Regarding Authorization

Hi all,
Consider the user doesn't have authorization to Use transaction VA01 or VA02 for sales order create or change.
The same user has authorization to my add-on transaction which is used to create sales order through function module.
I think it is not possible to create order using the add on transaction.
Is my view correct.
How to overcome this situation.
How to make the user to create order sucessfully using addon transaction without have authorization for VA01.
Thanks in advance.
Regards,
Umasankar.

Hi,
If your manager don't have access in SAP he can't execute that report.
Regards,
Atish

Similar Messages

  • Need document regarding  Authorization for payroll

    Hi,
    Can anyone guide me for document regarding Authorizations related details for Payroll. I search but i got lots of documents regarding BI not for payroll. This will be helpful for me to work on Security and Authorization User Profile.
    Thanks,
    Lakshmi

    Hi Lakshmi,
    besides the special (but simple) payroll object I assume you also will need experience in the HR Authorization.
    Why? Payroll reports are LDB reports that obey the HR authorizations.
    (Unless you take them out with P_ABAP)
    So you also check the online help or get the course HR940 and you can have a look at the PDFs that are more or less the online help but in a more readable manner here:
    https://websmp201.sap-ag.de/~form/sapnet?_SHORTKEY=01200252310000076208&
    Regards,
    Michael

  • Regarding Authorization in OBIEE

    Hello Experts,
    I am having trouble rather confusion with Authorization in OBIEE. We have configured Authorization using external table and it is working fine.
    Scenario is:
    We have hierarchy like Senior Managers-> Horizontal Head->ORG Head-> Team Leads
    I created their respective groups for each of them in RPD and in Presentations services.
    Senior Manager Group (SR_Manager) has NO restrictions, all other 3 groups(Horz_Group, ORGH_Group, TL_Groups) have data level security they can view data for Process_ID aligned under them. This we are maintaining in external table.
    My doubt comes in when a Senior Manager is member of other groups as well.
    Let say ABC is Senior Manager as well as Horizontal Head and as a Horizontal Head his access is restricted to 5 Process_IDs.
    My Doubt is shouldn’t ABC see all the data as he part of Senior Manager Group, Senior Manager Membership should supersede all other membership? As per documentation OBIEE should apply LEAST RESTRICTIVE PERMISSIONS?
    Kindly suggest if my doubt is valid.
    Thanks
    Ankita

    Hi Amith,
    Thanks for your reply.
    I would like to confirm from what you replied. You asked to change the scenario for our senior most group.
    For our scenario, Sr_Manager group has no restrictions. Hence, all data should be viewable to members of this group. We have now kept all members belonging to Sr_Manager group to this group only and no other group membership has been provided. This works fine and is giving expected results.
    I would like to bring this to notice that, this problem was not coming initially when all the groups had been created. Any member from Sr_Manager, belonging to other lower groups could view all data as per his least restrictive group membership. But, I am not sure why this is failing now.
    Could you pls suggest any cause of this problem?
    Regards
    Ankita

  • Question regarding Authorizations in SAP CRM 7.0

    Hello,
    The problem is this:
    We have a client who will use two ways of accessing SAP CRM 7.0 data -
    1. CRM Web UI
    2. Mobile devices via standard SAP CRM BAPIs
    Now the situation is that the client wishes to control display authorizations based on the Business Role. Certain Business Roles can allow its User to see Accounts where the User is also Employee Responsible and certain other Business Roles can allow its User to see all those Accounts that are associated with that Role. In summary Business Roles control what an User can see.
    This has already been implemented for the CRM Web UI using the Access Control Engine (ACE).
    Now the questions are:
    1. How do we implement this for BAPI Access?
    2. Should we recreate what has been achieved by ACE, via PFCG Authorization Profiles?
    3. Can we not reuse what has been done by ACE?
    4. What are the runtime APIs that allow somebody to use the authorization checks of ACE?
    5. Does the standard Function Module CRM_ORDER_CHECK_AUTHORITY_ACE help in this regard?
    Any help here will be greatly appreciated. Please let me know if you need any clarifications.
    Thanks in advance.
    Best regards,
    Sudhi

