Role Authorization Vs ACL in cProjects

Similar Messages

• E-Recruiting : Role Authorization in e-recruiting standalone scenario

  Hello Friends,
  We have EREC on a standalone system (ERD 100). HR ECC is another system (ECD 300), Enterprise portal in another system (EPD 100).
  we are on EHP 5, EREC 605, Support Pack 7.
  We have activated the single sign on mechanism.
  I have following queries regarding role authorizations on EREC in  standalone model.
  1) We have standard reference users  such as recruiter, manager, decision-maker, data entry clerk, rec.admic etc;  the" RCF_RECRUIT, RCF_MANAGER, RCF_CAND_INT, RCF_DATA_TYP" etc, Should this reference users be created both in EREC & HR system or only in EREC system ?
  2) If the "RCF_XXXX" reference users roles are supposed to be created only in EREC system, how to assign reference user roles to employees whose master data is in HR System. ?
  3) Can support teams concept help for mass authorizations? Can someone elaborate on the support team, support group concepts ?
  Kindly provide inputs.
  Regards,
  ER.

  Thanks Nicole for the inputs.
  Just  expanding my query on the 2nd point regarding assigning Reference users like manager, recruiter to certain employees :
  Example: Say I have Emp. No 20003000. He is an hiring manager, In HR System,  IT105, subtype user id is "20003000".
  To assign RCF_MANAGER reference user role to user id 20003000, should i have to recreate the userid in EREC system as well and assign it in SU01 for this user id.
  Would like to take your comments.
  Thanks,
  Regards,
  ER.

• How to determine role authorization of user in MAM?

  Hi everyone,
  I'm new to SAP and SAP MI, and I am currently implementing (or "enhancing") a MAM.  I have the following question on user authorization:
  In terms of role authorizations, does anyone know how I can determine what roles an authenticated user have from SAP?  For example, if user A logs into the MI Client, and if this user accesses the MAM, is there a way for the MAM to know what kind of user roles he/she has?  Is there a SyncBo that will give me such info?  I checked the JavaDocs for the SyncBo's, but they have NO descriptions.  The closest thing that I found was in MAM090 (Interface com.sap.mbs.mam.bo.MAM090).  There are getter methods for getRoleGen(), getProfileResource(), and getPartnerRole().  Are any of these usable?
  Are there any good documents that I can look at to determine what each SyncBo's does? 
  Many thanks!
  Jeffrey

  Hi Jeffrey!
  Here are the 3 different checks you have to look at"Users & Authorizations" for setting up your MAM Users.
  (1) SAP Backend:
  (1a) The SAP MAM User who synchronizes with the Backend from the MI Client should have all necessary authorizations for Plant Maintenance Components of the SAP System that are associated with your MAM Scenarios.Pl refer to the following SAP Authorization Objects I_ALM_ME ,I_AUART,I_BEGRP,I_BETRVORG,I_CCM_ACT ,I_CCM_STRC,I_ILOA,I_INGRP,I_IWERK,I_KOSTL ,I_QMEL,I_ROUT ,I_ROUT1,I_SOGEN,I_SWERK,I_TCODE ,I_VORG_MEL,I_VORG_MP ,I_VORG_ORD,I_WPS_MEB ,I_WPS_REV in your Backend System and have it assigned to the User Profile, based on your requirement.
  (1b) Service User for setting up the MAM & MI Landscape: This user logon info has to be setup in the RFC Destination that is associated with your MAM25 SyncBOs, to logon to the Backend System and this user should have the basic authorizations required to establish the connection.
  (2) MI Middleware: The SAP MAM User who synchronizes with the Backend from the MI Client should have the following Authorization Objects assigned to his/her profile. S_ME_SYNC, S_RFC, S_TCODE.
  (3) MI Client: Refer to MI Security Guide.Pl note that the MI Client MAM User is same as the Middleware User and the Backend User.You should be taking care of this already.This is just a FYI.
  Let me know, if you are looking for any other additional info.
  Thank You
  Gisk

• Role authorization for product selection

  Hi All,
  i have a requirement for which i need your help. Now my Account Manager can see all products while placing an order. I want to restrict his selection to only 5* and 6* products. That means when he will look for placing an order in the next time, he should only see 5* and 6* products not all products. Can you please tell me how to go about this role authorization. 
  your valuable inputs will be appreciated.
  Regards,
  Sasmita

  Hi,
  I feel Access Control Engine would be the most elegant and futuristic solution.
  However, you need to review all the solutions suggested. Solution suggested by Shalini and Ashish are more practical. However, generally partner product range is used in case of Sold-to parties.
  Please review all the solutions suggested and take decision based on circumstances at your client's end.
  You can get more information about Access Control Engine at
  http://help.sap.com/saphelp_crm40/helpdata/en/04/0177f9bb67ac4cafb84bb4d4c1d8fc/frameset.htm.
  Also there are several guides and cookbooks on ACE at service market place.
  Regards,
  Deepak

• Restricting the ATP user for GATP - corrrect roles/authorizations

  Hi:
  If the dialog user that is used for the ATP check (from ECC to GATP) has more authorizations than needed and this is going to be a problem in production. The user can run SCM transactions from the results screen of ECC and this is not desirable.
  Therefore, the ATP user should be a restricted user that has only authorizations for this specific task. If you know what are the exact roles/authorizations to give to the ATP user, could you share them?
  Thanks in advance.
  Satish

