Removing authorization in mass for users
HI All
Please let me know is there is any option to know what material movement type authorization is given to end users and to remove the movement type authorization for them in mass. please help me in this as the users are provided with movement type like 311 which is effecting my costing.
Regards
Srinivasa Reddy.B
I am a basis consultant and fico consultant I require a way to remove the authorization through mass changes .
regards
Srinivasa reddy.B
Similar Messages
-
Authorization in VKM1 for users based on credit limit?
hi all,
Does anybody heard about authorization for users in VKM1 to release blocked commercial documents? In my project, they want to set ranges for users :
Analyst 40%
Manager 100%
Director 100%
I looked for all SAP doc and i think its not possible, any thoughts?
Thanks and regardsDear Monica,
You can do this with Roles & Profile (Authorizations).
Go to T-Code PFCG - Either enter the roles that currently exists or create a new role. Insert T-code VKM1in Menu tab page & then go to Authorizations tab
Expand the Thread Standard - Sales & Distribution,
Once again expand the thread Standard - Credit Doc. Value Class: Processing of SD Documents
Then expand the sub-thread - Credit Doc. Value Class: Processing of SD Documents
Here There is a option Document value class (credit management) - Here you can enter the Document Value that user is Authorized to release the block...
You might have to take help og your Basis person to create Roles & do the above...
Hope this helps...
Give points if Useful...
Thanks,
Jignesh Mehta
Edited by: Jignesh Mehta on Aug 30, 2008 12:43 PM -
Mass Add authorizations using RSECADMIN for user tab
Hi All,
I sent the following to ask SAP if there is a way to do this and they told me they could not help unless I wanted to pay the consulting fees so I am now curious if they have a way to do this. I have reviewed the help documents and OSS notes and could not find anything . They pro-offered adding the authorization S_RS_AUTH to the role but I do not want to do that. I want to do it by user instead of creating many multiple roles. Below is the question. Does anyone know how to do a mass add to authorizations to users using RSECADMIN.
We want to be able to add multiple users to an authorization created
through RSECADMIN rather than add them one by one to each user. Is
there a mass user add with RSECADMIN. I looked and cannot find this
feature. Thanks, MaryHi,
There are two different methods of assigning authorisations.
Direct
1. From the RSECADMIN transaction select 'Users', enter the name and select 'Change'. Use the value help to selct the authorisation in question and for a single value select 'Insert'. If you select the 'Nodes' option it is possible to select nodes of hierarchies on characteristic 0TCATUTH (a single H; not to be confused with 0TCAUTHH!). This char offers automatically all BI authorizations as virtual master data. These master data can be organized in hierarchies, a property that offers the possibility to group authorizations by meaning or application field. Press "Save" to save the assignment to database.
Assignment via Roles and Profiles
2. It is also possible to assign using roles or more specifically, profiles of roles. Use PFCG and instead of entering manually created object use S_RS_AUTH which gives you the BI Auth field to enter the appropriate authorisations.
Hope this helps -
Remove Security Settings automatically for User account
Hi all,
In windows server 2003R2 -> AD users and computers -> (user)administrator account -> porperties -> security tag
I have added group 'power user' and denied all permission for this group to manage this account.
However, after about an hr, once I login again, the group was removed automatically in the security tag.
Anyone have ideas about this?Hi,
Please confirm, whether you have configured Restricted Groups setting in Group Policy?
Checkout the below thread on similar discussion,
http://social.technet.microsoft.com/Forums/en-US/a23a1dbb-19de-4b61-9548-1bf2ad062baa/domain-accounts-memberhsip-removes-automatically?forum=winserverDS
Regards,
Gopi
JiJi
Technologies -
Remove log in password for user account connected to windows live
Hi, I had connected my windows live account to my local account, which is running windows 8.1
Now, it is asking me for Live password every-time I have to login to my windows. Is there any way to remove this password? I want to keep my Live account connected, but don't want to enter password every-time I want to login.
Thank you.Hi,
When you connect a local account to a Microsoft Account, then the logon password will also be changed to the password of your live account, this is unavoidable, but if you think that typing the password every time is too annoying, then we can use a PIN
instead, move the mouse to the right charm bar\Change PC settings\Accounts\Sign-in options, type four digit number as your password
We can also use autologon tool to automatically logon to the account after you start your machine, but please note that this might cause potential security issue because everyone who get the machine can have access to to your Microsoft Account.
https://technet.microsoft.com/en-us/sysinternals/bb963905.aspx
just download the tool, then configure as below, here, you need to type your live account as the username
Yolanda Zhu
TechNet Community Support -
Authorizations for users to change their own data
Hi
All the employees are given the userids to logon to sap when these employees log on to sap with the particular userids they should be able to change /Display only the details pertaining to them not others
We have not implemented ESS but this is in pipeline but only after 3 -4 months But Authorizations are required for users now only
How to design role which should apply to all user requirements and they should get their Personnel no by default
Kind Regards
VinodHi,
For your requirement goto transaction SU21 and select the object P_PERNR and click DOCUMENTATION. Refer the Documentation for the steps to be followed.
