Restriction in MIGO at user level

Similar Messages

• Restricting Authorizations to Variants at User level

  Hi SAPians,
  Can you help me to know how can I restrict variants to be displayed for particular users.?
  Example: I am creating 5 variants in EMMACL transaction and give authorizations for the users only to particular Variants as below:
  1. Variant1 --> Can be access by only users ERP-EHK, ERP-SAP & ERP-EJS
  2. Variant2 --> Can be access by only users ERP-EAS & ERP-HJG.
  3. Variant3 --> Can be access by only user ERP-EMM
  4. Variant4 --> Can be access by only users ERP-EHK & ERP-UJY
  5. Variant5 --> Can be access by only user ERP-EAS
  Let me know how I can achieve the above requirement?

  Hi,
  i have assigned it at user level then why iam i
  getting the currency code of site level ?Did you user to logout and login again after setting the profile option at the user level?
  What if you set this profile option at the site/application/responsibility level, can you reproduce the issue then?
  Thanks,
  Hussein

• Column Level restriction on Oracle 9i User

  i want to implement the column level restriction on oracle 9i users but it is not implementing. can u help me in this regard.

  Use Fine-Grained Access Control/Virtual Private Database (VPD)
  http://download-east.oracle.com/docs/cd/B10501_01/appdev.920/a96590/adgsec02.htm

• Restriction for Migo if import custom miro is not done.

  Dear Consultant ,
  I want to put restriction over migo for import PO.
  If the custom duty miro is not done , it should not allow /restrict user for migo.
  Kidnly suggest user exit or badi or any other solution for the same.
  Thanx
  Pradeep

  The only problem with these notes is that it will not validate if custom duty invoice is passed? In case freight invoice is passed it considers that also as a valid document .
  As suggested in the note you can use BADI:  J_1IEXGM_BADI_LINE_MODIFY in that enhancement spot ( around line 996-997)  and add the validation of in EKBZ for that PO, KSCHL= " custom duty condition"  and it should give error message if invoice does not exist.
  This logic will work if  invoice is posted for the full qty.
  Other wise you can use user exit and badi as suggested by   Ajit , MB_MIGO_BADI, exit mbcf0002. in that logic if custom duty invocie is posted ( check in EKBZ- kschl= " what ever you custom duty conditions are for that EBELN and EBELP). If no then throw error message.
  Regards
  Sangeeta

• How can we do personalization at User Level

  Hi ,
  I have extended a controller .
  and I have to replace the seeded controller to extended controller using personalization at User Level.
  Can any one suggest how can we do personalization at user level.
  Regards,
  Krishna.

  Hi,
  If you have extended controller then why don't you use profile option for restricting at user level.
  In controller use as following :
  processRequest(...)
  super.processRequest(...);
  String userProfile = pageContect.getProfile("Profile option name");
  if(null!= userProfile && !"".equalsIgnoreCase(userProfile.trim()) && "userRestriction".equals(userProfile.trim()))
  //do your changes
  follow same in processFormRequest as well.
  Once it is done...replace you controller at site level. It will only work for the users for whom the profile option is set.
  Regards,
  Mukesh Uchaniya

• Disable profile option updation at user level

  I want to disable the profile option HR: Security Profile or for that matter any other profile option at user level. The user should be able to see the value set by the system administrator (Field should be grayed out) and user should not be able to update it.
  How to do it??

