Regarding user authorization of t-code

I am trying to give authorization for one of my user regarding SM35 
I did YAT and got attached file. MY ABAP programmer said it is not authorization issue it is something related to system error can you please help me out and guide me what should I do. 
The problem is whenever she run SM35 it always said Server is not active. I checked using SM13 for server and it is active so I am not sure why it is going on please go through file and If you need more information email me 

Hi,
when you create the batch-input session, you could set a user-name with the good authorization.
You could ask anybody to call your batch-input in SM35, the authorization of the transaction inside your batch is check with the username set in the batch.
So how did you create your batch-input session ??
Fred

Similar Messages

  • Resultant user authorization of t-codes with a common Auth. Object

    Hi,
    I'm re-posting this question because the first time it was rejected and according to the Rules of Engagement, it seems it's because I did not post my photo, however, dear Moderator, if for any other reason, I mean not to be indecent, kindly let me know if there's anything violating the content rules.
    I'm trying to control access to t-code AS02 using Asset Views (Auth. Object A_A_VIEW), so while looking around I noticed that this Object A_A_VIEW is present in other t-codes/roles assigned to some users.
    My question is (pardon my basic terminology), if a I create a role that has a t-code with certain authorization values defined in its Authorization Objects, and assigned it to a user that has those Authorization Objects in his profile but from totally different t-codes in different roles, will the most explicit/resultant authorization take precedence in all the t-codes? or will the t-codes be accessed as per the authorization provided in their respective roles?

    Hi  Saleh
    Lack of photo would not have been the reason.
    Is SAP security your background? What do you know of generated profiles, user buffer and the concept of cross-inheritance (or cross-talk)?
    If you are asking if a user has Transaction AS02 from one role and A_A_VIEW from another would they be authorised or not then that is a basic question (fundamental of SAP authorisation concept). Basic questions are not allowed in SCN as you can obtain the answer via searching, sap help and basic training.
    If you are trying to understand some specifics of the A_A_VIEW authorisation that the SAP Help (and also IMG configuration for Asset Views) did not provide then you might need to clarify your question.
    Regards
    Colleen
    Ps - I did alert the moderator to your question as I thought it was basic question relating to the SAP authorisation concept that is covered in SAP help, Google and the ADM940 training course.

  • USER AUTHORIZATION FOR T-CODE OB52 & OKP1

    Hi Experts,
    I would like to know if there is a t-code that assigns USER to open another t-code.
    OB52 & OKP1?
    I want to restrict this t-code for only few users....
    Is it possible?
    Need advice plese
    Rey

    Hi Rey,
        As per my knowledge the authorizations will be done by BASIS consultants.
    R.K

  • Code for user authorization

    Hello All,
    I have to implement a sample code which will filter out activities according to user authorization. Please help me in this regard.
    Thanks in advance.
    Paul.

    Hi,See the below code and write as per your need.
    INITIALIZATION.
      AUTHORITY-CHECK OBJECT 'ZPRCHK_NEW'
               ID 'TCD' FIELD SY-TCODE
               ID 'BUKRS' DUMMY
               ID 'PRCTR' DUMMY
               ID 'SPART' DUMMY
               ID 'WERKS' DUMMY
               ID 'VKORG' DUMMY
               ID 'EKORG' DUMMY.
      IF SY-SUBRC NE 0.
        MESSAGE I000(VZ) WITH TEXT-002 SY-TCODE .
        LEAVE PROGRAM.
      ENDIF.
    Regards
    rajendra

  • Regarding Making user authorization matrix

    Hwello Friends,
       Can anybody tell me the user authorization matrix for sap system ? How can we make and how to make profiles and roles. i know the transaction. but does sap or other documents for this ? plz send me or guide me. waiting for ur reply.send me some link if any or material links. or send me material on my id. [email protected]
    Thanks
    Deepak

