Restricting Authorizations to Variants at User level
Hi SAPians,
Can you help me to know how can I restrict variants to be displayed for particular users.?
Example: I am creating 5 variants in EMMACL transaction and give authorizations for the users only to particular Variants as below:
1. Variant1 --> Can be access by only users ERP-EHK, ERP-SAP & ERP-EJS
2. Variant2 --> Can be access by only users ERP-EAS & ERP-HJG.
3. Variant3 --> Can be access by only user ERP-EMM
4. Variant4 --> Can be access by only users ERP-EHK & ERP-UJY
5. Variant5 --> Can be access by only user ERP-EAS
Let me know how I can achieve the above requirement?
Hi,
i have assigned it at user level then why iam i
getting the currency code of site level ?Did you user to logout and login again after setting the profile option at the user level?
What if you set this profile option at the site/application/responsibility level, can you reproduce the issue then?
Thanks,
Hussein
Similar Messages
-
Business Blueprint - Restricting authorization at Business Scenario
Hi All,
We would like to restrict authorizations at a Business Scenario level, say FI module users are restricted to update only their documents and only view SD documents.
Can anyone let me know if this is possible?
Thank you for your time.Hi Guys,
Blueprints are available online!!
Go through the links
The Blue print for Business Inteligence:
http://help.sap.com/bp_biv335/BI_EN/html/Business_Blueprint.htm
Now if you are looking the Blueprint for any other modules, Select from the list
http://www.sap.com/services/servsuptech/bestpractices/index.epx
regards
Happy Tony
<b>Points == Thanks</b> -
To restrict authorization of tcode MEK1,MEK2,MEK3,MEK4 at plant level
Hi,
We have a requirement where we need to restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.
Presently we can restrict authorization at Purchasing organization level but not at Plant level.
Any pointer please!
Regards,
ChetanHi,
You can restrict the users for the authorization of these T-Codes on their User ID. Take help of Basis who controls Roles & Profiles. (T-Code PFCG)
Hope this helps,
Best regards
Amit Bakshi -
To restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.
Hi,
We have a requirement where we need to restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.
Presently we can restrict authorization at Purchasing organization level but not at Plant level.
Any pointer please!
Regards,
ChetanFirst of all, this is not the right forum to post such a question. Coming to the requirement, this can be achieved by creating a role in PFCG where you can restrict plant and assign this role to each user id. Your basis team can do this.
thanks
G. Lakshmipathi -
Organization Units Authorization on user level
Hello experts,
Is there a way to add authorization for an organization unit (i.e. Company Code) on a user (SU01) level and not on a authorization objects (PFCG) level?
For example,
I would like to create the following Role (profile):
ZFI_AP_REPORT_DISPLAY
This role should be able to display AP report from the Financial module.
However our problem is, we would like to create authorization levels with organizational units for each user:
For example:
User Anson has ZFI_AP_REPORT_DISPLAY assigned but can only display Report from Company Code 3202.
We know we can create this authorization creating several roles, like:
ZFI_AP_REPORT_DISPLAY_3201
ZFI_AP_REPORT_DISPLAY _3202
ZFI_AP_REPORT_DISPLAY_3203
but our idea is not create several roles, but to assign the Company Code authorization on a user level and leave just one role so we would only need ZFI_AP_REPORT_DISPLAY.
Is there a way to do this?
Thank you in advanced for your replies.
Christine TsengI agree with Jurjen. There is no point creating a "new" authorisation concept for a few transactions. If you use standard authorisation objects for the check in your custom tcodes then you will likely have very little work to do if you assign those tcodes to existing roles.
Even using a custom auth object & creating the variants will take up no more time than doing something like repeating the variable functionality in BI or messing about with PIDs in the UMR (which I definitely do not recommend). By sticking with the standard concept you ensure consistency, making it much easier to support and/or handover if you move on from the role. -
Restrict Authorization at Material level during production confirmation
Hi SAP Gurus,
I would like to ask if its possible to restrict authorization at Material Level during production confirmation.
Our scenario is we have SFG and FG which are handled by different group of people but it has the same Order Type. Now we want to restrict authorization such as one department can only confirm SFG and the other department can confirm FG only.
Is it possible to set authorization at material type or production scheduler level. IF not possible, is there other way except creation of new Order Type?
Thanks,
RaymondHi Raymond,
DO you mean I should create a customized table for this?
Yes
Are there no standard way?
As per my knowledge, you can control through production order type, so you need to create seprate order type for this
Thanks,
Sankaran -
PM Organization Units Authorization on User Level
Hello experts,
Is there a way to add authorization for an organization unit (i.e. Planning Plant) on a user (SU01) level and not on a authorization objects (PFCG) level?
