Restricting Authorizations to Variants at User level

Hi SAPians,
Can you help me to know how can I restrict variants to be displayed for particular users.?
Example: I am creating 5 variants in EMMACL transaction and give authorizations for the users only to particular Variants as below:
1. Variant1 --> Can be access by only users ERP-EHK, ERP-SAP & ERP-EJS
2. Variant2 --> Can be access by only users ERP-EAS & ERP-HJG.
3. Variant3 --> Can be access by only user ERP-EMM
4. Variant4 --> Can be access by only users ERP-EHK & ERP-UJY
5. Variant5 --> Can be access by only user ERP-EAS
Let me know how I can achieve the above requirement?

Hi,
i have assigned it at user level then why iam i
getting the currency code of site level ?Did you user to logout and login again after setting the profile option at the user level?
What if you set this profile option at the site/application/responsibility level, can you reproduce the issue then?
Thanks,
Hussein

Similar Messages

  • Business Blueprint -  Restricting authorization at Business Scenario

    Hi All,
    We would like to restrict authorizations at a Business Scenario level, say FI module users are restricted to update only their documents and only view SD documents.
    Can anyone let me know if this is possible?
    Thank you for your time.

    Hi Guys,
    Blueprints are available online!!
    Go through the links
    The Blue print for Business Inteligence:
    http://help.sap.com/bp_biv335/BI_EN/html/Business_Blueprint.htm
    Now if you are looking the Blueprint for any other modules, Select from the list
    http://www.sap.com/services/servsuptech/bestpractices/index.epx
    regards
    Happy Tony
    <b>Points == Thanks</b>

  • To restrict authorization of tcode MEK1,MEK2,MEK3,MEK4 at plant level

    Hi,
    We have  a requirement where we need to restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.
    Presently we can restrict authorization at Purchasing organization level but not at Plant level.
    Any pointer please!
    Regards,
    Chetan

    Hi,
    You can restrict the users for the authorization of these T-Codes on their  User ID. Take help of  Basis who controls Roles & Profiles. (T-Code PFCG)
    Hope this helps,
    Best regards
    Amit Bakshi

  • To restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.

    Hi,
    We have  a requirement where we need to restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.
    Presently we can restrict authorization at Purchasing organization level but not at Plant level.
    Any pointer please!
    Regards,
    Chetan

    First of all, this is not the right forum to post such a question.  Coming to the requirement, this can be achieved by creating a role in PFCG where you can restrict plant and assign this role to each user id.  Your basis team can do this.
    thanks
    G. Lakshmipathi

  • Organization Units Authorization on user level

    Hello experts,
    Is there a way to add authorization for an organization unit (i.e. Company Code) on a user (SU01) level and not on a authorization objects (PFCG) level?
    For example,
    I would like to create the following Role (profile):
    ZFI_AP_REPORT_DISPLAY
    This role should be able to display AP report from the Financial module.
    However our problem is, we would like to create authorization levels with organizational units for each user:
    For example:
    User Anson has ZFI_AP_REPORT_DISPLAY assigned but can only display Report from Company Code 3202.
    We know we can create this authorization creating several roles, like:
    ZFI_AP_REPORT_DISPLAY_3201
    ZFI_AP_REPORT_DISPLAY _3202
    ZFI_AP_REPORT_DISPLAY_3203
    but our idea is not create several roles, but to assign the Company Code authorization on a user level and leave just one role so we would only need ZFI_AP_REPORT_DISPLAY.
    Is there a way to do this?
    Thank you in advanced for your replies.
    Christine Tseng

    I agree with Jurjen.  There is no point creating a "new" authorisation concept for a few transactions.  If you use standard authorisation objects for the check in your custom tcodes then you will likely have very little work to do if you assign those tcodes to existing roles.
    Even using a custom auth object & creating the variants will take up no more time than doing something like repeating the variable functionality in BI or messing about with PIDs in the UMR (which I definitely do not recommend).  By sticking with the standard concept you ensure consistency, making it much easier to support and/or handover if you move on from the role.

