PFCG - Alteration the 'authorization objects' of a profile.
Good Morning My Friends,
I have a profile created in PFCG, I want to change your authorization objects, using a BADI or function.
Does anyone know which function to use?
I've tried a lot and found nothing.
This is an example of what I want to do.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Original profile.
Profile Name: Profile_Deivison
Object :.......... S_DEVELOP
Auth :.............. T-TD55048100
Field :.............. ACTVT
Value :............ 01, 02, 03, 06, 07
Modification of authorization objects of the profile (fictitious example).
called function to change the profile.
CALL FUNCTION 'CHANGES_OBJECT_AUTHORIZATION_PROFILE' "" "" This function does not exist
EXPORTING
name_profile = 'Profile_Deivison'
object = 'S_DEVELOP'
auth = 'T-TD55048100'
field = 'ACTVT'
value = '01, 06, 07 '
Results function.
Profile Name: Profile_Deivison
Object :.......... S_DEVELOP
Auth :.............. T-TD55048100
Field :.............. ACTVT
Value :............ 01, 06, 07
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
I thank.
Edited by: Deivison.Lana on Jul 7, 2011 9:55 AM
Thanks for the help.
but from what I saw during the discussion was not found a solution, that with reference to 'Change Authorization Objects'.
Edited by: Deivison.Lana on Jul 7, 2011 4:33 PM
Similar Messages
-
No authorization to read the authorization object
Hi all,
We have implemented (on Bw 3.0B) authorization profiles using <b>0TCTAUTH</b> and <b>0ORGUNIT</b>. It works fine, but when an user deactivates the hierarchy (by using the option on Bex), there is an error "Brain 804 No authorization to read the authorization object".
I've seen that there is an Oss note <i>(N 844408 No Authorization after deactivating display hierarchy)</i> and it seems to be a support packages problem.
Is there someone who could tell me if there is another solution to resolve this problem before installing Support Pakage ?
Thank u allHi Alessandro,
You are right no way other than support packages .
Following note may help you.
a> 844408
b> 695523
Hope this will help you.
Suneel -
Error while generation of the Authorization object (
Hi Gurus,
I have created a Authorization object Z_CCTR3 for 0costcenter authorization.
but getting following error while generation of the Authorization object (type is Flat authorization)
"Error occurred when reading the data from DataStore object Z_CCTR3"
Any inputs will helpful...
Sonal.....Hello everybody,
my problem is solved.For the UDConnect, whatever DATA SOURCES you create gets registered in a FUNCTION MODULE which has a capacity of only 99 enties, so to increase it implement the SAP NOTE 876340 - UDC Error available on SERVICE MARKET PLACE.
This problem occurs with BW version 3.5 level 17 or below.
Regards,
Priyanka
Edited by: Priyanka Joshi on Jun 10, 2008 11:03 AM -
Can we reuse the Authorization objects in MM01 for Custom TCODE ZMM01
Hi all,
We need to create screens or transaction code ZMM01 which will have all views in the form of a tab like sales data will have a tab to input sales information like plant data as its own tab to input plant specific data
ceating material masters entries in Ztables like ZMARA,ZMARC,ZMVKE.
Now my question is can we use the same authorization objects which are being used for standrard MM01 transaction code because same users who use MM01 will use ZMM01.
If this is possible how can I know what are the authorization objects which I need to program for my ZMM01 Tcode.
All replies are rewarded.
Regards
Martin.hi yes
it is possible go to transaction SU21
and search MM_G object class you can reuse the same for ur Z transaction
also u will have to use SU22 to assing tcode to the obejct class
Harish -
Restricting the authorization Object for B2B Transactions
Hi All
we are facing the problem in the ISA b2b app, actually the scenario is as below.
we have various transaction types like b2b sales,Peoplesoft order,Request for Order change, RMA ,Request for Quotation(RFQ) and metel order.
As per the requirement, The client wants only a few functionalities for a particular user.
