Regenrate SAP_ALL in SU21 transaction

Hello,
Needed some info about the 'Regenerate SAP_ALL' button in transaction su21. I created an authorization object in a development client. I then created a new role using PFCG transaction in a customization client to which i assigned the authorization object and generated the profile.
When i transport the Role - using customising request and Authorization object - using workbench request, i do not find profile attached to the role which i had generated in the customising client.
Clarifications
1. Do i need to generate the profile again in the system in which this role has been transported ?
2. What is the importance of 'Regenerate SAP_ALL' button in transaction su21.
Regards,
Om

Hello Sridhar,
I had selected the check box for transport with generated profiles , but still i do not see the profile and the authorization objects attached to the role i have created.
Is it compulsory to click on the Regenerate SAP_ALL button after creating the authorizatio object. I did not , could be be one of the reasons that i do see the profile and authorization object attched to the role in the system to which they have been transported.
Regards,
Om

Similar Messages

  • List of Authorization Object with Transaction Code

    Dear All ,
        Does SAP provide  any report to list all the Authorization Object ? and which object is belong to which transaction code ?
    Thanks .

    hi olrang ,
    STEP BY STEP TO CREATE AUTHORIZATION OBJECT:
    STEP1:  goto  SU21 transaction and create a new Authorization Object
    Object Name:  Z.....
    Text:  ...........
    ClassL  SD (YOUR MODULE)
    AUTHOR:  YOUR ID
    STEP2:  Give authorizatin fields as
    ACTION - Action of the Authorization
    Activity -  Document Destribution.
    STEP3:  Basis will create a role using transaction  PFCG and assign this authorization object to that role.
    STEP4:  Call the AUTHORITY-CHECK Object in your code.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    IF sy-subrc 0.
    MESSAGE e000(zzpp) WITH 'No Authorization'.
    ENDIF.
    and it belongs to  SU24 transaction code
    Saurabh Goel

  • RE: CRM or any component upgrade

    Hello all,
    recently we upgraded our CRM7.o to a new SP. after the upgrade i ran SU25 and completed all the steps. i haven't seen any major changes in our custom roles. so i changed some roles based on step 2c then regerated all the custom roles and created a transport of customer tables. i have few questions in my mind after doing that.
    Q1) once the customer tables are transported to QA will the roles automatically gets regenrated and be identical to the ones in DEV.
    Q2) one user did some testing and came with an error saying he is missing some authorization after upgrade, i ran trace and saw a object which is not in our role design, but the object is in SAP_ALL? i clicked on where used and it did not showed any transactions. how can we know if this object exist prior to upgrade or after upgrade.
    Q3)what is the purpose or when we should regenerate SAP_ALL? is it necessary to regenrate SAP_ALL after upgrade.
    Thanks a lot in Advance,
    SS
    Edited by: sun on Jun 15, 2010 4:48 PM

    Sun,
    Q1) once the customer tables are transported to QA will the roles automatically gets regenrated and be identical to the ones in DEV.
    If you transport the customer tables your upgraded roles need to be transported as well.
    While transporting the roles,you will get the message that auth profiles are also transported, just you need to do user comparssion.
    Identical to dev : if both the systems are same then roles are identical . (i.e maintaing same su24 values,if you have deactivated any objects in dev,same should be in QA .
    Q2) one user did some testing and came with an error saying he is missing some authorization after upgrade, i ran trace and saw a object which is not in our role design, but the object is in SAP_ALL? i clicked on where used and it did not showed any transactions. how can we know if this object exist prior to upgrade or after upgrade.
    In old system  object was not present, but in new system it might have got added.
    In su25 itself it will be shown what are the new tcode & auth objects .
    how can we know if this object exist prior to upgrade or after upgrade.
    based on the transaction &  objects maintained for it.
    Q3)what is the purpose or when we should regenerate SAP_ALL? is it necessary to regenrate SAP_ALL after upgrade.
    if you want to add any new auth object to SAP_ALL,then you can do it . Su21 -> re generate SAP_ALL.
    is it necessary to regenrate SAP_ALL after upgrade
    When new objects are added to the pre-upgrade SAP_ALL, it needs to be regenerated: the system first deletes the authorizations of SAP_ALL to regenerate it with all the new ones. However, as RSUSR406 contains authority-checks, you should ensure that you have only a PFCG role authorized for profile generation and not only SAP_ALL when doing this, or alternately use report AGR_REGENERATE_SAP_ALL.
    - Transport an object to the system. During import, the system will automatically regenerate SAP_ALL, unless SAP note 439753 is applied (Bernhard recently mentioned that in another thread).
    - Implement SAP note 1064621 from a different client.
    Thanks,
    sri
    Thanks a lot in Advance,
    SS

