Removing authorization in mass for users

Similar Messages

• Authorization in VKM1 for users based on credit limit?

  hi all,
  Does anybody heard about authorization for users in VKM1 to release blocked commercial documents? In my project, they want to set ranges for users :
  Analyst 40%
  Manager 100%
  Director 100%
  I looked for all SAP doc and i think its not possible, any thoughts?
  Thanks and regards

  Dear Monica,
  You can do this with Roles & Profile (Authorizations).
  Go to T-Code PFCG - Either enter the roles that currently exists or create a new role. Insert T-code VKM1in Menu tab page & then go to Authorizations tab
  Expand the Thread Standard - Sales & Distribution,
  Once again expand the thread Standard - Credit Doc. Value Class: Processing of SD Documents
  Then expand the sub-thread - Credit Doc. Value Class: Processing of SD Documents
  Here There is a option Document value class (credit management) - Here you can enter the Document Value that user is Authorized to release the block...
  You might have to take help og your Basis person to create Roles & do the above...
  Hope this helps...
  Give points if Useful...
  Thanks,
  Jignesh Mehta
  Edited by: Jignesh Mehta on Aug 30, 2008 12:43 PM

• Mass Add authorizations using RSECADMIN for user tab

  Hi All,
  I sent the following to ask SAP if there is a way to do this and they told me they could not help unless I wanted to pay the consulting fees so I am now curious if they have a way to do this.  I have reviewed the help documents and OSS notes and could not find anything .  They pro-offered adding the authorization S_RS_AUTH to the role but I do not want to do that.  I want to do it by user instead of creating many multiple roles.  Below is the question.  Does anyone know how to do a mass add to authorizations to users using RSECADMIN.
  We want to be able to add multiple users to an authorization created
  through RSECADMIN rather than add them one by one to each user. Is
  there a mass user add with RSECADMIN. I looked and cannot find this
  feature. Thanks, Mary

  Hi,
  There are two different methods of assigning authorisations.
  Direct
  1. From the RSECADMIN transaction select 'Users', enter the name and select 'Change'. Use the value help to selct the authorisation in question and for a single value select 'Insert'. If you select the 'Nodes' option it is possible to select nodes of hierarchies on characteristic 0TCATUTH (a single ‘H’; not to be confused with 0TCAUTHH!). This char offers automatically all BI authorizations as virtual master data. These master data can be organized in hierarchies, a property that offers the possibility to group authorizations by meaning or application field. Press "Save" to save the assignment to database.
  Assignment via Roles and Profiles
  2. It is also possible to assign using roles or more specifically, profiles of roles. Use PFCG and instead of entering manually created object use S_RS_AUTH which gives you the BI Auth field to enter the appropriate authorisations.
  Hope this helps

• Remove Security Settings automatically for User account

  Hi all,
  In windows server 2003R2 -> AD users and computers -> (user)administrator account -> porperties -> security tag
  I have added group 'power user' and denied all permission for this group to manage this account.
  However, after about an hr, once I login again, the group was removed automatically in the security tag.
  Anyone have ideas about this?

  Hi,
  Please confirm, whether you have configured Restricted Groups setting in Group Policy?
  Checkout the below thread on similar discussion,
  http://social.technet.microsoft.com/Forums/en-US/a23a1dbb-19de-4b61-9548-1bf2ad062baa/domain-accounts-memberhsip-removes-automatically?forum=winserverDS
  Regards,
  Gopi
  JiJi
  Technologies

• Remove log in password for user account connected to windows live

  Hi, I had connected my windows live account to my local account, which is running windows 8.1
  Now, it is asking me for Live password every-time I have to login to my windows. Is there any way to remove this password? I want to keep my Live account connected, but don't want to enter password every-time I want to login.
  Thank you.

  Hi,
  When you connect a local account to a Microsoft Account, then the logon password will also be changed to the password of your live account, this is unavoidable, but if you think that typing the password every time is too annoying, then we can use a PIN
  instead, move the mouse to the right charm bar\Change PC settings\Accounts\Sign-in options, type four digit number as your password
  We can also use autologon tool to automatically logon to the account after you start your machine, but please note that this might cause potential security issue because everyone who get the machine can have access to to your Microsoft Account.
  https://technet.microsoft.com/en-us/sysinternals/bb963905.aspx
  just download the tool, then configure as below, here, you need to type your live account as the username
  Yolanda Zhu
  TechNet Community Support

