Profile assigning authorization

Hi gurus,
I have a problem using function CFX_API_STATUS_PROFILE_ASSIGN.
This is my scenario:
I want to assign a status schema to an area during area automatic creation.
I am in BADI BBP_CFOLDER_BADI method COL_WORKAREA_CREATE_POST, SRM 6.0.
The user (bidder that create a response to a Bid Invitaion) that performs this operation haven't administration auhtorization in cFolder, so the above function returns an error.
How I could move around this limitation?
Is There a work around in order to assign a status profile to an area without having administrator authorization?
Thanks,
Regards,
Angelo.

Have you tried with an RFC ?
Users RFC usually have all permission.
You can also use methods to assign authorization:
    call method area->if_aco_common~get_authorization
      receiving
        rr_authorization = auth.
    call method auth->set_authority_for_user
      exporting
        iv_user_id       = auth_user
        iv_activity      = cl_aco_constants=>sc_authorization_own
      exceptions
        not_authorized   = 1
        change_forbidden = 2
        others           = 3.
I'm working in the same area. Have you read my post about authorization in cFolders. Could you please help me?
Regards
Leonardo

Similar Messages

  • Need everyone input: authorization profiles assigned to ALEREMOTE

    If the process chain runs fine in your system, please go to SU01 to check the profiles assigned to the user ALEREMOTE and feed back with the profiles assigned to ALEREMOTE.  Anyone's input is greatly appreciated and will be rewarded with points.
    Thanks

    Hi Kevin.
    We have at my company a large implementation of systems including several BW systems. One of these also hosts SEM. Here it was first setup with SAP_ALL, but after my security review they actually could tailormake a role for these activities. The input for this role we created by a simple authorization trace.
    On request I can provide you with this information.
    It is also the recommended solution to really modify the authorization of users like ALEREMOTE, due to the large security risks you take in RFC destinations otherwise.

  • ICC profiles assigned to text?

    CS5 (patched to 7.03), Mac OS 10.6.7
    Hi Everyone,
    My production coordinator made a PDF of my magazine for the printer yesterday and when he ran it through PitStop, several errors turned up to the effect of text having an ICC profile assigned to it. The text was several instances of periods and commas, the color was [Black] 100%, Adobe Caslon font, same as the rest of the text on the page and throughout the magazine that didn't get dinged as an error. Retyping the offending characters fixed the problem, but how can something like this happen? Or rather, How can it be detected from within InDesign rather than in PitStop?
    We import Word docs styled with Word styles into InDesign to lay out the magazine.
    PDFs are created by printing to ps file then distilled with the joboptions the printer provided.
    I admit I know very little about color management (we don't use profiles, per printer request, so I've had limited exposure) but I thought it was only for images and profiles couldn't get assigned to individual characters of text.
    Thanks for your insight!

    Hi,
    Please check the following note:
    [Note 7312 - Client 066 for EarlyWatch|https://websmp230.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=7312]
    EARLYWATCH user:
    Profile (in Basis rel 40*-46D)
              o S_SDCC_READN    Read authorization
              o S_SDCC_SERVN    Collect and send data
              o S_SDCC_ADM_N    Admin authorization                                                                 *
    Roles (as of Basis Release 6.10)
              o SAP_SDCCN_DIS   Read authorization
              o SAP_SDCCN_EXE   Collect and send data
              o SAP_SDCCN_ALL   Admin authorization
    http://help.sap.com/saphelp_nw70/helpdata/en/3e/cdaccbedc411d3a6510000e835363f/content.htm
    Also check the following SAP notes:
    [Note 91488 - SAP Support Services - Central preparatory note|https://websmp130.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=91488]
    [ote 863362 - Security checks in the SAP Early Watch Alert|https://websmp130.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=863362]  --- this will give overview of Required Authorizations.
    Regards,
    Dipanjan
    Edited by: Dipanjan Sanpui on Jul 16, 2009 2:30 PM

  • Profiles assigned to EARLYWATCH ID in client 066

    Hello,
    Can someone please post the profiles (including authorization objects with values) assigned to user ID EARLYWATCH in
    client 066.
    Thank you,
    SG