  Try a personalization combined with custom PLSQL, like this:
  1) Acces System Profiles
  2) Help->Diagnostics->Custom Code->Personalize
  3) In the newly displayed Form Personalization form, create a line with a description like this: Prevent modification of USER_VISIBLE_VALUE
  4) In the Conditions tab, set Trigger Event = WHEN-NEW-ITEM-INSTANCE
  5) Set Trigger Object = PROFILE_VALUES.USER_VISIBLE_VALUE
  6) In the Condition text area, enter:
  apps.xxror_test_sysprofile(:PROFILE_VALUES.USER_PROFILE_OPTION_NAME,'USER')=1
  7) Set Processing Mode to Both
  8) Switch to the Actions tab and create two actions:
  first:
  type = property
  description = Don't update
  Language=all
  enabled=yes
  object type=Item
  target object=PROFILE_VALUES.USER_VISIBLE_VALUE
  property name=UPDATE_ALLOWED
  value=false
  second:
  type=property
  description=Don't enter
  language=all
  enabled=yes
  object type=Item
  target object=PROFILE_VALUES.USER_VISIBLE_VALUE
  property name=ALTERABLE_PLUS
  value=false
  9) Repeat steps 3-8 if desired for other levels, such as:
  Prevent modification of SITE_VISIBLE_VALUE
  Prevent modification of APPL_VISIBLE_VALUE
  Prevent modification of RESP_VISIBLE_VALUE
  Prevent modification of SERVER_VISIBLE_VALUE
  Prevent modification of ORG_VISIBLE_VALUE
  paying attention to update the corresponding names for xxx_VISIBLE_VALUE.
  10) Create the following PLSQL function:
  CREATE OR REPLACE function xxror_test_sysprofile (
  prof_opt_name in varchar2,
  lvl in varchar2
  return number
  is
  v_ret number;
  s_prof varchar2(1024);
  s_uname varchar2(100);
  s_lvl varchar2(10);
  begin
  -- returns 0 if the user "uname" must be granted access the profile named "prof_opt_name" at the "lvl" level
  -- returns 1 if the user "uname" must be forbidden to access such a profile at such a level.
  -- important assumption: the "lvl" parameter may have only one of the following values:'SITE', 'APPL', 'RESP', 'USER', 'SERVER', 'ORG'
  -- or else this function will return 1, thus forbidding the access
  s_uname:=substr(upper(trim(nvl(fnd_profile.value('USERNAME'),''))),1,100);
  if s_uname in ('MY_ADMIN_1','MY_ADMIN_2','SYSADMIN') then
  v_ret:=0; -- no restrictions
  else
       if s_uname in ('MY_POWERUSER_1','MY_POWERUSER_2') then
       -- restrict to only the below mentioned profiles
       s_prof:=substr(upper(trim(nvl(prof_opt_name,''))),1,1024);
            s_lvl:=substr(upper(trim(nvl(lvl,''))),1,10);
            if
            (s_prof like '%WHATEVER%')
            then
                 if s_lvl in ('SITE', 'APPL', 'RESP', 'USER', 'SERVER', 'ORG') then
                      v_ret:=0; -- level acceptable for these users on these profiles
                 else
                      v_ret:=1; -- unknown level, so reject
                 end if;
            else
                 -- these users may not access these profiles, so reject
                 v_ret:=1;
            end if;
       else
            if s_lvl = 'SITE' then
            -- no way any other user than those above may modify site-level profiles
            v_ret:=1;
            else
                 -- any other user than those above may modify lower-level profiles, but
                 -- for now reject all
                 v_ret:=1;
            end if;
       end if;
  end if;
  return v_ret;
  end;
  Pls be aware that testing first on a test instance is always advisable.

• Changing The Validity Dates In Org Model in CRM- User Level

  Hi
  How can we restrict the Validity Dates in Organisation Structure at User Level.
  I need that the user should be given some specific dates<b> ( Valid till or assigned till )</b> while assigning in the org. And it should be visible always in the Org Model.
  We tried using Delimited Date Function, but the User gets ellapsed if the Validity is expired.With the business point of view, <b>the requirement is that all user should be listed in Org model with respect to any dates.this would mean that if a user is terminated we would want to change the Valid till date in the Org</b>

  Hi Amrita,
  Business partner number and Object ID is automatically determines by system when creating a org unit.
  I dont find any configuration to create org unit with your own BP number and object ID. You have option to make repairs to the existing org unit.
  Please find the below path to repair the org unit
  IMG -> CRM -> Master Data -> Business partner -> Integration Business partner -Org management -> Create Business partner initially
  Select the org unit and execute to get all the org units.
  You can select the org units with errors /warnings and click on start repair to get automatic assignment of BP.
  Hope it helps
  Reward points if it helps
  Regards,
  Madhu

