Restricting USER to see his related information only

Similar Messages

• Restrict user to see the contents of a transparent table

  Hi fnds,
  i want to restrict users in seeing the contents of a database table..
  ithat is, when they go to se16 and hit enter.. and try to execute F8 button.. it should not show any records and no access should be available to that user...
  Can this be possible with auth object - whoever is authorizeed they only shoud see the contents..
  how to do this.. this table doenst not have table maintanence -- no SM30 data maintancne..
  help me,
  thanks
  Niraja

  This is part of the table definition in the data dictionary (not sure with what release that was introduced, but if you're not on an old system you should probably have it). I.e. in the data dictionary (SE11) on the Delivery and Maintenance tab for the table you have a field Data Browser/Table View Main., which you should set to N Display/Maintenance not allowed. If you check the F1 help on the field you'll get a nice long explanation.
  If you don't have this option (on an old release) check out OSS note [26909 - SE16 - Security|https://service.sap.com/sap/support/notes/26909], which explains your other option via authorization object S_TABU_DIS (access control might be a bit too coarse). See also OSS note [546797 - FAQ Data Browser (SE16)|https://service.sap.com/sap/support/notes/546797].
  Cheers, harald

• Anyway to restrict users to see only the Materials belonging to that partic

  Hi All,
  Is there anyway to restrict the users to see only the Materials belonging to that particular plant.
  Generally, User can see all the Materials(Materilas extended to all the Plants).
  We had a requirement that the User should not see Materials extended to all the Plants.
  He should be able to see only the Materials extended to that particular plant user belongs to.
  Our system is EBP 3.O
  Thanks
  Sunil.

  Hi Sunil,
  You may have to modify the search help to restrict the O/P list for services product category.
  At one of our early implementations,for the product search in the link "Internal Goods/Services,we modified the search help "BBPH_PRODUCT".We attached a custom function module exit to this search help in which the logic was written for retrieving the products based on plant .May be you can think of something similar.
  HTH.
  BR,
  Deepti.

• User can see all resources, not only Permitted for his/her Organization

  Hi,
  I have set three self-serviceable resources as Permitted Resources for a specific organization. So if I click on Permitted Resources for that organization I can see only those three...
  When an user of that organization clicks on Request New Resources, all self-serviceable resources are listed to the user, not only the Permitted Resources. I thought the user could see only the permitted resources...
  If I log as sys admin and Request Resources for an user of this organization, I can see only the three permitted resources.
  I saw the sql statement that OIM run to list the resources:
  select
  obj.obj_key,obj_name,obj.sdk_key,sdk_name, obj_order_for,obj_auto_prepop, obj_type,
  obj_allow_multiple, obj_self_request_allowed,obj_autosave,obj_allowall,
  obj_rowver, obj_note,obj_autolaunch
  from obj obj
  left outer join sdk sdk on obj.sdk_key = sdk.sdk_key
  where obj.obj_key in
  select distinct obj.obj_key from obj obj
  left outer join sdk sdk on obj.sdk_key = sdk.sdk_key
  left outer join acp acp on obj.obj_key = acp.obj_key
  left outer join oba oba on obj.obj_key = oba.obj_key
  where
  obj.obj_self_request_allowed='1' or obj.obj_key in
  select obj_key from acp where act_key in
  select act_key
  from usr
  where usr_key= 5 and acp_self_servicable = '1'
  ) and
  obj.obj_order_for = 'U' and
  (obj.obj_type='Application' or obj.obj_type='Generic') and
  obj.obj_key not in
  select pop.obj_key
  from pop pop, pol pol, pog pog, ugp ugp, usg usg
  where
  pop.pol_key=pol.pol_key and
  pol.pol_key=pog.pol_key and
  pog.ugp_key=ugp.ugp_key and
  ugp.ugp_key=usg.ugp_key and
  usg.usr_key in (5) and
  pop.pop_denial='1'
  ) and
  obj.obj_key not in (
  select distinct obj.obj_key
  from obj obj, obi obi, ost ost, oiu oiu
  left outer join orc orc on oiu.orc_key=orc.orc_key
  where
  oiu.obi_key=obi.obi_key and
  oiu.ost_key=ost.ost_key and
  upper(ost.ost_status) <> 'REVOKED' and
  obi.obj_key=obj.obj_key and
  oiu.usr_key in (5) and
  obj.obj_allow_multiple='0'
  ) and
  obj.obj_key in
  select distinct obj_key
  from pkg
  where pkg_type='Provisioning'
  As you can see in the query above, if I change the snippet below the result is what I expect.
  obj.obj_self_request_allowed='1' AND obj.obj_key in
  Did I miss to set something or doing something wrong?
  Thanks,
  Renato.

