Restrict Authorization to a group
Hi,
Can anyone tell me how I can restrict my application access to only a group of users?
I am using Applciation Express 3.1. Authentication scheme is Application Express.
Thanks,
Shravanthi
Can you provide more pointers to this.I don't know what you need to know. My suggestion was that you read up on the subject of authorization schemes (start with the User's Guide) and that you search for this topic in the forum. Have you done that? If you need to know how to create packages/stored procedures in your Oracle database, see the Oracle docs and show us specific examples of anything you have trouble with.
Is there a way I can modify wwv_flow_custom_auth_std.login. from my understanding I guiess this is doing the authentication and returning the boolean value. Can I change this to authenticate from the table I created for validating users?
No, you cannot modify the package/procedure. You can create an authentication scheme that calls your own authentication function that looks up usernames/passwords from your own tables. See http://www.oracle.com/technology/products/database/application_express/howtos/how_to_change_auth_method.html for details and also study how the Sample Application authenticates.
Also as of now the Administrator is adding the users directly to a group of Application express users. Do I now need to create a table and enter the users I need into 2 different tables becoz I need to bifurcate the application Express users based on the appliucation tey are using.That would be one way. Do whatever makes sense for your situation.
and also...Since I have to restrict one application to a group of users and other application to another group of users ( Both group of users are using App Express authentication). Do you think I need to change my authorization shcem or authentication?Change your authorization scheme from what to what? As to authentication, use whichever method works best for you. See the references above for alternatives to using Application Express authentication.
Scott
Similar Messages
-
BASIS--to restrict authorization for a PO document type & 122 movement type
Dear All,
Plz guide me how to restrict authorization for a PO document type & for a movement type 122 i.e. for eg. if a user has authorization for PO document type IC then he should not be able to rum movement type 122 for any T-code he runs.
Thanks in advance
Arpit
BasisHi,
Your request was not too clear to me.. As per my unde
Here is some details of Authorization object related to Purchase Order:
Document Type in Purchase Order( M_BEST_BSA )
Purchasing Group in Purchase Order (M_BEST_EKG )
Purchasing Organization in Purchase Order (M_BEST_EKO)
Plant in Purchase Order (M_BEST_WRK )
Document Type in Outline Agreement (M_RAHM_BSA )
Purchasing Group in Outline Agreement (M_RAHM_EKG )
Purchasing Organization in Outline Agreement ( M_RAHM_EKO )
Plant in Outline Agreement ( M_RAHM_WRK )
This can be helpfull to you to restrict authorization to PO..
In Organization Level, it can be restricted by Purchasing group, Purchasing organization and plant..
Regards,
Sandip -
Restrict Authorization at Material level during production confirmation
Hi SAP Gurus,
I would like to ask if its possible to restrict authorization at Material Level during production confirmation.
Our scenario is we have SFG and FG which are handled by different group of people but it has the same Order Type. Now we want to restrict authorization such as one department can only confirm SFG and the other department can confirm FG only.
Is it possible to set authorization at material type or production scheduler level. IF not possible, is there other way except creation of new Order Type?
Thanks,
RaymondHi Raymond,
DO you mean I should create a customized table for this?
Yes
Are there no standard way?
As per my knowledge, you can control through production order type, so you need to create seprate order type for this
Thanks,
Sankaran -
How many ways we can create authorization for user groups in sap query reports
Hi Gurus, I am getting a problem when I am assigning users to user group in sap query report .The users other than created in user groups are also able to add &change the users .So please suggest me how to restrict users outside of the user group.
Please send me if u have any suggestions and useful threads.
Thank You,
Suneel Kumar.I don't think it can be done. According to the link below 'Users who have authorization for the authorization object S_QUERY with both the values Change and Maintain, can access all queries of all user groups without being explicitly entered in each user group.'
http://help.sap.com/saphelp_46c/helpdata/en/d2/cb3f89455611d189710000e8322d00/content.htm
Although I think you can add code to your infoset and maybe restrict according to authority group, i.e.:
Use AUTHORITY-CHECK to restrict access to the database based on user.
Press F1 on AUTHORITY-CHECK to find out how to use it in the code -
IS IT POSSIBLE TO RESTRICT A PARTICULAR MATERIAL GROUP FOR A USER
Hi Gurus,
I want to know whether it is possible to restrict a particular material group for a particular user.
e.g Material Group : 101
User : ADMIN
Our requirement is that the user should not be able to select material group 101 in
any stock related transactions. e.g MB5B, MB51, etc.
Thanks
AmolHi Amol
You ca try Tcode OMT3E where in u can maintain settings relatesd to Users.
Regards -
IDOC Scenario - User has no RFC authorization for function group EDIN
Hi all,
I'm trying to configure an IDOC scenario from ECC to XI.
RFC's, ports and destinations already configured. On WE19 I'm creating an IDOC for testing the scenario. The IDOC is sent successfully, and it stops on TRFC Monitor with error "User PIRFCUSER has no RFC authorization for function group EDIN." .
Some of you knows what authorization is needed? Basis team said the roles are the same at DEV environment, and there this scenario works fine.
