Regarding the Authorizations

Hi all,
I need to give authorization of tcode Like MMPV  for one user.
I had done by using PFCG then i went to role and then i given the tcode.
but it is not working , he is getting again the Auth problem

Did you maintain the Authorization data correctly? For eg, MMPV Tcode, is the user trying to create or change or display the tcode?
Also, check if the org structure has been setup correctly.
Lemme know if this helps.
Thanks
Sudhan Shan

Similar Messages

  • Regarding the Authorization in ABAP-HR

    Hi all,
        I want to know about the Authorizations in the ABAP-HR. If any body is having any material regarding the can you plz share with me...
    thanks in advance,
    Suresh

    Hi Kutam,
    Chk these Links....
    Can i have the list of infotypes .
    abap hr
    http://www.asug.com/client_files/Calendar/Upload/HR_STRUCTURAL_AUTHORIZATIONS.ppt
    Reward Points if Useful
    All the Best
    Gokul

  • Regarding the authorization objects

    hi
    this is the requirement.
    how to provide the authorization for the given transaction code and they provided field for that and some numbers.
    please provide me the code for this
    thanks in advance

    Hi,
    Check below code,
    AUTHORITY-CHECK OBJECT 'B_ALE_MODL'<- author. object
    ID 'ACTVT' FIELD A_ACTVT<-Fields
    ID 'CUSTMODEL' FIELD A_CUSTMODEL.<-Field
    IF SY-SUBRC <> 0 AND NOT A_OWN_REACTION IS INITIAL.
    MESSAGE ID 'B1' TYPE 'E' NUMBER '125'
    WITH 'B_ALE_MODL' A_ACTVT A_CUSTMODEL ''.
    ENDIF.
    Thanks and Regards,
    Chandra M

  • Regarding the authorization based on persinal subarea

    dear experts,
                      my company has two offices what we want that in HR that one offices will not see  the live datas of another office,for this we have two subarea raipur & raigarh what i did that in the authorization object P_ORGIN i added subarea BTRTL after this whenever i go to "SU01" & assign in the roles  it gives THIS error------
    *Authorization default values of transaction PC00_M01_CDTB for object P_ORGIN
    inconsistent*               
    WHAT IS THE SOLUTION FOR THIS PROBLEM...
    PLEASE suggest me how to restrict the authorization on personal subarea...
    Also after adding the fields BTRTL in the object P_ORGIN   i want to remove it again how will i do this......

    hi,
    Have a look at this pdf.It may help u.
    http://www.sap-press.de/download/dateien/726/sappress_authorization_system_engl.pdf
    http://wiki.ittoolbox.com/index.php/SAP_HR_-_Check_your_basics-Answers-1#DATA_AND_AUTHORIZATIONS
    cheers,
    Manoj.

  • Regarding Prepayments,Authorization and capture of funds

    Hi..
    I have questions regarding the authorization and capture of funds in 11.5.10.2 when the Prepayment concept is used. I have read in OM manual that the authorization and capture happens in AR while creating a receipt.So how can I know that they happen immediately one after other in AR ??? i mean can I look into any columns of particular tables gets populated when authorization happens and some particular field is populated when capturing happens???
    Mainly when prepayments are used does the authorization and capture happen in AR only one after other immediately?????
    Can some one please help me....
    Thanks...

    Hi,
    when you create the batch-input session, you could set a user-name with the good authorization.
    You could ask anybody to call your batch-input in SM35, the authorization of the transaction inside your batch is check with the username set in the batch.
    So how did you create your batch-input session ??
    Fred

  • How to get the values for the Authorization Object Fields....

    Hi Everyone,
    I'm pretty new to the SAP Security and have been working on the Basis sides...I created a new role in PFCG and added a few transactions (ME13) and clicked on the Authorizations tab. In there, the authorization tree is in yellow and red. After providing the Org Values, only the yellow lights remain (apart from the green one ofcourse). Now how do we get the values for the different auth obj fields that are in yellow... say for example
    Conditions                                                   COND
    Maintain Condition: Auth. for Use/Appl./Cond.Type/Table      V_KOND_VEA
    Activity                       03                                                                        ACTVT
    Application                                                                                KAPPL
    Condition table                                                                                KOTABNR
    Condition Type                                                                                KSCHL
    Usage of the condition table                                                                 KVEWE
    Here the values for V_KOND_VEA fields e.g. KAPPL, KOTABNR etc are missing.
    My question is how do we get these values in regard to the requirement provided by the client...is it the functional guys who provide these values or else how is a security person supposed to know it...
    All the help in this regard is sincerely appreciated along with the awarding of points...

    Hey thanks Alex and Catastrophe for the quick response...
    I'll be sitting with the functional team and reviewing the roles created.
    Thanks for all the help once more
    Regards,
    Akash.