    Hi, Deepak!
    As your question is quite general - which kind of SAP system? ECC? Portal? PI? - I' m doing a little hard with concrete answers. Probably you' ll find some infos under <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/81/0e0f61b566dc44bbb4055b3ccd25be/frameset.htm">Identity Management</a>. If that' s not what you' re looking for, let me know!
    Regards,
    Thomas

  • Help regarding BI Authorization

    Hi Experts,
    I am working for first time on BI analysis authorization and I am having below queries to be clarified. Can you all please clarify my queries and help me.
    1. In the project, we will not use HR and will therefore have to do local maintenance of authorizations in each system (for data access, we will also use a central identity management system). This will for sure affect the possibility of the automatic generation of authorizations. My first question is: can it still be used at all (can we load some data via flat-file or maintain some master data in BI)?
    2. Is the concept of having queries linked to PFCG roles to be used at all in BI 7 (according to SAP standard), or is the thought that InfoProvider authorization should be used instead via 0TCAIPROV?
    3. Is the following a correct way to do authorizations in BI 7, or if there is something that should be changed to comply with standard?
    - Make the following characteristics authorization relevant: 0COMP_CODE, 0SALESORG, 0PLANT
    - Activate the technical content for analysis authorizations: 0TCA*
    - Create authorizations in RSECADMIN, where we link a authorization object to a characteristic value (for instance, assign object: "XY" to characteristic=0comp_code with value=1010)
    - Link the authorizations just created to PFCG roles (for instance create a PFCG role "XY access" which gives access to company code 1010).
    - Create PFCG roles for "Report User" and "BW Developer" which have access to read respective create/change/delete rights of queries.
    - Create PFCG roles with certain queries linked to them.
    - Assign the PFCG roles to BW Users.
    4. Does the BI 7 authorization concept enable the use of user groups, or should authorizations be assigned on a user to user basis?
    5. What happens if I make a characteristic authorization relevant and then include this characteristic in a query and do not do any restriction on this characteristic (i.e. I do not provide any auth values to the system), will I then get an authorization error?
    6. If automatic generation of user authorizations is used together with for instance SAP HR and loaded daily, does this mean that any other manual authorization assignments will be deleted/reset upon the next automatic generation?
    7. Is the following a correct way to do authorizations in BI 7, or if there is something that should be changed to comply with standard?
    - Make the following characteristics authorization relevant: 0COMP_CODE, 0SALESORG, 0PLANT
    - Activate the technical content for analysis authorizations: 0TCA*
    - Create authorizations in RSECADMIN, basically one object that has a restriction for each of the authorization relevant characteristics and that uses different customer exit variables to determine which values to use. This customer exit then reads some table (which we maintain manually in BI) to find the values for each user based on user name.
    - Link the authorization just created to a PFCG role.
    - Give all reporting users this PFCG role.
    - Create PFCG roles with certain queries linked to them.
    - Assign the PFCG query roles to users.
    Thank you very much in advance for helping.
    Thanks & Regards,
    Sharath

    Sharath,
    Here are some insights/replies to the list of questions you supplied. BW Security can be complicated but the trick is NOT to allow the requirements to allow it to be complicated.
    1) Are you sure you dont mean the IdM system will assist with role-based access assignments? If that is the question then, yes. For the data access (linked to roles via S_RS_AUTH : Analysis Authorizations) you could employee a flat-file load to DSOs and variable security on the authorizaiton relevant charactistics.
    2) Yes, you will need to have authorizations to queries/reports via S_RS_COMP/S_RS_COMP1 still maintained in the roles. The InfoProvider (data access) will be maintained in the Analysis Authorization (S_RS_AUTH). You need to have both in order to successfully pass the auth checks from query/report to data.
    3) Fundimentally (BW Security 101) sounds correct but again it typcially depends on the implementation and requirements on how you setup the anaylsis authoriations along with the roles.
    4) No sure what you mean about "user groups" Analysis Authorizations can be assigned to "Users" or "Roles".  You could always assign roles to user groups via SU10 or via IdM solution.
    5) Depends on how its used in the query. If the query is dependant on a value to render the report (included in intial SQL stmt) then you will get "No Authoriation". If its setup as a free characteristic or drill-down, then you wont get authorization error until a statment checks values for authorization.
    6) Depends on how it was implemented. refer to #3
    Hope that helps a little.
    Thanks,
    Matt

  • Users Authorization- Restrict value of one variable corresponding to other.