    Hello,
    Normally, some notes are recommended in addition to the current support package implementation because they were developed to solve any known issues. These known issues occurred as side effect of any note which belongs to the implemented support package.
    If you take a look at older release notes, you will see the same.
    This is a part of implementation stack.
    1345085  SAP SRM 7.0 SP Stack 04 (09/2009):Release & Information Note 
    1365574  SAP SRM 7.0 SP Stack 05 (12/2009):Release & Information Note   
    1436687  SAP SRM 7.0 SP Stack 06 (03/2010):Release & Information Note 
    Kind regards,
    Ricardo

  • Regarding authorization in solution manager for Central system monitoring

    Hi,
    I want to Prevent users from deleting Task logs in central system monitoring
    in solution manager
    I have assigned the roles SAP_SV_SOLUTION_MANAGER_DISP
    But it gives display authorization for everything unable to keep track of
    changes in monitoring
    Can anyone please help me to prevent users from deleting task log history
    Since I have to keep track of one month data
    What can be the suitable role for it ? or what authorization objects i should
    make a change to prevent deleting tasklog.
    Kindly help me in this regard
    Regards
    Sanjeev.S

    Thanks for your prompt reply
    I am not saying about SDDCN
    In transction solution_manager  => opertation set up = > central system
    administation
    we  will do manual monitoring for sattelite systems in this path. what we monitored
    will be entered in task log history.
    So what can be the suitable role to prevent the deleting of the task log history.
    There is option delete task history. if any one by mistake clicked on that ,all the
    records of monitoring will be lost.
    so kindly suggest me a suitable solution

  • Regarding Authorizations and Roles

    Hi All,
    Can anyone explain me about Authorizations and Roles ,in detail.
    regards,
    Ali

    Links for Learning about Authorizations:
    http://help.sap.com/saphelp_nw70/helpdata/en/44/599b3c494d8e15e10000000a114084/frameset.htm
    http://help.sap.com/saphelp_bw33/helpdata/en/be/076f3b6c980c3be10000000a11402f/content.htm
    http://help.sap.com/bp_biv235/BI_EN/documentation/Authorization_BW_Proj.pdf
    http://help.sap.com/saphelp_nw04/helpdata/en/e3/e60138fede083de10000009b38f8cf/frameset.htm
    Links to learn about Roles:
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
    http://www.bwexpertonline.com/archive/Volume_04_(2006)/Issue_10_(Nov_and_Dec)/V4I10A2.cfm?session=
    Assign points if helpful,
    Venkat

  • Doubt regarding Authorization Object

    Hi All,
    I am not able to creat a Buiseness Agreement in CRM. Following is the error message which is getting displayed:
    The auothirzation check for object CRM_ORD_PR has sent back the return code 12. The activity carried out was to create.
    I checked my role and this authorization object is present with * (All) access.
    Please le me know how to correct this error.
    Thanks,
    Ritesh

    Hi,
    See the output in Su53 transacton once you get this error.
    Regards,
    Nirmal.K

  • Ho regarding authorization group...

    hi all...
       i need to create authorization group for the report programs.....i tries in se54 but this is for only tables..how can we create the authorization group for the report programs....pls guided me in this

    hi
    In actvt maintain new field value.then create your own authorization object under new authorization class.
    then in each report,just do AUTHORITY-CHECK for this object and field.transaction code a SU20, SU21 are used for this purpose.
    the command AUTHORITY-CHECK OBJECT is used in all the programs where you want control.
    hope this helps
    regards
    Aakash Banga

  • Regarding Authorization object's changed date..

    Hi All,
    Could someone help me, I wanna a table name which holds the changed/modify date for Authorization object..
    e.g. change date for S_TCODE etc.....
    Regards,
    Ankur

    Hi,
    Try Trx SU21, search for S_QUERY with Find button, double click on S_QUERY Object and Click on Permitted Activities. Use the Display<->Change Button for Modify.
    Angelo.

