Restore Organisation field for authorization check
I´ve got a role in which a organisation field is maintained normally.
Is there a Report which can detect the org-fields and repair them?
1st you need to collect all the technical name of org level field (refer table USORG). Then in table AGR_1251 restrict data to these fields only. Where ever you do not got a value not start with "$" is the data you need. Sort by value column can help you in that.
To fix this in the role beside the org level field you have a delete button. That will overwrite manually maintained values with NORMALLY maintained value in org level ;-). Careful you may loose data during this process, so may need to fix org level data at 1st place.
Regards,
Arpan Paik
Edited by: P Arpan on Mar 5, 2012 8:21 PM
Similar Messages
-
'DUMMY' value of the field in Authorization Check
Hello everyone!
I have some misunderstanding. I made an authorization check in transaction SU53 and i see a class, an object and the field which need to be DUMMY. What does it mean? What Value of this field I have to choose when I give an authorization for myself?Sorry, but that's not correct.
"DUMMY" is equivalent to "don't care" or "any value".
That is different from requesting a SPACE value (which is just one distinct value).
If a "dummy" value is requested, actually no value is requested - any value will satisfy the request.
See <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/9f/dbaccb35c111d1829f0000e829fbfe/frameset.htm">ABAP Online Documentation</a>. -
SM30 Field level authorization check
Hi,
I have a requirement to add the authorization check in SM30 for the company field in the custom table. Please suggest.
Thanks,
Gagan ChodhryHi,
I have this requirement for both type of tables i.e. custom as well as standard. Tables has got field profit center.. I need to show the table based on the loggedin user authorization to the profit center.
If it is a custom table then as mentioned by Siva, there is a way I heared that we can check the authorization in PAI event, but when I tried to do a small test, I could get the field symbol with the values, but I was not able to skip that record for disply.
If anyone can send the sample or the way to skip the record based on the check.
Also is there any other way to add the field level authorization to custom and standard tables...
Thanks,
Gagan Chodhry -
Command For Authorization Check
Hii...Dudes...
Can Any one tell me..What are the Commands and Procedure to do Authorization Check for Programs..
Any documentation could be help ful...
Tell me How to create ....an Z Object and tell me procedure too...
points will be rewarded .........
Regards,
sg.....
Edited by: Suneel Kumar Gopisetty on May 17, 2008 12:10 PM
Edited by: Suneel Kumar Gopisetty on May 17, 2008 12:21 PMhi,
go to this link it will be useful.
http://help.sap.com/saphelp_nw04/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
authority-check object 'S_TCODE'
id 'TCD'
field 'SM35'.
if sy-subrc ne 0.
User does not have authority for transaction SM35!!!
endif.
Do you want for the Creation of Zoject means using oops concept. -
AUTHORITY-CHECK OBJECT 'S_TABU_DIS'
ID 'DICBERCLS' FIELD 'MA'
ID 'DICBERCLS' FIELD 'VCOR'
ID 'ACTVT FIELD '02'
ID 'ACTVT FIELD '03'
Please confirm me that above code is auth check for mara table for display and change
and for TVKO table for display and change.
do correct me if I am wrong
where:
'MA' IS OBJECT FOR MARA
'VCOR' OBJECT FOR TVKO.
anutoshHi,
AUTHORITY-CHECK OBJECT 'S_TABU_DIS'
ID 'DICBERCLS' FIELD 'MA'
ID 'DICBERCLS' FIELD 'VCOR'
ID 'ACTVT FIELD '02'
ID 'ACTVT FIELD '03'.
The above code ll check if dat user(who runs it) has change('02') authorization for auth grp 'MA' and display('03') authorization for auth grp 'VCOR'........
Cheers,
jose. -
Dear Friends
I am working on a issue to check authorizations for role in my CRM BSP application. I am checking the authorization to give access to the application, like
when user id = sold to party allow only display and edit.
when user id = bill to party allow display
when none of the above No access..
to achieve this i am using this badi
IF_EX_CRM_ORDER_AUTH_CHECK~CRM_ORDER_ADD_AUTH_CHECK
Here I am passing guid id to crm_order_read.
but I am not recieving any data back in importing parameter.
I am just passing the guid_id + authorization flag set 'X'.
would you like to tell me what is this guid_id. is it what partner_guid ?
