Red Light with Authorization Object in PFCG

Similar Messages

• Association of authorization group with authorization object

  Dear Colleagues,
  We are using ECC 6.0 system. There is a transaction EMMAC2 where in the user would pick the case categories & view/make changes as required in the cases.
  However, we would like to have a user to pick only those case categories for which he/she is authorized & view/change the data.
  This EMMAC2 is controlled by authorization object B_EMMA_CAS & this authorization object has field BRGRU (Authorization Group) along with ACTVT (activity).
  We would like to control this via authorization groups
  We would like to create authorizations groups based on case categories & those authorization groups would be assigned in this BRGRU field.
  Meaning, the end result should be such that, when that new authorization group is added in BRGRU field & that role is assigned to an end user, the user should be able to see data only for those case categories for which the new authorization group has been created
  If I use SE54 to create authorization group, it automatically associates itself with authorization object S_TABU_DIS & this does not solve my purpose.
  But we would like to create a new authorization group & associate it with authorization object B_EMMA_CAS.
  Can someone please let me know the steps on how to achieve it or any other method to achieve it(for above underlined text)?
  Does a developer or functional consultant also need to be involved in this?
  PS: I tried to search in Google & our forums but could not get any answers

  Dear Aninda,
  Thanks for the help.
  I created an auth group via SE16 in table TBRG & associated to B_EMMA_CAS
  A case category was then assigned to this auth group
  We tested it - below are the results:-
  1. The user is allowed to 'change' and 'display' the case for the case category for which the user is authorized: this works as per requirement.
  2. The user is not allowed to 'change' case for the case category for which the user is not authorized: this works as per requirement.
  3. However, he is able to 'display' cases for the case category for which the user is not authorized: this we do not want.
  If I remove activty 03 (display), then the user is unable to display the case for the case category for which the user is  authorized.
  How to resolve this?

• Linking a Light with a object

  How can I link the position of a light with a object?
  I've draw a mask on a 2D solid (Light-Spill) that appears to be the light (Light-Spot) hitting the floor (another 2D object (still photo)) and I want to be able to move the Light in the X dimension and have the Light-Spill follow with it. Now, I can do this by hand but I thought there would be a way to link the position properties by a behavior but none seem to be the correct thing. Can you not just add a "script" to a property like postion.Light-Spill=positon.Light-Spot
  TonyTony

  Hey Case,
  That did work. I had to make the Light-spill group a 3D group (then turned off lighting) and applied Match Move, dropped the Light-spot object in the source well. My Light-spill moved off the screen somewhere until I changed the transform pulldown from Attach to Mimic.
  A behavior (expression) that you can change various things on would still be a nice addition. I could see one called Link (in the Basic Motion group), that you apply, then drop a source object in the well, then have some pulldowns the allow you to pull from a particular property and then modify that information and apply to a particular property. Something like take scale from object A and effect rotation of object B. Also would be nice to see the expression in a text field somewhere. This why you could make you own.
  Probably throw this into the Motion user feedback.
  Thanks, your Special.
  TonyTony

• Program with authorization object

  Hi Experts,
  I have an issue regarding rules and authorization.
  I have created a program with 2 radio buttons transfer and backload. The requirement in authorization is not all users can access both; some can only access transfer and some can access backload only. (r_trans,r_back)
  The basis told me that they need an authorization object in order for them to block/separate the transaction for transfer and backload.
  Is there a way for me to modify the program and put an authorization object with my radio button? or is it possible to do this with the current program?
  Thanks!

  Hi,
  Thanks for the reply,
  Our basis is using PFCG for roles and authorization , how can they check if my authorization object was created using that code?
  Here is my code: Im getting sy-subrc = 12.
  IF r_trans EQ 'X'.
     AUTHORITY-CHECK OBJECT 'ZACTIVITY'
                  ID 'ACTVT' FIELD '01'.
     IF sy-subrc NE '0'.
       MESSAGE 'User not authorized' TYPE 'S'.
       LEAVE LIST-PROCESSING.
     ELSE.
       MESSAGE 'User is authorized' TYPE 'S'.
       LEAVE LIST-PROCESSING.
     ENDIF.
  ELSEIF r_back EQ 'X'.
     AUTHORITY-CHECK OBJECT 'ZACTIVITY'
                  ID 'ACTVT' FIELD '02'.
     IF sy-subrc NE '0'.
       MESSAGE 'User not authorized' TYPE 'S'.
     ELSE.
       MESSAGE 'User is authorized' TYPE 'S'.
     ENDIF.
  ENDIF.

