-Administer
  75-Remove
  C3-Maintenance of manual auth.
  C4-Develope Payment Card
  FP-Change customer field selectn
  Could anyone can tell me, Which values of ACTVT can limited the authorization as display only. at the same time, it havent an effect on work of IT users.

  Yep, I agree with Jurjen. It is not only limited to ACTVT, but rather fields of other objects as well which are "action" or "activity" related.
  I would start the other way around - give them '03' only and investigate any transaction specific claims that it is not enough. There will be a few...
  Cheers,
  Julius

• Why "You do not have authorization to display company codes" ? Thanks

  Hello,
  Using the Tutorial BAPI which comes with the JCO Tutorial,I just wanna call the first function.
  When I run the code, it display "You do not have authorization to display company codes".
  Could any body please help me to explain why?
  Thanks a lot
  BELOW IS THE CODE:
  package com.sap.slc.teamweb.test;
  import com.sap.mw.jco.*;
  public class TestBapi1 extends Object {
      JCO.Client mConnection;
      JCO.Repository mRepository;
      public TestBapi1() {
          try {
              // Change the logon information to your own system/user
              JCO.createClient("001", // SAP client
                "<userid>", // userid
                "****", // password
                null, // language
                "<hostname>", // application server host name
                "00"); // system number
              mConnection.connect();
              mRepository = new JCO.Repository("SAPJCO", mConnection);
          } catch (Exception ex) {
              ex.printStackTrace();
              System.exit(1);
          JCO.Function function = null;
          JCO.Table codes = null;
          try {
              function = this.createFunction("BAPI_COMPANYCODE_GETLIST");
              if (function == null) {
                  System.out.println("BAPI_COMPANYCODE_GETLIST" + " not found in SAP.");
                  System.exit(1);
              mConnection.execute(function);
              JCO.Structure returnStructure = function.getExportParameterList().getStructure("RETURN");
              if (!(returnStructure.getString("TYPE").equals("") || returnStructure.getString("TYPE").equals("S"))) {
                  System.out.println(returnStructure.getString("MESSAGE"));
                  System.exit(1);
              codes = function.getTableParameterList().getTable("COMPANYCODE_LIST");
              for (int i = 0; i < codes.getNumRows(); i++) {
                  codes.setRow(i);
                  System.out.println(codes.getString("COMP_CODE") + '\t' + codes.getString("COMP_NAME"));
          catch (Exception ex) {
              ex.printStackTrace();
              System.exit(1);
          try {
              codes.firstRow();
              for (int i = 0; i < codes.getNumRows(); i++, codes.nextRow()) {
                  function = this.createFunction("BAPI_COMPANYCODE_GETDETAIL");
                  if (function == null) {
                      System.out.println("BAPI_COMPANYCODE_GETDETAIL" + " not found in SAP.");
                      System.exit(1);
                  function.getImportParameterList().
                  setValue(codes.getString("COMP_CODE"), "COMPANYCODEID");
                  function.getExportParameterList().
                  setActive(false, "COMPANYCODE_ADDRESS");
                  mConnection.execute(function);
                  JCO.Structure returnStructure = function.getExportParameterList().getStructure("RETURN");
                  if (!(returnStructure.getString("TYPE").equals("") ||
                  returnStructure.getString("TYPE").equals("S") ||
                  returnStructure.getString("TYPE").equals("W"))) {
                      System.out.println(returnStructure.getString("MESSAGE"));
                  JCO.Structure detail =
                  function.getExportParameterList().
                  getStructure("COMPANYCODE_DETAIL");
                  System.out.println(detail.getString("COMP_CODE") + '\t' +
                  detail.getString("COUNTRY") + '\t' +
                  detail.getString("CITY"));
          catch (Exception ex) {
              ex.printStackTrace();
              System.exit(1);
          mConnection.disconnect();
      public JCO.Function createFunction(String name) throws Exception {
          try {
              IFunctionTemplate ft = mRepository.getFunctionTemplate(name.toUpperCase());
              if (ft == null)
                  return null;
              return ft.getFunction();
          catch (Exception ex) {
              throw new Exception("Problem retrieving JCO.Function object.");
      public static void main(String args[]) {
          TestBapi1 app = new TestBapi1();

  Hi Mao,
  R/3 comes with some predefined Company Codes and we also
  can define our own Company Codes.
  visit this link this may help you.
  http://help.sap.com/saphelp_erp2004/helpdata/en/8e/1a5217171311d28e1d080009b6ab29/frameset.htm
  Regards,
  Narinder Hartala