Query - Authorization Check for Material Details

Similar Messages

• Query : Authorization check for reports in report writer

  Hello,
  I want to secure reports created form report writer.
  How can I give separate Authorization to users, so that they are restricted only to display or for changing or for creating.
  Thank you in advance.

  Hi Naveen,
  Here is wonderful thread which can solve your issue.
  Authorization in my report
  Regards,
  Ganesh
  ****Reward points if Helpful*****

• How add Authorization check for user with assigened role for t.code-MIR4

  Hi All,
  Regarding authorization how to check authorizations check for user whith assigned roles for the t.code MIR4  using ABAP.
  In Detail:2)     All users are allowed to go to MIR4(invoice number), But ONLY for users with role: MM_RELEASE_INVOICE can proceed to do the posting.
  suggest me...
  Thanks,
  srii..

  Hi Sri ,
  first u need to find out  in which user rules u are using this object , after that if u want to restrict users then remove create/change values from that object values .
  make use of Tcode SUIM to find out all roles which are using this Object.
  or
  ask ur basis guy to remove authorizations to create/change....
  regards
  Prabhu

• Authorization Check for Storage Location

  Hi Experts,
  I have the following requirement :-
  I have Plant : P081 created under Company Code : P110.
  I have got various Storage Locations under this Plant for example
  KT01 - Main Stores
  KT24 - Remote Store.
  The KT24 store is basically a remote location store. I have activated the Authorization for the Storage Location KT24 in the SPRO Settings
  Material Management --> Inventory Management and Physical Inventory --> Authorization Management --> Authorization check for storage location.
  I have maintain the following authorizations for the Object M_MSEG_LGO as follows :-
  1. OBJECT : M_MSEG_LGO.
  >> 2. USER ID : 081Store
  >> 3. PLANT : P081
  >> 4. STORAGE LOCATION : Kt24
  >> 5. ACTIVITY : 01-03
  >> 6. MOVEMENT : 101, 102, 201, 221, 261
  and authorization for T_code MIGO_GR and MIGO_GI . I want to restrict the user for transaction only for this storage location but the system is allowing the user to post GR document for KT01 stores also.
  Can any one suggest a solution or settings that need to be done for the user to be restricted to prepared GR for Storage Location KT24 only.
  Thanks in advance.
  AJ

  Hi,
  You set the authorizations to users with tcode PFCG. To know the reason of deny some access run tcode SU53 after SAP denies the access to some documents / objects.
  Regards,
  Eduardo

• Authorization check for production order settlement

  Hi All,
  Production order settlement currently can be done by any user of any company code. there is a high risk involved in the same since unauthorized postings may happen. Hence we need to add authorization check for production order settlement. Can we maintain the same at the plant or the company code level?
  Waiting for your replies. Thanks in advance!
  Regards,
  Aman Goel

  hi
  What venki has told abt the exit, its absolutely correct.Even i have used the same exit
  •     From table CAUFV pick Material(PLNBEZ),Basic Start Date(GLTRP),Plant(WERKS) .
  •     Pass parameter Material(PLNBEZ) and Plant(Werks) in table MBEW in respective fields i.e. Material(MATNR) and Plant(WERKS).
  •     Pick the latest record for the current period(LFMON) and year(LFGJA).
  •     Pick Product Cost Estimate number(KALN1) from the record and pass it to table KEKO.
  •     Check if Production Order Basic Start Date(GLTRP)<= BIDAT, if NO post Error Message.
  This is the FS for EXit PPco0007
  Reward if useful
  Amit

• Authorization Check For Pricing Reference Materail In VA01 & VA02

  Hi Expert, 
  User has requested to do authorization check for pricing reference material in line item in VA01/VA02. currently SAP does not has any authorization check for pricing reference material field at line item in VA01/VA02.  Is there any standard authorization object for this purpose or needs to use user exit to do this checking ie if the pricing reference material entered does not belong to the sales org as entered in sales header data then system will issue warning/error message.  What will be the standard user exit routine if there is no standard authorization object for this purpose ?
  Thanks.
  Regards,
  Tay
  Edited by: Hung How Tay on May 13, 2010 2:48 AM

  Hi,
  Try below in MV45AFZB
  USEREXIT_SOURCE_DETERMINATION
  Best regards,
  Anupa

• Authorization check for CO88

  Dear all,
  I found  there is no authorization check for plant in CO88, this means if user do not enter the plant, then all the orders will be settled, would anyone tell me how to control this?
  thanks,
  Ben

  Ben,
  You can control this by creating seperate roles and giving plantwise authorization in these roles..  Please check Tcode PFCG for further details...
  Thanks