• Information Regarding Essbase Security Except Filter Level and User Level

  I have an requirement to implement data level security in Essbase. For ex: A user can only see those data which are from Asia region or an user will be able to see those data which are from America.
  Asia and America are defined in my location dimension.
  can any one explain about it without using user Level Security and Filter level security.
  Please tell me how to do it?
  Thanks in advance.

  Sandeep's reference the DBAG and the section on filters is the right direction. The filter is created in EAS.
  Let's use an example.
  You create a METAREAD filter (that is, it filters both data and dimensionality) that gives a user limited access to the Location dimension (I think I have that right), e.g., the British Isles, the UK and Ireland. You can also create a READ filter but it only limits data and, in my opinion at least, causes confusion because users can see metadata (the whole world) but only see data for the British Isles.
  NB -- filters can be assigned to individual usernames or to groups that users are members of. For a POC, I'd keep it simple and just assign it to a username, but it's your choice.
  Assign the filter to the user in Shared Services.
  Try connecting to the database in Excel through the Classic Add-In or SmartView to test what the user sees -- it should be: Total Location, British Isles, the UK, and Ireland. You will see Total Location (top of the dimension) because that's how Essbase navigates down -- it has to have the dimension name to find the limited children. You won't see any data there. But you will see data at the Location members that the METAREAD filter allows.
  That's it -- it's been around since the year dot, and is the way access is restricted. You shouldn't need to reinvent the wheel to get this to work in OBIEE. Essbase should do the work.
  Regards,
  Cameron Lackpour

• How to restrict the EBS end users to run only two same reports at a time?

  Hi,
  We are using EBS 12.0.6 and database 10.2.0.3.
  Is it possible to restrict the end business users to run only two reports at a time?
  OR
  Is it possible to restrict the end business users to run only two same reports at a time?
  Thanks.

  Is it possible to restrict the end business users to run only two same reports at a time?It is not possible.
  You can either make the report "incompatible" to itself (this means only one user in your company can run it at a time)
  Or not make it incompatible. (That means any user can run it any number of times)
  Incompatibility is a way of specifying which requests cannot be run under which circumstances.
  See http://download.oracle.com/docs/cd/A60725_05/html/comnls/us/fnd/incomp.htm
  You can use Hussain's suggestion to use Concurrent: Active Request Limit profile. You can set this profile value at each user level. But if you decide to set it at global level, remember to keep it a higher value for sysadmin kind of users that run scheduled jobs.
  Hope this helps,
  Sandeep Gandhi

• Make all the forms at a user level or responsibility level to be read only

  Hi,
  Please suggest me to make all the forms at a user level or responsibility level to be read only. So that when a particular user logs in, he gets all the form in read only mode or at a particular responsibility all the forms are read only so that we can attach this responsibility to the user for the same purpose.
  Any ideas will be highly appreciated.

  check this blog,
  http://www.oracleappshub.com/11i/oracleapps-responsibility-vs-sap-functions/
  Re: How to change OM responsibility as read-only in oracle applications 11i
  read only responsibility-user

• How to create a profile value at user level programatically

  Dear all,
  I want to create a profile value at user level programatically, I refer to the developer guide and try to use fnd_profile.put() to create a new value.
  But I find out the value is just created in session level, not be inserted into base table.
  So is there anyone know how to realize this function in PL/SQL?
  Any idea is appreciated.
  Best Regards,
  Kenny

  Check Note: 364503.1 - How to Set a System Profile Value Without Logging in to the Applications
  https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=364503.1

