Programmatically assigning Authorization Objects to roles

Similar Messages

• Assigning authorization through assigning authorization objects

  hi all,
  can anybody tell me the whole procedure for assigning authorizations by assigning authorization objects from the scratch along with the example with guide for assigned authorizaon using this method.b'coz this is the requirement of our organization.
  I mean to say assign authorization manually without assigning trnsaction codes.
  suggestion are always accepted.
  if you want to send me the documents then my email id is [email protected]
  thanks in advance,
  waiting for reply............
  hardik patel.

  hi kumar,
          thanks for your help.
          ok i got it and i agree that i can find the authorization object by your suggested way.
      now my point is that i find that this perticulat object is corresponding to this particular trnsaction code. now if i want to aloow only four transaction code out of all transaction codes belongs to that authorization objects. so, for this how can i maintain authorization for this authorization objects.
  It means on " Change authorization tab" it shows fields of that added authorization objects. so what values should i give to those fields so that i can allow only particular transaction codes which i want. so, how can i determine these values for allowing particular transaction codes, not all transaction codes. can you guide me regarding this?
  Please help me regarding this?
  thanks for your support,
  waiting for your reply...............
  Regards,
  Hardik Patel.

• Authorization Object And Roles For  Functional Consultant

  Dear Expert,
  What kind of respective Authorization Object And Roles would be provided to  Functional Consultant (FI,MM, SD, PM, PS, CO, HR )at the time of implementation ?
  Thanx in advance
  Pavel

  Thanks Juan,
  We now already have it here and in the NW IDM forum a few times as well...
  Cheers,
  Julius

• Assign Authorization Object dynamically

  Hi,
  I just want to know through coding is it possible to assign authorization object to user based on some condition dynamically.
  Its related to BP and in CRM 6.0
  Pls provide some approach if its possible.
  Thanks a lot.
  Regards,
  Shobhit

  Shobhit,
  Displaying authorization details would not be much of a problem. We can add a flag in the customer master and fetch the customers with the flag in the search result. I believe there is BADI to do that.
  Once the customers are retrieved navigating to the account details should be standard procedure. It should make use of standard events to go to the BPHeadOverview screen.
  But, the concern is whether or not there is authorization failure when we are trying to save the activity created using these flagged customers.
  Regards
  Prasenjit

• Assign authorization objects to newly created transaction

  I have just created a new transaction YMM02 as a copy of MM02. When I create a role using PFCG and enter in the new transaction there are no authorization objects proposed. Do these come from the original transaction or can I assign them through a SAP transaction or via a table entry?
  Regards,
  Brian

  Hi Brian,
  that's transaction SU24.
  See also its documentation if needed : http://help.sap.com/saphelp_nw70/helpdata/en/52/671449439b11d1896f0000e8322d00/frameset.htm
  BR
  Sandra

• Assigning authorization objects to transaction

  Hi All,
  While creating a new role using transaction PFCG, If i enter transaction SE38, i will get lot of authorization objects, fields where i can decide whether i should allow only display or change or create etc. But if i create my own transaction, then i will not get these authorization objects. Where should i assign there objects for my transactions.
  I tried to assign this in transaction se93, but that did not work.
  Thanks in advance.
  Best Regards,
  Surendra<b></b><b></b>

  TRY with SE97.
  and check the check box change mode and try running there you can change the authorizations..
  vijay

• Assign authorization object to standard transaction (VA02)

  I've success to create an authorization object and assigned to va02. I also use su24 to check indicator for my customize object. There are reported that it is Check. I think it is activated. Then i access va02, but it still can access, I suppose i no have right to access the va02. What's wrong for my setting. Acutally, I no much ideas for the authorization object. Can you give me some advise. Thanks a lot.

  Hi Giri,
  You could (and probably should) specify the check in SU24, but this won't make the check happen.  The values in SU24 are used in transaction PFCG when a role is created that includes this transaction.
  To make the authorisation check at runtime you'll need to code a user exit or similar to check your new authorisation object.
  Regards,
  Nick

• Assign authorization objects

  HI ,
  1. When i create new set of WS do i need to create to them authorization object ?
  2. if i create new set of users from scratch in the system and i want to provide to them one role that
  I create and contain for instance all the report and transaction that i want to provide,
  do i need to add to them another authorization objects ?
  3. if i create authorization object in the system how i add it to certain role ,i don't see these
  option in PFCG.
  Best Regards
  Michael

  HII,
  Yes u can aad  other authorization object to the existing role if the role needs it because user is unable to perform any task releated to it because of missing authorization object after seeing it in su53 because sometimes tcode assigned but corresponding authorization is not added by system automatically this creates prob for the user to perform task as far as adding up an authorization object u can added it  throught su24 or pfcg in pfcg u need to click on manuaally option u can added upto 8 authroziation objects and if u want to added it through su24 u click on add authorization object feild
  but never forget to save and generate the profile after adding authorization object and also do user comparsion and complete comparsion so this object gets added to the role
  byeeeeeeeeeeee
  takecare

• Authorization Object for role creation for query display?

