Purchasing group authorization based on user
Hi All,
Can anyone suggest me ideas on how to restrict in accessing details of a PO for a purchasing group based on the user who tries to access it .
the object is M-BEST_EKG.
need guidance in using AUTHORITY_CHECK in restriciting PO group based on the userid.
how are the users assigned to the authorization object ?
Thanks in advance.
Regards,
Ry
Hi Roby,
I think you can control authorization using transaction PFCG.
refer below SAP link for details on authorization. May help you.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67129f439b11d1896f0000e8322d00/content.htm
Regards,
Atish
Similar Messages
-
Purchasing Group authorization based on the user
Hi All,
Can anyone suggest me ideas on how to restrict in accessing details of a PO for a purchasing group based on the user who tries to access it .
the object is M-BEST_EKG.
need guidance in using AUTHORITY_CHECK in restriciting PO group based on the userid.
Thanks in advance.
Regards,
RyHi,
ACTIVITY controls what user can do to the PO.
01-Create
02-Change
03-Display
EKGRP controls the purchasing group
To restrict to a specific purchasing group, modify the authorization object in the role which user has to allow the specfic P.Grp. only
Cheers ! -
Tacacs+ authentication/authorization based on user's subnet
Hi Guys/Girls
We have number of production cisco gears, all of which are configured with Tacacs+ and all of them working just fine. But now I have a requirement to implement SSH-ver2 across whole network, comprise of about 8000 cisco gears.
I need to develop a proof of concept (POC), that enabling SSH on production gears will not affect existing Tacacs+ users authentication and authorization.
In our lab cisco gears, it has been already configured with production Tacacs+ server for authentication and authorization. Now I am allowed to test SSH on these lab-gears but I without disrupting others users who are using the same lab-gears.
So, I want to enable SSH version 2 on these lab-gears however, when user coming from a certain specific subnet, this particular user must be authenticated and authorized by LAB Tacacs+ but not from production Tacacs+, however please note that lab-gears I am testing with also already configured for production Tacacs+ server as well. These lab-gears must be able to do authentication and authorization to two different Tacacs+ server based on users subnet that he or she coming from.
Is this doable plan? I have been looking for a documentation to implement test this method, not being successful.
Your feedback will be appreciated and rated.
Thanks
Rizwan RafeekRiswan,
This will not work, tacacs authentication starts once the ssh connection is established, the NAD (switch or router) will open a tacacs connection and send the start flag to the tacacs server in which the message "getusername" is sent from the tacacs server to the device and to the user terminal. You can not create an acl in order to pick which tacacs servers you can authenticate to either. So when it comes to authenticating users from a specific subnet to a specific tacacs server that is not the intended design of tacacs, when you configure multiple servers in a group it is to insure high availability such that when one tacacs server goes down you have a secondary to continue with the authenticaiton requests.
Here is an example of how the tacacs authentication is performed.
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml#comp_traffic
thanks and I hope that helps,
Tarik Admani
*Please rate helpful posts* -
Purchase Requisition Authorization based on Storage Location
Hi MM Gurus,
Our client has got a specific requirement to control the security of purchase requsition creation, change and release based on the storage locations. We have found the authorization object M_BANF_LGO which is to restrict the access of PR based on storage location in purchase requsitions.
The issue is the purchase requsition BAPI does not check this authorization object as per standard SAP.
Does anyone know how to handle the security of purchase requsition based on storage location?
FYI - Our PR release strategy is at item level and not at document level.
Thanks,
ShekharThank you for the reply. In case of purchase requsition for cost center, you can still enter the value of storage location. The storage location comes into picture when the goods receipts are posted against this purchase. However, the storage location value can be entered at PR level.
We have storage location field as "Required" field in all purchase requsitions as there is only one plant and each storage location represents the division. -
PO Qty restruction based on purchase group
Hi experts
Can you provide me solution on this requirement that restruction on purchase order qty based on purchase group,
in detail my user want that if i entered purchase group XYZ ,then for that purchase order po qty system should not allow more than 1 qty for 1234 company code .
is there any solution for this requirement
KumarHi,
Can you please elaborate? The purchase group is on the Header of the PO. When you say that the quantity needs to be restricted to only 1, does that mean that only one item is allowed on the PO with Qty 1 or multipel items are allowed but each of the items can have quantity as 1?
Also, the exit ME_PROCESS_PO_CUST is active only in the online mode for ME21N and ME22N. If you have any background jobs generating a PO (Planning ME59N etc.) the exit does not work.
Regards,
Naveen -
User assignment to purchasing organisation and purchasing groups
Dear Experts,
My issue is related to user assignment to purchasing organisation and purchasing groups.
According to the project requirement, we are using central purchasing organisation and we should create the purchasing organisations and purchasing groups locally. it is not reflected from the back end systems through RFC.
Also we have one more team working with indirect materials and they also use SRM. They have already created the organisation model. Two projects are inter-related and belongs to same department in the company, but main different is one uses direct and the other in-direct materials.