  • Creating support message field reported by doesn't fill

    Hi colleagues,
    When I create a support message field reported by doesn't fill automatically.
    I think that I've completed all required steps in order these fields were filled automatically. Fields sold-to party and support team are filled automatically, they work ok.
    The steps that I've checked:
    - The support message is created successfully from satellite message(SID=DES_01). The user which creates this message is zprueba5 exists with profiles: SAP_ALL, SAP_NEW at the satellite system.
    -In the solution manager system(SID=SMG), transaction ib52 for the satellite system is filled with partners: employee responsible, sold-to party and system administrator.
    - In the solution manager system(SID=SMG), zprueba5 exists with profiles: SAP_ALL, SAP_NEW.
    - Transaction bp, zprueba5 user contains BP roles: Business Partner, Employee, Bill-To Party, Financial Services and at the tab "Identification":
    External BP Number: SMG 010 ZPRUEBA5
    ID Type     Description                         Identification number
    CRM001    External System Identifier   DES_01 0020281686 100 ZPRUEBA5
    CRM001    External System Identifier   SMG 0020276689 010 ZPRUEBA5
    So, In the solution manager system(SID=SMG), crm_dno_monitor transaction when I open the support message just created from satellite system, I have an error because reported by field isn't filled.
    Please could you help me?
    Thanks and Regards
    Raul Aguilar

    Hi Nikhil,
    At this message I'm going to reply your last two replies.
    1.- You typed me "In ib52 select both the system simultaneously and then go to->parner and assign proper bp no for the respective partner function. You need to do it for every system may be users are same.
    I hope you have maintained proper access sequence i.e. via ibase."
    For each SAP System that I've defined at SAP Solution Manager, at ib52 transaction I've defined the three roles that IMG activity documentation types:
            Assign business partners with the following functions to the new iBase component systems:
                Administrator
                Key User
                Sold-to Party
    SAP Solution Manager Implementation Guide->SAP Solution Manager(SP 17)->Configuration->Basic Settings->Standard Configuration of Basic Settings->Solution Manager->iBase->Assign Business Partners to iBase Components ->transaction Change iBase (IB52), enter in field Installed Base '1' and I select the SAP System->Goto -> Partner
          Function                                        Partner      
        00000014  Employee Responsible     298
        00000001  Sold-To Party                  295
        SLFN0001 System Administrator      295
    2.- You typed me  "Select you partner determination procedure and double click on "User interface setting" here select appropriate partner functions and assign all of them in ibase as I said in above reply.
    You must not be getting reported by partner function. Take out System administrator. Motivate by assigning points."
    My Partner Determ. Proc. is SLFN0001, so I double click on User interface setting like you explained me, adn now appears:
    Header Screen:
    Sequence and Functions for (main) Partner Displayed
    Partner Function1 00000001  Sold-To Party (CRM)
    Partner Function2 SLFN0002 Reported by (CRM)
    Partner Function3 SLFN0003 Support Team (CRM)
    Partner Function4 SLFN0004 Message Processor (CRM)
    But now I don't understand if at ib52 transaction I've to add any role or if from "User interface setting" I've to delete any Partner Function. Could you detail me when you type "You must not be getting reported by partner function. Take out System administrator", please?
    Regards,
    Raul .

  • Catalog items visible to everyone, purchaseable only for some users

    Hello everybody
    Me again trying to find a solution to the following problem:
    We need to have some items in our catalog that are visible for every user but only purchaseable via shopping cart / SRM for some authorized users. I couldn't find any possibility in the customizing. So my attempt would be to add an additional attribute in CCM where I can put some kind of flag and then to construct an authorization check based on that flag and on a authorization profile. In case the authorization check fails, the catalog item may not be put in the shopping cart. Preferabily the shopping cart icon should be disabled for such items.
    Did somebody out there already think about something similar or already implemented something like that?
    It would also be a good basis for offering a publicly viewable, browseable catalog for "window shopping", because I also didn't find a way until now to publish the catalog as a standalone web application without shopping cart functionality.
    What do you out there think about it?
    Kind regards,
    Renaud