Example:
Transaction Type Authorization
PeopleSoft order View only View only
B2B:Req. OrderCh x x
B2B: Req. RMA
B2B: Req. Quote x x
Metel Order x
For b2b sales transaction a lower level employee would only be able to view the order and he should be restricted to make any changes. Is there a posibility to restrict in this manner? This is Urgent. Please respond immediately. Thanking you in anticipation.
Message was edited by:
Sunil Kumar>
Viral741 wrote:
> Hi All
>
> I have a requirement in SAP Security to restrict the authorization object S_ALV_LAYO to a particular set of users.
>
> Background:
>
> We use composite roles which is shared accross all areas(Finace,marketing,work managment).Now the requirement is for from Work managment to restrict S_ALV_LAYO so that user cant change default layout and can create user specific layout,but other areas are not ready for this.So please let me know if there is any way i can restrict this auth object only for work managment area only.
>
> Thanks,
>
> Nitesh
Nitesh,
Remove access to S_ALV_LAYO for general users and give access to F_IT_ALV instead. Keep S_ALV_LAYO for the users who will be maintaining the default layout.
Good Luck! -
How to add function group to the authorization object S_RFC ?
Hi All,
Can you please tell you how to add the function group FG_DIAGLS_DATA_ENRICHMENT to the authorization object
S_RFC?
In solman_setup under basis configuration when I execute the step "SetupDPC/DCC Web Service URL" its getting failed because of the
following error which i found it in the agent log
"java.rmi.RemoteException:RfcExecutionException; nested exception is:
com.sap.sup.admin.abap.rfc.exception.RfcExecutionException: An
exceptionoccured during the execution of the function
'FM_DIAGLS_PUSH_PHYSICAL_HOST': RFC_NO_AUTHORITY >
com.sap.sup.admin.abap.rfc.exception.RfcExecutionException:An exception
occured during the execution of the function
'FM_DIAGLS_PUSH_PHYSICAL_HOST': RFC_NO_AUTHORITY >
com.sap.mw.jco.JCO$Exception:No RFC authorization for function module
FM_DIAGLS_PUSH_PHYSICAL_HOST. <Mid"
Thanks,
Satheesh EHi,
Please follow below steps:
1) Go to SE01
2) Click on create New workbench request and give desc once popup appears, Click Ok
3) Now open the trasport in edit mode
4) Add
Program ID - R3TR
Object Type - FUGR
Object name - Name of the Function group
>note that if you tranport Function group all the latest Function modules in function group along
>with screens will be included in the transport.
Regards
Shital
Formatted by: Vijay Babu Dudla on Apr 25, 2009 5:08 AM -
PT60 the field Personnel Area( PERSA ) of the authorization object P_ORGIN
Hi,
When running transaction PT60 the field Personnel Area( PERSA ) of the authorization object P_ORGIN is not checked.
I have run SU24 ,the objects are there with chech indicator of authorization object = "CHECK".
What can I do about it ? Is there any note to fix this ?
thanks!
Olivia YangHi,
In object P_ORGIN what you need to check for authorisation is it on Personnel area or PSA.Actually we have org.key for authorisation which is define in P_ORGIN.If you can define org. key as PA/PSA/EG/ESG you can check the authorisation for specific users.
Regards,
Snita -
What is the transaction to see the Authorization objects in the CRM system?
Hello Guys,
Please let me know transaction code to see the Authorization objects in the CRM System?
Thanks in advance.
Regards,
VinayHi Nagur,
With T.Code SU21 you can see the Authorization objects in the CRM System. If you want to see Authorizaion object for a particular Transaction Code then the T.Code is SU24
Thanks & Regards
Shiva Vekat -
Intervals not working in Creating the Authorization Object
Hi All,
I am currently working on Authorization.We have created the Z Authorization object by using the TCODE RSECADMIN.After clicking the maintaince button, the set of Info Objects are displayed. I have entered the hardcoded values for employee responsible Info Object.
