Restrict some user roles for tocde VA02

Similar Messages

• How can we restrict the users/planners for a planning book?

  Hi experts,
  How can we restrict the users/planners for a planning book?
  Thanks,
  Naga.

  Hi Naga,
  we describe this in our SAP Demand and Supply Network Planning rapid-deployment solution.
  Access this area directly via
  http://service.sap.com
  /rds-dpa
  In the configuration guide Demand Planning Settings, Macros and Chart
  Engine (DP3) read Appendix: Setting up Roles and
  Authorizations.
  BR Frank

• Assigning the End User Role for E learning management in Solution Manager

  Hello Team,
  In the E Learning Management in Solution Manager, I have to a assign the End User Role for each Bussiness Process. While assigning the role, I couldn't able to assign the role of type " JOB ". What have I do to get the type as JOB instead of "Organizational Unit" and "User"?
  Regards,
  Shyjith.K

  Hi,
  Have you maintained your Organizational data? Did you assign any job to any user in the organizational hierarchy. You need to maintain you PPOMA_CRM first in order to assign any roles there.
  Hope this helps
  Rajeev

• How to create Users/Roles for ldap in weblogic without using admin console

  Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
  or is there any ant script for creating USers/Roles?
  Regards,
  Raghu.
  Edited by: user9942600 on Jul 2, 2009 1:00 AM
  Edited by: user9942600 on Jul 2, 2009 1:58 AM

  Hi..
  You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
  .e.g. wlst create user
  ..after connecting to admin server
  serverConfig()
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
  cmo.createUser("userName","Password","UserDesc")
  ..for adding/configuring a role
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
  cmo.createRole('','roleName', 'userName')
  ...see the mbean docs for all the different attributes, operations etc..
  ..Mark.

• How to restrict some Users from certain fund centers & commitment items....

  HI Experts
  I want to implement authorization in my FV60 and Fb60 tranactions, my Funds managment is active and i want to restric user in Funds Center and as well as some commitment item. I have some idea of Authorization group and after defining a Authorization group in customizing, i assigned Authorization group in fund center.and give its name in Authorization object in User roles. but still i am unable to achive correct control. by this way the system restrict every fund center.
  Can anyone help me out....Thanks in Advance
  Full point will be awarded...
  MAZ

  check tolerance groups for employees, are they excluded in the tolerance group?
  regards,

• How to restrict some users from viewing a screen of standard transaction

  Hi All,
  I need to restrict certain user ids from viewing the 'Payment Transactions' screen for the below mentioned transactions.
  FK01, FK02, FK03, MK01, MK02, MK03, XK01, XK02, XK03
  The Basis consultant has tried to configure it. However its not working. So need to find other solution.
  For all transactions other than FK01, MK01, XK01 (create vendor), the BAdi GOS_SRV_SELECT is called before the payment transaction screen appears. But for transactions FK01, MK01and XK0, no such BAdi is there.
  Also I'm not able to figure out how to restrict that particular screen using Badi GOS_SRV_SELECT. What will be the service name for this?
  Please help !!!
  Thanks in advance,
  Radhika

  hi,
  u can do this using user exits.
  identify the appropriate exit for ur transaction and thn put condition like
  if username = ...
  loop at screen.
  hide..
  endloop.
  i was just trying to give u some hint .make it to ur best.
  reward if hlpful.

• Internet user role for BP category type "Organisation"

  Dear All,
  We have some BPs which is created under the BP category of "Organization" with role sold-to-party. Now the client wants to extend this BPs to Internet user role. Where as in Standard internet user role will be assigned to only person category.
  Please advise me on the same.
  Regards
  Ashwini

  Hi Ashwini,
  you need to modify the logon routine and then in the user management (isauseradmin application) to do this. Then there are likely changes to the catalog identification, and very likely to most processes in the shop. I really wouldn't advise doing so. As accounts usually have contact persons: Why does your client insist in providing a login for the organization and not for a person?
  To achieve something that looks almost like the desired solution you, e.g., could model a dummy contact person for each account that shall get a logon, that then does the job. The contact person could be named like the company and then you are back to plain standard.
  Rgds
  Thomas

• How do we restrict the user access for a particular G/L account

  Dear Experts,
  At our customer site, we follow master / derived role concept for authorisations.
  We have a requirement to restrictict user at G/l account authorisation level.
  I am aware that every g/l account account has a authorisaition group. But g/l account authorisation is a non-org value for which the present value is * for brgru, we cannot restrict by user/org. At our customer site the authorisations are provided at master role level for a designation and derived role is restricted for a plant, BA etc..
  Is there is any user parameter level restriction which can handle this requirement, i mean user parameter for specific g/l account, as we do LIF pid to restrict vendor level access.
  Appreciate your suggestions ASAP.
  Best regards,
  M.Kumaran

  Depends.
  What are you trying to protect? GL account masterdata (FS00) or FI document creation for specific GL accounts?
  Without knowing more about the design principles behind your roles, your release or other restrictions, I would suggest:
  (1) grouping off the GL accounts you want to protect in authorization groups (maintained via FS00);
  (2) deactivating either object F_BKPF_BES (if your trying to restrict FI document creation) or object F_SKA1_BES (if your trying to restrict access to GL account masterdata) or both in master/derived role;
  (3) create several separate roles that would contain only the aforementioned objects with access to specific GL account groups;
  (4) assign the roles from step 3 to users as required.
  Hope this helps.