For example,
I would like to create the following Role (profile):
ZPM_AUT_EQM_EQUIPMENT_DISPLAY
This role should be able to display equipment from the Plant Maintenance module.
However our problem is, we would like to create authorization levels with organizational units for each user:
For example:
User jsmith has ZPM_AUT_EQM_EQUIPMENT_DISPLAY assigned but can only display equipment from Planning Plant SL01.
We know we can create this authorization creating several roles, like:
ZPM_AUT_EQM_EQUIPMENT_DISPLAY_SL01
ZPM_AUT_EQM_EQUIPMENT_DISPLAY_SJ01
ZPM_AUT_EQM_EQUIPMENT_DISPLAY_AG01
but our idea is not create several roles, but to assign the Planning Plant authorization on a user level and leave just one role so we would only need ZPM_AUT_EQM_EQUIPMENT_DISPLAY.
Is there a way to do this?
Thank you in advanced for your replies.
Best regards,
Fernando MontenegroHi ,
Could you share about your solution ? I think I have face the same problem as yours. -
BASIS--to restrict authorization for a PO document type & 122 movement type
Dear All,
Plz guide me how to restrict authorization for a PO document type & for a movement type 122 i.e. for eg. if a user has authorization for PO document type IC then he should not be able to rum movement type 122 for any T-code he runs.
Thanks in advance
Arpit
BasisHi,
Your request was not too clear to me.. As per my unde
Here is some details of Authorization object related to Purchase Order:
Document Type in Purchase Order( M_BEST_BSA )
Purchasing Group in Purchase Order (M_BEST_EKG )
Purchasing Organization in Purchase Order (M_BEST_EKO)
Plant in Purchase Order (M_BEST_WRK )
Document Type in Outline Agreement (M_RAHM_BSA )
Purchasing Group in Outline Agreement (M_RAHM_EKG )
Purchasing Organization in Outline Agreement ( M_RAHM_EKO )
Plant in Outline Agreement ( M_RAHM_WRK )
This can be helpfull to you to restrict authorization to PO..
In Organization Level, it can be restricted by Purchasing group, Purchasing organization and plant..
Regards,
Sandip -
Authorization Object at course type level in LSO
Hi Experts,
We are trying to restrict authorization for users at Course type level or each course level.
Is there any authorization object available in SAP Standard roles (PFCG) to restrict users at Course level.
Maximum points would be rewarded for useful solution.
Regards
Basavraaj PatilHi rao,
thanks for reply,
Would you please elaborate it please?
Regards,
Basavaraj Patil -
Authorization for Variants, Views and Folders
Hi SDN'ers,
How can you manage the edit restrictions on a variant, view and folders? I mean how can you make sure certain users dont change or delete a variant for example? This has to do with authorizations and the role where you publish it in.. but i don't know the full details about it.
Thanks.The easiest way to discover what's being checked is to perform the actions you mention with a user that has sufficient authorizations, while tracing the user with ST01 (here you can perform a trace on authorizations, except for all the query display authorizations wich you can check with rsecadmin).
In this way you can see exactly wich objects and values are being checked and thus you should be able to discover the objects and values that you need (if available).
Regards,
Jesse -
Cost element group authorization check on controlling area level
Hi!
When maintaining cost element groups (KAH1, KAH2, KAH3) is it possible to run an authorization check on controlling area level?
We have one global chart of account but several controlling areas. When we create a cost element group it is created at chart of account level for all the controlling areas. When someone changes a cost element group it changes in all controlling areas. I cannot restrict user's authorization to be able to change cost element groups only in their own controlling area.
Is it possible somehow?
Thanks for your help.Hi,
Like how the global chart of accounts is at the client level, the cost element groups are also independent of the controlling areas. Infact, the cost element groups are created at the global COA level.
In such a case, I don't think it is possible to restrict the authorizations to amend the cost element groups at controlling area level.
Thanks and Regards,
Bhuvaneswari.S -
How to restrict table data at a row level?
Hi everybody,
I need create a database user and restrict his data access to certain tables.
What is the best way to do this?
Eg Table Emp has two columns, sal and dept. Sal has three distinct values: 500, 1000, 1500.
I need to make it so that new_user can only see the data in table emp where the sal value = 500.
Many thanks
RupYou can use row-level security (VPD) for this sort of thing, so you assign a policy to the table that restricts which rows a particular user can see.
You can also roll your own solution by creating a view on the table and granting the user access to that view rather than direct access to the table.
Justin -
How to restrict the department to not user other departments' equipment?
Dear SAPIENTS,
How to restrict the department to not user other departments' equipment? If suppose any one creating order for equipment having different authorization group then system should not allow me to do this.