    Dear Experts,
    I have query regarding BEx Authorization for the given selection screen of any variable for any report :
    I have two parameters/variables( Category and Sub Category) which needs to be passed from User. I want to restrict the value of second variable corresponding to the values passed in first variable. For e.g. :  if i passed Category value -Engineering ,Sub Category variable should only show the value related to engineering only other than all the values in sub category field in the selection screen for the user.
    Please suggest.

    Hi Shikhar,
    E.g. Category: Engineering , Arts , Commerce
    Sub Categories for Engg. ECE, IT , CSE.
                                   Arts : sociology philosophy etc
                                   Commerce: economics, accountancy etc
    Now Maintain authorization for Char. related to Engineering and create Auth. variable, follow this steps:
    Transaction Code- RSECADMIN
    Steps to create Authorization based on Division e.g. InfoObject    is 0DIVISION.
    Check for 0DIVISION, it must be Authorization relevant checked, if not then maintain 0DIVISION and check Authorization relevant box.
    Step 1: Create Analysis Authorization Maintenance using RSECADMIN T-Code, in that add 3 special characteristics i.e. 0TCAACTVT , 0TCAIPROV and 0TCAVALID, these are the mandatory Char. along with that add 0DIVISION for which you want to create Authorization, 0DIVISION details restrict value as 01 (EQ 01).
    Step 2: Again goto RSECADMIN -> User tab-> Assignment, enter username (e.g. User1) which you want to restrict. insert Auth. obj. from step1.
    Step 3: Now in Query designer, create Authorization variable for 0DIVISION, i.e. process type Authorization.
    Execute That query with restricted user (e.g. User1) it will only show the data for Division = 01.
    For reference: [http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/c0b7acf2-6121-2e10-5591-eaec182d9315]
    Hope this will meet your requirement, let me know if further explanation required.
    Regards:
    Avinash

  • Ultiroute says "Check user authorization"

    My Ultiroute has suddenly started giving me a "Please check your User Authorization" error message when I try to route a board. Ultiboard runs fine, the internal rip-up router seems to be OK, but Ultiroute won't run any more. I can't find any way of dealing with this. The software is Ultiboard 2001 SP2.
    Thanks!

    Hello,
    You should be able to use the same Release Code if your hardware configuration hasn't changed; anyway if for some reason you have issues with this, just use the Online Release Code Generator to get a new code.
    Ultiboard/Ultiroute 2001 are products that we don't support anymore, therefore I won't be able to tell you what caused this error.
    Did the re-install work?
    Are you using a hardware dongle?
    Operating system?
    Ultiboard version (Personal, Pro)? 
    Regards,
    Fernando D.
    National Instruments

  • User Authorizations and security

    Hi,
         I need to know that , is it required to give <b>SAP_ALL</b> to <b>functional consultants and ABAP developers user id</b> created , or there are some different set of roles to be created. where do I find these security best practices , so that I can implement them.
    Regards
    Puneet