For Example
Employee responsible No = 10 to 20.
I have created the Role by using the TCODE PFCG.I have given my created Z Authorization object and assigned the User.
After doing this,I am checking for the specific User. After running the query, for the particular user, the data is displaying for the Info object "Employee responsible =10." For Other Values ie) 11 to 20. is not displaying in the report.
Can you please guide me how to solve this issue.
Thanks,
Ram.Dear Siva,
We also had the same issue. Its a program bug, as suggested by SAP applied following note to resolve the issue.
Note 1247549 - Message Brain A174 when you execute an input-ready query
hope it helps...
regards,
Raju -
How to get the values for the Authorization Object Fields....
Hi Everyone,
I'm pretty new to the SAP Security and have been working on the Basis sides...I created a new role in PFCG and added a few transactions (ME13) and clicked on the Authorizations tab. In there, the authorization tree is in yellow and red. After providing the Org Values, only the yellow lights remain (apart from the green one ofcourse). Now how do we get the values for the different auth obj fields that are in yellow... say for example
Conditions COND
Maintain Condition: Auth. for Use/Appl./Cond.Type/Table V_KOND_VEA
Activity 03 ACTVT
Application KAPPL
Condition table KOTABNR
Condition Type KSCHL
Usage of the condition table KVEWE
Here the values for V_KOND_VEA fields e.g. KAPPL, KOTABNR etc are missing.
My question is how do we get these values in regard to the requirement provided by the client...is it the functional guys who provide these values or else how is a security person supposed to know it...
All the help in this regard is sincerely appreciated along with the awarding of points...Hey thanks Alex and Catastrophe for the quick response...
I'll be sitting with the functional team and reviewing the roles created.
Thanks for all the help once more
Regards,
Akash. -
Use the authorization object while creating RFC
Hi All,
I'm able to create a RFC, can login from one sap system to another sap system and use the following FM. Here my concern is how to make the RFC more secure, i mean any user can access the target system with my login. Meanwhile came across a authorization object text box in the LOGON and SECURE tab while creating RFC.
so please put on light on how to authenticate the specific user to logon using the RFC.
Thanks in Advance.
Regards
Lalitkumar.Hi Lalit,
Usually for RFC connection will be done with the, user type system user type (means,they should not be able to login to system thru GUI)
2. Even if the user know the login id / password, he should have auth to create RFC like (SM59 and related auth objects)
and even for remote connection also we have different auth to restrict
3. These type of authorization will be given to basis guys only.
4. Logon/Security
Lang-En
Client-` client no
user- user
Password - bw password.
Here you will be specfying the user id ( system type) / password for connecting from one system to another.
and in next tab you can do Test connection.
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a08fbe33-0501-0010-2d9c-fb37e9795fd9
Thanks,
Sri -
Update the authorization object value for more than 1000 role
I need to remove one of the activity value (06) from authorization object S_SCD0.
I do a search and found out that there are more than 1000 roles which having the activity value = 06 for authorization object S_SCD0.
However, I don't think I can create a SCAT script to update all these 1000 roles and I believe its going to be a very tedious if I am going to manually change it one-by-one. Hence, I am wondering is there any standard program/function which I can use to automate the above changes for all these 1000 over roles.
Kindly advise.
ThanksDirect update the table is the easiest way, but should be discourage for the obvious reason.
Should take a step back, take a long term view, when you need to update 1000 roles, maybe a role redesign might be needed. For example, if you can change the role model to derive role model, once update to the parent role will take care of all the child role.
Thanks,
Lye -
Regarding the authorization objects
hi
this is the requirement.
how to provide the authorization for the given transaction code and they provided field for that and some numbers.
please provide me the code for this
thanks in advanceHi,
Check below code,
AUTHORITY-CHECK OBJECT 'B_ALE_MODL'<- author. object
ID 'ACTVT' FIELD A_ACTVT<-Fields
ID 'CUSTMODEL' FIELD A_CUSTMODEL.<-Field
IF SY-SUBRC <> 0 AND NOT A_OWN_REACTION IS INITIAL.