Regards,
Kaushal RaiKaushal Rai,
Use Authorization group for technical objects, create authorization gruops in IMG and assign the same to the Equipment master and block the other department with the same authorization group. For ristricting the authorization group to other departments after creating and assigning it to the equipment seek help from your BASIS team.
goto the below path for cerating the Authorization group:
IMG - PMCS - Master data in PMCS - Technical Objects - Define Authorization groups:
Here you define the authorization groups, after completion of this step go to the Equipment master in General Data tab page there is a feild Authourization Group, mention the respective authorization group and provide this Authorization gruop value to the respective user in the user role with the help of BASIS Team.
Regards,
Praveen. -
Issue in User Level Simulation in GRC 10.0
Hello Every one,
Before i Jump into the question, please find below the screen shot which tells about the B.P(Business process),Functions created in test system(GRC 10.0), where as the roles and corresponding users which have been created in back end system connecting to GRC 10.0.
Now when i am trying to run a risk analysis on user TEST_RISK(TEST_ROLE_RISK role is assigned and pfa the authorizations in the role), i will be shown the Risk R001.
Now i am trying to run user Level Simulation on the above user TEST_RISK and i am trying to simulate by adding a new role TEST_ROLE_RISK3 as shown in the below screenshot at Action level,Permission Level,Critical Action level ,Critical permission level.
Even though i select the option, Risk from Simulation only, when i try to execute at action level , it is also showing me the risk which coming from the actual role assigned but not from the simulating one.
Thanks and Regards,
Naga.Hi Naga,
there are some notes which might help to fix the problem. Especially the first might fix your problem.
http://service.sap.com/sap/support/notes/1895502
http://service.sap.com/sap/support/notes/1953347
Please let us know if it helped.
Regards,
Alessandro -
HR Authorization issue for specfic User
Dear all,
One of the HR user , he can run payroll on particular site ,
i have assigned Org key of site to master data on the particular role .
User tried to run payroll using pa30 with personnel no (one of store user) .
but system is not take any value and its not showing any error also .
For example pls check below detail i have tried my user id and system has shows below details of the user (below details is one of the store user ).
Personnel no. 2941
Name A Mohammed Younus
Personnel ar ZOSO EE group A
Subarea STCH EE subgrp 3E
Kindly suggest to resolve the issue
Note : 1, i have deleted the user and i have recreated role .
2, i have copied another user role (he can run payroll) to effected user ,even though he cant able to run payroll.
Edited by: satheesh0812 on Dec 17, 2010 9:29 AMDear all,
I dont thing so there is no issue with Role ,only issue with Structure Auth..
Becoz pls check below Authorization Object.
Changed HR: Master Data
Authorization level E, M, R, W
Infotype *
Personnel Area *
Employee Group *
Employee Subgroup *
Subtype *
Organizational Key 20000156, 20000157, 20000201
In OOSP for particular Org key .
Auth profile Auth.Profile name
CTHR_CHENNAI CTHR_Chen
Auth profile No Plan Vers Obj Type Object I Maint Eval.path Status vec
CTHR_CHENNAI 1 01 O 20000156 O-S-P 12
CTHR_CHENNAI 2 01 O 20000157 O-S-P 12
CTHR_CHENNAI 3 01 O 20000201 O-S-P 12
In OOSB details
IN OOSB I have assigned Authorization profile to UserXXX, user can see all employee details in PA30 except one employee details , can
User name Autho.profile Start date End date Exclustion Display Objects
XXXX CTHR_CHENNAI 01.01.2005 31.12.9999
If i give Autho.profile --> all instead of CTHR_CHENNAI ..
HR executive can able see all employee details in PA30 ...
Let me know where exactly issue is there ...
Kindly suggest...
Maybe you are looking for
-
SSTP problem on Windows Server 2008 r2, clients getting error 0x8007274C
PROBLEM: Clients keep getting error 0x8007274C when attempting to connect to the VPN server using SSTP. SYMPTOMS: - L2TP connections works great --- L2TP connections generate RemoteAccess events in Event viewer, but none whatsoever for the failed SST
-
Registering with one iTunes account and buying apps with another...
Can you register a device to one account but purchase apps with another and if so...how can I do this?
-
How can I set a path without calling a JFileChooser? A program I'm working on needs to get a current listing of all the files in a folder that will never change, so I want to hardcode the path to save time. However, I can't figure out how to get the
-
My granddaughter install candy rush for me and I was playing fine and I do not have a problem when in need to buy life's but it doesn't let me go any further and I enjoy playing with my friends .Iam in level 41 and will like to see if you can help me
-
CATS Worklist - No display in ESS
Hi Guru's, We have an issue with displaying CATS worklist in ESS. We are in ECC 6, Ehp 4 ,CE enabled, EP 7.1 environment. We have implemented CATS worklist user Exit CATS001 extensively. In R/3,CAT2 worklist get displayed and it does seems to be fin