Restrict User to post 'RE' doc in Tcodes apart from MIRO

Similar Messages

• How to restrict user to post in GL a/cs thru validation rule ?

  Hi Experts,
  I want to restrict an user to post transactions for tds related gl accounts.is that possible through Validation rules.
  Actually i created a step and under that i configured prequisite,check and message.
  In "prerequisite" Company code = xxxx and user name = fffffff
  in "check i configured, all restricted GL accounts
  In "message" -
  GL account restricted to post by user fffffff
  But still the problem is not yet solved as the user is able to post transaction in that GL accounts.
  Plz guide.
  Sumeya offrin

  Hi Neeraj,
  Thank you for the response.
  Xtely.i have done the same.created an authorization groupp and assigned the group in GL account master data(control data tab) and even the group contains the users who are authorized to post into these GL accounts.
  But sorry,the problem not yet solved.
  Anyother solution?
  waiting for the another response.
  With Regards,
  Sumeya offrin
  Edited by: sumeya offrin on Nov 26, 2008 1:47 PM

• How to restrict user to post document segment wise/Profit center wise

  My client wants to restrict users segment wise to post account document.
  we use documnet splitting segment wise.
  Thanks
  Chinmaya.

  Hi
  Check with your BASIS guy if authorization object is available for the field SEGMENT... There are some issues yet with this because it is not available in some T codes
  If the same is not available, you can ask your ABAPer to create a Z authorization object for this field and write a small ABAP code in the exit RGGBR000 (FI validation)
  Sample code is attached below to check auth for Plant in Internal order...ZCO_INTPORD was the Z auth object created...
  CHECK i_aufk-bukrs  IS NOT INITIAL.
  CHECK i_aufk-werks  IS NOT INITIAL.
  AUTHORITY-CHECK OBJECT 'ZCO_INTORD'
           ID 'BUKRS' FIELD i_aufk-bukrs
           ID 'WERKS' FIELD i_aufk-werks
           ID 'ACTVT' DUMMY.
  IF sy-subrc = 4.
    MESSAGE e398(00) WITH 'You do not have sufficent Authorization'.
  ENDIF.
  Regards
  Ajay M

• How to restrict users to download, copy and print the documents from document library

  I want in SharePoint documents which I uploaded in documents library. no user will be able to download, copy and print.
  How it can be possible these types of restrictions apply?

  You can't achieve this goal by just setting appropriate access rights on SharePoint. You need to setup and configure Information Rights Management: https://support.office.com/en-in/article/Apply-Information-Rights-Management-to-a-list-or-library-6714cfe3-ef39-43b0-bb65-a887726bb63c

• Restrict Open / Close Posting Periods for Users (OB52 / S_ALR_87003642 )

  Hello everybody.
  I'd like to know if there is a way to restrict that some users open posting periods in OB52 or S_ALR_87003642 and some other different users close posting periods.
  Hoping you could help it, as our organization had that policy from our previous system,
  Best regards,
  Elvis E. Henriquez A.

  Hi
  Sorry, but I do not think that's possible in SAP Standard.
  OB52 / S_ALR_87003642 are build around a maintenance view for table T001B. This mean that the access primarily are controlled by the S_TABU_DIS (and S_TABU_LIN) object, and with these object's you can control access to maintain / display only, you can not control the values of the input data.
  I think that you will need to create your own application and authorization object in order to achieve your requirement.
  Regards
  Morten Nielsen

• MIR7 - USER RESTRICTION IN PARK & POST

  Dear Guru,
  I have scenario where I would like to place user restriction for parking & post of document in MIR7, further there is any kind of validation check I can place or authorisation check from bases will do or any other way pls advice in detail.
  Thanks in advace.
  Vishal

  Hi vishal sharma,
  For this Authorisation is enough .validation is not required .check it out with your basis team.
  Regards
  Surya

• User exit for post good receipt for tcode VL32n(inbound delivery)