• User role for vendor block/unblock

  Hi Guys,
  We want to give a role to only one user so that he can only block or unblock any vendor.
  Is it possible to create a role and assign it to only one user .
  He should be able to block/u

  Ouch.
  Its not a simple process.  I will give you the basics, you will need to read some and do some to get a clear hang of it.
  The role creation transaction is PFCG.
  If you want to create a role, say for FK05.
  Enter a name and description of the role, say Z:LOCK_UNLOCK_VENDORS, Desc:  role for locking and unlocking vendors.
  Click on the create single role button.
  Save the role.  Go into the Menu tab. Click on the button which says Transaction and a plus sign.  In the popup that comes up enter the T-code FK05 and the others that are relevant.  Click on Assign transaction.
  Now move to the Authorisation tab.and click on the button change Authorisation data, you may need to save the role.
  Enter the organisational values, company code in this case, click on save.
  Now you will be in the authorisation page, where you decide what activity and area you need to assign.
  If you expand the Cross-application Authorization Objects, you will see the t-codes which you entered in the menu here.  You can add more t-codes here if you need.
  In the next node for financial accounting.  Expand the node to see the authorisation objects.  from the menu, click on utilities and Technical names on,  to see the technical names of the objects.
  If you see the activities, the acivity "lock" will get automatically assiged.  If you click the pencil in front of the activity, you will see a pop-up where you can select additional activities.
  Once you are done, save and generate the authorisation.  This will also generate a profile.
  In the main PFCG screen, you can assign the user you want to carry out this role.  Remember to carry out complete user compare so the role becomes activated in the user master.
  You are now done.
  If the user gets an authorisation error.  He can execute the transaction SU53 and the system will display what authorisation is missing.  You can then add this to the role or create a new one.
  Cheers...

• User role for service requests from the SSP

  Does the End User role have enough permissions for users to create service requests from the SSP?  I know for incidents it is but I am not sure about service requests.  If you go through the Service Catalog Checklist, step 5 to create the User
  Role brings up a new role based on the Author role and not on the end user.

  here step by step procedure with user access.
  http://www.concurrency.com/blog/scsmportalpermisions/
  Cheers
  Antoine AL Ibry

• Is it have some User exits for Vendor master  trigger when click some field

  Dear Experts,
       I would like to know Is it have User exit for Vendor master  trigger when click some field in Vendor master? not just User exit for Prior Save . Please kindly let me know some solution for this case.
       Many thank.

  Hi,
  check may this bapi will be useful your requirements, BAPI_VENDOR_CREATE
  below links may helpful for you:
  BADI http://help.sap.com/saphelp_erp2005/helpdata/en/73/7e7941601b1d09e10000000a155106/frameset.htm http://support.sas.com/rnd/papers/sugi30/SAP.ppt http://www.sts.tu-harburg.de/teaching/sap_r3/ABAP4/abapindx.htm http://members.aol.com/_ht_a/skarkada/sap/ http://www.ct-software.com/reportpool_frame.htm http://www.saphelp.com/SAP_Technical.htm http://www.kabai.com/abaps/q.htm http://www.guidancetech.com/people/holland/sap/abap/ http://www.planetsap.com/download_abap_programs.htm http://help.sap.com/saphelp_nw04/helpdata/en/c8/1975cc43b111d1896f0000e8322d00/content.htm /people/thomas.weiss/blog/2006/04/03/how-to-define-a-new-badi-within-the-enhancement-framework--part-3-of-the-series /people/thomas.weiss/blog/2006/04/18/how-to-implement-a-badi-and-how-to-use-a-filter--part-4-of-the-series-on-the-new-enhancement-framework http://esnips.com/doc/e06e4171-29df-462f-b857-54fac19a9d8e/ppt-on-badis.ppt http://esnips.com/doc/43a58f51-5d92-4213-913a-de05e9faac0d/Business-Addin.doc http://esnips.com/doc/10016c34-55a7-4b13-8f5f-bf720422d265/BADIs.pdf http://esnips.com/doc/1e10392e-64d8-4181-b2a5-5f04d8f87839/badi.doc http://esnips.com/doc/365d4c4d-9fcb-4189-85fd-866b7bf25257/customer-exits--badi.zip http://esnips.com/doc/3b7bbc09-c095-45a0-9e89-91f2f86ee8e9/BADI-Introduction.ppt http://help.sap.com//saphelp_470/helpdata/EN/eb/3e7cee940e11d295df0000e82de14a/frameset.htm USER EXIT http://www.sap-img.com/abap/a-short-tutorial-on-user-exits.htm http://www.sapgenie.com/abap/code/abap26.htm http://www.sap-img.com/abap/what-is-user-exits.htm http://wiki.ittoolbox.com/index.php/HOWTO:Implement_a_screen_exit_to_a_standard_SAP_transaction http://www.easymarketplace.de/userexit.php http://www.sap-img.com/abap/a-short-tutorial-on-user-exits.htm http://www.sappoint.com/abap/userexit.pdfUser-Exit http://www.sap-img.com/ab038.htm http://help.sap.com/saphelp_46c/helpdata/en/64/72369adc56d11195100060b03c6b76/frameset.htm http://www.sap-img.com/abap/a-short-tutorial-on-user-exits.htm http://www.sap-img.com/abap/what-is-user-exits.htm http://expertanswercenter.techtarget.com/eac/knowledgebaseAnswer/0,295199,sid63_gci982756,00.html Rewards if useful......... Minal
  still if you not find any solution go for  custom exit, means in standard program only ABAP consultant change the program where you required, it is little risk, you have to do the more testing for this
  BR:
  Venkat.Gurram