    Sathi,
    Yes, you can in fact do this...it is a fairly involved process but once done it works very well.
    Remove ALL authorization objects pertaining to BUKRS (in this particular example you only want to limit users to a company code) from your role. We'll call this first role ZT_role. You will have your transaction codes in here.
    You will have a number of other authorization objects that you could do this same thing with. We are currently not only doing this with company code, but cost center/profit center, plant and several more. The process is the same. If you don't want to allow certain users access to a company code, plant...etc. pull the auth obj out of the transaction role.
    Next, create a brand new role WITHOUT T-CODES in it and name it something like ZD_Locking_role (whatever you want to call it...but in a sense you are locking users down with this role).
    In this 2nd role you will need to manually enter each Authorization Object that uses BUKRS from your 1st role and then add in the company code(s) you want to allow people to see (again...manually add those auth objects needed as mentioned above for cost center/plant etc.).
    Now, you shoudl be able to assign the 1st AND 2nd role to a person. Now, they will will only be able to see the company codes you placed in the locking role.
    If you only assign the 1st role, they will not be able to view/change by company codes. By adding the second role, the SAP system checks the auth object against their entire profile in their master record and should allow them work fine.
    Good luck!
    For those that care...
    We not only do the above, we took it many steps further. We created derived roles broke those down to display only and create/change roles. In other words, the locking role would read something like Z_DISPLAY_XXX or Z_CRT_CHG_XXX (where XXX is the company).
    User roles assigned to associate Joe Smith - As an AR Manager this person needs access to ALL AR function for creation/display and change but only allowed to display all AP documents and not change all within company code XXX:
        Transaction roles:
    ZT_AP_DISPLAY role (AP needs to run XK03 or XK04...any and all t-codes are locked down to display only! [03 or 08...etc.])
    ZT_AR_MANAGER role (AR Manager needs to display (only) AP stuff but not be able to change. They also need to be able to perform all other functions (create/change) as an AR Manager)
        Locking Roles:
    ZD_DIS_BUK_XXX (XXX is company code) [display only]
    ZD_CRT_CHG_BUK_XXX (XXX is company code) [create change]
    With a thoroughly thought out system you can have a very sight system while being able to allow user the versatility to see only certain information.
    Good luck!

  • No authorization for company code in MRBR

    Transaction MRBR is currently wide open. Anyone with authorization to this transaction can unblock invoices in any company code.
    Standard security profiles can only restrict users at universal (*) or purchasing group level. We require control on company code.
    OSS 399953 suggests creating validation rule (GGB0) to test user authorizations for transaction MRBR and authorization object F_BKPF_BUK.
    Can anyone supply the validation coding to solve this security problem?
    Is anyone familiar with this problem ? Do you have a solution ? also None standard SAP solutions are welcome
    Thanks in advance
    Greetings,
    Vincent

    Hi Vincent
    Another option could be to implement an authorization check in the BAdI MRM_RELEASE_CHECK - this is, of course not Standard.
    The code could look somthing like this:
    DATA: wa_rbkp_blocked TYPE mrm_tab_rbkp_blocked.
      LOOP AT i_rbkp_blocked INTO wa_rbkp_blocked.
        AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
                 ID 'BUKRS' FIELD wa_rbkp_blocked-bukrs
                 ID 'ACTVT' FIELD '02'.
        IF sy-subrc EQ 0.
          APPEND wa_rbkp_blocked TO e_rbkp_blocked.
          CLEAR wa_rbkp_blocked.
        ENDIF.
      ENDLOOP.
    Regards
    Morten Nielsen

  • How to give user authorizations for a Program or an ICF service

    Hi,
       1)How to give user authorizations for a report program or an ICF service.
       2)How to create an user authorization object.
    Regards,
    Vinay.

    check this online help for more info on authorization object creation
    http://help.sap.com/saphelp_nw04/helpdata/en/52/67168c439b11d1896f0000e8322d00/frameset.htm
    for question no1.
    ICF - you either maintain the auth obj relevant at the icf service level itself or you can code call authority object and block access
    for abap programs:
    you maintain auth object at the tcode or code the call authority object within the program
    Regards
    Raja

  • Regarding sap authorizations

    hi all
    is there anyway to limit the users access to only their own batch input sessions in tcode sm35 using sap authorizations.
    thanks in advance
    mohan

    hi,
    check this
    Checking User Authorizations in your ABAP Program
    How to set Authorization to an ABAP Programs?
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    Use T/Code SE80 to Create Authorization object.
    if u find it useful mark the points
    Regards,
    Naveen

  • User Authorization don't work in MD01.