  Sorry, but I do not understand your last reply. You mentioned the following:
  for option B, even when option A is unchecked, you can set self-request only for a specific organization when assign permitted resources.
  Isnt this what you wanted? You should set the resource as permitted resources in all the organizations whose users can request that resource. I have implemented this and it works just fine. It works for both types of requests. a) My resources -> request new resources and b) Requests -> Resources -> Grant resources.
  In case of b, depending on the organization to which the selected user belongs, the Resource is displayed. all resources are not displayed.
  So the solution is to uncheck in RO and put the resource under specific organizations permitted resources and make it self-requestable. It should work fine. Let me know your exact issue if it does not work this way.

• Restrict user to read his own leads not other leads even team members also

  Hello
  I have requirement to restrict the user not to see all the records even his team records also. I have tried by using Roll management wizard(2nd step can read all the records) also, in my trail instance it is working fine, but while in my production instance it is not working fine. How it so. Do you guys have any idea regarding this. Could you please help ASAP. Thanks in Advance.
  Thanks & regards
  Subbu

  i haven't placed any books in my application as well as all the related information is correct, but still i am getting the error. In the Lead page i was able to read my own leads only but while in the Account Lead detail page it was showing all the lead records belongs to that account and in my Account lead relationship page it was view access only, i was trying to make it as no access, but in my UI it was showing Access denied. Could you please suggest in a broader way.

• Restrict user to see specific employee record

  How I can rsHow can I restricted a user to see the only those employee whose location_code(assignment form Location Code) like XX
  Edited by: user12879396 on Mar 11, 2012 6:24 AM

  Hi Dear,
  It shouldnt be much difficult. Just follow the below example steps:-
  step1. Navigate to HRMS Manager responsibility -->Security --> Profile
  Step2. Give the name and other details and select the tab "Custom Security"
  Step3. write code like below
  ASSIGNMENT.location_id in (select LOC.location_id
                           from hr_locations_all LOC
                           where LOC.location_code
                           in ('London','Paris'))
  Step4. Save your work and attach this security profile to the responsiblity where you want this restriction.
  Hope this helps.
  Thanks,
  Avinash

• Anonymous Users can see pages and files only about 10 minutes

  We have set Anonymous access permission to an KM repository. After the portal restarting very strange things are happen. An user who belongs to the Anonymous Users group can see and open pages (created by WPC),  files and hyperlinks. But after about ten minutes of such browsing a login screen begins to appear. Since that time the user canu2019t see and open any file of the repository.
  We have accurately read and applied recommendations of the Note 837898 - How to configure anonymous CM access.
  All URL Generator Service properties are exactly satisfied recommended values (e.g. /irj/go/*).
  We have granted Read permissions to all required repositories and recourses for Everyone and Anonymous Users groups (checked End User fieled as well).
  The site navigation structure and pages have been developed by mean of Web Page Composer (WPC).
  Security Zone (no safety) of WPC has been set with Read permission of Everyone and Anonymous Users groups.
  How to work around this?