• Cannot modify an authorization object in pfcg role for a business role

  Hi Experts,
  I have created two z pfcg roles from the standard business role CRM_UIU_SRV_PROFESSIONAL  lets say by names zagent and zmanager. My requirement is actually to map these two pfcg roles two a service professional agent and service professional manager custom business roles respectively( I have created these custome business roles from standard business role servicepro) . I have identified an authorization object by name CRM_CO_SE which is basically used to check whether the user is authorized to create service contract transactions. So, in the agent pfcg role, I need to de activate or deselect this particular authorization object so that the agent will not be able to create service contract. (This is not a real time requirement, but an internal assignment). When I change this object in the pfcg by deselecting 'Allow' check box and try to generate, it is not getting generated. I have selected all the options from the 'Expert mode for the profile generation' and still the traffic indicator for that authorization object is yellow.  Am I doing anything wrong?
  Please help me.
  Thanks
  Ajith C

  Hi Leon,
  Thanks for helping me, I have restricted the unauthorized user from creating a new order by disabling the 'New' button by checking the business role in  the code. The pfcg configuration, I am skipping it for now.  I have one mnore requirement. When one clicks on any items in the search result for the Service Contracts, it opens the details of that service contract with an 'edit' button. I can disable this button using do_output_preparation method for the some business roles. However, I want to disable this after checking a condition. The condition is that, edit button should be active, only if that service order was created by the employee who has currently logged on. I am relatively new to CRM and I could not figure how I can check it during run time. Could any one please help me with this?
  Thanks,
  Ajith

• Issue with authorization objects

  Hi,
  We are running on ECC 6 . There is an issue while adding t-codes to a role.
  When we add a transaction code in the Menu tab, for eg, a Z transaction code, it throws up a whole lot of open authorization objects under the authorization tab (open authorizations under FI, MM, so on). The open values proposed are all the default values in SU24. This happens even if we use the 'Read old status and merge with the new'. Our check indicator maintenance for all t-codes seem to be fine. Pls advise.
  Cheers!!

  > The default values (SU24 values) are once again populated if they were not maintained during the earlier maintenance.
  They are populated again if they were deleted during the earlier maintenance or are in a changed status of the original authorization where new values in SU24 are proposing something different.
  That is why you should never delete standard or maintained authorizations and try to avoid the copy & change strategy by maintaining SU24 to meet your needs.
  It shounds like SU24 is not as "fine" as you have stated before hand.
  Cheers,
  Julius

• Restricting infoobject in query designer with authorization object

  Hi,
  We have to restrict CUSTOMER infoobject with a authorization object in query designer.
  How to do this task ? Request kindly suggest.

  thr RSSECADMIN tcode. Search with this key word you will get good docs & Wikis in SDN
  bhaskar

• Display users with authorization objects assigened to them

  Hi,
      How can I display list of users with company code assigned to them?

  hello Rajesh,
  What you want is not straightforward. There is no SAP report for this as such. You need to find roles assigned to the user first then go to table agr_1252 anf give the value $BUKRS along with the role names.
  You will find out the company codes assigned to the user.
  This is not a very efficient way really and will involve too much of effort. If I needed such an information I would have written a simple ABAP report using joins of table AR_DEFINE and AGR_1252. Also check tables UST12 and AGR_1251.
  Hi Ben,
  Company code is present in several authorization objects other than F_BKPF_BUK. Check F_SKA1_BUK..There are several of them. So we need to check on basis of field BUKRS.
  Regards.
  Ruchit.

• BEx Query RRI with authorization object

  Hi,
  I have two queries linked using RRI (Sender and Receiver).
  Queries have authorization object.
  Both queries work fine with authorized user if I use them separately.
  (Query Sender works fine with authorized user, Query Receiver works fine with authorized user)
  Using BEx in Excel:
  - when an authorized user jumps from the Sender to the Receiver, system tells him he doesn't have the authorizations, and Receiver query doesn't appear.
  Using Web: 
  - when an authorized user jumps from the Sender to the Receiver it works fine and user can see the results in the Receiver Query
  Could anyone help me?
  Thanks in advance
  Fede
  Edited by: Federico Carta on Jun 23, 2009 2:53 PM

  Hi Mohan,
  I checked the authorizations and S_RS_COMP, S_RS_COMP1, S_RS_MPRO, S_RS_ICUBE are correctly set.
  The strange thing is that if user calls the Receiver query from the web (BI web server), it works fine. The problem is only if user executes them by BEx in Excel. If he uses Receiver query directly without using Sender query, it works fine!!!
  Best Regards
  Federico

• Authorization objects in PFCG

  Hi,
  1) When trying to maintain authorization objects post upgrade in the roles, there is a notation which i gues tells about the type of auth object introduced. For eg:
  Maintained Old/New/Updated
  Standard Old/New/Updated
  Changed New etc
  Can anybody tell what this means? and is there any standard approach while maintaining these?
  2) I read somewhere that its best to download the tables USOBX,USOBx_C, USOBT and USOBT_C before and after refresh. Whats is the significance of this step? i see that the values in these tables are too many to be able to download.
  Any help on this would be appreciated.
  Thanks,
  Abhijit

  >
  Abhijit Chitale wrote:
  > 1) When trying to maintain authorization objects post upgrade in the roles, there is a notation which i gues tells about the type of auth object introduced. For eg:
  >
  > Maintained Old/New/Updated
  > Standard Old/New/Updated
  > Changed New etc
  >
  Standard -
  > Standard SAP auth. object pulled in because of addition of a tcode in menu. No Manual chnages made.
  Maintained  -
  > Field values maintained for the auth. objects for open field values.
  Changed -
  > Field values of Std. Auth. objects Changed (ones for which the field values are already present)
  old -
  > Auth. Object corresponds to an earlier change to the role (current addition of Tcodes etc ... haven't affected these objects)
  New -
  > Auth. object has been pulled in because of a new addition to the menu. (same Auth. Object did not exist previously)
  Updated -
  > Auth. Object existed earlier but the Field values have been changed because of the new Tcode in the Menu.
  Hope I have made this clear.
  Experts: Be kind enough to correct if anything is wrong in this.
  Regards,
  Partha.

