Restricting Specific OOTB according to Role

Similar Messages

• Restricting the Visibility of FireFighter Roles to selcted users

  Dear Experts,
  Is there any way to restrict the visibiilty of FireFigher roles in GRC CUP to only few authorized users. we have a requirement where a group of authorized users should be able to check out fire fighter roles on their own and these roles should be provisioned automatically to these users and then de-provision those roels after some time.  These  rolese should not be visible to the rest of the users.
  Any throughts on this would be greatly appreciated.
  Thanks
  Kumar

  Kumar,
    There is no straightforward or right way to do this as this feature is not available in CUP.
  You can associate those users with a functional area and restrict the role selection by functional area. Also, associate the roles with the same functional area. Again, this is not going to force users unless you bring functional area from the data source like LDAP and keep the field non-editable.
  Regards,
  Alpesh

• Restrict Specific Schema to Access iSQL PLUS

  Hello Experts,
  Is it possible to Restrict specific schema user to login in to the isqlplus?
  Thanks and Regards,
  Kets

  I was advised to use http://download-west.oracle.com/docs/cd/B12037_01/server.101/b12170/ch3.htm#CIHBGEAC "Enabling SSL with iSQL*Plus".

• Restricting assignment of reports under roles to specific infocubes

  Hi,
  We have a kind of authorization problem in our BW with respect to roles.
  The problem is that users of the BW may assign a new query to any of their assigned roles regardless of which infocube the report is generated from.
  Is there anyway to restrict this assignment such that certain roles can only be assigned reports/queries from specific infocubes?
  Thanks in advance,
  Rasmus

  Hi,
  I believe that's not possible...
  If you give authorization for your user to retrieve queries from InfoCubes A and B, he or she will be able to save them on every role he has access (for instance, roles R and S).
  You want:
  A --> only to R
  B --> only to S
  But, as you can see, on S_USER_AGR you specify authorized operations for specific roles, but nothing about object types. So, if you allow adding entries to a role menu user will be able to add whatever object he has access to.
  Maybe someone has a workaround... though I believe it's not possible.
  Regards,
  David.

• Report to find specific purchasing org in roles

  Dear Experts,
  I hope this is not a stupid question, I have searched the forums but cant find a similar post:
  I am looking for a report that will help me to identify all of my roles (we only use single roles) that contain a specific purchasing org.  I have tried SUIM and dont seem to get anywhere.
  Does anyone know if there is a report or table that I can use?
  Thanks you
  Dawn

  > Try table AGR_1251 with field $EKGRP for purchasing group . If you know the authorization object then you can input it while searching.
  How is looking for a field for a purchasing group going to help her finding specific values for a purchasing organization? (see post title)
  Besides that, why restrict on the object and risk missing stuff?

• Authorization according to roles

  Hi Experts,
  My requirement is that -
  if an employee apply for a  training ,than the particular training should be accesible according to his/her role in the organization.Please provide me the code or material for this.
  example : If an Software Engg.  apply for  the Manager Training ,than a pop should occcur that
  " This training is not applicable for your role"
  This is in HCM Learning module.Please Help me in this requirement.
  Thanks In Advance,
  Sachin Sharma

  Training is Event type
  so u can restrict the Even base on the Employee Group but not base on PERNR
  Check with ur Basis Person and check the object P_ORIGIN
  say
  only Soft ware engineer can applicable for that  event Type but not for other event
  quite lengthy
  check and let me know
  this is for ur infot iam nt sure

• How to set a link to a specific workbook in a Role Menu

  Hi guys i need to put in a Role menu the link for a specific workbook in BEX i find that is possible but i can´t find the option to aggregate the menu entry....
  I hope somebody could help me.....
  Regards
  Message was edited by: Oscar Diaz

  a

• How to Restrict Search based on the Roles for External crawled sites

  I have a situation where the search results have to be restricted based on role
  When External sites are crawled, how can we restrict the search results based on roles,
  I know that we can restrict the search to a group or set of groups that can contain many users but if the group have different roles and if that group has given access to a web repository search, how can we restrict the document/search access based on roles for the same group?
  For Example an Index that has external site as data source and the permissions were set for a group and that group has 2 roles, lets say <b>"Admin" and "user"</b> and the external site have some documents when searched the documents should come up only for the "Admin" role during search, but should not come up for the "user" role
  Is it possible to achieve this? Is there a solution?
  Any advices are greatly appreciated and awarded
  Thanks,
  kk

  Is it possible to restrict on role based?
  Any suggestions are appreciated
  Thanks
  KK

• Assiging task to specific user in a role

  Hi,
  I want to assign a task to a specific user in a specific role. However, it seems
  that using wlpi I can assign tasks either to a user or to a role !!!
  Is there a way where I can assign a task to user in a role e.g. assign task1 to
  user John in a Manager role....as user may be having multiple roles in the system..
  Regards,
  Vinkal

  Hi Vinkal,
  Could you pls tell me how to do this in wli 8.1 sp2 if you have any idea?
  Regards
  Sai
  "Vinkal Kumar" <[email protected]> wrote:
  >
  Hi,
  I want to assign a task to a specific user in a specific role. However,
  it seems
  that using wlpi I can assign tasks either to a user or to a role !!!
  Is there a way where I can assign a task to user in a role e.g. assign
  task1 to
  user John in a Manager role....as user may be having multiple roles in
  the system..
  Regards,
  Vinkal