• Error :Authorization check for caller assignment to J2EE security role whil

  Hi Experts,
               i m working as a portal resource .
  after the deployment of standered Sap e-rec package .
  i m getting some error. i have assigned the recruiter role to one test user.
  Now i m getting two issue:
  1)All the services are appearing in Detailed Navigation Pannel but not in Portal content area..
  2) I m able to see few iview for the test user but those are also in detailed navigation view.
     And few ivews are giving following error :
    i)Internal error
  ii)error 2011-12-19 07:59:57:315 ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterNR] referencing J2EE security role [SAP-J2EE-Engine : administrators].
  /System/Security/Audit/J2EE com.sap.engine.services.security.roles.audit n/a EP-DEV-KRT Server 0 0_97989
  Full Message Text
  ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterNR] referencing J2EE security role [SAP-J2EE-Engine : administrators].
  please suggest what can be  done or what is pending from my side.

  Prajakta2602 wrote:
  Hi Experts,
  >
  > the previous issue got solved..
  > it was due to servies pack miss match and applying notes
  > the Basis guy  checked the SLD logs and accordingly found that the base components J2EECORE and JTECHS required paching as per
  > notes 1445294 and 1175239 were applied.
  > now the issue is:
  >
  >
  >  After implemetation and  i assigning the standerd sap roles
  > 1)Recruiter Administrator
  > 2)Recruiter
  > to the test user .
  > but for few iview it is showing error as in
  > 1) you are not a authorized user
  > 2) internal error
  >
  > please help experts.
  >
  >  i m working on portal side have i to assign any role to that test user..
  >
  >
  > Thnaks & Regards,
  > Prajakta
  You can run a quick check using the below steps:
  1. Check in backend whether there is any authorisation errors... you may use transactions SU53 or ST22 for any ABAP errors
  2. Also check in NWA -> log viewer -> last 24 hours log for the particular user to see any java related issues.
  Regards,
  Mahesh

• No Authorization check for MultiProvide (S_RS_MPRO)

  Hello Every body
  We have a problem regarding the authorization check for MultiProviders. We have assigned the auth. object S_RS_MPRO to a user for one specific MultiProvider. We have also turned on the settings for "MultiProvider" and "MultiPro. (Query) in IMG.
  Unfortunately the user has access to all the MultiProviders. We have traced the user and have found out, that there is no authorization check for the MultiProviders.
  We have tried to remove the settings mentioned above and use “InfoCube (Query)” setting instead in conjunction with S_RS_ICUBE. No luck here neither.
  One thing that could be important to mention is that the Settings for "MultiProvider" and "MultiPro. (Query) in IMG has been implemented before the object has been assigned to a user.
  For that We removed the settings from all Roles, and then we assigned the object to a user, and at last we activated the settings for "MultiProvider" and "MultiPro. (Query) in IMG. No luck here neither.
  Bottom line is that the system does not check for S_RS_MPRO
  Any kind of suggestion would be appreciated
  /FZA
  SAP_BW 350
  SP 12
  BI_CONT 353
  PI_BASIS 2004_1_640

  0.820 BW-BEX-OT-OLAP-AUT 619778 No check of S_RS_ICUBE for Multiprovider 16.10.2003
  2. 0.800 BW-WHM-DST-AUT 626385 Multiprovider: Authorization in query fails 07.10.2003
  3. 0.790 BW-BEX-OT-OLAP-AUT 662617 Activity is 'Change', but only 'Display' is checked 07.01.2004
  4. 0.760 BW-WHM-DST-AUT 626574 MultiProvider authorization check during query 17.10.2003
  5. 0.760 BW-WHM-DBA-MPRO 520588 New authorization object S_RS_MPRO 05.11.2003
  6. 0.750 BW-WHM-DST-AUT 736996 Authorization check performed on S_RS_MPRO 28.06.2004
  7. 0.700 BW 693363 SAPBWNews BW SP03 NW'04 Stack 03 RIN 22.04.2005
  8. 0.690 BW 692636 SAPBWNews BW SP02 NW'04 Stack 02 RIN
  hallo
  Please have allok at the mentioned OSS note
  Mike

• Authorization checks for PNP LDB

  question    : how to validate authorization checks for pnp logical database?
  2 nd question: hr report
  this report is basically for salary survey. in this i had so many fields can any body let me know how
  can i form the internal tables. and i have to display overall 150 fields in csv file for that
  how can i take in to the final internal table.
  what is the logic behind this:
  T71JPR09-JOBCODE
  PA0000-PERNR
  HRP1000-STEXT
  P0006-PSTLZ
  PA0008-ANSAL * 100 / PA0008-BSGRD
  PA0015-BETRG
  PA0761-LTEXT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
  PA0761-GRADT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
  PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
  PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
  like that i had.
  please give me the steps how can i proceed.