(i.e) For a user to be able to maitain his or her own data. You should assign the user an authorization for the HR: Master data - Personnel number check object (P_PERNR), with the following specificatons:
1. Authorization level: *
2. Interpretation of assignment
User - personnel no: I
3. Infotype : 0002
4. Subtype : *
A related link http://www.sapfans.com/forums/viewtopic.php?p=502235&sid=cd1bde22eb24059e4d5a2eae086b7c96 -
Remove sysdba privilege for user
Hi,
$ sqlplus
SQL*Plus: Release 9.2.0.7.0 - Production on Thu Apr 19 05:57:41 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Enter user-name: / as sysdba
Connected to:
Oracle9i Release 9.2.0.7.0 - 64bit Production
JServer Release 9.2.0.7.0 - Production
SQL> exit
Disconnected from Oracle9i Release 9.2.0.7.0 - 64bit Production
JServer Release 9.2.0.7.0 - Production
$
$
$ id
uid=5000(webman) gid=103(wbroot)
$I want to remove "sysdba" connect privilege for user "webman", what do I need to do?
I am on HPUX
ThanksI tried the revoke command below & I am stiil able to connect as "/ as sysdba" for webman.
revoke sysdba from webman;These are the users on in the DB.
SQL> select username from dba_users;
USERNAME
SYS
SYSTEM
OUTLN
WEBMAN
DBSNMP
SECW
SEC
DAEMON
8 rows selected.
SQL> select username,granted_role,default_role from user_role_privs;
USERNAME GRANTED_ROLE DEF
WEBMAN CONNECT YES
WEBMAN DBA YES
WEBMAN OT_ADM YES
WEBMAN OT_OWNER_ROLE YES
WEBMAN OT_SEC YES
WEBMAN OT_USR YES
WEBMAN RESOURCE YES
7 rows selected. -
Remove authorization for Tcode: ME21 and ME22 from certain users
Hi Guys,
I'm new to BASIS.
My requirement is to: Remove authorization to Tcodes ME21/ME22 from a list of users.
How do I acheive this? We run on SAP 4.0B version.
Hoping to get this resolved as soon as possible.
Thanks
SAPUserdear friend,
1.
run SU01
goto Information-Information system
select node Roles-By Transaction Assignment
type ME21, ME22
execute report
see the roles displayed
2.
then find user who have these roles (usually company uses z-roles copied from standard)
just highlight the role and hit user assignment (Cntrl-Shift-F9)
you see all users who have this role. that means they are able to run these transactions.
3.
let's remove the role(s) we found.
open second session, run SU01 type one of the user , goto Roles tab and delete the particular role you found.
save user and test it (ask hem/her to log in sap and run ME21 and ME22). if needed adjust it again (may be another role to be deleted)
say, fix completely one user/test it and then do the same things for other. test them.
good luck! -
How to remove authorizations for a particular transaction
Hi,
I have an SAP_ALL authorisation for a user. I need to remove authorization for a particular transaction (FK01) for this particular user.
How do i make that.Hi Marcus ,
u can remove authorization Objects for a given tcode ,but what i am thinking is SAP_ALL will get ride of this child objects , may be i am wrong.
But what i am saying is check that are the authorization which are required to run FK01/XK01 and remove them from that Role .
2.Otherwise check for Object S_Tcode and remove FK01 and XK01.
Regards
Prabhu -
How add Authorization check for user with assigened role for t.code-MIR4
Hi All,
Regarding authorization how to check authorizations check for user whith assigned roles for the t.code MIR4 using ABAP.
In Detail:2) All users are allowed to go to MIR4(invoice number), But ONLY for users with role: MM_RELEASE_INVOICE can proceed to do the posting.
suggest me...
Thanks,
srii..Hi Sri ,
first u need to find out in which user rules u are using this object , after that if u want to restrict users then remove create/change values from that object values .
make use of Tcode SUIM to find out all roles which are using this Object.
or
ask ur basis guy to remove authorizations to create/change....
regards
Prabhu -
Remove T Code for each ROLE for user
Hi Experts
Can anyone tell me how to remove the T code for each role which was define individually for users Eg
CR01 has been assign to 50 users, the difficulty is I have to go to each role then search for CR01 t code then delete and again generate the Authorization
In this way there are so many t codes which I have to go one by one to delete it.