  • Regarding authorization cor3

    Dear all,
          Can u suggest authorization object for costing and accounting view? Actually i want to give the authorization of transaction code cor3 to user but i don't want to give them  costing and accounting view (price), so can u suggest me regarding to this.
    Thanks to all,
    Regards,
    Madhus

    Madhus,
    I would suggest build a Role with the transaction "COR3" perform test with your functional team by tracing what they need and insert the necessary values.
    Just by looking at what objects in "Su24" may not help.
    For example: for the below include the
    1. appropriate order type and category C_AFKO_AWA
    2.appropriate order type   for this object            C_AFKO_AWK
    Depending on your test perform similar action , at this time I think you have "*" .

  • REGARDING AUTHORIZATIONS

    dear friends,
    i got a report with the fields EMPLOYEENUMBER, PROJECTNUMBER,PROJECTROLE, ASSIGNEDBY,ASSIGNEDUNTIL . my requirement is whenever a EMPLOYEE login into bw with his LOGIN CREDENTIALS he should be able to see the information related to him (he should not see the other EMPLOYEENUMBER information.
    for example let us assume the report is
    empnum   projnum  projrole  assignedby   assigneduntil
    11111     A1       PM        HARI          20.11.2006
    22222     B2       PM        GIRI          11.3.2007 
    WHENEVER AN EMPLOYEE WITH EMPLOYEENUMBER 11111 LOGIN INTO BW WITH HIS LOGIN CREDENTIALS HE SHOULD SEE THE REPORT IN THE FOLLOWING WAY
    EMPNUM  PROJNUM   PROJROLE  ASSIGNEDBY  ASSIGNEDUNTIL
    11111    A1        PM         HARI        20.11.2006
    WHAT I HAD DONE IS I CREATED A USER(SU01) AND ROLE(PFCG) FOR THE EMPLOYEE WHOSE EMPLOYEE NUMBER IS 11111. AND THEN IN THE ROLE(PFCG)->AUTHORIZATION MENU, I GIVEN THE PROJECTNUMBER (A1) MANUALLY AND DONE ALL  THE REMAINING STUFF. AND NOW THE EMPLOYEE WITH THE EMPLOYEENUMBER 11111 IS ABLE TO LOGIN WITH HIS CREDENTIALS AND ABLE TO SEE THE INFORMATION WHICH IS RELATED TO HIM LIKE BELOW EXAMPLE,
    EMPNUM  PROJNUM   PROJROLE  ASSIGNEDBY  ASSIGNEDUNTIL
    11111    A1        PM         HARI        20.11.2006
    IF THIS IS THE CASE I GOT 1000 USERS IN BW WHO WERE ASSIGNED TO DIFFERENT PROJECT NUMBERS THEN I SHOULD CREATE THE 1000 ROLES FOR DIFFERENT USERS.
    IS THIS THE ONLY WAY TO GO OR IS THERE ANY OTHER WAY INSTEAD OF CREATING 1000 ROLES FOR DIFFERENT USERS. PLEASE LET ME KNOW.
    THANKS AND REGARDS,
    HARI

    Hi Hari,
            Refer this thread. I think this'll be helpful for you.
    Re: Authorization Variable
    For more information, refer these links from help.sap.com
    <b>Authorization Using Variables</b>
    http://help.sap.com/saphelp_nw04/helpdata/en/e7/56b23bdb0d0156e10000000a11402f/content.htm
    <b>Authorizations with Variables(Customer Exit)</b>
    http://help.sap.com/saphelp_nw04/helpdata/en/6d/58f438114ee836e10000000a114084/content.htm
    <b>Using Existing Authorizations</b>
    http://help.sap.com/saphelp_nw04/helpdata/en/a7/5ab43b6a596660e10000000a114084/content.htm
    Hope this helps.
    Regards
    Hari
    Message was edited by: Hari Krishnan K

  • SAP CRM 7.0.2 issue regarding authorizations

    Hello,
    I have noticed that the role change is not reflecting immediately for the user in CRM 7.0.2 Web UI. Is anyone facing the same issue like this? If so, any solution to this for immediate effect?
    Thanks in Advance.