  >
  Kyle Lawrence wrote:
  > Vladimir -
  >
  > Vladimir -
  >
  > Does this behaviour occur outside of WPC? 
  This behavior occurs then we click link inside pages generated in WPC. After that the anonymous see the login screen.
  > For example, if the anonymous user only has portal content, does the timeout occur? 
  What do you mean? Between ten and twenty minutes an anonymous user lost the ability to access any pages generated in WPC, any file contained in the portal, any XML Forms generated by XML Forms Builder (e.g. the News XML pages).
  > Does the timeout occur if the user does not navigate anywhere in the portal? 
  I'm not sure we didn't check. It's most likely that after a number previews of the pages it happens.
  > Does the timeout occur with  only KM and not WPC?
  >
  Again between ten and twenty minutes an anonymous user lost the ability to access any pages generated in WPC, any file contained in the portal, any XML Forms generated by XML Forms Builder (e.g. the News XML pages).
  Please read the following clarification of our situation.
  During setting up access of anonymous user to Web Page Composer pages we need to use Web Content repository that is not in the Documents repository.
  As is in the note 837898 there are no prefixes for WPC pages in the URL Generator Service.
  So the an anonymous user get login screen then attempt to access any WPC pages of the Web Content repository.
  How to achieve that content in the Web Content repository get as Content Link property the value '/irj/go/km/docs/wpccontent/u2026', rather than '/irj/servlet/prt/prtroot/...'?
  > It almost sounds like the user's logonticket has expired after 10 minutes.
  >
  As far as I know an anonymous user doesn't provided with logon ticket at all. You can check this in the SDN SAP Help.
  > Regards,
  >
  > Kyle

• Restrict users to see some colums from an report

  Hi,
  is there a way to restrict users (group of users) to see some columns in a report.
  For example:
  mr X to see both quantity and price columns
  and mr Y to see just quantity column
  in the same report
  or I have to make 2 report one with both columns and one with just an column.
  Thanks in advance
  best regards
  Nicolae Ancuta

  Hi Nicolae ,
  Security is enforced on two levels:
  Object-level security controls access to Metadata Repository objects (configured in
  Administrator Tool), and Web Catalog objects such as Folders, Filters, and Dashboards, etc. (configured in BI Answers Web Application). Data-level security controls access to content and data in end-user Reports and Dashboards (configured in Administrator Tool). Administrator Tool Manage Menu item Security Manager is used to define Users and User Groups and define Repository permissions.
  Data-level permissions can be set to above Groups and Users from the Presentation Table properties dialog box of each Subject area.BI Answers Web Page, Settings Menu
  Administration, to view and administer privileges associated with various components of the Answers Web application.
  More here in the documentation
  http://download.oracle.com/docs/cd/E10415_01/doc/nav/portal_booklist.htm
  Regards,
  Mohammad Farhan Alam

• Delete user and all his related data form the relation table

  HI All,
  I have user and for the user i have 3 more tables with additional fields that relate to the user
  the the user is a key on the 3 tables and relate with foreign key .
  in case i want to delete the user and i want that all the user data from all the related table will be deleted how can i do that ?
  Regards
  Joy

  HI,
  The user is in Z DB tables so i cant delete it with this bapi,
  The problem is when i have 4 table and i want to delete the user from them like that :
    DELETE FROM: (sv_user_table_name) WHERE userid = iv_user_id,
                 (sv_add_fld_table_name) WHERE userid = iv_user_id,
                 (sv_att_table_name) WHERE userid = iv_user_id,
                 (sv_app_attributes_table_name) WHERE userid = iv_user_id.
  IF sy-subrc <> 0.
      RAISE EXCEPTION TYPE .....
  if the user are exist in the first and the second table and not in the third and four
  i get the sy-subrc = 4 despite the user has deleted from the first and seconed tables
  there is nice way to overcome this issue ?
  Regards
  Joy
  Edited by: Joy Stpr on Aug 3, 2009 8:57 AM

• Restricting the user to view his information

  Hi frnds,
  I have a report which is having the information of Actual sales and Planned sales of all employees.
  If a user i.e the employee login into the portal is able to all employees Actual sales and Planned sales information.
  But here my requirement is the user who ever loged in has to see his Actual sales and Planned sales information only not the others.
  So here how can I restrict the user who ever loged in can see his sales information only?
  I think it is possible through authorizations. Am i correct?
  If yes How can i proceed?
  Thanks & Regards,
  sridhar

  Hi Sridhar,
  Check this thread..
  /message/1143264#1143264 [original link is broken]
  Might help u in some way..
  -Pradnya

• Can you share iCalander/Address Book with other users and restrict them from seeing certain entries?