Any help to remove the t-code for each role through any way.
regards
Piroztry the Security forum at Security
they might have trick (such as CATT scripts).
doing this via SQL commands is dangerous. avoid this solution if you are not 100% sure of its impact. -
How to Control authorization for users with certain status for level 2 WBS Element
Dear All,
Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
Pre-requisite:
There is only 2 level of project i.e.
Lev_ WBSE_______Description
1___ 7-14.E_______summay outage controller
2___ 7-14.E.2310__ Plant/unit # 2310
2___ 7-14.E.2310__ Plant/unit # 2220
Project Controller (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
User ID_ Plant #
123345_ 2310
122455_ 2220
Issue:
After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
Solution required:
Can any one tell how to control this scenario either by standard or enhancement available to control authorization
BR
Saqib UsmanHi,
Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
Thank you and regards,
Varshal Kachole
The SCN Rules of Engagement -
Defining Authorizations for User to restrict the data in report.
Hi Gurus,
I have no idea on authorization concept in BI. Please give me anyone steps to creating authorization objects, roles and profiles to restrict the data for users.
Ex.
i have functinal location info object checked as authorization relavent with below data.
FL001
FL002
FL003
FL004
FL005
FL006
FL007
FL008
FL009
We have users like below.
User1
User2
User3
Now, if User1 is analysing a report he can see only FL001, FL005, FL009 only, remaining have to be omited.
If User2 is analysing that report he can see only FL002, FL003, FL009. And like wise.
So, Please help me providing the completed steps. I have done somting but failed.
Thanks in advance
Peter.Hello Peter,
Please go through the following links
Authorization :
http://help.sap.com/saphelp_nw70/helpdata/en/59/fd8b41b5b3b45fe10000000a1550b0/frameset.htm
SAP Authorization Concept :
http://help.sap.com/saphelp_nw70/helpdata/en/52/671285439b11d1896f0000e8322d00/frameset.htm
Thanks.
With regrads,
Anand Kumar -
Authorization scheme for users stored in a database table?
Hello!
I'm trying to find out how to make an authorization scheme for database users.
I first made an authentication scheme for my current application, I named it "Authentication for database accounts", and the scheme type is "Database Accounts".
A word of explanation:_
I have a table in my database, named "USERS". Inside this table, I have the following columns:
- USERID (NUMBER)
- USERNAME (VARCHAR2(50))
- PASSWORD (VARCHAR2(50))
- EMAIL (VARCHAR2(200))
For this question, I'll take an example user. The username is USER and the password is USER. Email and UserID don't matter here, but let's just say the UserID is 1.
What I want:_
When you go to the application, and you are requested to log in (page 101), then I want a user to be able to log in with the data that has been stored in the USERS table.
So, on the login page, the user will enter USER as username, and USER as password. The authorization scheme then needs to check whether or not this username and password match the data in the USERS table. If it does, then it must sign the user in with the credentials the user entered (those being USER and USER).
I also want the UserID to be stored somewhere in the application (if possible, in an application item).
How do I do this? I've never made an authorization scheme before... I'm not too good with PL/SQL either, but I'm working on that part.
Any help is greatly appreciated.I'm trying to find out how to make an authorization scheme for database users. I think there may be some confusion here. An authorization scheme gives the user access to different parts of an Apex Application. Database users are the users that you use to login to the database, for example with sqlplus.
From the rest of your post it sounds like you need a custom authentication scheme to validate users against a custom table. For this you need to create a custom authentication scheme and select use my custom function to authenticate. Exactly how you set up the authentication scheme depends on the version of Apex you are using. But an example of validate user function you could use is given below:
function validate_login (
p_username in varchar2
, p_password in varchar2) return boolean
is
v_result varchar2(1);
begin
select null into v_result
from USERS
where userid = p_username
and password = p_password;
return true;
when no_data_found then return false;
end validate_login;Once the user has successfully logged on the userid will be in the APP_USER apex substitution string.
And for Application Express Account Credentials, does this mean an admin must make each new user by hand?If you using Apex account credentials the user details are stored within the Apex tables. You can create users using the Apex admin application or by using the APEX_UTIL.create_user api.
