OB52 - Authorization for specific population

Similar Messages

• Authorization for specific business scenario or business step in solar01

  Dear all,
  we have an issue regarding solution manager blueprinting management restricting an access to specific nodes. Our goar is to have several substructures devided by modules like: FI, SD, PS and etc. And each team member according his position in a company should have an access only to his substructure and all the related documentation below that. Saying an access means a change mode not a display access.
  Please find the steps have been performed during the configuration of project below:
  All the configuration around system landscape has been done properly.
  A new project for solution was created in solar_project_admin.
  A correct logical componens has been assigned.
  All the required users have assigned as a team members of a project.
  At the projec. team member tab a box has been checked in for: restrict changes to nodes in project to assigned team members.
  A proposed structure of nodes has been created within Tx solar02.
  The right team members have assigned to specific node. So that only they suppose to have a change permission within that nodes. All others read only access.
  Every user has sap_solar01_all role assigned to him. We have tryed assigning varios roles according to  http://help.sap.com/saphelp_sm310/helpdata/en/db/a1033b2a98f46ae10000000a11402f/content.htm
  However as a result we are having a change permission allowed for every node within the structure. Like FI responsible member can access to any node from a tree. And he can make a change for SD related documentation.
  Please assist regarding this issue.
  Kind regards,
  P.S.
  I found a thread with a similar problem which was solved by activating a checkbox which is already activated in our system and actually doesn't solve that problem for us.
  Authorization for specific business scenarios in Solar01/02
  Edited by: Artjoms Nikulins on Mar 11, 2010 3:37 PM

  Hi
  As far my knowldege goes this is not possible to do within same project or making the same.
  You can have project specific access given to member but you cannot go module wise authorization.
  Ofcourse there satellite system authorization will be different but not in solman.
  In addition check this security guide
  https://websmp104.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000075728&_OBJECT=011000358700007187872005E
  Hope it ans ur query.
  Regards
  Prakhar
  Edited by: Prakhar Saxena on Mar 12, 2010 3:22 AM

• Define read-only authorization for specific field(s) on a form for 11.5.9

  Dear all,
  Can you pls let me know how is it possible to define read-only authorization access for specific field(s) per responsibility / user on a form in 11.5.9?
  For example I want to protect the item master file by assigning for example to users with responsibility buyer authorization to modify the buyer information but to have read-only only authorization on other sensitive fields such as make/buy flag, expense accounts, etc
  Through UI Modeller I have only managed to make specific fields on specific forms invisible, or whole tabs invisible, to specific responsibilities but this does not cover my needs as I want them to be able to view the data of the fields but to not be able to update them

  Arun,
  Almost but not quite.. The example you've given has the person VO at the top level which includes all the id's (City, State etc). My use case is slightly different.
  query 1
       select org_id, OrgName from x;
  query 2
       select emp_id, emp_name from y where org_id = x.org_id
  query 3
       multi-table join (approx 9 tables) to retrieve depts associated to employee
       where org_id = x.org_id
       and emp_id = y.emp_id
  Rather than using LOV's would it be better to create VO's and pass in the bind parameters at run time?

• Delete authorization for specific Company Code

  All,
  For a specific transactions, our users may only run the transaction for a specific company code. Transaction is TPM55A
  What authorization object do I need to add to my role, so the users have only authorization for let's say Company code range 1000 - 1050.
  Many thanx for help
  kr,
  Stef

  Hi Stef,
  Please try to add this authorisation object manually F_BKPF_BUK- Authorisation object for company code.
  In the filed BUKRS you can maintain the company code as you required for the users.
  I hope this may help you in resolving the issue.
  Thanks
  Karthick

• Authorization for specific report

  Hello friends ,
  I want to give authorization to user specific to only one report , can anybody tell me the specific object and values fro it ?
  Regards
  Nilesh Vakil

  Hi,
        You can add this purticular Query in the Role which is assigned to that user. First you assign that role to your User ID and then you can add this object in the Role by opening the Query in BEx--> Click on publish in Role.
  Now that report will be accessable for all the users where that role is Allocated.
  Regards
  Karthik

• Restrict F4 search results for specific plants / sales org / purchasing org

  Hello All,
  We have a project where a particular plant / sales org / purchasing org needs to be restricted because of the top secret data for that business.  We would like to be able to restrict the search results that are displayed based on sales org / plant / purchasing org in the F4 help.  If a user does not have access to the data / documents related a plant / sales org / purchasing org, we do not want the user to be able to see doc numbers, ship-to's, material numbers etc... My question is where do we restrict F4 results for the Sales and Distribution, Finance, Materials Management, Production Planning, Logistics, etc... modules?  Thanks in advance for the help.
  Jordan

  We can set authorization for specific plants and other organization levels,contact the basis team and discuss about the authorization

• How can i open period for specific user in OB52.