    Hi!
    I created the role with  transaction MD01 only.
    System generated two Authorization Objects:
    1. S_TCODE - Transaction Code Check at Transaction Start:
    MD01
    2. M_MTDI_ORG - Organizational Levels for Material Requirements Planning:
    MRP Controller (Materials Plan...
    Activity types in materials pl MRP: total planning
    Plant                          Unmaint. org. level
    Next, I can don't write values of "Plant" or "MRP controller"  in  Authorization Objects M_MTDI_ORG. I can even delete Authorization Objects M_MTDI_ORG!
    But the user with this role(only this) still can not only open MD01, but successfully complete planning. For any Plant or MRP controller.
    Why it don't work? What i can do? I need to limit user authorization and i don't want to create Z-transaction for it
    Thank you
    Best regards,
    Evgeniy

    Hi, Caetano!
    The Note contains only MDBT. But apparently, MD01 is also included in this rule.
    If you use a user-exit M61X0001, a user must choose the user key in the selection screen.  And user can change it. It's not what i need.
    Thanks for your reply!
    Best regards,
    Evgeniy

  • A/R User Exit Spec and code

    The spec -
    1.     Canadian tax - currently based on Freight type:   Read the country(?) Ship-from (plant jurisdiction) to Ship-to(customer jurisdiction) and the inco term on the line item of the sales order and if it's not equal to 'DDP' the line item tax classification will be set to '0' exempt. (This is freight that comes into Canada from the US)
    We will look at the shipto and shipfrom txjcd on the sales order document and billing document along with the inco term logic and we will tax freight when they are both Canada
    Example Scenario:
    For Freight charges where the Ship from is in Canada (Bedco, Artmedco, etc) and the Ship-to is in Canada the freight will always be taxable regardless of the inco term. This is freight that ships within Canada, no boarder crossing.
    2.     Regular Freight - US & Canada:  If separate line item on sales order, it may be exempt from tax based upon state. revisit
    a.     D.1 Freight included on the line item
    i.     The freight is passed to the external system by populating the field FREIGHT. The freight amount is always included in the base amount.
    ii.     An example to fill the freight using the user-exit:
    iii.     In the customer pricing procedure (for example ZUSA01) enter ‘4’ in the subtotal field of the freight condition type (OTC must have this configuration in the pricing procedure for the freight pricing conditions).
    iv.     In the customer structure CI_TAX_INPUT_USER, add the field KZWI4 as in KOMP-KZWI4.
    v.     In the user-exit, add the code CH_USER_CHANGED_FIELDS-FREIGHT_AM = I_INPUT_USER-KZWI4.
    3.     For PO Specific A/R Tax Exemptions using material tax class of ‘2’, pass the TAXM1 field to the ACCOUNT_NO field in Taxware
    oSolution:
    For PO Specific Tax Exemptions – CSR will go to the line item detail “Billing” Tab, Tax Classification field (TAXM1) and change that to “2” – One-Time Exemption. Configuration complete. 
    CSR will go to the “Text” Tab, Internal Item Notice and CSR will provide a brief description as to why that line is tax exempt.
    This the code----
    TABLES: KNVV, KNA1, KOMK, MLAN, T001W, KNVI.
    DATA: w_taxm1 LIKE mlan-taxm1,
          i_kna1 LIKE kna1,
          c_com_tax type com_tax,
          i_komk LIKE KOMK.
    *--- if this freight comes into canada from US then set TAXM1 to 0
    *----otherwise set TAXM1 to 2 and apply frieght charges. Set ACCNT_CLS
    *----to 'Y' each time TAXM1 is passed to ACCNT_NO.
    IF KNA1-LAND1 EQ 'CA'.
      IF C_COM_TAX-TXJCD_SF EQ C_COM_TAX-TXJCD_ST.
        CH_USER_CHANGED_FIELDS-FREIGHT_AM = I_INPUT_USER-KZWI4.
        w_taxm1 = 2.
        CH_USER_CHANGED_FIELDS-ACCNT_NO = W_TAXM1.
        CH_USER_CHANGED_FIELDS-ACCNT_CLS = 'Y'. 
      ELSEIF C_COM_TAX-TXJCD_SF NE C_COM_TAX-TXJCD_ST.
        C_COM_TAX-TXJCD_SF = C_COM_TAX-TXJCD_ST.
        C_COM_TAX-TXJCD_POA = C_COM_TAX-TXJCD_ST.  
        SELECT SINGLE * FROM KNVV
                        WHERE INCO1 = KOMK-INCO1
                        AND INCO1 NE 'DDP'.                     
        IF SY-SUBRC EQ 0.
          w_taxm1 = 0.
          CH_USER_CHANGED_FIELDS-ACCNT_NO = W_TAXM1.
          CH_USER_CHANGED_FIELDS-ACCNT_CLS = 'Y'.
        ENDIF.
      ENDIF.
    ENDIF.
    SELECT SINGLE taxkd FROM knvi INTO knvi-taxkd
                        WHERE kunnr = i_komk-kunwe
                        AND aland = i_komk-land1.
    IF SY-TCODE = 'VA01' OR SY-TCODE = 'VA02' OR SY-TCODE = 'VA03' OR
    SY-TCODE = 'VF01' OR SY-TCODE = 'VF02' OR SY-TCODE = 'VF03' OR SY-TCODE
    = 'VF04' OR SY-TCODE = 'VF05' OR SY-TCODE = 'VF05'.
       SELECT SINGLE * FROM kna1 INTO i_kna1
                       WHERE kunnr = i_komk-kunwe.
       IF i_KNA1-land1 EQ 'CA'.
          C_COM_TAX-TXJCD_SF = C_COM_TAX-TXJCD_ST.
          C_COM_TAX-TXJCD_POA = C_COM_TAX-TXJCD_ST.
       ENDIF.
    ENDIF.
    I am able to enter the user exit, but there is no value for KNA1-LAND1 or C_COM_TAX-TAXJCD_SF or C_COM_TAX-TAXJCD_ST. Does anyone what I am missing ? Please help.
    Thanks in advance !!!!
    N