  • Restrict Authorization at Material level during production confirmation

    Hi SAP Gurus,
    I would like to ask if its possible to restrict authorization at Material Level during production confirmation.
    Our scenario is we have SFG and FG which are handled by different group of people but it has the same Order Type. Now we want to restrict authorization such as one department can only confirm SFG and the other department can confirm FG only.
    Is it possible to set authorization at material type or production scheduler level. IF not possible, is there other way except creation of new Order Type?
    Thanks,
    Raymond

    Hi Raymond,
    DO you mean I should create a customized table for this?
    Yes
    Are there no standard way?
    As per my knowledge, you can control through production order type, so you need to create seprate order type for this
    Thanks,
    Sankaran

  • PM Organization Units Authorization on User Level

    Hello experts,
    Is there a way to add authorization for an organization unit (i.e. Planning Plant) on a user (SU01) level and not on a authorization objects (PFCG) level?
    For example,
    I would like to create the following Role (profile):
    ZPM_AUT_EQM_EQUIPMENT_DISPLAY
    This role should be able to display equipment from the Plant Maintenance module.
    However our problem is, we would like to create authorization levels with organizational units for each user:
    For example:
    User jsmith has ZPM_AUT_EQM_EQUIPMENT_DISPLAY assigned but can only display equipment from Planning Plant SL01.
    We know we can create this authorization creating several roles, like:
    ZPM_AUT_EQM_EQUIPMENT_DISPLAY_SL01
    ZPM_AUT_EQM_EQUIPMENT_DISPLAY_SJ01
    ZPM_AUT_EQM_EQUIPMENT_DISPLAY_AG01
    but our idea is not create several roles, but to assign the Planning Plant authorization on a user level and leave just one role so we would only need ZPM_AUT_EQM_EQUIPMENT_DISPLAY.
    Is there a way to do this?
    Thank you in advanced for your replies.
    Best regards,
    Fernando Montenegro

    Hi ,
    Could you share about your solution ? I think I have face the same problem as yours.

  • BASIS--to restrict authorization for a PO document type & 122 movement type

    Dear All,
    Plz guide me how to restrict authorization for a PO document type & for a movement type 122 i.e. for eg. if a user has authorization for PO document type IC then he should not be able to rum movement type 122 for any T-code he runs.
    Thanks in advance
    Arpit
    Basis

    Hi,
    Your request was not too clear to me.. As per my unde
    Here is some details of Authorization object related to Purchase Order:
    Document Type in Purchase Order( M_BEST_BSA )
    Purchasing Group in Purchase Order (M_BEST_EKG )
    Purchasing Organization in Purchase Order  (M_BEST_EKO)
    Plant in Purchase Order  (M_BEST_WRK )
    Document Type in Outline Agreement (M_RAHM_BSA )
    Purchasing Group in Outline Agreement (M_RAHM_EKG )
    Purchasing Organization in Outline Agreement ( M_RAHM_EKO )
    Plant in Outline Agreement ( M_RAHM_WRK )
    This can be helpfull to you to restrict authorization to PO..
    In Organization Level, it can be restricted by Purchasing group, Purchasing organization and plant..
    Regards,
    Sandip

  • Authorization Object at course type level in LSO

    Hi Experts,
    We are trying to restrict authorization  for users at Course type level or each course level.
    Is there any authorization object available in SAP Standard roles (PFCG) to restrict users at Course level.
    Maximum points would be rewarded for useful solution.
    Regards
    Basavraaj Patil

    Hi rao,
    thanks for reply,
    Would you please elaborate it please?
    Regards,
    Basavaraj Patil

  • Authorization for Variants, Views and Folders

    Hi SDN'ers,
    How can you manage the edit restrictions on a variant, view and folders? I mean how can you make sure certain users dont change or delete a variant for example? This has to do with authorizations and the role where you publish it in.. but i don't know the full details about it.
    Thanks.

    The easiest way to discover what's being checked is to perform the actions you mention with a user that has sufficient authorizations, while tracing the user with ST01 (here you can perform a trace on authorizations, except for all the query display authorizations wich you can check with rsecadmin).
    In this way you can see exactly wich objects and values are being checked and thus you should be able to discover the objects and values that you need (if available).
    Regards,
    Jesse

  • Cost element group authorization check on controlling area level

    Hi!
    When maintaining cost element groups (KAH1, KAH2, KAH3) is it possible to run an authorization check on controlling area level?
    We have one global chart of account but several controlling areas. When we create a cost element group it is created at chart of account level for all the controlling areas. When someone changes a cost element group it changes in all controlling areas. I cannot restrict user's authorization to be able to change cost element groups only in their own controlling area.
    Is it possible somehow?
    Thanks for your help.

    Hi,
    Like how the global chart of accounts is at the client level, the cost element groups are also independent of the controlling areas.  Infact, the cost element groups are created at the global COA level. 
    In such a case, I don't think it is possible to restrict the authorizations to amend the cost element groups at controlling area level.
    Thanks and Regards,
    Bhuvaneswari.S

  • How to restrict table data at a row level?