• Trying to restrict access to Business Partners Roles and Relationships

  In CRM 7.0 I am trying to restict access to creating and maintaining certain Business Partner Roles and Relationships.  Some roles and relationships are brought over from our primary R/3 system and users are not allowed to change these.  However, certain Roles and Relationships exist only in CRM and should be allowed.  I am working with the authorization objects B_BUPA_RLT and B_BUPA_BZT.  The only field that seems to be checked is the Activity.  Even when I put limited BP Roles it seems that this field is not being verified.  My security trace returns the following:  B_BUPA_RLT  ACTVT=02;RLTYP= ;

  Authorization object B_BUPA_RLT as used in SAP GUI can't be used in CRM WebClientUI. In SAPGUI business partners always need to be maintained in a bp role regardless of the update-characteristic of this bp role. As there's no authorization-object to control maintenance of bp in general, auth. object B_BUPA_RLT also was used to restrict visibility of bp (data). The creation of a bp is controlled by assigning authorizations for the maintenance of bp roles. If i.e. no authorization for any bp role is available, the user can't create a bp at all. Authorization object CRM_BPROLE is in CRM WebClient UI used instead of authorization object B_BUPA_RLT.
  For more info about this see the following notes:
  1129682 - Authorization for BP roles in CRM5.2 WebClient UI.
  1259940 - Authority check for accounts depending on roles
  regards.

• Exclude or restrict toplevel navigation to less roles

  Hello,
  in one of our use-cases for the Netweaver Portal we want to give all employees two basic roles. This is done best by assigning these roles to the built-in group Authenticated users. So far so good.
  But what are our opportunities if we want the hide these two roles in the toplevel navigation for a specific group of people. So approximatly 98% of our users should get the roles but 2% shouldnt. I cant take this 2% away of the group authenticated users.
  We would really appreciate any help on this issue and reward points.
  Thanks and regards
  Markus Armbruster

  Hi Markus,
  I still can't see where the admin overhead with PCD filtering should come from. It's just a rule which the portal admins have to be aware of - but noone has to "do" anyhting, so there is no additional administrative task (once it is implemented). The question "users start asking why they're not seeing some content" would be the same independent from the technique you will be using!
  Anyhow, if you prefer implementing my second approach, I would advise this only in EFP scenarios and not as you wrote removing some of the initialNavNodes, but just not to render them. Within an EFP / light TLN, you have control over the TLN entries which will be rendered, and it would be easy to check the nodes if they are one of the two "maybe-to-hide"-nodes and in this case to check the current user, if the nodes i´n fact shouldn't be rendered. Still, that would happen on server side.
  Hope it helps
  Detlev

• Restrict specific sales order type during data collection............

  Hello Gurus,
  Can we restrict a specific order type of sales order in getting collected during the data collection, or is that the only way is customization, like remove all the sales orders with a specific order type after the data collection.
  can somebody help me on this.
  Thanx & Regards

  You can try defaulting rules to default the demand class so that you can exclude these demand classes during MDS..

• Restricting SCC4 Tcode, from the Role that was extracted from SAP_ALL profile

  Hi,
  Recently we have created a role extracting from SAP_ALL profile. We have deactivated many Basis, and other Critical Tcodes for our Dev & QTY systems by identifying the authorization objects.
  But- for SCC4 we want to know if there is any other way to restrict the access.
  Since we created the role by extracting the profiles from SAP_ALL. S_TCODE has * value, and S_TABU_CLI: has "X" value.
  - problem is we cant deactivate or limit the usage of S_TABU_CLI:X as we have many ZTcodes for direct maintenance, which needs this AO.
  - At the same time, we are trying hard to restrict SCC4.
  So, please suggest if there is any other alternative way to restrict Tcode SCC4, by not being able to run using the New Role.
  Regds,
  Satish.

  First of, let me say that I fully agree with Sunil Bujade. The building block approach is the way to go when designing roles.
  But if we're being practical, you could use authorization groups for tables (T-code SE54) and assign a custom auth. group to table T000. Then use this group to authorize (or actually not authorize) with object S_TABU_DIS.
  Again, this is just a practical tip. The whole "create a role from SAP_ALL" thing is a totally different subject altogether.
  Good luck!
  Dimitri.

• Restrict the payments according to Doc types while F110 PAYMENT RUN

  dears
  While doing F110 (Automatic payment run) we want  restrict the payment as - the sytem should  pick only  a particular document type (WE  type)  sitting as open item  or  a particular document type for a particular vendor sitting as as open item?
  For example KR DOC types  only need to  pick for a vendor code "XXXXX"
  For this what setting is required at FBZP (Automatic payment ment Programme settng) and / or at any other area like XK02 (vendor master data) ?

  Hello,
  You dont need to make any changes in FBZP or vendor master.In F110, in the "Free selection" tab, in the Field selection do F4, choose Document type & in the values field give the Document type you want to include in the Proposal.
  In the next line you can again choose the Field name as "Document type" with exclude tick, you can give the document type you dont require.
  Save the proposal & run the payment run.
  Hope this helps.
  Regards,
  WNR

• Restrict specific tables from SE16/SE11

  Dear Experts,
  We have a requirement of lock from view of some specific tables in SE16/SE11. Please provide the solution.
  Regards
  Shishir

  Create a new authorization group from SE54.
  Go to SE54, then select Authorization group and click create / change.
  Here create a new authorization object by clicking the new entries.
  Then note the authorization group and assign the authorization group to table.
  Go to SE11, enter the table name, click display. Then select Utilities - Assign Authorization Group.
  Then click edit and enter the authorization group (which is created earlier)
  Then in PFCG, for authorization object S_TABU_DIS enter the authorization group.
  Now check the tables in SE16.