    Hi,
    Please check the following note:
    [Note 7312 - Client 066 for EarlyWatch|https://websmp230.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=7312]
    EARLYWATCH user:
    Profile (in Basis rel 40*-46D)
              o S_SDCC_READN    Read authorization
              o S_SDCC_SERVN    Collect and send data
              o S_SDCC_ADM_N    Admin authorization                                                                 *
    Roles (as of Basis Release 6.10)
              o SAP_SDCCN_DIS   Read authorization
              o SAP_SDCCN_EXE   Collect and send data
              o SAP_SDCCN_ALL   Admin authorization
    http://help.sap.com/saphelp_nw70/helpdata/en/3e/cdaccbedc411d3a6510000e835363f/content.htm
    Also check the following SAP notes:
    [Note 91488 - SAP Support Services - Central preparatory note|https://websmp130.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=91488]
    [ote 863362 - Security checks in the SAP Early Watch Alert|https://websmp130.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=863362]  --- this will give overview of Required Authorizations.
    Regards,
    Dipanjan
    Edited by: Dipanjan Sanpui on Jul 16, 2009 2:30 PM

  • BADI or User Exit for role/profile assignment SU01/PFCG

    Hi ABAP gurus,
    I need a way, BADI, UserExit to do some verifications over a role or a profile before is assigned in the Tcode: SU01 and PFCG.
    These verifications prevent the assigment of critical roles, transacction or access to tables.
    Any information about this topic it would be very helpful...
    thanks...

    Hi RAFAEL ,
    Only one exit is available for this  Tcode SU01.No Exits available for PFCG
    Enhancement     SUSR0001     User exit after logon to SAP System                    
    For SU01 we can check the profile assignment  in program MS01CU10 and some AUTHORITY-CHECK:
    AuthCheck     MS01CC10     S_DEVELOP     AUTHORITY-CHECK     ABAP Workbench                    
    AuthCheck     MS01CU10     S_TCODE     AUTHORITY-CHECK     Transaction Code Check at Transaction Start                    
    AuthCheck     MS01CC10     S_USER_AUT     AUTHORITY-CHECK     User Master Maintenance: Authorizations                    
    AuthCheck     MS01CC10     S_USER_GRP     AUTHORITY-CHECK     User Master Maintenance: User Groups                    
    AuthCheck     MS01CC10     S_USER_PRO     AUTHORITY-CHECK     User Master Maintenance: Authorization Profile                    
    AuthCheck     MS01CC10     S_USER_SYS     AUTHORITY-CHECK     User Master Maintenance: System for Central User Maintenance                    
    In the same way PFCG contains some AUTHORITY-CHECK:
    AuthCheck     LSUPRNU18     S_USER_TCD     AUTHORITY-CHECK     Authorizations: Transactions in Roles                    
    AuthCheck     LSUPRNU27     S_USER_PRO     AUTHORITY-CHECK     User Master Maintenance: Authorization Profile                    
    AuthCheck     LSUPRNU23     S_TCODE     AUTHORITY-CHECK     Transaction Code Check at Transaction Start                    
    AuthCheck     LPRGN_TREEI0O     S_USER_AGR     AUTHORITY-CHECK     Authorizations: Role Check                    
    I hope this may helpfull.
    Thank you,
    Thanks,
    AMS

  • Exclusion Flag in PD Profiles (Structural Authorizations)

    Hello, I have a question about the exclusion indicator in IT1017 (PD Profiles).  We are upgrading from 4.6C to ECC 6.0.  This indicator was not available in 4.6C.  We are now concerned that users may inadvertently set this indicator and the recipientu2019s authorizations will get impacted.
    The documentation only states that "This field allows you to exclude branch structures from structural authorizations."
    We have found that if the flag is set (and RHPROFL0 runs), the impact to the user is that they can only see their own data.  We have also found that, in order to remove the flag you must remove it from IT1017 and re-run RHPROFL0 with the "delete manually maintained authorization profiles" - PD Authorizations flag switched on. 
    Can anyone help explain, what the exclusion indicator is used for? And shed some light on itu2019s function?
    Regards,
    Gino

    The exclusion is used to exclude a specific piece of a structural profile you assign to a user. Example: your user has a structural profile to see all HR infotypes within his/her department. However you don't want this user to see the managers data. You can create a separate structural profile that contains the manager's personnel number.
    You assign both structural profiles to the user. Either directly "on the user" using transaction OOSB (Table T77UA) where you see an identical exclusion indicator. The "manager" structural profile will have the exclusion indicator set. That way the user has access to department data exclusive the managers data.
    If you assign it on the position by IT1017 you set the exlusion indicator there. You will see that if you run RHPROFL0 that T77UA will be updated with the 2 entries for the user and one will automatically have the exclusion indicator set.
    The concern that users inadvertently change this indicator should be very small since there should not be very many users that have access to PO13 and/or OOSB in a production environment.
    Ruud Scheenen