Thanks for your help.
regards.
RobertiHi,
Check with PIRFCUSER user , that is having the right authorization or not ..
And make sure that this user is present in the system & it should not locked.
to check that user is present or not-----goto su01 of the system & check
Regards
Seshagiri -
Vendor, trading parner, authorization and corporate group
Hi experts!
Thank you for pay attention to my message! I have a question about the fields in customer master date.
What does it mean or what will happen to the customer master if I entry a vendor no. or a company ID for trading partner in the field vendor, trading parner, authorization and corporate group in the customer master general data?
In other words, in which business scenario or situation should I entry data in these fields:
vendor, trading parner, authorization and corporate group in the customer master general data?
Thank you for your help!
TangDark.Hi,
Vendor- when the customer is also a vendor( i.e. supplying any form of product- raw material) you need to enter vendor no.
Trading partner- If this customer is trading with other company code of the same client.
Authorization- To protect access of the data maintained
Corporate group- If customer belongs to a group ,maintain group key here.
Thanks,
Vrajesh -
How to restrict authorization for OBC4
Dear all
How to restrict authorization for obc4( field status) for user id wise
Regards
nasaHi Nasa
You try to use the S_TABU_LIN object. With this object you can control access to tables (called from maintenance views, SM30 etc) based on the database key for the table.
And as far as I cant see, the OBC4 transaction is just a couple of maintenance views for V_T004V andf V_T004F.
You can find a small how-to [here|http://www.mhn-consulting.com/s_tabu_lin.html]
Regards
Morten Nielsen -
To restrict authorization of tcode MEK1,MEK2,MEK3,MEK4 at plant level
Hi,
We have a requirement where we need to restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.
Presently we can restrict authorization at Purchasing organization level but not at Plant level.
Any pointer please!
Regards,
ChetanHi,
You can restrict the users for the authorization of these T-Codes on their User ID. Take help of Basis who controls Roles & Profiles. (T-Code PFCG)
Hope this helps,
Best regards
Amit Bakshi -
To restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.
Hi,
We have a requirement where we need to restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.
Presently we can restrict authorization at Purchasing organization level but not at Plant level.
Any pointer please!
Regards,
ChetanFirst of all, this is not the right forum to post such a question. Coming to the requirement, this can be achieved by creating a role in PFCG where you can restrict plant and assign this role to each user id. Your basis team can do this.
thanks
G. Lakshmipathi -
User has no authorization for function group SWRS
Dear SRM Gurus,
We are facing an issue u201CUser has no authorization for function group SWRSu201D.
Hope the user has no authorization to access function group SWRS and this function group is saying that workflow substitution.
Can you any one have any idea what scenario are we using Workflow substitution?
Is there any Roles need to be assigned?
I would be appreciating if you could let us know more detail on this.
Thanks.
Regards,
Magesh Basavaraj.Hi,
The authorization object is 'S_WF_SUBST' for substitute role..try to assign this object and check..
Saravanan -
User has no authorization for Function group SYST
Hi,
We are starting to make customisation to B2B application. I have just created a new project for B2B_XXXX application and deployed it on the server. When I run this custom application, I am not able to login using the same user that is working fine for the standard B2B application.
Following is the error I am getting
ERROR 1 - RFC_ERROR_LOGON_FAILURE: User INTUSER05 has no RFC authorization for function group SYST
ERROR 2- The application was not able to switch to a stateful connection......
Strange thing is that the same user works very well for standard B2B.
Any clue? All I have done is created a CUSTCRMPRJ for B2B ERP (SHRWEB, SHRAPP). Please help.
Best regards,
-Tarun
Edited by: Tarun Bakshi on Nov 10, 2011 7:37 PMHi Shanto,
The problem is still occuring. Even If I give s_rfc authorisation the order is not being created.