  I'm doing some research for my boss concerning iCloud. He would like to setup a way to syncronize iCalender and the Address Book between three users but keep his personal information private. For example, he wants to be able to update his calender from his phone about an upcoming meeting/project so that the three computers at work are all updated and see upcoming events. Same goes for the contacts. If he adds a new contact or if I add a new contact, for a client or whoever it may be, he wants it to sync up for everyone. At the same time, if he adds a personal event to iCal such as, "Dinner with the girlfriend" or something irrelevant to work, he doesn't employees to be able to see that. My first idea was to setup an iCloud account but I'm wondering if you can even restrict certain things within an account.
  Anyone have any other ideas? They would be greatly appreciated.

  iCloud appears to provide no Address Book sharing. You might be able to do this through Google, but it would be likely to be all contacts or none.
  iCloud allows you to share calendars privately (editable if you wish) to other iCloud users or publicly (non-editable) to anyone - they would need a CalDAV client to read it, such as iCal or Google Calendars.
  You share individual calendars, so private events should be in their own calendar which is not shared.
  More on Calendar sharing here:
  http://support.apple.com/kb/PH2690

• Is there a way to see the photo information on the iCloud sharing pages?

  There seems to be an issue with Apple wanting people to see the information for each photo easily.  When I share a photo in a shared album on iCloud, I don't see the title nor do I see any photo information, only the date that the photo was shared. 
  I DO see the date of the picture when it's in slide show view, in light font at the bottom right-easy to miss, but not when it's the basic view that allows us to scroll through the photos. 
  Is there a way to see the title and date of the photos on the left where the black space is and the sharing info is?
  It seems that this whole Photos program is half-done...
  Thank you,
  Dave

  There is an App at the App store called "Battery Magic". You can get a trial version, (free) that will show you what you want to know, including battery life, and how long you can play games, music and other things on your current battery life.
  You can also download the full version. I think its $0.99.

• Restrict user to view All folders in WebI

  Hi,
  I am using BO4.1, we have many report folders. We want to restrict users to have view access to only one specific folder.
  Users dont have rights to view reports of other folder.
  Please guide me steps to apply this restriction.
  Warm regards,
  Sonal

  Hi Sonal,
  I think the problem is with the Access level for that particular user.Just check whether the rights are not inherited from any group.
  OR
  You can try following steps:
  1. Recreate the user.
  2.Go to that particular folder which you want to grant View.
  3.Right click and go to user_security -> Everyone -> select the user -> View security -> add principle -> available access level -> grant "view/full control" whatever grant you want to assign.
  Now he can only view/modify that particular folder.
  For more help check the topic in Admin Guide.
  http://help.sap.com/businessobject/product_guides/boexir4/en/xi4_bip_admin_en.pdf
  Hope it helps!
  Regards,
  Shardendu

• Related Information link on Vendor & Voucher Component not appearing on 9.1

  Greetings All,
  I am not able to see the "Related Information link" on the Vendor & Voucher Components. I know this feture is something new and delivered as part of 9.1; Can someone help me out? How can i see this on my components.
  Thanks in advance.

  Do you have an authentication domain setup for PIA/web profile?
  Is your integration broker setup properly?
  Have a look at this post
  http://bloggingaboutoracleapplications.org/setting-up-predelivered-related-content-services/
  Edited by: Hakan Biroglu on May 30, 2013 9:23 PM

• Restrict people to see only spool requests from one group of users

  I would like to restrict people to see only spool requests from one group of users defined somewhere inside role.
  I am playing with S_SPO_ACT authorisation object but with no positive result,
  Please help

  There is a note  Note 119147 - Spool: Authorizations (https://service.sap.com/sap/support/notes/119147)
  Object for "Selection authorization for spool requests" is S_ADMI_FC where "Operation authorization" use S_SPO_ACT
  Regards