    Hi Luis,
    You need to create a authorization object with 'sales rep' ou 'sales office' key.
    Your commercials are linked with these objects in master data? If no, create the link.
    After, in PFCG, create the key, as I said above, and done.
    Rgs,
    Fábio

  • Regarding authorization issue for vf04

    Hi Experts,
    I have copied the vf04 transaction into ysdvf04 transaction.
    And my requirement is One user is responsible for one plant.
    In YSDVF04 we have the field shipment point field on the selection screen.
    When that user executes this transaction ,only that particular plant related records has to come .
    How to do that
    Please reply

    Hi Ramakrishnan,
    Solution1:
    You can delete the shipping points and plants for the user based on the table TVSWZ at the event AT SELECTION-SCREEN.
    Solution2:
    You can obtain the link on shipping point and plant from the table TVSWZ. If you determine for which plant the user is responsible then in your program at the final output table you can delete those records which is not pertaining to the user.
    hope this would help you!.
    Regards,
    Devendran Krishnan.

  • Regarding authorization checks

    Dear forumers,
    I have a new custom transaction code, and this transaction code is defined for a custom report program.
    The custom report program provides end users with an interface to view and manually maintain data records in a custom table.
    I wish to add authorization checks to this via SU24. After doing this, however, I noticed that if a user without the necessary authorization is unable to access the custom transaction code, he is still able to run it via SE38 by entering the custom program name.
    How can this be resolved - so that, for a user who does not have the sufficient authorization, he cannot access both the transaction code and the program name manually?
    Appreciate any advice on this at all. Thanks.

    If that is a custom program you can put the following in your program code before processing starts, right after START-OF-SELECTION and throw an error message if the function returns anything other than value 2. Replace VA42 with your transaction code
    This will ensure that the user won't be able to executed it in SE38 even, if they don't have authorization to execute the transaction
    CALL FUNCTION 'AUTHORITY_CHECK'
           EXPORTING
                user                = sy-uname
                object              = 'S_TCODE'
                field1              = 'TCD'
                value1              = 'VA42'
           EXCEPTIONS
                user_dont_exist     = 1
                user_is_authorized  = 2
                user_not_authorized = 3
                user_is_locked      = 4
                OTHERS              = 5.
    IF sy-subrc NE 2.
      MESSAGE TYPE 'E'....
    ENDIF.

  • Regarding Authorization policy and Roles in OIM 11g

    Hi,
    In OIM 11g Admin interface, is there a way to find out what all authorization polices, a role has been assigned to ?.
    I am asking this because, if you search for a user, you will know what all roles he is a member of, and similarly if you search for a role, you will know who all users are members of that role.
    Similarly, if you search for a Authorization policy, you will know what are roles are assigned to this policy. But if I search for a role, I am not able to find what all authorization policies has been assigned to this role.
    Looking forward to hearing from you,
    Many thanks in advance

    I understand your concern. But, this feature has not been available
    --nayan                                                                                                                                                                                   

Maybe you are looking for

  • Oracle 9.2.0.8 client or server?

    Hey guys, I'm a little bit confused in regards to the patches for Oracle client/server. The new 9.2.0.8 patch, is this for client or server or both? Would there be any issues if the client and server are not on the same level? For example, if I have

  • I have a purchased ibook that is only showing the first 40 pages out of a 300  page book

    This is a book that I had purchased a while ago, read the whole thing, and then deleted from my iphone to make room for more books. Now I would like to read it again but when I re-downloaded it, only the first 40 pages appear. I've tried deleting the

  • Text extends beyond div

    I have a page with one div tag with an id="wrapper" the width of the div is 500px the text exceeds the width of the div - any ideas? thks jim

  • Java for XI

    Hi Guys, I learned Java in Grad school. But since after my graduation I have been working only in ABAP. But after seeing XI world it seems its advantagous to know Java also. There are 1000s of websites for Java tutorial. Can someone guide me to compr

  • Help needed with basic implementation of drawrect: in NSView

    i've read the sections concerning the above in the "view guides for cocoa" docs, as well as several tutorials, but for the life of me i can't figure out how to do a very simple thing. all the examples i've seen explain how to use NSRect and NSBezierP