• User Roles for changing tables?

  Which user roles are there in the environment for changing tables?
  Any help is appreciated.
  Regards,
  Neetu

  Search for roles which have SE11 in their menu as a tcode and take you best pick or create your own.
  The advice from the other is also good in my opinion (he who changes table fields should also change the program.... )....
  Cheers,
  Julius

• User exit for va01/va02 for std program

  Hi ,
  how are u all....
  here is my problem...
  i created a customized screen for va01.
  this screen gets called after user saves the order.
  in this screen i provided 4 options .
  1. accept the order
  2 change the order
  3.reject the order
  4 release unconfirmed.
  i am calling this screen in user exit userexit_refresh_document.
  before this am capturing the order number .
  once user clicks on first radion button i.e on accept.
  then i am passing the order number and removing the block using BAPI_salesorder_change.
  but here bapi is passing the error message as plese enter the order number ....
  my doubt is the userexit whr am calling the screen is correct ?
  can we do the same using BDC ..?
  if anybody working actions on user entry for va01 and va02..
  please let me know whr and how u r writing the code... sooon
  thx in advance...
  regards
  sanjay

  what are u doing ? , u cannt call BAPI in the same user exit.
  if user accepts the order --->then u have to unblock the order ?
  then u have to activate Credit Control User exits ->SPRO->SD->System Modifications>Credit Control User exits.
  regards
  Peram

• How to create SR Queue and Custom User Role for technician only see which SR assigned Him/Her and Resolve

  Hi 
  I have created workitem SR advance and Criteria with ID [Assigned To ME] and created user role in Advance operators.
  But in technician Console showing which SR he/she created not service desk assigned to him/her.
  Please suggest...
  Regards
  Sheetla Maurya

  I have find out Solution .......Create Queue with Service Request Advance and we not need to create any criteria option, After that create custom User role on Advance
  operators with View "Assigned To ME"
  Regards
  Sheetla Maurya

• End User Role for Service Desk in Solution Manager

  Hey,
  I am launching the Service Desk functionality for my End Users. One thing that i want to know of is the role that I should assign my user in Solution Manager to access his message. E.g.
  I have a user 'A' who creates a message from any system in my landscape:Test, QA, Dev or Production. Now this message reaches in Solution Manager and is assigned to a certain Support Team according to the rules I defined. Now the personnel of Support Team needs some feedback from the end user who created the message. For that the user 'A' has to log into Solution Manager, access his message and enter the details which the Support Team requested.
  I want to know that what Role should i give to this user 'A' so that he is able to access ONLY the messages that he created i.e. "Reported by" field showing user 'A'; and is able to view and edit them.
  If I give him the role SAP_SUPPDESK_CREATE and SAP_SUPPDESK_DISPLAY, he is just able to see the messages, all of them, but is not authorized to edit any. Please help me out in this matter as i need a solution asap.
  Regards,
  Bilal Nazir

  Hi Nazir,
  Create a role and add this t-code manually.
  CRM_DNO_MONITOR - Transaction Monitor
  This is will definitely solve your problem.
  Feel free to revert back.
  Thanks and Regards,
  Ragu
  ERP,
  Suzlon Energy Limted, Pune
  Extn: 2638
  +919370675797
  I have no limits for others sky is only a reason