Now we should create our purchasing organisation and purchasing groups and assign the users to it.
If we create it separately means not uder the main root and assign the users, we are able to create shopping cart till the contract. But when i create the new purchasing organisation and purchasing groups under the main root which is created for other project which deals with in-direct materails, i am not able to create shopping cart with the user. I am getting the error
' Process scheme could not be found
Please let me know how to deal with this scenario. here i need to add the purchasing organisation and purchasing groups under main root because of the reason that in the other project, purchasing organisation and purchasing groups defined needs to be accessed by our users as well. I mean the users should be able to access all the purchasing organisation and purchasing groups created under root node which gets the purchasing organisation and purchasing groups from the back end systems and the purchasing organisation and purchasing groups we created manually since we cant get it from back end system since it is central purchasing organisation.
Please asvise
Best regards,
Srinath
Edited by: srinath_Vijaya on May 27, 2010 4:21 PMHello Masa,
Thanks very much for your time and solution.
Actually the problem was something else and was fixed.
The reason for getting error 'Process schema was not yet defined' is because of missing definition of process schedma for the workflow since the process based workflow setting has been activated.
So this has been resolved by copying the sap standard customizing BC set for SRM workflow using transaction SAPR20 and then process schema for workflow got configured or copied automatically from SAP BC set and the error was removed.
Also the reason for error with user was that no purchaser assignment was done to the purchasing organisation and now it has been done and the users can access the SRM and create shopping cart and the contract.
Regards,
Srinath -
Error when creating purchasing group.
Hi,
i am facing two issue when creating purchasing group. i never had such a situation before.
i have created two p.groups successfully and moved to quality.later i figured one of them is missing USER ID now when i try to enter user ID in user column getting below mention error.
Entry XXXX Does not exist in USR02-check your entry.message no 00058.i have checked in USR02 None of ID's exist i used in newly created groups.but ID i used in other groups has no issue even doesn't exist in USR02,but it shows value US in OB(Object type filed).
both ID's are not being created in Development in other words SAP ID's with SU01 but we never had such issue before while changing or creating now purchasing group.
Another thing i have noticed that OB(Object type field is missing in Dev.) i can see that field in Quality even in sand box but not visible in Dev.that when i use OME4.but when i use SM30-V_024 i can see the OB field.Somehow OB field is hidden when going through SPRO or ME04.
This is about Sap ver.4.7
Suggestion are much appreciated.Hi,
Before creating new purchasing groups- 1st check your user ID is authorized to purchasing groups create in t.code: OME4.
In development system you can creates new purchasing groups with USER ID and telephone numbers, upon saving system will create a transport request. Later you can transfer related transport request to quality system for your testing.
For example: You can creates new purchasing groups with USER ID and telephone numbers
Purchasing groups-------------USER ID ---------------Telephone numbers
Z01-----------------------------------USR01------------------232569875
Z02-----------------------------------USR02------------------232589876
Regards,
Biju K -
Dear Gurus,
I need to get the list of purchase groups with details. This is required for User, SO it can not be from SPRO. Also not from MM03 OR XK03 which will show drop down list on purchase group field.
Is there any way I can get list of purchase groups with details from user perspective.As per I know there is no such report to only display purchase group.
Many reports have drop down option to choose it.
you can make simple query to display only purchase group -
How One Buyer can have access for all Purchasing Groups in classical scena
Hi,
We are Working in SRM 3.0 classical scenario and we had a problem how we can assign a One Buyer to multiple PO groups.
Though we are doing the SAP Code modification, we are not able to see the functionality of Assign to me or Work List functionality once we are claering the Purchasing Orgs.
If you have any idea which part of SAP code we can change to achieve this.
Thanks on Advance.
MuraliHi,
See the foll threads:
Re: Purchasing Group and User Assignment
Multiple Purchasing Groups to One Person
SRM 5.0 - Assign user to multiple purchasing groups?
Assign puchaser user to multiple Purchasing groups in PPOMA
Multiple purchasing group responsibility?
BR,
Disha.
Do reward points for useful answers. -
Purchasing Group Attached to Position / Org
All;
We have multiple P Grp's attached to User's Position / Org Unit. Is there any way to get the Purchasing Group attached to the user's position and Org Unit ?
Thanks
VathsanHello Vathsan,
In table "HRV1222a"
Give the values:
Object type - S
Object ID - 70013597
Attribute - PM_PUR_GRP
Execute.
You will get the all purchasing groups assigned to the respected user.
Regards,
Suneel Kumar. -
How do I assign a user ID to the purchasing group so it shows up on table..
How do I assign a user ID to the purchasing group so it shows up on table T024? I'm trying to create a STO but am recieving the following error
Configuration of User ID is not set up in purchasing group T024 table
Message no. 00398
Diagnosis
Placeholder for batch input error text, this message is not output.