    Hi Christophe
    Thanks a bunch for your great help! I could solved the problem and am now able to have some catalog items visible but only purchaseable for authorized users. This is what I've done:
    1. Create a new authorization class (SU21)
    2. Create a new authorization object within this class
    3. Create a new authorization field within this object
    Don't forget to save and quit the SU21 transaction and then reenter it (/nsu21) because only then you'll see your changes / additions... seems to be a "refresh-bug" in SU21.
    4. Create a new role (PFCG) and an authorization profile containing the new authorization object. Assign the values needed.
    5. Create a new attribute in CCM and assigned it to OCI cust_field5 (because this one is of type TEXT50)
    6. Implemented some code in BAdI BBP_CATALOG_TRANSFER:
    DATA: wa_et_sc_item_data  TYPE BBP_PDS_SC_ITEM_D.
    DATA: wa_catalog_content  TYPE BBP_WS_OCI_ITEM_S.
    DATA: lv_authorized       TYPE c.
    DATA: lt_limtab           TYPE TABLE OF string.
    DATA: wa_limtab(10)       TYPE C.
    DATA: lv_message_v1       LIKE SY-MSGV1.
    DATA: lv_message_v2       LIKE SY-MSGV2.
    DATA: lv_message_v3       LIKE SY-MSGV3.
    DATA: lv_message_v4       LIKE SY-MSGV4.
    LOOP AT et_sc_item_data INTO wa_et_sc_item_data.
    * Get corresponding line from transferred catalog data
      READ TABLE catalog_content INTO wa_catalog_content
                                 WITH KEY line = wa_et_sc_item_data-number_int
                                 BINARY SEARCH.
      IF sy-subrc = 0.
    *   If field content for checking authority against is not empty...
        IF NOT wa_catalog_content-cust_field5 IS INITIAL.
    *     Perform authority check
          AUTHORITY-CHECK OBJECT '<your auth.object here>'
                          ID     '<your auth.field here>'
                          FIELD  wa_tab.
          IF sy-subrc <> 0.
            MOVE wa_catalog_content-cust_field5  TO lv_message_v1.
            MOVE wa_et_sc_item_data-ordered_prod TO lv_message_v2.
    *       Eliminate leading zeroes from product number
            WHILE lv_message_v2+0(1) = '0'.
              SHIFT lv_message_v2.
            ENDWHILE.
    *       Output message
            MESSAGE ID     'ZXXX'
                    TYPE   'W'
                    NUMBER '000'
                    WITH   lv_message_v1
                           lv_message_v2.
    *       Remove item from SC
            DELETE et_sc_item_data.
          ENDIF.
        ENDIF.
      ENDIF.
    ENDLOOP.
    Interesting observation is, that when issueing the message with type = 'I' it does not condense the message text. With type = 'W' it does...
    I also found out the reason, why the way via ET_SC_MESSAGES will not work: SAP <b>has hard coded</b> somewhere after the BAdI call the message id and message number... so no way to bypass this without a modification.
    Kind regards,
    Renaud

  • R/3 Basis security Problem

    Hi,
    i am posting my problem below. Pls its urgent.
    <b>Problem Description.</b>
    Currently the project manager/ Business Analyst in the IT department downloads the output from the PMF jobs. The ultimate aim is to pass this job to the business but currently the role that is used to grant access to these reports is via SM37/SP01 using the BUSINESS_ANALYST  role. But due to sensitivity of both SM37 and SP01 this role can't be assigned to the end user. There is currently no way of giving the endusers access to view  the output without them being able to view too much.
    Required Change :
    <b>Required Change</b>
    Enable the end users access to view the output from the PMF jobs , BUT restricting access to just view this output / job NOT everything in SP01 or SM37.  The preference would be to add SP01 but in such a way that the user will only see output from this job and anything they’ve requested themselves.
    reward points are guaranteed.
    Regards,
    Ravi G
    Message was edited by:
            Ravi Kumar Gunda
    Message was edited by:
            Ravi Kumar Gunda
    Message was edited by:
            Ravi Kumar Gunda