  • Error while generation of the Authorization object (

    Hi Gurus,
    I have created a Authorization object Z_CCTR3 for 0costcenter authorization.
    but getting following error while generation of the Authorization object (type is Flat authorization)
    "Error occurred when reading the data from DataStore object Z_CCTR3"
    Any inputs will helpful...
    Sonal.....

    Hello everybody,
                             my problem is solved.For the UDConnect, whatever DATA SOURCES you create gets registered in a FUNCTION MODULE which has a capacity of only 99 enties, so to increase it implement the SAP NOTE 876340 - UDC Error available on SERVICE MARKET PLACE.
    This problem occurs with BW version 3.5 level 17 or below.
    Regards,
    Priyanka
    Edited by: Priyanka Joshi on Jun 10, 2008 11:03 AM

  • What's the authorization to run function CSAP_MAT_BOM_OPEN

    let's say, i wrote a report to change the structure of a BOM, using function CSAP_MAT_BOM_OPEN to open the bom, followed by function CSAP_BOM_ITEM_MAINTAIN and CSAP_MAT_BOM_CLOSE to change the bom and close the bom.
    well, I could use this report while other could not.
    When I used others sap account to run function CSAP_MAT_BOM_OPEN in SE37, I was warned I didn't have the authorization to run this function.
    so i want to know the authorization to use this function.
    best regards.
    Jim

    Hi,
    The std. authorization objects for BOM will be checked (C_STUE_BER, C_STUE_WRK etc).
    Regards,
    Vivek

  • How to delimitate the authorization on BI based on HR auth. object P_ORGIN

    Hi all,
    I need to insert in my BI role one authorization object to delimitate the view of data in the report (data are extracted from and SAP HR system) based on Personnel Area. On the HR system I have the authorization Object P_ORGIN that can be filled inside the roles for what concerns the value of  Personnel Area.
    How can I apply the same limitation inside the BI role?
    Many Thanks,
    Valentina

    Hi,
    R u using any other roles . If yes then open that roles and add object p_origin .It should work.
    Regards
    Nilesh

  • How do the "Authorization" in ABAP mathch to "Action" in Java?

    Recently I am studying the CC of GRC and some concept really confused me. When creating a new function we need to add some related "Actions" to it, but the concept "Action" only exists in SAP Web AS Java scope, not the ABAP scope. How do the authorization concepts in ABAP like "Authorization Object", "Authorizaton" match to things in Java scope? Obviously we need those ABAP authroization unit when defining the risk among the business processes.
    Thanks

    Hi Dustin,
    in CC functions, the term "action" was chosen because we do need to include actions for non-SAP systems, too.
    In an SAP ABAP context, this can be translated to "TCODE". When you look at the UME connector in 5.3, "Action" also rings a bell in an SAP context.
    Kind regards,
    Frank.

  • Regarding BI Authorization Issue

    Dear Friends,
    can anyone help me to solve this issue..
    I have a Authorization Issue, u201CNO Authorization u201C
    Error : EYE 007 ( Insufficient Authorizations )
    I have follow this stepsu2026
    Steps 1 :-
    Define Authorization-Relevant Characteristics ( ZCUSTOMER )
    Note : I have 0Division values C100 and C200, I want to restrict the user on ZCUSTOMER = 100.
    Steps 2 :-InfoObjects as u201Cauthorization-relevantu201D
    Eg: 0TCAACTVT
    0TCAIPROV
    0TCAVALID
    0TCAKYFNM
    ZCUSTOMER
    Steps 3 :-Using T-code : (RSECADMIN) created the Analysis Object
    For example : ZAUTH In That I have taken
    ZCUSTOMERrestricted with value C100.
    0TCAACTVT with 3 ( Display )
    0TCAIPROV with * ( Astric )
    0TCAVALID with *
    0TCAKYFNM with *
    Steps 4 :-
    Assign Authorizations to Roles
    Use authorization object S_RS_AUTH for the assignment of
    authorizations to roles.
    Maintain the authorizations as values for field BIAUTH
    Ex: ZTESTA1
    S_RS_AUTH
    Here I have given my Authorization Analysis Object ( ZTESTA1) which I have created in RSECADMIN.
    S_RS_COMP
    Activity Create or generate, Change, Display, Delete, Execute <...>
    InfoArea : ZDEMO_ MIHI
    InfoCube : ZCUBET
    Name (ID) of a reporting compo : ZTEST_Q0001
    Type of a reporting component Calculated key figure, Query View, Query, Restricted key figure <...>
    S_RS_COMP
    Activity Create or generate
    InfoArea :ZDEMO_ MIHI
    InfoCube : ZCUBET
    Name (ID) of a reporting compo :ZTEST_Q0001
    Type of a reporting component :Query
    S_RS_COMP1
    Activity Display, Execute
    Name (ID) of a reporting compo : ZTEST_Q0001
    Type of a reporting component :All values
    Owner (Person Responsible) for *
    S_RS_COMP1
    Activity Change, Display, Delete, Execute, Enter, Include, Assign
    Name (ID) of a reporting compo ZTEST_Q0001
    Type of a reporting component All values
    Owner (Person Responsible) for :*
    S_RS_ICUBE
    Activity Create or generate
    Infocube Sub Objects: DATA, Update rules, Data Definition, Aggregats
    InfoArea :ZDEMO_ MIHI
    InfoCube : ZCUBET
    S_RS_IOBC
    Activity Create or generate
    InfoArea :ZDEMO_ MIHI
    Infoarea Catalog : zioc_test, Zkf_test
    S_RS_IOBJ
    Activity Create or generate
    InfoArea :ZDEMO_ MIHI
    InfoObjets: ZCUSTOMER, ZDOCNO,ZMATERIAL
    Steps 5 :-
    AND Assign this Role to User.
    Steps 6 :- ERROR
    When I execute the Report it is showing u201CNO Authorization u201C
    u201C Insufficient Authorization u201C
    EYE 007.
    Regards
    Siva