  Hi Expert,
  How can i open period for specific user in OB52.  As 'Authorisation Group' field is there in OB52, how can i use this field to restrict the specific user to post for particular period.  How can i creat authorisation group and where can i assign it to the particular user...
  Please let me know?
  Thanks and regards,
  Sam.

  Hi,
  Here is the detailed process as outlined in SAP help.
  Procedure
  If only a limited set of users is to be able to post in a particular posting period, proceed as follows:
  Add the posting period authorization (authorization object F_BKPF_BUP) to the authorizations of the selected users. Assign an authorization group (e.g. '0001').
  Enter the account type '+' for the posting period variant to which the restriction is to apply. Enter the period(s) whose use is to be restricted in the first period, those which are available to all users in the second period, and the authorization group (e.g. '0001') in the last column.
  Examples
  A posting period can be successively restricted. If, e.g. 10 users have the posting period authorization with authorization group '0001', and 3 of these 10 users also with authorization group '0002'.
  If the period is only to be accessible to the 10 selected users the authorization group '0001' is entered in the posting period variant. Access can later be restricted to the remaining 3 users by entering '0002'.
  Thanks
  Venkata Ganesh Perumalla

• Authorization for opening & Closing posting periods - OB52

  Hi,
  Is there any way to set authorization for opening & closing of posting periods in OB52?
  My scenario:
  I have 2 company codes - A & B assigned to 2 different posting period variant - say PPA & PPB.
  The user belonging to CoCd A should not be able to open/close posting period of CoCd B and vice versa.
  Is this possible through any authorization settings?
  Request your help on this.
  Regards,
  Sridevi

  Hi Sridevi
  Please go through the following:
  You can assign authorization groups for permitted posting periods. This means that, for example, some posting periods can only be opened for particular users within monthly or annual closing. You can only assign the authorization group at document header level and it only affects period 1. The authorization object is called F_BKPF_BUP (Accounting document: Authorizations for posting periods). Read the corresponding chapter on "User maintenance" in the "Assigning authorizations" topic.
  "User maintenance"
  Due to the modular authorization concept of the system, you can define authorization profiles which are tailored to the workplace of your employees. You can, for example, assign authorization to a workplace in the Accounts Receivable, Accounts Payable or General Ledger Accounting areas.
  By assigning authorizations you define which business-related objects your employees are allowed to process and which editing functions are allowed.
  In the following activities for authorization management, you must carry out the following for employees who are to work with the system:
  Assign authorizations
  The authorizations are assigned by specifying permitted values for the pre-defined objects.
  Define profiles
  In the SAP system, authorizations are grouped together in workplace profiles. Therefore one or more profiles must be allocated to the individual employee in the master record.
  I hope this helps.
  Regards
  Kavitha

• RFC-enabled authorization checks for specific tables?

  I am developing an Excel application which calls several BAPIs and RFC-enabled FMs, most notably RFC_READ_TABLE.  While I will provide security at the FM level by checking S_RFC for these FMs, I need to find a way of restricting access for users to specific tables based on certain table fields?  Is there any SAP-delivered FM/BAPI that will let me do this?
  My understanding is that although RFC_READ_TABLE does check S_TABU_DIS, it only checks tables based on their belonging to a particular table class—It is not checking authorization for an individual table. What this means is that users will need to have access to the table class or classes to which the table or tables belong, for any tables that are being read by RFC_READ_TABLE.
  Please correct me if I am wrong in my understanding, or if there is a standard solution for a situation like this.

  Hi john,
  1. What this means is that users will need to have access to the table class or classes to which the table or tables belong, for any tables that are being read by RFC_READ_TABLE.
  U are perfectly right.
  2. The users will have to be given rights
     NOT TABLE WISE,
     But authorisation group wise.
  3. Note : S_TABU_DIS
     The main purpose of this authorisation object
     is for standard tools like sm30 only.
     Its also used in the FM RFC_READ_TABLE .
  regards,
  amit m.

• Authorization for FBL5n specific customer

  Hi all,
  I have a scenario where we want to restrict sales person to view specific customer. We maintain sales person and customer number relation in a Z table.
  Please advise how I can restrict?