    Hi Ravi,
    As long as you are giving only display access to Sm37 there is no need to restrict users to view only a specific job. We have assigned SM37 without selective display restrictions to end users and we are SOX compliant.
    The point is that  you have to ensure users are not able to change or repeat schedule the jobs through SM37.
    S_BTCH_JOB is not  very helpful. In S_BTCH_JOB if you give JOBACTION as SHOW then the user is able to see all the jobs including his own ones. JOBGROUP always must have value * for the object. Now in your case not only user should be able to see his own jobs but also a specific job whose owner will be somebody else. if you dont give show then he also wont be able to see the spool requests for jobs other than his own and neither be  able to display jobdetails for other users job through SM37. Check OSS note 101146.Check the documentation of this object in SU21 transaction under object class BC_A.
    Now I dont think that there is any danger in giving users the display access to all the jobs as long as they can not tamper with it. SHOW/LIST values in job action will ensure that the user is not able to change jobs other than his own.
    Now coming to SP01. Ensure no user has SP01 and SP0R in auth object S_ADMI_FCD. This will ensure that he is able to view only his own spools. In case you want to give him access to view spools for even a single spool other than the one beloging to him you need to give access to SP0R or SP01.So this still doesnot solve the issue for you. Check OSS note 119147.
    We had a similar requirement as yours. In order to solve the spool related issue we removed SP01 and SP0R  from S_ADMI_FCD and then assigned it to select few users in end user department who were made responsible for spool display and download.
    As of now SAP doesnot really help with this requirement. May be you can make use of user exits or create a custom based report that will lead to Sm37 and SP01.
    Not sure if this was too helpful to you.
    Regards.
    Ruchit.
    Message was edited by:
            Ruchit Khushu
    Message was edited by:
            Ruchit Khushu

  • Authorization check

    Hi ,
    i new to authorization so i need help ,
    i go to transaction SU21 and i choose some object for example:
    Object R_CPM_BSC
    Text Authorization Object SEM: BSC Elements
    Class SEM Strategic Enterprise Management*
    Author STASTNY
    Field name Heading
    SEMSCARD Scorecard
    SEMOBJTYPE Scorecard Elements: Object Type
    SEMOBJKEY Scorecard Elements: Object Key
    ACTVT Activity
    And when i push on permitted activities i get:
    R_CPM_BSC Authorization Object SE
    ACTVT Activity
    activists
    01 Create or generate
    02 Change
    03 Display
    04 Print, edit messages
    1. i have always just permitted activities for ACTVT ?
    if i wont that user just have display Authorization how i have to write it like below?
    AUTHORITY-CHECK OBJECT R_CPM_BSC
    ID ACTVT FIELD '03'
    thats it i don't use the other fields?
    Regards

    Hi,
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    Thanks
    Vikranth

  • Query on Authorization issues

    Hi Experts,
    i am trying to call std RFC L_TO_CREATE_SINGLE  thru SAP XMII technology for creating transfer order.
    But error was thruwn by SAP , YOU ARE NOT AUTHORIZED.
    How can i resolve this problem?
    How to check the Authorization object id?
    points r rewarded.
    thanks in advance.

    Hi this might help u.
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    Sy-SUBRC values
    4              User has no authorization in the SAP System for
                   such an action. If necessary, change the user
                   master record.
    8              Too many parameters (fields, values). Maximum
                   allowed is 10.
    12             Specified object not maintained in the user
                   master record.
    16             No profile entered in the user master record.
    24             The field names of the check call do not match
                   those of an authorization. Either the
                   authorization or the call is incorrect.
    28             Incorrect structure for user master record.
    32             Incorrect structure for user master record.
    36             Incorrect structure for user master record.
    with regards,
    Hema Sundara.

  • Authority-check for particular comp code

    Hi All,
    when i'm using standard Authority Object F_BKPF_BUK  for a particular standard code say 'CO01'. but it is working for all company code, but i want work for only one company code say 'CO01' ONLY.i'm using in report program (zreport prog)
    I written code as
    AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
        ID 'BUKRS' FIELD 'BE10'
        ID 'ACTVT' FIELD '03'.
    Please can u advice on this .
    Many Thanks in Advance for u r Answer
    Naren

    Hi
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    Reward points if useful
    Regards
    Anji

  • AUTHORITY-CHECK on cost center

    We have set the authorisation (using object cost center) to time admin such that they can maintain leave for certain group of the user.
    The question is now how to program the abap code so that my customised leave report can validate the authorisation to ensure that when he generate the leave report, other those employees who are in the cost center that he is authorise to view is listed?
    Appreciate if you can share the code.