  • Change the status profile assigned to the line item from PROFA TO PROFB

    Hi Experts,
    The issue we are having relates more to the fact that the code we have written is changing the item category, however the status profile has already been retrieved from configuration based on the original item category and therefore the status selection that we are getting is incorrect.
    Item Category A -> Status Profile PROFA
    Item Category B -> Status Profile PROFB
    For example we have a line item and item category A is determined through config, this then retrieves its associated status profile PROFA. However we have then coded the system to change item category A to item category B.  However the status profile still remains PROFA.
    We need to find a way to change the status profile assigned to the line item from PROFA to PROFB.
    any quick inputs from any one please......
    Thanks in advance
    hemanth

    Hi
    There is perform which moves the values to VBAP field.
    This PRCTR field is stored in VBAP (i.e., SO line item table)
    USEREXIT_MOVE_FIELD_TO_VBAP
    Hope it works.
    VVR

  • Table used for storing roles/profiles assignment in CUA lansscape

    Hi,
    following is my cua setup
    master client - 999 of SRM 4.0
    child client - 101 of ECC 5.0
    child client - 202 of SCM 4.1
    in cua all distribution works on its logical name assign to respective client.
    here is my question
    lets say user 'XYZ' in master client assign single as well as composite role and composite profiles assigned in the master as well as child system.
    please tell me in which table this relationship is maintain in sap that Composite roles/profile is from which cua client.
    from my finding the tables which store the role and profiles from master and child system are i.e. USRSYSACT & USRSYSPRF.
    but i am not able to find table which store the roles to user and user to profiles assigment in CUA setup,can someone please help me.
    Thanks,
    John.

    Hi Check the tables
    <b>USR10  -role definition
    AGR_PROF   -Profile for Roles
    AGR_TEXTS  - Role descriptions
    AGR_USERS  - Assignment of roles to users
    AGR_DEFINE - Auth profiles</b>
    if needed see other tables with USR* and AGR_*
    Reward points if useful
    Regards
    Anji

  • Where to find which site profile assign to which site any t.code or path

    Hi experts
    where to find which site profile assign to which site any t.code or path
    regards

    hi friends
    just i find this
    go to WB02 OR WB03 ITS CHAGE SITE
    enter
    then go to extra tab then go to additional tab (ctr 9)
    or blue colour icon u can find on left side of screen its additional information tab click on it
    you will see which site profile u assign for that site
    Regards

  • Error - No date profile assigned to the transaction/item category

    Dear Expterts,
    I am getting the error while trying to create a complaint (In-house repair) transaction.
    No date profile assigned to the transaction/item category
    Message no. CRM_BILLING015
    System Response
    Billing dates cannot be maintained.
    Procedure
    Assign a date profile to the transaction type or item category in Customizing.
    Make sure that this date profile contains all the necessary date types:
    BILL_DATE
    INVCR_DATE
    date profiles are assigned to both transaction type and Item category. mentioned date rules are in place in standard configuration itself. still the problem persist.
    Please help me to resolve the issue. Your help will be highly appreciated.
    Best regards
    Raghu ram

    Hi Pepe,
    Thanks for the response, these transaction types are already there. and 'Today' date rules are assigned to both date types.
    Still the problem exist.
    Best regards,
    Raghu ram

  • Assign Authorization in User Groups

    Dear All
    Please help me , assign authorization User Groups . I go Tcode : SUGR and Tcode : SU 10 but i can't assign authorization in User Group , please help me step by step
    Regard , Thanks
      Lannguyen

    I think only way to do it through SU10.
    -Pinkle

  • Assign authorization to Z-transactions

    i created a Z - tcode similar to SM30(transaction with parameter option)   i want to assign authorization for Z transaction with parameter option.