  HI,
  I need a user exit which should get triggered when the user hit the button "post good receipt" under tcode VL32N. I appreciate your help.
  Thanks,
  Sanjay

  Hi,
  Here is the list
  Enhancement                                                                               
  VMDE0004                                Shipping Interface: Message SDPACK (Packing, Inbound)       
  VMDE0003                                Shipping Interface: Message SDPICK (Picking, Inbound)       
  VMDE0002                                Shipping Interface: Message PICKSD (Picking, Outbound)      
  VMDE0001                                Shipping Interface: Error Handling - Inbound IDoc           
  V53W0001                                User exits for creating picking waves                       
  V53C0002                                W&S: RWE enhancement - shipping material type/time slot     
  V53C0001                                Rough workload calculation in time per item                 
  V50S0001                                User Exits for Delivery Processing                          
  V50R0004                                Calculation of Stock for POs for Shipping Due Date List     
  V50R0002                                Collective processing for delivery creation                 
  V50R0001                                Collective processing for delivery creation                 
  V50Q0001                                Delivery Monitor: User Exits for Filling Display Fields     
  V50PSTAT                                Delivery: Item Status Calculation                           
  V02V0004                                User Exit for Staging Area Determination (Item)             
  V02V0003                                User exit for gate + matl staging area determination (headr)
  V02V0002                                User exit for storage location determination                
  V02V0001                                Sales area determination for stock transport order                                                                               
  Business Add-in                                                                               
  DELIVERY_ADDR_SAP                       Address Change in Delivery Processing                       
  DELIVERY_PUBLISH                        Announcement of delivery data during database update        
  Shib

• KB21N, KB11N:how to restrict by cost centers users can post to

  Hello Gurus,
  SAP is not restricting  Cost centers  which can used for internal activity allocation KB21N  and re-posting of primary cost KB11N.
  Users should only be able to post to the authorized cost centers with the standard hierarchy.
  Unfortunately KBXXN transactions are not checking K_CCA authorization object , which other-wise could have been used to restrict user based on responsiblity area ( cost center group)
  Any one came across this scenario, i check all relevant OSS notes related to KB21N . Let me know if i missed any OSS notes
  regards
  SAPfreek

  Hi,
  If you start the transaction KB**N (including KB11N)  you can only use restrictions on the controlling area by using the authority
  object "K_VRGNG". (Please review T-cd:SU24 for the transaction)
  The authority objects "K_CCA" and "K_ORDER" allows to use restrictions on single cost centers and orders but these two authority objects are not checked if you use one of the transactions KB**N It's not possible to use any other restriction than the controlling area for one of the above transactions.
  There are two possibilities to extend the authorization checks in KB**N:
  a) using the validation tool:
     An validation is nothing more than a check whether some customized   conditions are fullfilled or not. If not, the system will send a   self defined message ( Error, Warning, Information ).
     You can find some explanation about validations in our documenation   and in the reference - IMG under:
     Controlling - Controlling General -  Account Assignment Logic.
  b) using the user-exit (Enhancement COCCA002 and COCCA001)
     See note 375725 for additional information
  The enhancement is called up by function module K_ORGUNIT_AUTHORITY_CHECK. Because the standard authorization object
  K_ORGUNIT does not at that point have any fields, this enhancement is the only one executed.
  Please also review  note 370082 for information on the concept of the responsibility area in authorization.
  regards
  Waman

• Calling a Tcode IW51 and restrict user exit

  Hi ,
  A new validations are placed in IW51 tcode and it is woking fine.
  When i am calling the IW51 by using call transaction method the previous User is calling .
  If this TCODE IW51 is calling by using call trancaction method I should not exicute the user Exit.
  Regards,
  Esh

  If there is no event it is difficult to trigger an event. So in any case you have to create your own subtype of BUS2044 and define the event you want to create.
  If there are no user exits (I assume you have also looked for user-exits of type BTE and BAdI, even substitutions) you are perhaps out of luck? Being out of luck in this context means you will have to resort to a modification.