• Steady red light with blinking yellow

  recently my phone (Curve 8530) had a steady red light and every 3-4 seconds it would blink yellow... have no idea what it means... it seems to function normally but slower than normal... any ideas what it could be??

  Hello!
  Hope your Battery is charged properly and not creating issue at the time of re charging?
  Is your phone consuming much amount of Battery ?

• Authorization Object inative in PFCG

  Hi,
  We created an authorization object for a Z BSP application that is used in htm page.
  When I try to create a role allowing that authorization object in PFCG, auth. object remains inactive and there is no possibility to active it.
  Does anyone knows how I can activate this object ?
  Many thanks.

  I was having the same problem. I was adding an auth object S_ASAPIA of class BC_Z to role (both manually or via Selection Criteria, the authorization is in the selection criteria list) but for some reason I could not make it active, the authorization is brought into the role as inactive. After some digging I realized the problem by looking up the authorization object in SU03. When I tried to check for authorizations associated with the authorization object in SU03 I got an error message:
  No fields have been maintained for this object
  Message no. 01231
  Checking table TOBJ I realized that this is not the only such problem:
  Here are 4 objects in my ECC system that have the same problem. ([ObjectID] [Object Class ID])
  K_ORGUNIT     CO
  S_ASAPIA     BC_Z
  S_RS_PPMAD     RS
  ZSTAT     BC_A
  I found these auth objects by searching for blanks in the field FIEL1 in table TOBJ.
  By the way I also found a number of objects that were not assigned to a valid Authorization Object Class. PFCG will not allow you to add these objects at all, even though they do exist in table TOBJ. ([ObjectID] [Object Class ID])
  CRMCONFMOD     CRM
  CRM_WSC     CRM
  CRM_WST     CRM
  PLM_LAYOUT     PLMB
  RSCRMBUPA     RSAN
  RSCRMEXTR     RSAN
  RSCRM_TG     RSAN
  RSDMEENGIN     RSAN
  RSDMEMBW     RSAN
  RSDMEMODEL     RSAN
  S_ESH_T_BG     TST
  S_ESH_T_MT     TST
  S_ESH_T_PR     TST
  I found these objects by copying all the classes in table TOBC and filtering out all the records in table TOBJ using exclude values in the field OCLSS. The resulting list is those objects not assigned to a valid object class.
  Note that most of this data was SAP delivered.
  Hope this helps to answer this Q.

• IBook G4 with red light on charger

  Hello,
  I have this problem of starting up my iBook G4. It doesn't turn on at all when I press the power button.
  At first, I thought it was low on battery. So, I charged it and the red light is on no matter how long I charged it. May I know what does the red light represents?
  Does anyone encounter this problem?
  Thanks in advance, guys.
  Regards
  Yee
  Message was edited by: p34nutz

  Welcome to Apple Discussions!
  I don't know if this will even be relevant to your situation, but there is an article which talks about the red light with regard to powerbooks:
  http://docs.info.apple.com/article.html?artnum=18241
  One question would be whether this battery and charger worked properly in the past, or if one of them has been replaced. The article made it sound like some batteries and chargers do not work together, and if you replaced one or the other, there might be some incompatibility.
  Hopefully someone who really knows about this will post back. I don't have any personal experience with this--I just remember reading about it in this article.
  Good luck!

• Authorization Object (RSSM) restriction in PFCG

  Hi experts,
  When I execute a query in RSSMQ I get the message:
  You do not have authorization to read object ZBICINFPR 'BI Cockpit'    BRAIN 804
  Does anyone know, what to do? How can I give the authorization for that authorization object in PFCG? What is the name of the authorization I need?
  Thanks in advance
  F.L.

  Hi Florian.
  Well, it's a custom made object (because of the prefixed Z), so check your documentation or look it up in tcode SUIM -> Authorization Objects -> By object name, text -> put ZBICINFPR in the name field -> hit F8 -> on the next screen hit F6 to get a where used list (go for authorisations)
  This will give you a list of the authorisations where this object is used.
  Regards
  Jacob

• Check for Authorization object

  Hi All,
  I have a report which will authorize the person running the report.
  I have been given a requirement which is to not accept some users and accept some users.
  Now I know this is possible with authorization object but as I never worked with it so I exactly kind of getting in confusion as to how to go about it.
  Could some one let me know how to go about it. I have few questions.
  1. what is the exact use of authorization object.
  2. I can build in the logic but what all should one start with before going for before implementing authorization object for the report.
  3. I know there is some basis work involved in this but what is that ?
  Thanks,
  Mahen

  Hi,
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  Reward points if useful
  Regards
  Anji