    Hi everybody,
    I need create a database user and restrict his data access to certain tables.
    What is the best way to do this?
    Eg Table Emp has two columns, sal and dept. Sal has three distinct values: 500, 1000, 1500.
    I need to make it so that new_user can only see the data in table emp where the sal value = 500.
    Many thanks
    Rup

    You can use row-level security (VPD) for this sort of thing, so you assign a policy to the table that restricts which rows a particular user can see.
    You can also roll your own solution by creating a view on the table and granting the user access to that view rather than direct access to the table.
    Justin

  • How to restrict the department to not user other departments' equipment?

    Dear SAPIENTS,
    How to restrict the department to not user other departments' equipment? If suppose any one creating order for equipment having different authorization group then system should not allow me to do this.
    Regards,
    Kaushal Rai

    Kaushal Rai,
    Use Authorization group for technical objects, create authorization gruops in IMG and assign the same to the Equipment master and block the other department with the same authorization group. For ristricting the authorization group to other departments after creating and assigning it to the equipment seek help from your BASIS team.
    goto the below path for cerating the Authorization group:
    IMG - PMCS - Master data in PMCS - Technical Objects - Define Authorization groups:
    Here you define the authorization groups, after completion of this step go to the Equipment master in General Data tab page there is a feild Authourization Group, mention the respective authorization group and provide this Authorization gruop value to the respective user in the user role with the help of BASIS Team.
    Regards,
    Praveen.

  • Issue in User Level Simulation in GRC 10.0

    Hello Every one,
    Before i Jump into the question, please find below the screen shot which tells about the B.P(Business process),Functions created in test system(GRC 10.0), where as the roles and corresponding users which have been created in back end system connecting to GRC 10.0.
    Now when i am trying to run a risk analysis on user TEST_RISK(TEST_ROLE_RISK role is assigned and pfa the authorizations in the role), i will be shown the Risk R001.
    Now i am trying to run user Level Simulation on the above user TEST_RISK and i am trying to simulate by adding a new role TEST_ROLE_RISK3 as shown in the below screenshot at Action level,Permission Level,Critical Action level ,Critical permission level.
    Even though i select the option, Risk from Simulation only, when i try to execute at action level , it is also showing me the risk which coming from the actual role assigned but not from the simulating one.
    Thanks and Regards,
    Naga.

    Hi Naga,
    there are some notes which might help to fix the problem. Especially the first might fix your problem.
    http://service.sap.com/sap/support/notes/1895502
    http://service.sap.com/sap/support/notes/1953347
    Please let us know if it helped.
    Regards,
    Alessandro

  • HR Authorization issue for specfic User

    Dear all,
    One of the HR user , he can run payroll on particular site ,
    i have assigned Org key of site to master data on the particular role .
    User tried to run payroll using pa30 with personnel no (one of store user) .
    but system is not take any value and its not showing any error also .
    For example pls check below detail i have tried my user id and system has shows below details of the user (below details is one of the store user ).
    Personnel no.   2941
    Name         A  Mohammed Younus
    Personnel ar ZOSO                            EE group   A
    Subarea      STCH                            EE subgrp  3E
    Kindly suggest to resolve the issue
    Note : 1, i have deleted the user and i have recreated role .
    2, i have copied another user role (he can run payroll) to effected user ,even though he cant able to run payroll.
    Edited by: satheesh0812 on Dec 17, 2010 9:29 AM

    Dear all,
    I dont thing so there is no issue with Role  ,only issue with Structure Auth..
    Becoz pls check below Authorization Object.
    Changed    HR: Master Data
      Authorization level            E, M, R, W
      Infotype                       *
      Personnel Area                 *
      Employee Group                 *
      Employee Subgroup              *
      Subtype                        *
      Organizational Key             20000156, 20000157, 20000201
    In OOSP for particular Org key .
    Auth profile              Auth.Profile name
    CTHR_CHENNAI     CTHR_Chen
    Auth profile             No  Plan Vers Obj Type   Object I         Maint Eval.path Status vec
    CTHR_CHENNAI     1     01               O                   20000156              O-S-P     12
    CTHR_CHENNAI     2     01               O                  20000157             O-S-P     12
    CTHR_CHENNAI     3     01               O                  20000201            O-S-P     12
    In OOSB details
    IN OOSB I have assigned Authorization profile to UserXXX, user can see all employee details in PA30 except one employee details , can
    User name Autho.profile                           Start date        End date            Exclustion Display Objects
    XXXX          CTHR_CHENNAI                     01.01.2005     31.12.9999
    If i give Autho.profile --> all instead of CTHR_CHENNAI ..
    HR executive can able see all employee details in PA30 ...
    Let me know where exactly issue is there ...
    Kindly suggest...

Maybe you are looking for