This is my primary code:
MOVE iv_header_guid TO wa_order_guid.
APPEND wa_order_guid TO order_guid.
CALL FUNCTION 'CRM_ORDER_READ'
EXPORTING
it_header_guid = order_guid
iv_no_auth_check = auth_check_flag
IMPORTING
et_orgman = org
et_partner = partner_order
CHANGING
cv_log_handle = y_lv_log_handle
EXCEPTIONS
document_not_found = 1
error_occurred = 2
document_locked = 3
no_change_authority = 4
no_display_authority = 5
no_change_allowed = 6
others = 7.
IF partner_order IS NOT INITIAL.
flag = 'X'.
Else.
flag1 = 'X'.
endif.
IF flag1 EQ 'X'..
RAISE no_authority .
ENDIF.
endmethod.
please tell me where i am doing wrong. In order to achieve this task what else need to be done.
Any help will be appreciated..
Thanking you
Regards
NaeemCRMD_ORDERADM_H
-
Any BADI or USER EXIT for Authorization check in ME51N
Dear MM Gurus,
My requirement is to assign Authorization to the User to create Purchase requisition based on the combination of Plant and Storage location. Is there any BADI or User Exit available to achieve this?
Regards
Yogahi,
> Its not possible to have the authorization for PR at storage location level...
> you can have authorisations for Puchase organisation EKORG, plantWERKS, puchase group EKGRP, puchase document type BSART ...
> and authorisations objects are:
>M_BANF_BSA : Document Type in Purchase Requisition
> M_BANF_EKG : Purchasing Group in Purchase Requisition
> M_BANF_EKO : Purchasing Organization in Purchase Requisition
> M_BANF_FRG : Release Code in Purchase Requisition
> M_BANF_WRK : Plant in Purchase Requisition
Regards
Priyanka.P
Edited by: Priyanka Paltanwale on Apr 27, 2009 3:01 PM -
Report for authorization check
Hey Masters
Need your help
How do I generate a report which will give all the changes made in which infotype & by whom
I have checked the standard report s_ahr_61016380 but it does not give any output
How do i configure this report
Plz help
Jayeetahello
go to
Personnel Management
-> Personnel Administration
-> Tools
-> Revision
-> Set up change document
and follow documentation
regards
Stefan -
User Group for Authorization Check
I created a user group called SYSTEM and assigned all our companies system accounts to it. Two examples of additional SYSTEM accounts I added to the SYSTEM user group are: DDIC & SAPBATCH. I did not register this group or apply any special conditions. Since doing so, several system accounts constantly become locked.
Is it safe to delete the SYSTEM user group?
Please assist...Hi
Did you create it on SAP Service Marketplace?
thanks and regards Martin -
Selection screen and authorization check for plant from 2 diff tables?
Hi,
Could anyone help me out?
how to write code for this?
u2022 Fields for selection
Plant : WERKS (one selection) - check authorization access u2013 Mandatory .
Material code MATNR (one selection) - Mandatory
and while doing the authorization check how should i check it ? here iam taking the table as t001w for werks and for selection screen iam taking it from another Z table......i should take 2 different tables here.....for selection and for authorization.
my code is pasted below:
Data Declarations *
data: s_werks type t001w-werks.
Selection Screen *
SELECTION-SCREEN BEGIN OF BLOCK b1 WITH FRAME TITLE text-h01.
PARAMETER : p_werks like Ztable-werks OBLIGATORY,
p_matnr like mara-matnr OBLIGATORY.
SELECTION-SCREEN END OF BLOCK b1.
Start-of-Selection *
START-OF-SELECTION.
**-Get Plants for Authorization check.
SELECT werks
FROM t001w
INTO TABLE it_werks
WHERE werks IN s_werks.
LOOP AT it_werks INTO x_werks.
v_werks = x_werks.
Regards,
ReddyPlant : WERKS (one selection)
That means only 1 plant value to be given? Then you can use PARAMETERS instead of SELECT-OPTIONS. And additionally, you'll only have to check that plant value.
Using SELECT-OPTIONS you would indeed retrieve the plants and check each individual selected plant. Your code for that is good enough to start with.
I wouldn't do the check in the START-OF-SELECTION event, but rather in the AT SELECTION_SCREEN event.