  Hi,
  Can Anybody here tell me what is the Authorization object that we use for role creation for query display?
  I want to assign a role to the newly designed query! that query does not have any role so far!
  Pls suggest me
  Thanks,
  Ravi

  Hi,
  I could make the authorization tab green by entering the authorization object!
  But user tab still remains red as it is not allowing me to enter my username in the user tab!
  in the user tab  i am unable to enter my user name?
  Any suggestions?
  Thanks,
  Ravi

• Copying values of a singular authorization object between roles?

  Suppose I have an authorization object assigned to a role and its fields hold a large amount of data (say S_TCODE with a lot of transaction codes specified via ranges). Suppose further that I want to have this same object with this same data in another role. The other objects of the two roles are different and I'd rather not type the large amount of data into the authorization object again.
  Is there a way to copy/paste just one authorization object between two roles?
  I know how to make a copy of an authorization object and its values within the same role, but I haven't found a way to copy between roles.
  ursa

  Hi Ursa,
  I havent come across any export object kinda thing...
  This may help you in practical situation...
  Let us consider your particular requirement related to s_tcode.
  for that go to suim -
  transactions -> executable for role .
  Give the role name get the list of transaction codes.
  Download into excel file. then copy from there and paste into your new role menu or in s_tcode object.
  Mostly we dont get that much list for other objects.
  One more thing you can do.
  click on display tab beside the object in your source role, you get the list window.
  type ctrl + Y and then copy the 7-8 lines and paste it in the object of new role.
  Cheers.
  Shamish
  Message was edited by:
          Shamish Lele

• Open Authorization Objects in role after role Transport

  Hi All,
  I have transported a R/3 (ECC6, support) role from Dev to QA and Dev (Multiple clients). After transport, Role has authorization tab with status (green) but when i display authorization data i found one new open authorization object (yellow).
  I already have generated profile before tranporting. Role is also okay in  Dev other clients (We have multiple clients in Dev) with status green and no open authorizations (yellow)
  Any feedback/suggestions ?
  Thanks in advance
  Khasim.

  This happens when PFUD runs at the same time as you are generating the role. Refer to this note: 355030 - Loss of authorizations after profile generation. Another remote reason could be if your source (DEV) and target (QA) systems use different characters sets. (Note #535554).
  If it is the former case, re-transporting your role may just be the solution for you. Just re-generate the role in DEV and initiate a new transport.
  Hope this helps.
  Ashutosh

• New Authorization Object within Role

  hi everybody,
  does anyone know how can i get New Authorization Objects for any Role for the new release that did not exist in the same Role from former release?
  tables AGR_1250 and AGR_1251 do not show if object is new for this role. they only show if object is new itself.
  thanks a lot,
  javier rubio

  pandu,
  se54 is not related with this topic.
  thank you very much for your answer, very hepful

• How to assign authorization objects to a cube

  Hello,
  My cube includes 0profit_ctr which is marked as authorization relevant. Still in RSSM my cube is not included in the list of infocubes for an authorization object (zprofit) linked to 0profit_ctr. I'm therefore not able to enable that authorization object for my cube. I have a few ODSs which are included in the list. Why is my cube missing? Is there something I must do to include it, or is it a bug?
  When checking the infocube for authorization objects in RSSM this list is empty as well. I don't see any option to add authorization objects in that list.
  I have read the following document:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b849e690-0201-0010-9b88-c00cca40736f
  I'm using BW 3.5.
  Regards,
  Christoffer

  Hi Christoffer,
  In RSSM  you will find a button  "Update Check Status ( Authorization Objects, Info providers) ". After this update you should find your cube in the list.
  Jaya

• PO account assignment authorization object

  Dear Guru's,
  We want to restrict PO creation (ME21n) for certain Account assignment catagories (one for one particular plant and not system wide).
  Is there any Authorization oject for this using which we can restrict the creation?
  Kindly share your idea.
  Thanks and Best Regards,
  Mohan

  No. There isn't.
  We discussed this a couple of times over in the security forum. If you search there, you will find solutions that other boarders have applied (exits, etc.).

• Authorization object  assigning to user profile

  Hi all,
    Wht are the steps involved in assigning authorization object S_GUI with activity 60 (S_GUI ACTVT=60) to the users profile.
  Thanks

  you can assign authorization profile to user through Role..
  goto PFCG, either create a new role or change an existing role(which the user has)
  go to authorization tab, change authorization, click manually button,
  add S_GUI and then click on values, select 60.. save the role, generate it..
  if it is new role that you have created, then go to SU01 - roles, add it.. save user..