    Hi,
        Authorization can be assigned at transaction
        level using authorization object in se93.
        Check can also be performed at program level
        at at selection-screen output or PBO event
        using
        authority-check object 'S_TCODE'
        id 'TCD' field 'ZSPM'.
        if subrc <> 0                                        
          message e000 with 'You are NOT Authorized for
          this transaction'.             
        endif.
        Important transaction are su21,su22,su23,su53.
        Function Module SUSR_GET_PROFILES_OF_USER
    Regards,
    Amole

  • Assigning authorization group to users or roles.

    Hi
    How do I assign authorization group I created for ECM digital signature approval to users

    Hi,
    Provide the authorization group and the role details to which it needs to be linked to your basis team and they should be able to do this for you.
    Regards
    Sreekanth

  • Assigning authorization through assigning authorization objects

    hi all,
    can anybody tell me the whole procedure for assigning authorizations by assigning authorization objects from the scratch along with the example with guide for assigned authorizaon using this method.b'coz this is the requirement of our organization.
    I mean to say assign authorization manually without assigning trnsaction codes.
    suggestion are always accepted.
    if you want to send me the documents then my email id is [email protected]
    thanks in advance,
    waiting for reply............
    hardik patel.

    hi kumar,
            thanks for your help.
            ok i got it and i agree that i can find the authorization object by your suggested way.
        now my point is that i find that this perticulat object is corresponding to this particular trnsaction code. now if i want to aloow only four transaction code out of all transaction codes belongs to that authorization objects. so, for this how can i maintain authorization for this authorization objects.
    It means on " Change authorization tab" it shows fields of that added authorization objects. so what values should i give to those fields so that i can allow only particular transaction codes which i want. so, how can i determine these values for allowing particular transaction codes, not all transaction codes. can you guide me regarding this?
    Please help me regarding this?
    thanks for your support,
    waiting for your reply...............
    Regards,
    Hardik Patel.

  • 13.02 update changes smart object / icc profile assignment behavior?

    Since updating to the 13.02 release of photoshop CS6 extended I have noticed the following modified behavior:
    When changing the assigned profile of an image containing smart objects, where the smart objects have previously gone through a color profile conversion - the smart objects will get reconverted to the newly assigned profile.
    This was certainly not the behavior of 13.01 and previous versions.
    Is this an intentional change?  If it is shouldn't it be noted in the release notes?
    System info: mac os x 10.6.8

    I think I understand the rational for this change, but I think it misses the mark a bit.
    In my experience the largest source of smart-object trouble is when someone converts a document without first assigning a profile, relying on the profile set in photoshop's color settings.  When the smart-object is edited on another computer the color will shift if the color settings on the two computers don't match exactly.
    By reconverting smart objects on profile assignment you are creating two new problems. 
    Only smart objects are reconverted, so documents with both smart and not-smart layers will end up in an inconsitent state.  Colors that matched within the same image may no longer match.
    If a document is saved without a profile assigned and you later want to assign it a profile, you will have to use the original profile or your color will shift.  It is not uncommon when working with documents from other organizations that the original profile used for conversion is not available.
    What then is the fix for this problem?  Always embed the profiles used for conversion within the smart objects for use when updating.  Source and destination.

Maybe you are looking for

  • PC has Adobe 8 Pro, Adobe 9 Reader, cannot edit PDF tab in Properties

    Hey all, I have a user with the above configuration.  Even though I told windows to open pdfs with the adobe 8 pro, the PDF tab in properties after right clicking the file is grayed out and cannot be edited, just like a pc with only reader on it. Any

  • How  to  manage  multiple  formats  in   a   single file ,

    hi , I 'm getting multiple format files from my source.. how to tackle this scenario in ODI , Plz reply me and thanks in advance.

  • IPhoto has destroyed my external library yet again

    I've been using an external firewire HD to contain my expanding photo library because there's (a) not enough room on my MacBook Pro, and (b) I don't want to lose all my photos if my computer is lost/damaged/stolen. So I've noticed the most infuriatin

  • Select the Most Recent Record

    I have a 2-page report that is grouped by employee, where the first page is a standard letter except for address, and the second page is a reproduction of a scanned form that the employee had returned.  The employee may have returned several versions

  • Mac OS batch convert .xls to .pdf not option

    Mac OS batch convert .xls to .pdf not option....WHY NOT???? This was never issue on Windows, and the software notes it supports pdf convert from .xls format (BUT NOT IN MAC VERSION) Any work arounds? Will this becoming in update? Really not acceptabl