To perform an authorisation check; try the ABAP help on AUTHORITY-CHECK. And you will need to know which authorisation object you need to use.
Just noticed you're using PARAMETERS
WHERE werks IN s_werks
should be
WHERE werks eq p_werks
But actually you don't need to select T001W. Just use the value in p_werks.
Edited by: Maen Anachronos on Oct 10, 2008 7:53 PM -
No provisioning of User Group for authorization field in user master
We are implementing CUP 5.3 workflows. Both in manual proviosing and automated provisioning based on User Defaults the user group gets only provisioned to the Groups tab in SU01. The field User Group for authorization on the Logon data tab remains empty (field CLASS from system table USLOGOND, filling CLASS field in table USR02).
In User defaults both under user default as on the user group tab the user groups have been defined. In manual provisioning the correct list of user groups get displayed for selection.
Under field mapping in the Application field I only find User Group in user master maintenance, but not User group for authorization. However I would assume I do not need to use field mapping, as I want to automate this provisioning based on user defaults.
Am I missing a configuration setting here? If so, where can I set it?
I would assume the provisioning of this field is possible. RAR reports the user group also based on the User group for auhtorization and not from the Groups tab.S.Pados,
I can assure you that what I said in my last response does provision the User Group For Authorization Check on the Logon Data tab; in fact, I was having the opposite issue where the Group tab was not being provisioned; however, I am ruunning AE 5.2 and you said you are running 5.3; maybe something did change or got lost in the releases; it probably is good to see what SAP has to say about this; I would hate to lose this capapbility when I upgrade to AE 5.3
As far as using the custom field for multiple applications, would that field not be usable for any of the applications you would select in the request form?; if you are using the same table names in the different SAP systems (selectable by the application field on the request) would the drop down selections be whatever the table has defined for that system? I may not be understanding something here so I am just asking;
It would be great to have a Group field automatically filled in by another selection to avoid the user involvement; I agree with you there; because of our concerns on users entering the AE request, our shop has decided to continue with the users submitting the request through normal email and the security administrators perform the AE entering; this way we have a better idea on something like the GROUP field; we have an option to include the original email as an attachment for justification of the request
Sorry I could not be of more help
Jerry
Ryerson,Inc. -
Hi all,
Need to enforce an authorization check on KE24 for certain users are allowed to view records pertaining to some profit centers.
SAP suggested to use KE97 for Authorization Check.
If anybody knows step-by-step document to do this pls share with me.
ThanksHI,
well, I know that this own-defined authorization objects are working well (I used this once for own defined customer groups), but I am not totally sure what needs to be done in the user authorization maintenance to make it running (my former user-authorization responsible colleague did that).
Maybe its because your test-user has some other user rights that overrule the BUKRS / PRCTR restriction.
So try first to create a test-user with only KE24 authorization AND the limitation to one company code / profit center combination of your new created authorization object to ensure that this works fine.
Second step is to check how this authorization works in combination with all other authorization objects your users will have.
Best regards, Christian -
Hello,
We are implementing CRM 5.0 and we are using BSP for opoprtunity management.
We need to implement quite complex authorization rules. We have found the standard authorization object for the Opportunity Management as well as the authorization object for the BSP application.
Unfortunately the parameters that are checked in standard does not meet our requirements we need to check more things before granting access to the user.
Please advise if we should enhance authorization object and create new fields or there is also another way for authorization check in BSPs.
Thanks in advance,
JuliaHello, Gregor and Tiest.
Thanks to both of you for the answer.
I have read the blog and I analyzed the customizing activities that you recommended.
Unfortunately, this functionality does not fit our requirements.
To make the problem more clear I will give more explanations:
- We are working with Opportunity Management application (crmd_bus2000111)
- We have enhanced the standard opportunity view by adding new tabs.
- These tabs are called by custom classes and are using custom structures.
- We have defined the roles using standard authorization objects. They influence the standard tabs even with custom fields, however there is no influence on custom tabs.
- Ex. We need to create the role for the viewer, who can only display the opportunity. When we enter the application with the user to which this role is assigned the user can see everything in display mode except for the custom tabs which are still allowed for changes.
Do you know if it is possible to create an authorization object that can be used to handle the custom tabs?