    Hi,
    In RSECADMIN try to put on the trace with your user id & execute the query . System will give you list of authorization object with red color which needs to be reconsidered in order to execute report without error.
    Hope that helps.
    Regards
    Mr Kapadia

  • Help regarding BI Authorization

    Hi Experts,
    I am working for first time on BI analysis authorization and I am having below queries to be clarified. Can you all please clarify my queries and help me.
    1. In the project, we will not use HR and will therefore have to do local maintenance of authorizations in each system (for data access, we will also use a central identity management system). This will for sure affect the possibility of the automatic generation of authorizations. My first question is: can it still be used at all (can we load some data via flat-file or maintain some master data in BI)?
    2. Is the concept of having queries linked to PFCG roles to be used at all in BI 7 (according to SAP standard), or is the thought that InfoProvider authorization should be used instead via 0TCAIPROV?
    3. Is the following a correct way to do authorizations in BI 7, or if there is something that should be changed to comply with standard?
    - Make the following characteristics authorization relevant: 0COMP_CODE, 0SALESORG, 0PLANT
    - Activate the technical content for analysis authorizations: 0TCA*
    - Create authorizations in RSECADMIN, where we link a authorization object to a characteristic value (for instance, assign object: "XY" to characteristic=0comp_code with value=1010)
    - Link the authorizations just created to PFCG roles (for instance create a PFCG role "XY access" which gives access to company code 1010).
    - Create PFCG roles for "Report User" and "BW Developer" which have access to read respective create/change/delete rights of queries.
    - Create PFCG roles with certain queries linked to them.
    - Assign the PFCG roles to BW Users.
    4. Does the BI 7 authorization concept enable the use of user groups, or should authorizations be assigned on a user to user basis?
    5. What happens if I make a characteristic authorization relevant and then include this characteristic in a query and do not do any restriction on this characteristic (i.e. I do not provide any auth values to the system), will I then get an authorization error?
    6. If automatic generation of user authorizations is used together with for instance SAP HR and loaded daily, does this mean that any other manual authorization assignments will be deleted/reset upon the next automatic generation?
    7. Is the following a correct way to do authorizations in BI 7, or if there is something that should be changed to comply with standard?
    - Make the following characteristics authorization relevant: 0COMP_CODE, 0SALESORG, 0PLANT
    - Activate the technical content for analysis authorizations: 0TCA*
    - Create authorizations in RSECADMIN, basically one object that has a restriction for each of the authorization relevant characteristics and that uses different customer exit variables to determine which values to use. This customer exit then reads some table (which we maintain manually in BI) to find the values for each user based on user name.
    - Link the authorization just created to a PFCG role.
    - Give all reporting users this PFCG role.
    - Create PFCG roles with certain queries linked to them.
    - Assign the PFCG query roles to users.
    Thank you very much in advance for helping.
    Thanks & Regards,
    Sharath