• Restrict display and posting for specific document types

  Hi,
  Is it possible to restrict display and posting for specific document types? I want to restrict authorization to SM document type in FS10N, and KSB1 tcode. Please help
  Best Regards,
  KIRAN.

  Sandipan Choudhury wrote:
  FS10N checks for this object ("Check" in Su24) but when user doesnot has this authorization object he gets access to all doc types and when the user is restricted to specific doc types (object present in user's authorization) he will get access to only those doc types. This is how the authorization check for F_BKPF_BLA works, in other words this authorization is Optional.
  Sorry, but this is not true and seems to be an invention of how you would like it to work...
  The coding works like this (generally):
      if sy-subrc ne 0.
        select single * from  t003 where blart = postab-blart.
        check sy-subrc = 0.
        blrtab-blart = t003-blart.
        blrtab-brgru = t003-brgru.
        append blrtab.
      endif.
      if blrtab-brgru ne space.    "<--- important condition!!
        authority-check object 'F_BKPF_BLA'
             id 'BRGRU' field blrtab-brgru
             id 'ACTVT' field actvt.
        if sy-subrc ne 0.
          rcode = 4.
        endif.
      endif.
    endif. 
  The "optional" aspect is whether or not the document type has an auth group on it in T003, failing which the check is suppressed.
  If it reaches the check, then it found something and then checks that selected value.
  Moral of the story:
  --> Do not believe SU53.
  --> Do not make assumptions from ST01 traces.
  --> Read the documentation carefully.
  --> Read the code to see how it really works (you can jump to the coding location from the trace).
  Cheers,
  Julius

• How to restrict user to change original file in word document.

  Hi experts,
  I am begineer in DMS. I am not able to understand how to restrict user to make any changes to a word document attached any DIR or any object link.
  Ex: I have a created a DIR attaching a word doc to equipment master.
  However, the user is still able to make changes to that word document usign CV03 tcode. I am sure most of you might have faced this problem. Please respond.
  We are using SAP 3.1i version. It is very old version.
  Thanks in advance,
  Kiran

  Kiran,
         The task that you have mentioned could be accomplished by setting up a status network for your document type. While setting up the status network, SAP has defined statuses which could potentially lock objects and fields corresponding to that status type.
  More information could be found at
  http://help.sap.com/erp2005_ehp_03/helpdata/EN/9f/857f3a1c7b11d294d200a0c92f024a/frameset.htm
  I am not aware of 3.0i but you can navigate to customisation --> Cross Application Components --> Document Management --> Control Data --> Define Document Types --> Click on a doc type and go to
  define doc status.
  Here if you define a document with status type S the object is essentially locked for editing.
  Sojan

• Post Parked Doc

  There are two separate groups using the FBV0 post parked docs tcode. 
  One is GL the other AP.  What controls the posting - doc type?  If so what value?  I did think it was 10 for Post, but that doesn't come back on the trace.  Appreciate some advice.

  Hi James,
  There is no restriction on doc type in FV60 (FBV0 internally checks for FV60).  Actual postings (when it hits a GL account) are restricted  by
  F_FICA_FOG, F_FICA_FSG, F_FICB_FKR, and F_FMMD_MES authorization objects.
  F_BKPF_KOA is for account types, not doc types. 
  Let me know if this helps!
  -T
  Edited by: T on Mar 16, 2010 2:15 PM

• Restricted users don't rejoin AirPort out of sleep

  Since I set up my new Mac, I've had a problem with Airport and security settings. If I come out of sleep if logged on as an admin user, the Mac joins my Airport network. If I come out as a restricted user (a kid), it asks for an admin user and password.
  The Network is set to "By default, join Preferred Networks" and I have only one preferred network. The network is there. There's no WEP or WPA or other password required. (I use MAC address filtering). It happens whether or not the Options are set to "Require administrator password to [ ] Change wireless networks."
  This has been a problem since the first time I setup the users. The article below claims it's a problem with old releases but I have the latest release.
  I've been a Mac users for 20 years and an OS X user for 3. Any ideas?
  http://docs.info.apple.com/article.html?artnum=301530
  Mac OS X 10.4: AirPort may not rejoin network on wake or restart
  Symptom
  Some computers, after upgrading to Mac OS X Tiger 10.4, may no longer automatically join a wireless network after waking from sleep or restarting.
  iMac G5   Mac OS X (10.4.8)  