• Authorizations for users to change their own data

  Hi
  All the employees are given the userids to logon to sap when these employees log on to sap with the particular userids they should be able to change /Display only the details pertaining to them not others
  We have not implemented ESS but this is in pipeline but only after 3 -4 months But Authorizations are required for users now only
  How to design role which should apply to all user requirements and they should get their Personnel no by default
  Kind Regards
  Vinod

  Hi,
     For your requirement goto transaction SU21 and select the object P_PERNR and click DOCUMENTATION. Refer the Documentation for the steps to be followed.
  (i.e)  For a user to be able to maitain his or her own data. You should assign the user an authorization for the HR: Master data - Personnel number check object (P_PERNR), with the following specificatons:                   
  1. Authorization level:  *               
  2. Interpretation of assignment
     User - personnel no:  I  
  3. Infotype           :  0002
  4. Subtype            :  *
  A related link http://www.sapfans.com/forums/viewtopic.php?p=502235&sid=cd1bde22eb24059e4d5a2eae086b7c96

• Remove sysdba privilege for user

  Hi,
  $ sqlplus
  SQL*Plus: Release 9.2.0.7.0 - Production on Thu Apr 19 05:57:41 2007
  Copyright (c) 1982, 2002, Oracle Corporation.  All rights reserved.
  Enter user-name: / as sysdba
  Connected to:
  Oracle9i Release 9.2.0.7.0 - 64bit Production
  JServer Release 9.2.0.7.0 - Production
  SQL> exit
  Disconnected from Oracle9i Release 9.2.0.7.0 - 64bit Production
  JServer Release 9.2.0.7.0 - Production
  $
  $
  $ id
  uid=5000(webman) gid=103(wbroot)
  $I want to remove "sysdba" connect privilege for user "webman", what do I need to do?
  I am on HPUX
  Thanks

  I tried the revoke command below & I am stiil able to connect as "/ as sysdba" for webman.
  revoke sysdba from webman;These are the users on in the DB.
  SQL> select username from dba_users;
  USERNAME
  SYS
  SYSTEM
  OUTLN
  WEBMAN
  DBSNMP
  SECW
  SEC
  DAEMON
  8 rows selected.
  SQL> select username,granted_role,default_role from user_role_privs;
  USERNAME                       GRANTED_ROLE                   DEF
  WEBMAN                         CONNECT                        YES
  WEBMAN                         DBA                            YES
  WEBMAN                         OT_ADM                         YES
  WEBMAN                         OT_OWNER_ROLE                  YES
  WEBMAN                         OT_SEC                         YES
  WEBMAN                         OT_USR                         YES
  WEBMAN                         RESOURCE                       YES
  7 rows selected.

• Remove authorization for Tcode: ME21 and ME22 from certain users

  Hi Guys,
  I'm new to BASIS.
  My requirement is to: Remove authorization to Tcodes ME21/ME22 from a list of users.
  How do I acheive this? We run on SAP 4.0B version.
  Hoping to get this resolved as soon as possible.
  Thanks
  SAPUser

  dear friend,
  1.
  run SU01
  goto Information-Information system
  select node Roles-By Transaction Assignment
  type ME21, ME22
  execute report
  see the roles displayed
  2.
  then find user who have these roles (usually company uses z-roles copied from standard)
  just highlight the role and hit user assignment (Cntrl-Shift-F9)
  you see all users who have this role. that means they are able to run these transactions.
  3.
  let's remove the role(s) we found.
  open second session, run SU01 type one of the user , goto Roles tab and delete the particular role you found.
  save user and test it (ask hem/her to log in sap and run ME21 and ME22). if needed adjust it again (may be another role to be deleted)
  say, fix completely one user/test it and then do the same things for other. test them.
  good luck!

• How to remove authorizations for a particular transaction

  Hi,
  I have an SAP_ALL authorisation for a user. I need to remove authorization for a particular transaction (FK01) for this particular user.
  How do i make that.

  Hi Marcus ,
  u can remove authorization Objects for a given tcode ,but what i am thinking is SAP_ALL will get ride of this child objects , may be i am wrong.
  But what i am saying is check that are the authorization which are required to run FK01/XK01 and remove them from that Role .
  2.Otherwise check for Object S_Tcode and remove FK01 and XK01.
  Regards
  Prabhu

• How add Authorization check for user with assigened role for t.code-MIR4

  Hi All,
  Regarding authorization how to check authorizations check for user whith assigned roles for the t.code MIR4  using ABAP.
  In Detail:2)     All users are allowed to go to MIR4(invoice number), But ONLY for users with role: MM_RELEASE_INVOICE can proceed to do the posting.
  suggest me...
  Thanks,
  srii..