Rod West -
Authorizations for user db2 sid after systemcopy with DB2 V9.7 on AIX
Hello,
I made a homogenous systemcopy from the system PRD to ENT with an redirected restore. I had the following system environment:
AIX 5.3 TL10 SP1
DB2 V9.7 (without any fixpack)
After the restore and the recovery were finished, I was able to start the database manager and to activate the database.
I tried to execute a script for cleanup some tables according to the systemcopy guide but I got the following SQL messages:
SQL0551N, SQL0552N for the user db2ent. I checked the authorization for this user and got the following information:
db2 => get authorizations
Administrative Authorizations for Current User
Direct SYSADM authority = NO
Direct SYSCTRL authority = NO
Direct SYSMAINT authority = NO
Direct DBADM authority = NO
Direct CREATETAB authority = NO
Direct BINDADD authority = NO
Direct CONNECT authority = NO
Direct CREATE_NOT_FENC authority = NO
Direct IMPLICIT_SCHEMA authority = NO
Direct LOAD authority = NO
Direct QUIESCE_CONNECT authority = NO
Direct CREATE_EXTERNAL_ROUTINE authority = NO
Direct SYSMON authority = NO
Indirect SYSADM authority = YES
Indirect SYSCTRL authority = NO
Indirect SYSMAINT authority = NO
Indirect DBADM authority = NO
Indirect CREATETAB authority = NO
Indirect BINDADD authority = NO
Indirect CONNECT authority = NO
Indirect CREATE_NOT_FENC authority = NO
Indirect IMPLICIT_SCHEMA authority = NO
Indirect LOAD authority = NO
Indirect QUIESCE_CONNECT authority = NO
Indirect CREATE_EXTERNAL_ROUTINE authority = NO
Indirect SYSMON authority = NO
db2 =>
The user db2ent was/is in the group dbentadm and the group dbentadm is configured as SYSADM:
SYSADM group name (SYSADM_GROUP) = DBENTADM
SYSCTRL group name (SYSCTRL_GROUP) = DBENTCTL
SYSMAINT group name (SYSMAINT_GROUP) = DBENTMNT
The only solution was to grant the authorizations with an other user to db2ent.
For the restore I created an new instance with the following command (as user root):
/db2/ENT/db2_software/instance/db2icrt -a SERVER_ENCRYPT -s ESE -u db2ent db2ent
I set the correct DBM configuration and created an empty database as user db2ent with the following command
db2 create db ENT on /db2/ENT
The restore was executed with db2 -tvf restore_prd.clp as user db2ent.
Is there a bug in the db2 software or is there any other solution? I did not changed the environment for the user db2ent.
The authorization concept has been changed in DB2 V9.7
http://www-01.ibm.com/support/docview.wss?uid=swg21385801
Kind regards,
ChristianHello All,
I finished restore using redirect method, but i did not know about this security issue.
Now I tried creating db2<oldsid> user and tried granting dbadm secadm priv.
but i get this error
db2 => GRANT DBADM to USER DB2P60
DB21034E The command was processed as an SQL statement because it was not a
valid Command Line Processor command. During SQL processing it returned:
SQL0707N The name "DBADM" cannot be used because the specified identifier is
reserved for system use. SQLSTATE=42939
Please help me.
I need a solution at the earliest possible.
Thanks,
Sree
Maybe you are looking for
-
Why can't I receive and download my app from Testflight/iTunes connect?
This problem just started during the switch from Test Flight to iTunes connect last week. I've been receiving the email invite but when I go to download the app TestFlight says: "You aren't currently testing any apps. To accept an invitation, you mus
-
Regarding encryption on oracle 9i
Hi, I am unable to encrypt the value from the below block. DECLARE input_string VARCHAR2(100) := 'date=' || to_char(sysdate,'YYYYMMDD') ||'&'||'userid=' ||'ppacobqi^^^^ldbs`lrm'; raw_input RAW(128) := UTL_RAW.CAST_TO_RAW(input_string); key_string VAR
-
I have found the frozen login screen problem everytime I start my MacBook Pro 6,2 with Lion. I have tried everything from a simple "restore from a time machine back up" to a "clean Lion install" and the problem still appears. Does anyone know if this
-
Problems for display SAP Library on SAP Menu.
Hi SAP Gurus, I have I problem with SAP Library: I take the following evaluation path: Menu SAP - Help - SAP Library and when a click on this option it appears the following msg: Error in SAP HTML-Help (SHH.EXE) Please install /update Microsoft HTML-
-
Shadow directory in LMS 3.2
Hi, I have a problem with the sahdow directory, it is empty. I have checked the box, as you can see in the image: I have read something about the dcmaservice.log, but I don't know how to interpret it. Ihave attached the log file. Someone who can help