MESSAGE ID 'B1' TYPE 'E' NUMBER '125'
WITH 'B_ALE_MODL' A_ACTVT A_CUSTMODEL ''.
ENDIF.
Thanks and Regards,
Chandra M -
Hi All,
I am trying to know how I can restrict a requester to select specific system only while creating a request.
I could find aut. object GRAC_ROLEP in role "XXX_requester". There is field GRAC_SYSID in this object wherein
I can specify the connector name. Initially, it was having "*" value and then I changed it to specific
connector. I sychronized the roles/users data and tried to raise a request. However, I still find all the
connectors defined including LDAP!
May I know how I can show only "required" connectors while creating a request?
Regards,
FaisalDear Faisal,
use GRAC_SYS and restrict GRAC_SYSID to the systems you want to display.
Regards,
Alessandro -
PFCG authorization objects vs SU53 checks
Hi all,
I was thinking I have understood for a long time authorization checks. But no.
So Here's my question.
When I ahd a transaction in PFCG menu, PFCG gets the authorization objects to maintain automatically (from SU24 checks). OK.
When testing the role in ECC : : error. SU53 qays that authorization objects are missing. How the tests are working regarding SU53 and PFCG ?
i.e tcode_de = MDBT in PFCG, PFCG gets M_MTDI_ORG object to maintain => OK
When testing my role, SU53 says that other objects is missing, i.e S_ADMI_FCD. I don't understand because this object is checked with 'NO' in ECC.
Thx.
LaurentHi
> When testing the role in ECC : : error. SU53 qays that authorization objects are missing. How the tests are working regarding SU53 and PFCG ?
The auth checks performed are dependent on lots of things: system config, functional config, master data setup, use of the transaction.
The config in SU24 can't cater for all of those options so SAP gives us the ability to make them more accurate for our particular situations.
> i.e tcode_de = MDBT in PFCG, PFCG gets M_MTDI_ORG object to maintain => OK
>
> When testing my role, SU53 says that other objects is missing, i.e S_ADMI_FCD. I don't understand because this object is checked with 'NO' in ECC.
You can't deactivate a check on an S_ or P_ auth object. These auths are fundamental methods of protecting the SAP application (S_) and personal data (P_)
As David says, the SU53 only shows the last auth failure and there is often lots of spurious stuff reported that isn't required to allow the transaction to process. In this respect ST01 is more useful as it (usually) shows you all the auth checks being evaluated so you can more easily focus on the important ones.
Maybe you are looking for
-
Regarding Error in Materialized view Fast Refresh
ORA-12015: cannot create a fast refresh materialized view from a complex query CREATE MATERIALIZED VIEW MVCONTENTHISTORY_01 BUILD IMMEDIATE REFRESH FAST WITH PRIMARY KEY ENABLE QUERY REWRITE AS SELECT a.DAY, a.contentname, SUM (CASE WHEN (b.subscript
-
Amount in document currency & group currency is different
dear all, In my company i have been activated material ledger & parallel currency. I want to make sure is my setting is correct or not and i want give the example: <b>Material master data:</b> MAV material : Company code currecny : 20000 IDR Group cu
-
Hi All, Can anyone let me know , how to delete the QM view of a material programatically. Any FM or the list of tables that i need to delete. Chandan
-
Keep having isues trying to download music...Message states we could not complete Itunes Store request. The Itunes store is temporarily unavailable Please try again later. It has now been 3 days. Anybody know what the fix is..Cheers
-
Need help with simple mask problem
hi there this is mark from superbooty a band that has played in the bay area for over 10 years... i was wondering if someone could help me with a Motion2 problem i'm having regarding masks. i'm working on this simple animated scene of a car going by