Will it be enough to create an object and assign it to the transaction or do we need to enhance also the classes to refer to this custom ocject?
Thanks for help,
Julia -
How to display the selection screen fields for selected checkboxes
Hi all,
I have 7 checkboxes, for each check box we have some seletion screen fields.if i select first check box,i want to display first slection screen fields only.
and if we select more than one check box how to display the selection screen fields for selected check boxes,please help me this
Thanks
sriman.hi,
Try this code
report z_13317_sdn2.
tables : mara, marc, dd03l.
parameters : p_chk1 as checkbox user-command ABC,
p_chk2 as checkbox user-command PQR,
p_chk3 as checkbox user-command XYZ.
select-options : s_matnr for mara-matnr modif id A,
s_ersda for mara-ersda modif id A,
s_werks for marc-werks modif id B,
s_lvorm for marc-lvorm modif id B,
s_tab for dd03l-tabname modif id C.
data: v_chk1,
v_chk2,
v_chk3.
at selection-screen output.
loop at screen.
if screen-group1 = 'A' or
screen-group1 = 'B' or
screen-group1 = 'C'.
screen-input = 0.
modify screen.
endif.
endloop.
loop at screen.
if v_chk1 = 'X'.
if screen-group1 = 'A'.
screen-input = 1.
modify screen.
endif.
endif.
if v_chk2 = 'X'.
if screen-group1 = 'B'.
screen-input = 1.
modify screen.
endif.
endif.
if v_chk3 = 'X'.
if screen-group1 = 'C'.
screen-input = 1.
modify screen.
endif.
endif.
endloop.
at selection-screen.
if sy-ucomm = 'ABC'.
if v_chk1 = ' '.
v_chk1 = 'X'.
else.
v_chk1 = ' '.
endif.
endif.
if sy-ucomm = 'PQR'.
if v_chk2 = ' '.
v_chk2 = 'X'.
else.
v_chk2 = ' '.
endif.
endif.
if sy-ucomm = 'XYZ'.
if v_chk3 = ' '.
v_chk3 = 'X'.
else.
v_chk3 = ' '.
endif.
endif.
Regards,
Sailaja. -
Re: Setting Authorization Check in Report Writer
Hi,
In ABAP Query or ABAP customized program, it is possible to set authorization object checking.
In Report Writer, how can I do it?
<REMOVED BY MODERATOR - REQUEST OR OFFER POINTS ARE FORBIDDEN>
Thanks
Edited by: Alvaro Tejada Galindo on Dec 26, 2008 10:59 AMHi Colin,
I would like to suggest,
Creating an Authorization object & then using it in the report program is the preffered way.
I would like to suggest a couple of references, quite similar to your issue,
[SDN - Reference for using authorization checks at the report level|User authorisation check in ABAP-HR program;
[SAP HELP - Standard Reference for Programming Autorization checks|http://help.sap.com/saphelp_nw04/helpdata/en/52/6712ac439b11d1896f0000e8322d00/frameset.htm]
[SAP HELP - Standard Reference for Authorization checks|http://help.sap.com/saphelp_nw04s/helpdata/en/fc/eb3ba5358411d1829f0000e829fbfe/frameset.htm]
Hope that's usefull.
Good Luck & Regards.
Harsh Dave
Maybe you are looking for
-
Will this mouse work with my G3 iBook (OSX Tiger)? It's dirt cheap and looks to be fairly nice. I'd get one of those Mighty Mouse mice, but I've read things in the reviews in the Apple Store about how they seem to have issues and failure and junk. ht
-
All, Is there a way of resetting the Processing/Communication status? It seems that once a status has been set, there is no way of removing it from a record. Any info will be appreciated. Thanks Kris
-
Somehow copy/paste has been disable on my computer. When I press command V to paste what shows up behind my cursor is "Copy/paste is disabled" Please help. Did I hit some keys or something? This is a nightmare for a college student with two papers du
-
I currently use a Titanium PowerBook with dial-up access when visiting a holiday home in the hills where there is no broadband, and no 3G, in fact no mobile signal at all. I have now got an iPad (which was to replace the PowerBook) and have discovere
-
Hello! i'm having a problem with a connection. i want to connect to a work repostitory in a server machine in my network company. But, my master repository is linked to my database local (Loopback), and the machine server is in the domain of the comp