    Hi NP ,
    which User exit ur using ? Are u talking abt MIRO or VF01.
    Regards
    Prabhu

  • Help required regarding user exit for STPSHH01 IDOC

    Need help regarding user exit.
    I append the structure of VTTP and add one field with the name of ZDELCST i.e Delivery cost so i want to update that table once the idoc will post.
    I have to write the user exit for this but i have no idea how to do this so kindly requesting someone to please write the code for me and i will be very grateful to him/her.
    The functional module is IDOC_INPUT_SHIPPL
    and there is a CALL CUSTOMER-FUNCTION '012'
    this will take us to function module EXIT_SAPLV56I_012
    This includes ZXV56U08
    Within this include in need to map the delivery cost from the idoc to the new append filed VTTP-ZDELCST

    Hi,
    use this FM to update ur shipment
    variables
    DATA: lo_tp_g_tra       TYPE v56e_shipment_activities, "Data to modify
          lo_tp_g_shp       TYPE v56e_shipment,
          lo_tp_g_log       TYPE v56e_logfile, " Errors function
    call the function to modify shipments
    CALL FUNCTION 'SD_SHIPMENT_PROCESS'
      IMPORTING
        e_logfile    = lo_tp_g_log
      CHANGING
        c_activities = lo_tp_g_tra
        c_shipment   = lo_tp_g_shp
      EXCEPTIONS
        error        = 1
        OTHERS       = 2.
    Thanks,
    Sendil.

Maybe you are looking for