  Hi,
  The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
  Hope this helps.

• Create authorization check for a report

  Hi,
  I need to create an authorization check for a report. It means that I need to restrict the usage of the report to couple of users ( 'USER1' and 'USER2' ). How can I do that? I did read through a lot of threads regarding this piece got a bit confused and stuck while creating the authorization object.
  Say the report name is ZHR_TIMEABC.
  Can anyone explain how to create an authorization object and how are they tied to the object and call them in the abap code?
  Thanks in advance,
  VG

  Hi,
  Thanks. Here is my understanding, S_C_FUNCT calls a system generated function module to make an authority check. So, if different users say USER1 and USER2 have different authroization levels, defined in their user profile, just adding this piece code will take care of authroization check for the program OR do I need to take care of something else?
  If so, when do we need to create the authorization objects using SU20 and assign the group and follo this process? When do we use this approach ( lot of threads on authority check have mentioned this procedure)?
  Your inputs will be helpful to understand this concept.
  Thanks,
  VG

• Authorization Check for Special Stock Indicator in IE02

  Dear Gurus,
  Would like to check with you if there is an authorization check for change in Special Stock Indicator in IE02-SerData Tab?
  For example, the User will only be allowed to change the Special Stock Indicator only to "E" - Sales Order.
  Would appreciate your help.
  Thanks.

  Hi,
  This cannot be done by using standard auth object. Standard SAP doesnt support control via this field.
  Take help of your ABAP team and create an customized authorization object "Z_OBJECT" with field SOBKZ and which check these field value in table EQBS. Assign this auth object to role and profile you want.
  Use the user exit IEQM0003 Additional checks before equipment update. Give a logic to check auth object when while using equipment change tcode.

• Authorization check for a program/table

  Hi ,
  Can anyone help me out in
     How to do authorization check for an abap program and also a table.
     I have no idea about the authorizations.
  My requirement is that I need to do the authorization check in such a manner that only users having a certain profile
  1. should be able to execute the program
  2. View of the entries of the table.
  Thanks & Regards,
  Keerthi

  Hello Keerhi ,
  I got you wrong at first!
  If you want to have only certain users to be able to do certain operations, then you need to assign the appropriate roles to those users!
  First find the role
  second add the user in the role ( PFCG T code---> USers tab)
  Raj

• Authorization checks for bank account number in vendor master

  I am trying to find a way to set up authorization checks for specific fields in the vendor master: LFBK-BANKL, LFBK-BANKN, LFBK-EBPP_ACCNAME and LFBK-EBPP_ACCNAME. I am tring to set ip up so that if you have access to transactions FK03 or XK03, you can view vendor master data except for the above fields.
  Does anyone know of a way to accomplish this? Your help will be greatly appreciated.
  Thanks
  -Peru

  HI Peru,
  To supress a field in FK03 u will have to check
  Financial Accounting (New)>Accounts Receivable and Accounts Payable>Vendor Accounts>Master Data>Preparations for Creating Vendor Master Data-->Define Screen Layout per Activity (Vendors)
  in that Display Vendor (Accounting) for FK03 and Display vendor (centrally) for Xk03
  But there bank account no is not there.
  Moreover there r no authorization objects for all the fields that u gave.
  So try creating screen variant/ transaction variant in SHD0.
  Regards,
  Kiran

• How to turn off the authorization checks for a object in infoproviders?

  Hi - how can I turn off the authorization check for an object (ex: 0orgunit) in infoproviders?
  I have 0orgunit as an authorization-relevant object and is used in one of the cubes. When reports are run for this cube, this is causing authorization issues. The object is present in other cubes also but I have to remove or turn off the authorization check of this cube alone. How to do this? Please help.
  Thanks,
  Raj.

  Hi Raj,
  Srinivas, is right , however in BI7 the correct transaction is RSECADMIN and not RSADMIN.
  In BW3.5, use RSSM transaction to do thins.
  OR
  Go to transaction RSECAUTH ---> Choose  the authorization object that has been created for org unit(and has been assigned to the user). Go to change mode. Remove the cube from the dimension 0TCAIPROV
  If you are using old authorization concept in 3.5 or in 7.0
  Go to RSSM. In the checks for infoprovider, enter your infoprovider name. Choose change.Here you will see a checkbox to switch off the authorization.
  Hope this helps you,
  Best regards,
  Sunmit.