    Sharath,
    Here are some insights/replies to the list of questions you supplied. BW Security can be complicated but the trick is NOT to allow the requirements to allow it to be complicated.
    1) Are you sure you dont mean the IdM system will assist with role-based access assignments? If that is the question then, yes. For the data access (linked to roles via S_RS_AUTH : Analysis Authorizations) you could employee a flat-file load to DSOs and variable security on the authorizaiton relevant charactistics.
    2) Yes, you will need to have authorizations to queries/reports via S_RS_COMP/S_RS_COMP1 still maintained in the roles. The InfoProvider (data access) will be maintained in the Analysis Authorization (S_RS_AUTH). You need to have both in order to successfully pass the auth checks from query/report to data.
    3) Fundimentally (BW Security 101) sounds correct but again it typcially depends on the implementation and requirements on how you setup the anaylsis authoriations along with the roles.
    4) No sure what you mean about "user groups" Analysis Authorizations can be assigned to "Users" or "Roles".  You could always assign roles to user groups via SU10 or via IdM solution.
    5) Depends on how its used in the query. If the query is dependant on a value to render the report (included in intial SQL stmt) then you will get "No Authoriation". If its setup as a free characteristic or drill-down, then you wont get authorization error until a statment checks values for authorization.
    6) Depends on how it was implemented. refer to #3
    Hope that helps a little.
    Thanks,
    Matt

  • Wild card "*" usage in the authorization role

    Hi All,
    I am an ABAP consultant(not a security pro, so please put up with any incorrect wordings), and working on a requirement where i need to check if the user has access to particular values entered on a screen field. For example if the text entered on the field is ABCDEFGUS, i want to check on the last two characters to see if user has access to enter values ending with US.
    So i create an authorization object...etc, and in the role i enter US as the value,  but now when i run through the code using AUTHORITY-CHECK against the authority object. The authorization passes for all the values i enter, ex: ABCDEFGUK* - this should have failed as i have maintained *US.
    Note: but when i maintain the value as ???????US in the role, it works as expected.
    All the help and pointers, towards this would be appreciated.
    Regards,
    Chen

    So you will maintain value like #US in your roles and just before authorization check you will amend string.
    Hi Martin,
    Have you ever tried this and used it in production?
    Changing the value sent to the AUTHORITY-CHECK is easy but very intrusive to the data in the program which might be used else where.
    Changing the value at runtime which the AUTHORITY-CHECK expects to find is a different ball game (also in performance).
    I have done some experimental stuff with this in sandboxes using STATICS in a wrapper for fixed lengths but cannot recommend it at all. I cannot see it ever flying in an AUTHORITY-CHECK statement construct.
    It is also completely unauditable to any authorization analysis tool...
    Hang on a second... if SPRO can do this then we can as well --> I think we have a winner here! 
    Cheers,
    Julius

  • Can we reuse the Authorization objects in MM01 for  Custom TCODE  ZMM01

    Hi all,
    We need to create screens  or transaction code ZMM01 which will have all views in the form of a tab like sales data will have a tab to input sales information like plant data as its own tab to input plant specific data
    ceating material  masters  entries in Ztables like ZMARA,ZMARC,ZMVKE.
    Now my question is can we use the same authorization objects which are being used for standrard MM01 transaction code because same users who use MM01 will use ZMM01.
    If this is possible how can I know what are the authorization objects which I need to program for my ZMM01 Tcode.
    All replies are rewarded.
    Regards
    Martin.

    hi yes
    it is possible go to transaction SU21
    and search MM_G object class you can reuse the same for ur Z transaction
    also u will have to use SU22 to assing tcode to the obejct class
    Harish

  • How can i transfer the 'Authorization Group'(SE54) to another client?

    In project i must define an 'Authorization Group' in T-Code SE54---The 3rd radiobutton.
    But there is no message to me to entry the Request NO.?
    How can i transfer the 'Authorization Group' ?
    I konw the date can be show from view 'V_BRG_54' ,but how to transport the data of the view?
    TKS a millon~~

    Hi,
    If your client is set for automatic recording of changes it should prompt for a transport, check there is not another client where you should make config changes.  If not, the menu option Table View -> Transport will let you assign the Auth group to a transport.
    Regards,
    Nick

Maybe you are looking for

  • IMAP Mailbox not behaving as it should with Mac

    Hi all, Hope you can help. Have recently set up an IMAP email account for my business on both my Mac and my iPhone. Anything read or deleted on my Mac syncs with my iPhone as it should but when I read the email on my iPhone it does NOT appear as 'rea

  • Non working tools in Acrobat XI

    I have recently installed Acrobat Pro XI on my PC, and find that the connected line, polygon and cloud tools do not work and are shown faint in the menu box. They worked in my previous version of Acrobat ( X) and they work on the back-up installation

  • ITunes launching problem

    All of a sudden iTunes is failing to launch on my PC. I've tried opening the program via desktop shortcut, programs and when I plug my iphone into the USB socket. All of these methods worked until two days ago. I can see that iTunes is running in the

  • My CS6 Master license in Munged

    My CS6 Master Collection licensed software (purchased at upgrade price, physical delivery) thinks it's licensed as a Creative Cloud product and is threatening to shut down in 2 days. History: I pre-ordered CC and tried it on the first day available.

  • Missing itunes64.msi

    I am trying to update itunes and keep geting message that it can't find path to iTunes64.msi