  Hi Sri ,
  first u need to find out  in which user rules u are using this object , after that if u want to restrict users then remove create/change values from that object values .
  make use of Tcode SUIM to find out all roles which are using this Object.
  or
  ask ur basis guy to remove authorizations to create/change....
  regards
  Prabhu

• Remove T Code for each ROLE for user

  Hi Experts
  Can anyone tell me how to remove the T code for each role which was define individually for users Eg
  CR01 has been assign to 50 users, the difficulty is I have to go to each role then search for CR01 t code then delete and again generate the Authorization
  In this way there are so many t codes which I have to go one by one to delete it.
  Any help to remove the t-code for each role through any way.
  regards
  Piroz

  try the Security forum at Security
  they might have trick (such as CATT scripts).
  doing this via SQL commands is dangerous. avoid this solution if you are not 100% sure of its impact.

• How to Control authorization for users with certain status for level 2 WBS Element

  Dear All,
  Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
  Pre-requisite:
  There is only 2 level of project i.e.
  Lev_ WBSE_______Description
  1___ 7-14.E_______summay outage controller
  2___ 7-14.E.2310__ Plant/unit # 2310
  2___ 7-14.E.2310__ Plant/unit # 2220
  Project Controller  (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
  Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
  User ID_ Plant #
  123345_ 2310
  122455_ 2220
  Issue:
  After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
  Solution required: 
  Can any one tell how to control this scenario either by standard or enhancement available to control authorization
  BR
  Saqib Usman   

  Hi,
  Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
  Thank you and regards,
  Varshal Kachole
  The SCN Rules of Engagement

• Defining Authorizations for User to restrict the data in report.

  Hi Gurus,
  I have no idea on authorization concept in BI. Please give me anyone steps to creating authorization objects, roles and profiles to restrict the data for users.
  Ex.
  i have functinal location info object checked as authorization relavent with below data.
  FL001
  FL002
  FL003
  FL004
  FL005
  FL006
  FL007
  FL008
  FL009
  We have users like below.
  User1
  User2
  User3
  Now, if User1 is analysing a report he can see only FL001, FL005, FL009 only, remaining have to be omited.
  If User2 is analysing that report he can see only FL002, FL003, FL009. And like wise.
  So, Please help me providing the completed steps. I have done somting but failed.
  Thanks in advance
  Peter.

  Hello Peter,
  Please go through the following links
  Authorization :
  http://help.sap.com/saphelp_nw70/helpdata/en/59/fd8b41b5b3b45fe10000000a1550b0/frameset.htm
  SAP Authorization Concept :
  http://help.sap.com/saphelp_nw70/helpdata/en/52/671285439b11d1896f0000e8322d00/frameset.htm
  Thanks.
  With regrads,
  Anand Kumar

• Authorization scheme for users stored in a database table?

  Hello!
  I'm trying to find out how to make an authorization scheme for database users.
  I first made an authentication scheme for my current application, I named it "Authentication for database accounts", and the scheme type is "Database Accounts".
  A word of explanation:_
  I have a table in my database, named "USERS". Inside this table, I have the following columns:
  - USERID (NUMBER)
  - USERNAME (VARCHAR2(50))
  - PASSWORD (VARCHAR2(50))
  - EMAIL (VARCHAR2(200))
  For this question, I'll take an example user. The username is USER and the password is USER. Email and UserID don't matter here, but let's just say the UserID is 1.
  What I want:_
  When you go to the application, and you are requested to log in (page 101), then I want a user to be able to log in with the data that has been stored in the USERS table.
  So, on the login page, the user will enter USER as username, and USER as password. The authorization scheme then needs to check whether or not this username and password match the data in the USERS table. If it does, then it must sign the user in with the credentials the user entered (those being USER and USER).
  I also want the UserID to be stored somewhere in the application (if possible, in an application item).
  How do I do this? I've never made an authorization scheme before... I'm not too good with PL/SQL either, but I'm working on that part.
  Any help is greatly appreciated.