  Hello Ravi
  You can restrict access to master records in order to prevent unauthorized changes from being made. Depending on how you organize your master data, you can assign authorizations for maintaining this data. For example, one user may have authorization to maintain all master data, while another may have authorization to maintain only accounting master data.
  You can also assign different authorizations for different types of processing. All users could have authorization to display master records, while only a limited group of users may be able to create and change master data.
  Authorizations are specified during system configuration and assigned to each user in his or her user master record. If you have any other questions on this subject, you should contact your system administrator. The Implementation Guide (IMG) for Financial Accounting explains how to set up authorizations.
  Suresh

• Authorization for gl account to specific user

  Dear SAP Experts,
  Cash GL Account-accounting to be authorized to specific User ID.
  In breaf:
  while post the document in cash gl account, they need to give authorization cash gl account wise per each user ID.
  pls advice me...
  Thanks in advance
  venkat reddy

  my client want give the authorization for gl account to specific user ids..
  ex: let say chash gl account 410000.. we want to give the authorization to post in 410000 to user id 254109 only not fot all..
    please give the solution..
  regards
  venkat reddy

• Authorization to disable SAP Inbox Forward function for specific Work Items

  Hi.
  I recently solved a case for a customer of mine regarding authorizations for work items. They have several workflows running, but for this specific custom developed workflow, users should not be allowed to use the SAP Inbox Forward button.
  I started by creating a new task classification (Z_FW) which I implemented on the workflow tasks where the forward functionality should be disabled. Now for test purposes I created a dummy user which I initially gave only authorization to the tcode SBWP, then I manually added the authorization object S_WF_WI.
  For this entry I allowed all activities for work item type W and F for classification 1, 2, 3 and NO_CLASS (SAP Standard classification).
  Now to my understanding this would give the test user authorization to perform all activities on Work Items and Workflows which are classified with one of the above, but also prevent me from doing anything with Workflows and Work Items with classification Z_FW.
  However, to my surprise everything seems to work perfectly with just this entry. I am able to execute and forward work items with the standard classification, while I am able to execute, but not forward, work items with classification Z_FW.
  My intention was to add another entry for authorization object S_WF_WI, for classification Z_FW with all activities except forwarding. But when I tried that, the only change was that forwarding was enabled for the work items with classification Z_FW, which I didnu2019t want.
  Now can anyone explain to me why this is working? I am not too familiar with SAP Authorization as my area is mainly ABAP and WF, but his just does not seem logical.
  Hoping someone can give me an explanation....
  Thanks

  Does the standard function not do what you want?
  Task -> Additional data -> Agent Assignemt -> Maintain -> Attributes -> Forwarding not allowed.

• What happends when you give 2 groups with some of the same members different authorizations for a document

  Hello,
  I'm doing my internship at a litte Telekom company. I'm investigating how they can use MS SharePoint as their central place to put projectinformation. Now i've been thinking what happends when i do the following:
  Make one document library
  Add 2 groups to the Active Directory, group "A" with all the employees and group "B" with only four people working on a project. When i add a document to the document library and set the authorizations for the document as
  follows:
  Group B: Read/Write
  Group A: Read
  Does the people from group B still be able to edit the document, because they are also in group A?
  I don't have a test environment to test this myself.
  Why i want to know this? The company want's one place to place all their documents with projectinformation. This information is about different projects. You only wan't that people can change the specific document when they are working on the specific project
  where the document belongs to.  

  You get the union of permissions, so if one group allows access and the other not, you will get the union of both and therefore access. Of course, you can break security settings per library/folder or document, and specify new settings,
  if you need too.
  Kind regards,
  Margriet Bruggeman
  Lois & Clark IT Services
  web site: http://www.loisandclark.eu
  blog: http://www.sharepointdragons.com

• How I restrict Scheduling agreement type for specific Purchase organization.

  Hello Experts,
  I have created Scheduling agreement type (ZLT). I want to restrict this agreement type for specific purchasing organization.
  I have search many threads but I didn't get solution.
  Is it possible through Configuration or user exit.
  Kindly give me solution in details.
  Thanks,
  Ranjit Kumar.

  hi,
  I don't think that there is standard configuration to restrict Purchasing document type for purchasing group. you can restrict this trough user authorization or you can make user exit development.
  Regards,
  mukesh

• Authorizations for Hierarchies in BW-BEx

  Hello, Experts!
  I am having some problems in order to give specific access for specific nodes on the hierarchy on the profiles creation. For example, we need to give permission to the profile "Profile_one" (that can be viewed on the PFCG transaction) to access only the node "Node_one" of our hierarchy ("E_ERP01" - object 0city_code) and we need to give this authorization to a range of users.
  We have studied some options like the one suggested on RSSM transaction and we have already tried creating an authorization object named "ZHIER". But the problem found on this transaction is that we have to create a profile authorization for EACH user that is mentioned on the range of authorization and then we need to link it on the transaction PFCG. But the users assigned on PFCG transaction don't receive all the same profile authorization (ZHIER), only the one that was mentioned on RSSM transaction.
  Could you please help us to find a way to assign specific nodes of a hierarchy to a specific range of users? We have already searched and studied some notes without success.
  Many thanks for your help.
  Best regards,
  Isabela.

  If the account type keep changing every month , you must have to maintain that field out side the cube though.
  I guess you can use the hierarchies (or) add the flag as an attribute to the GL account master data,then you can filter on this field in reports.
  But hierarchies gives more visibility on data/navigation.
  Hope this helps.
  cheers
  Martin