    Hi,
    see the help link also.
    [http://help.sap.com/saphelp_nw70/helpdata/en/9f/dbaccb35c111d1829f0000e829fbfe/content.htm]
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.

  • Authority check at field level in the sales order

    Dear all, our business requirement is the following:
    only some users should be able to see the prices (including netwr, netpr,...) in the sales order depending on the authority check performed on the sales group field.
    This means that for an order of sales group 'A':
    a user of sales group 'A' can see the prices and change the order, a user of sales group 'B' cannnot see the prices but can change the order, a user of sales group 'C' can display the order but cannnot see the prices.
    I ask you if such a scenario can be realized in SAP.
    We currently run SAP ECC 5.0.
    thx all !
    bye Roberto

    Hi
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    <b><REMOVED BY MODERATOR></b>
    regards
    Anji
    Message was edited by:
            Alvaro Tejada Galindo

  • Authorization checks and objects

    Do you have a tutorial for this topic for dummies? thanx in advance

    Hi
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    Thanks
    Seshu

  • Depending on the username, show only valid divisions...

    Hello Experts,
    I was tasked to modify a report wherein in the selection screen
    only divisions that the user is authorized to use or is under will be shown.
    For example, I am only authorized for divisions 02, 15 and 16 since they
    fall in sales org 1000 and I am under sales org 1000. So when I click on
    the division parameter in the selection-screen, only those divisions will be shown.
    So how do I check if a user who runs this report belongs to a certain division? And
    after checking I will only show the valid divisions and not all the divisions.
    Anyway, below is my selection-screen:
    SELECTION-SCREEN BEGIN OF BLOCK 1 WITH FRAME TITLE text-010.
    PARAMETERS: p_spart LIKE mara-spart OBLIGATORY,    "<--
                p_valid LIKE a004-datab.
    SELECTION-SCREEN END OF BLOCK 1.

    Hi,
    In SD there will be authorization object on SALES AREA, if neede use it
    or create a new Authorization object with field as Division and use it.
    See the help doc for creating the authorization Object:
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    reward if useful
    regards,
    Anji

  • How to get standard authorizations  saritha reddy

    Hello Basis Gurus.
    iam using one month trail version of crm 5.0.
    my client is 100. i entered password wrong then the login failed. then i entered thru 066 and 000 clients. but its not allowing me to copy any standards. its says u r not authorized . i entered thru 066 client and created a new Id thru su01. but the same problem its not allowing me to copy any standards .
    Pls tell me how to log on to 100 client or how to get standard authorizations.
    pls give me u r valuable solution to me problem
    Many Thanks
    saritha
    [email protected]

    Hi
    See the doc related to Authorization concept and do accordingly
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    <b>Reward points for useful Answers</b>
    Regards
    Anji

  • How to create authorisation object for save button please help in abap

    how to create authorisation object for save button please help in abap

    Hi
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    Regards
    ANJI

Maybe you are looking for

  • SSL/TLS - secure connection could not be established but passes diagnostics

    Any other ideas for the ever popular inability to create a secure connection issue? I've tried just about everything I could find in all the posts on this issue and continue to get the inability to create a secure connection messag4e when logging in.

  • Hi, my "adobe application manager" files are damaged, can't download

    Hi, my "adobe application manager" files are damaged, when I try to download an adobe application it just won't start because of that damaged "adobe application manager", I tried to find how to (re-)download/install "adobe application manager" but wi

  • GL Account Report with Customer Analysis

    Hi.. Is there a straight forward way of producing a list by GL Account, which provides the Customer No posted to in the same Document? For example Doc No 1234567890 01 Customer 999 £500 50 GL 12345 Executing a search on GL 12345 would therefore outpu

  • Will the USB SuperDrive play blu ray discs?

    Will the USB SuperDrive play blu ray discs?  Is there another way to play them on my iMac?

  • Update some fields  in Internet

    Hi to all, customer having some fields display in his homepage(internet).. he wants to update somemore fields to that....so ill create a internal table with fields below what he wants.. ABLES: MARD, /UPM/GTB10. DATA: BEGIN OF ABCD OCCURS 0,       EXT