• Error while performing Risk Analysis at user level for a cross system user

  Dear All,
  I am getting the below error, while performing the risk analysis at user level for a cross system (Oracle) user.
  The error is as follows:
  "ResourceException in method ConnectionFactoryImpl.getConnection(): com.sap.engine.services.connector.exceptions.BaseResourceException: Cannot get connection for 120 seconds. Possible reasons: 1) Connections are cached within SystemThread(can be any server service or any code invoked within SystemThread in the SAP J2EE Engine), 2) The pool size of adapter "SAPJ2EDB" is not enough according to the current load of the system or 3) The specified time to wait for connection is not enough according to the pool size and current load of the system. In case 1) the solution is to check for cached connections using the Connector Service list-conns command, in case 2) to increase the size of the pool and in case 3) to increase the time to wait for connection property. In case of application thread, there is an automatic mechanism which detects unclosed connections and unfinished transactions.RC:1
  Can anyone please help.
  Regards,
  Gurugobinda

  Hi..
  Check the note # SAP Note 1121978
  SAP Note 1121978 - Recommended settings to improve peformance risk analysis.
  Check for the following...
  CONFIGTOOL>SERVER>MANAGERS>THREADMANAGER
  ChangeThreadCountStep =50
  InitialThreadCount= 100
  MaxThreadCount =200
  MinThreadCount =50
  Regards
  Gangadhar

• LaserJet P1505n printing slow just for user-level accounts in Win7

  I have several workstations running Win7 Pro 64-bit that have been installed as replacements for XP machines.  All of them print to one of several P1505n printers, and are using the latest drivers from HP.  Under XP there were no problems printing to these printers, but the Win7 machines have significant delays when trying to print.  The Windows test page prints instantaneously, but printing from any other application has a delay of up to a full minute before the job begins to print.  Once the job prints, it prints without issue.
  One thing that I have noticed during my testing seems to point to permissions.  If I am logged in using my admin-level account, everything prints as it should, with no delays at all.  Once I log in with a user-level account, however, the delays begin.  I found the driver files at C:\Windows\System32\spool\drivers\x64\3, but giving "everyone" full control over those files does not help.
  Is there anything else that I should be looking at?
  Thanks in advance!
  Donny

  In the end, I was able to resolve the problem by installing the Vista x64 drivers.  No playing with permissions necessary.

• How to restrict manual setting of User Status?

  Hi,
  I have created an User Profile where a particular User Status is "set" based on the Business Transaction "Release".
  However, we are also allowed to set this User Status manually without carrying out the Business Transaction "Release".
  How do I restrict manual setting of those User Statuses that are "set" based on a Business Transaction?
  Raj

  Pete,
  I did read that post. But it is about providing authorisation to set a Status for an User.
  The case I am referring is, an User Status is auto set by a Bus. Trans Release. But I am also permitted to set the status transition manually. This way, Users tend to skip Releasing the Service Order. This is affecting upstream processes.
  Is there a way where we can restrict manual setting of User Statuses that have to be normally auto set by Bus. Transactions?
  Raj

• Windows Server 2012 Group Policy Block USB Storage devices @ User Level Not getting applied on a Domain Client machine with Windows Server 2008 R2. Why?

  Hello,
  I have a Windows Server 2012 R2.
  I have configured the Group Policy on it to block the usage of USB - Storage Devices @ user level on the client machines. It works properly for my Windows 7 client machines but it's not working on one of the machine having Windows Server 2008 R2 installed
  on it (this machine is also a domain client in the same domain).
  I will really be thankful if anyone can suggest some solution to this issue.
  Please feel free to write back in-case I have missed anything obvious to be shared.
  Thanks!
  -Vinay Pugalia
  If a post answers your question, please click "Mark As Answer" on that post or
  "Vote as Helpful".
  Web : Inkey Solutions
  Blog : My Blog
  Email : Vinay Pugalia

  Hi,
  Any update?
  Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
  Best Regards,
  Andy Qi
  TechNet
  Subscriber Support
  If you are TechNet
  Subscription user and have any feedback on our support quality, please send your feedbackhere.
  Andy Qi
  TechNet Community Support