Configuration of User ID is not set up in purchasing group T024 table
Thanks in advanceTable T024 has no field for a user-Id in standard SAP
you can only tie a user to a purchsing group via authorization with user roles.
The message 00398 is a generic message that can be used for everything.
I guess this message is triggered in a userexit. Designed by a collegue of you. -
Find Sap Userid based on purchasing group
Hi all
I have one doubt in Purchasing group creation in SPRO. Let me know userid based on purchasing group. I know the table T024 but i want sap user id?Hi
Any relationship between rolls and purchasing grup -
No provisioning of User Group for authorization field in user master
We are implementing CUP 5.3 workflows. Both in manual proviosing and automated provisioning based on User Defaults the user group gets only provisioned to the Groups tab in SU01. The field User Group for authorization on the Logon data tab remains empty (field CLASS from system table USLOGOND, filling CLASS field in table USR02).
In User defaults both under user default as on the user group tab the user groups have been defined. In manual provisioning the correct list of user groups get displayed for selection.
Under field mapping in the Application field I only find User Group in user master maintenance, but not User group for authorization. However I would assume I do not need to use field mapping, as I want to automate this provisioning based on user defaults.
Am I missing a configuration setting here? If so, where can I set it?
I would assume the provisioning of this field is possible. RAR reports the user group also based on the User group for auhtorization and not from the Groups tab.S.Pados,
I can assure you that what I said in my last response does provision the User Group For Authorization Check on the Logon Data tab; in fact, I was having the opposite issue where the Group tab was not being provisioned; however, I am ruunning AE 5.2 and you said you are running 5.3; maybe something did change or got lost in the releases; it probably is good to see what SAP has to say about this; I would hate to lose this capapbility when I upgrade to AE 5.3
As far as using the custom field for multiple applications, would that field not be usable for any of the applications you would select in the request form?; if you are using the same table names in the different SAP systems (selectable by the application field on the request) would the drop down selections be whatever the table has defined for that system? I may not be understanding something here so I am just asking;
It would be great to have a Group field automatically filled in by another selection to avoid the user involvement; I agree with you there; because of our concerns on users entering the AE request, our shop has decided to continue with the users submitting the request through normal email and the security administrators perform the AE entering; this way we have a better idea on something like the GROUP field; we have an option to include the original email as an attachment for justification of the request
Sorry I could not be of more help
Jerry
Ryerson,Inc. -
Authorization Object for Purchase Group while GRN
HI all,
We wanted to restrict the specific users from doing GRN with ML81N & MIGO_GR against specific Purchase Group. Which authorization object can be used to restrict the user from processing others Pur. groups for which he is not authorised.
Is there any std. object available, if not then what I need to do while creation of customized authorization object (in SU21), how system will call this authorization object in MIGO & ML81N. more detailed answers will be more useful.
Thanks...closed...
-
Structural authorization : role, profile, user group
Dear All,
I am working in OM in Structural authorization, can anyone tell me difference among Roles, profile, user group.
I am mainly concerned with roles and profiles, What exactly is role and what is profile.
Pl give me practical example....
Regards,
KumarHi kumar,
Roles: It is divided in to single role and Composite Role. It is used to maintain your list of allowed transactions and reports as a menu. Once you assigned this role to the user, he / she can access only those transactions, what you maintained in the menu.
Profile: It is based on the authorization object. Unless untill, you generate the profile, the system will not consider the authorization for the assigned menu. You can provide the authorization based on various objects like infotype, transaction code, master record, org key,..
User Group: Used to set the unique set of rules for the specific user. How system should react in case of specific user group.
Good Luck
Om
Reward it, if u feel helpful.
Maybe you are looking for
-
Connecting a Dell computer to my airport base station
I am having trouble connecting to my wireless network with a Dell laptop. All other macs connect fine to my base station. I am getting a message saying " little or no connectivity" yet my Power book connects fine sitting right next to it. Not sure ho
-
A PROBLEM WITH HP DESKJET D 1360 PRINTER
HP DESKJET D1360 POWER LIGHT keeps blinking and won't turn off, requests are going to the printer but printer won't print, the last printing activity was done on NOTE PAD, about 30 minutes before this problem.Hope this issue could be resolved
-
Movie made in imovie wont open in idvd?!
so i made a little intro movie for a slideshow with the edit interface in imovie where i just added some text to a black background. i saved it and when i try and add it to idvd it wont open. im not really sure what is going on. the file is a .timovi
-
NEW SINGLE LINE PLAN ??? WHERE IS IT????
I see there is another question out on this...but what's the story? How does one get this plan from an existing 1 line phone I have had with my 4s for 3 years.. I want reliable LTE service with 2 gigs of data, unlimited talk and text... HOW DO I DO
-
Good Day! Here's my story. Hope y'all can help! Old MAC iBook, 900MHz G3, 10.2.8, 384mb ram Download of Firefox update 3.6.15 will not open Download is visible on desktop but will not initiate Clicking on download causes it to attempt opening but cea