I compared the source code for b2b and b2b_custom application, I have pasted below the component info
sap.com CORE-TOOLS 7.00 SP14 (1000.7.00.14.0.20071210170909) SAP AG SAP AG 20080125132852
sap.com SAP_JTECHF 7.00 SP14 (1000.7.00.14.0.20071210172424) SAP AG SAP AG 20080125132853
sap.com BASETABLES 7.00 SP14 (1000.7.00.14.0.20071210170411) SAP AG SAP AG 20080125132853
sap.com SAP-JEECOR 7.00 SP14 (1000.7.00.14.0.20071210172300) SAP AG SAP AG 20080125132852
sap.com JLOGVIEW 7.00 SP14 (1000.7.00.14.0.20071210160700) SAP AG SAP AG 20080125132853
sap.com SAP-JEE 7.00 SP14 (1000.7.00.14.0.20071210172039) SAP AG SAP AG 20080125132853
sap.com SAP_JTECHS 7.00 SP14 (1000.7.00.14.0.20071210172719) SAP AG SAP AG 20080125133813
sap.com BI_UDI 7.00 SP14 (1000.7.00.14.0.20071210170522) SAP AG SAP AG 20080125133909
sap.com BI_MMR 7.00 SP14 (1000.7.00.14.0.20071210170459) SAP AG SAP AG 20080125133230
sap.com UMEADMIN 7.00 SP14 (1000.7.00.14.0.20071210164800) SAP AG MAIN_APL70VAL_C 20080125140341
sap.com LM-TOOLS 7.00 SP14 (1000.7.00.14.1.20080124101556) SAP AG MAIN_APL70P14_C 20080125134809
sap.com SAP-SHRWEB 6.0 SP0 (1000.6.0.0.2.20080129095806) SAP AG MAIN_CRM70PAT_C 20110608153828
sap.com SAP-SHRAPP 6.0 SP0 (1000.6.0.0.2.20080128172843) SAP AG MAIN_CRM70PAT_C 20110608154506
b2b_custom application has been created by using code from the following SCs that were added to the track
SAPSHRWEB10_7-20003522.SCA
SAPSHRAPP10_7-20003520.SCA
SAPCRMWEB10_7-20003518.SCA
SAPCRMAPP10_7-20003516.SCA
SAPCRMDIC10_0-20003519.SCA
STRUTS01_0-10003646.SCA
SAPIPCMSA10_0-20003515.SCA
SAPCRMJAV10_7-20003517.SCA
SAPSHRJAV10_7-20003521.SCA
TEALEAF00_0-20001451.SCA
SAPBUILDT14_0-10003479.SCA
Any help would be great... -
No RFC authorization for function group AGS_TAO_REQUEST_MGMT_FGR
Hi,
I'm trying to build a connection between SAP TAO 2.0 and SolMan. I recevied following error message: for one of my user:
2010-12-21 16:28:24:577 : ERROR : SAPTAO.exe : Thread04 (SelfCheckWorker) : SAP.TAO.Common.Rfc.RequestListener.TaoCommonReqListProxy : SearchSoftwareComponents(): an error occured: SAP.TAO.Common.Rfc.SapAgentAgentException: CallBackend(RfcRequest): a call to the backend system failed: SAPAGENT_RFC_CALL_DETAILS(RFC_SYS_EXCEPTION) ---> SAP.TAO.Common.Rfc.SapAgentAgentException: SAPAGENT_RFC_CALL_DETAILS(RFC_SYS_EXCEPTION) ---> System.Exception: User GCRIBB has no RFC authorization for function group AGS_TAO_REQUEST_MGMT_FGR
Please help. Thanks in advance.
SubodhHello ,
You have mentioned you have received one of your user? rest of the users is it working?
Looks like i also received this error message when i did not instlal my ST-400 ..TAO Agent..i saw the same error message in the log.
Did you follow the this note to install SAP TAO - agent properly (OSS note - 1368112) ?
When you did self check are you getting any warning messages?
1440074 - Check this note also for RFC authorizations
Good luck.
Ram -
No RFC authorization for function group HRXSS_SER
Hi,
after implementing portal (EP 7.0), when the end user tries to access the ESS functionalities, the following error occurs,
com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: ComponentUsage(FPMConfigurationUsage): Active component must exist when getting interface controller. (Hint: Have you forgotten to create it with createComponent()? Should the lifecycle control of the component usage be "createOnDemand"?
in default trace, i found the following error,
com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecuteException: User AG1780 has no RFC authorization for function group HRXSS_SER
when i give SAP_ALL access to this user, then everything is working fine, but i cant give so.
help me regarding this...Hi Ajay,
simply do what the exception tells you: provide RFC authorization in the backend for function group HRXSS_SER to user AG1780.
Cheers, Anja -
No RFC authorization for function group RFC2
When I am trying to import RFCs/IDOCs from ECC to XI in the integration repository, I am getting this error:
User has no RFC authorization for function group RFC2.
Any input is appreciated.
Thanks,
tnvHi tnv,
I guess you have to use an authorization object S_RFC with parameters.. In your case, you would need to set
RFC_TYPE=FUGR
RFC_NAME=RFC2
See this link
http://help.sap.com/saphelp_nw04/helpdata/en/6b/af429b12e9214d9a2d6cba921b162f/frameset.htm
Hope this solves ur problem!
cheers
Prashanth
P.S Please mark helpful answers
Maybe you are looking for
-
Classloader and Sun One Application Server 8
Hello. The problem is that it is impossible to load the digester at application level. Instead of it the digester at application server (Sun One Application Server 8) level is loaded. How can I change the situation? Thanks.
-
Adobe Lightroom will not start or open
Install lightroom. Everytime I try to open lightroom I get the following error: Lightroom cannot create a catalog named "Ligthroom 3 Catalog" on a network volume" Anybody have any ideas? Thank you in advance.
-
My iPod touch 4th gen crashes and restarts every time I try to edit a photo. Why is this happening and is there any way to fix it? It's not jailbroken, so I guess it's not malware
-
I'm interested in optimizing Faces tagging to get the Faces Library to load faster. I've seen several forums regarding the slowness in getting Faces to load, primarily due to it needing to dynamically build the library each time it loads. I'm looking
-
Code entered is invalid error while installing elements 12?
Get error that states code entered is invalid while installing elements 12?