  I'm trying to find out how to make an authorization scheme for database users. I think there may be some confusion here. An authorization scheme gives the user access to different parts of an Apex Application. Database users are the users that you use to login to the database, for example with sqlplus.
  From the rest of your post it sounds like you need a custom authentication scheme to validate users against a custom table. For this you need to create a custom authentication scheme and select use my custom function to authenticate. Exactly how you set up the authentication scheme depends on the version of Apex you are using. But an example of validate user function you could use is given below:
  function validate_login (
     p_username   in   varchar2
  , p_password   in   varchar2) return boolean
  is
  v_result varchar2(1);
  begin
  select null into v_result
  from USERS
  where userid = p_username
  and password = p_password;
  return true;
  when no_data_found then return false;
  end validate_login;Once the user has successfully logged on the userid will be in the APP_USER apex substitution string.
  And for Application Express Account Credentials, does this mean an admin must make each new user by hand?If you using Apex account credentials the user details are stored within the Apex tables. You can create users using the Apex admin application or by using the APEX_UTIL.create_user api.
  Rod West

• Authorizations for user db2 sid after systemcopy  with DB2 V9.7 on AIX

  Hello,
  I made a homogenous systemcopy from the system PRD to ENT with an redirected restore. I had the following system environment:
  AIX 5.3 TL10 SP1
  DB2 V9.7 (without any fixpack)
  After the restore and the recovery were finished, I was able to start the database manager and to activate the database.
  I tried to execute a script for cleanup some tables according to the systemcopy guide but I got the following SQL messages:
  SQL0551N, SQL0552N for the user db2ent. I checked the authorization for this user and got the following information:
  db2 => get authorizations
  Administrative Authorizations for Current User
  Direct SYSADM authority                    = NO
  Direct SYSCTRL authority                   = NO
  Direct SYSMAINT authority                  = NO
  Direct DBADM authority                     = NO
  Direct CREATETAB authority                 = NO
  Direct BINDADD authority                   = NO
  Direct CONNECT authority                   = NO
  Direct CREATE_NOT_FENC authority           = NO
  Direct IMPLICIT_SCHEMA authority           = NO
  Direct LOAD authority                      = NO
  Direct QUIESCE_CONNECT authority           = NO
  Direct CREATE_EXTERNAL_ROUTINE authority   = NO
  Direct SYSMON authority                    = NO
  Indirect SYSADM authority                  = YES
  Indirect SYSCTRL authority                 = NO
  Indirect SYSMAINT authority                = NO
  Indirect DBADM authority                   = NO
  Indirect CREATETAB authority               = NO
  Indirect BINDADD authority                 = NO
  Indirect CONNECT authority                 = NO
  Indirect CREATE_NOT_FENC authority         = NO
  Indirect IMPLICIT_SCHEMA authority         = NO
  Indirect LOAD authority                    = NO
  Indirect QUIESCE_CONNECT authority         = NO
  Indirect CREATE_EXTERNAL_ROUTINE authority = NO
  Indirect SYSMON authority                  = NO
  db2 =>
  The user db2ent was/is in the group dbentadm and the group dbentadm is configured as SYSADM:
  SYSADM group name                        (SYSADM_GROUP) = DBENTADM
  SYSCTRL group name                      (SYSCTRL_GROUP) = DBENTCTL
  SYSMAINT group name                    (SYSMAINT_GROUP) = DBENTMNT
  The only solution was to grant the authorizations with an other user to db2ent.
  For the restore I created an new instance with the following command (as user root):
  /db2/ENT/db2_software/instance/db2icrt -a SERVER_ENCRYPT -s ESE -u db2ent db2ent
  I set the correct DBM configuration and created an empty database as user db2ent with the following command
  db2 create db ENT on /db2/ENT
  The restore was executed with db2 -tvf restore_prd.clp as user db2ent.
  Is there a bug in the db2 software or is there any other solution? I did not changed the environment for the user db2ent.
  The authorization concept has been changed in DB2 V9.7
  http://www-01.ibm.com/support/docview.wss?uid=swg21385801
  Kind regards,
  Christian

  Hello All,
  I finished restore using redirect method, but i did not know about this security issue.
  Now I tried creating db2<oldsid> user and tried granting dbadm secadm priv.
  but i get this error
  db2 => GRANT DBADM to USER DB2P60
  DB21034E  The command was processed as an SQL statement because it was not a
  valid Command Line Processor command.  During SQL processing it returned:
  SQL0707N  The name "DBADM" cannot be used because the specified identifier is
  reserved for system use.  SQLSTATE=42939
  Please help me.
  I need a solution at the earliest possible.
  Thanks,
  Sree