  On the screen where you are being asked for the password, click the triangle by Details and note down what the requested right is. From here, use an application such as TextWrangler to open the /private/etc/authorization file, search for instances of that right, and if possible, modify the file so that non-admin users have that specific right. If you're not sure what to do, post back with the requested right for instructions. General information about the setup is available in another thread.
  (19497)

• Restrict users to change value in user id field in SM36

  Hi,
  Our users are currently given authorization objects S_BTCH_NAM, S_BTCH_ADM and S_TCH_JOB in order to be able create background jobs and execute using batch admin userid, and not under their own userid.
  I like to know is there way to restrict users to execute transaction SM35, SM36, SM37 to create a job under another person's userid.
  I am looking at grey off the userid field in SM35, SM36, SM37 when users execute these t-code in online mode. I want to restrict them from schedule job to run under another person userid.
  However, if users perform a transaction and call a customised program to create a batch job in background to be executed under batch_admin userid, without failing the job.
  How can it be achieved? Does SAP allows configuration to grey off userid field?

  The problem is that our customized program will first create a job under user "X" userid for audit trail purpose. Because user "X"does not have necessary authorization to perform full update of all other transactions or tables update, in the job, the program will indicate a non-user account with SAP_ALL authorization to perform the update.
  Since your custom program check for S_BTCH_ADM and S_BTCH_NAM from User's authorization we cannot put S_BTCH_ADM=N there and in that case, users would be able to create jobs with other user ID by executing SM36 directly.
  Option 1: Discuss with your developer if it is possible to create a custom exit in the Sm36 program to perform the above authorization check in your Batch user ID's authorization instead of your dialog users. In that case your custom program would run as expected as long as your Batch user ID has proper authorizations for S_BTCH_ADM and S_BTCH_NAM and your dialog users can be restricted to S_BTCH_ADM= N
  Option2: Create a transaction variant for SM36 in tcode SHD0 and make field "User" invisible and then link the transaction variant to a custom tcode which is to be created with start type "Transaction with Variant (variant transaction)".
  Please refer to an SDN article for process of [creation of a transaction variant and linking it to a variant transaction|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40d1443e-0184-2c10-c68d-c612f771fe6f?quicklink=index&overridelayout=true]
  Then have your custom program updated to call the custom tcode instead of SM36 and modify your user's roles to replace SM36 authorization with ZSM36 (Check indicator values of SM36 are pulled into the role). This will ensure your custom program can create jobs under a different user whereas when your user executes SM36 online, the field to change 'user' will not be visible and by default they would be forced to create jobs under their own IDs inspite of having S_BTCH_ADM=Y and S_BTCH_NAM= <your Batch user ID>
  Hope this helps!
  Sandipan

• Open and close posting period authorization control TCODE: S_ALR_87003642

  HI All,
  Is there any chance to control the user to open and close another company code posting period variant in TCODE: S_ALR_87003642.
  In our system we are using the same client for different countries. So user can able to change the other country company code posting periods.
  We would like to control either on the country (or) organizational unit(company code) (or) posting period variant so that user can only open/close  their country / company code posting periods.
  Our present authorization role for open and close posting period contain the auth.Obj. : S_TABU_DIS.
  Please share your knowledge if you come across this problem..
  Thanks in advance..

  Hey Sandhya,
  Congratz, this can be done using linbe item authorization with the object S_TABU_LIN.
  Field ORG_CRIT - Value 02
  Field ORG_FIeld1 - Value ZT001B
  We have successfully done it in our client.
  You need to contact your BASIS consultant for this.
  Thanks,
  Nitish