  For R/3 please check OSS  Note 447543 - APO: Authorizations too comprehensive/not user-specific.
  "If it is necessary to have different authorization profiles in APO for different R/3 users when calling in APO, the following solution applies:
  Activate the setting in SM59 that is used for the RFC connection CURRENT USER.
  In the APO system, create the respective users and assign authorization profiles. This is necessary in order to achieve the necessary flexibility concerning authorizations in the APO system."
  For APO :
  AuthorizationsObject   C_APO_ATP in APO .
  please chose activity as per  user role.
  01       Create or generate
  02       Change
  03       Display
  04       Print, edit message
  06       Delete
  16       Execute
  39       Check
  Manish
  Edited by: Manish Kumar Rathi on Oct 21, 2008 1:24 PM

• Table for Role & Authorization group

  Hi Gurus,
  I am looking for a table or FM to get all roles for Authorization group.
  I tried in SUIM tcode but could not able to find exact DB table for these.
  Giri
  P.S.: To Moderator:
         My earlier thread was locked for the same question, I was searching in SDN and google from last 3 days and could not able to find enough information on it. AGR_USERS, TBRG, TACT are the tables i found. But still there is a link missed between Role & Authorization Group.

  Thomas,
  My report have selection screen with Auth group and user.
  If user provides Auth. Group then need to find all roles linked to auth group and users assigned to that role.
  In my investigation, there is link between Auth. Group <--> Auth. object.
  Also Auth. Object <--> Role.
  but still there is a fine link missing between Auth Group <--> Role.
  For Eg: Auth Object S_TABU_DIS will be associated to all Auth. Groups but assigned to only limited roles.
  I tried to debug the SUIM transaction multiple times but couldn't find the tables to find the link and not able to find the FM's.
  if anybody have any idea to find that link between Auth. Group & Role then it will be helpful....
  Giri

• SAP BI : Roles & Authorizations

  Hi,
  I am working on roles & authorizations for SAP BI 7.0 How can I create authorization for a scenario mentioned below:
  One user (userid ALAN) has two vendors under him viz V001 & V001A.
  V001 has access to plant A001, A002 and
  V001A has access to plant A002, A003, F002.
  The data is created in SAP R3 and brought into SRM using criteria based on document type say ELEM. Even though V001 does not have access to plant A003, it can create documents of type ELEM. The business does not want this document to appear for V001.
  The business needs documents to be displayed as follows, irrespective of documents existing in SAP R3:
  Plants A001, A002 for V001 and
  Plants A002, A003, F002 for V001A.
  Please confirm if the following approach will work:
  Create vendor - plant role
  Role 1
  Vendor = V001
  Plants = A001, A002
  Role 2
  Vendor = V001A
  Plants = A002, A003, F002
  Assign User ALAN both roles Role 1 and Role 2.
  Please suggest a solution as I have to deliver about 2000+ roles by end of week.
  Thanks in advance.

  Hi,
  Seems that you are looking for a merge of the authorization. Please take a look in the note 1000004 where you are going to see the explanation about the merging.
  1000004 - Merging and optimizing analysis authorizations
  This documentation should help you.
  Regards,
  Rafael

• Roles,Authorization,Authorization objects for APD

  Hi Experts,
  Can anyone give me the list of roles,authorizations,authorization objects required related to APD.
  Its been a problem for us getting stuck at each authorization.
  With Regards,
  Meiyappan.

  The Analysis Process Designer allows you to work with a large number of objects. This includes different BW objects such as InfoProviders, InfoObjects or queries, and also other objects such as temporary database tables that are influenced by actions  already carried out and are authorization-relevant.
  Note 919614 - APD: FAQ authorization

• Role & authorization group

  Hi guys,
  is there any table or FM which gives the link between Role & Authorization group?
  Thanks
  Giri
  Moderator message: please try finding this yourself before asking others.
  Edited by: Thomas Zloch on Nov 9, 2010 9:48 PM

  Thanks Soumyaprakash,
  I am developing a report on this to know for which users have the roles and authorization groups assigned to it.
  i need a DB table name or FM to get the link between Role and Authorizaion group.
  Giri

• Roles & authorizations

  hi all,
  am a BI consultant.
  in my project CRM part there is a need for creating new users and for that roles & authorizations has to be assigned.
  i want to do it.
  in this business same role will be having diff autherizations as per the location.
  example: mumbai Branch manager for mumbai
                baroda BM for baroda,and few other cities.
  how to assign the auth for this.
  we need to restrict each one with their respective branches.
  in this what is the role for a Basis consultant.
  kindly give the road map for this problem. so that i will start learn.
  jeeva

  hi
  for roles and authorisation please go through this link
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/0062e975-48c2-2910-e49c-8d6ad796ba21
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/0062e975-48c2-2910-e49c-8d6ad796ba21
  it will surely help you
  best regards
  ashish

• Roles & Authorizations in FICO

  Hi frends,
  can anybody help me in preparing the Roles & Authorizations.What is the procedure  and How can we prepare?what is the base?
  Regards
  Sap Guru
  [email protected]

  Fist you decide based on your organosation, how many roles you want, ex: user , officer, manager.
  even if you want create like AR users, AP usera,  like that also.
  Once rolls  ready assgin your employees to your rolls.
  For Each roll you decide which type of transaction you want give access.
  wHAT ARE ALL TRANSACTION CODE YOU GIVE ACCESS TO ROLL , THAT T.CODES ONLY WORKED FOR THAT EMPLOYEES based on the Roll CREATED.
  CHANDRA.

• Necessary Roles/authorizations required to Userid for workflow assignment.

  Hi all,
  Am working on a Custom workflow assignment.
  This is the first time, customer is working on workflows in this system.
  Henceforth, we need to do basic setup/configuration, before starting actual work.
  I want to know, what all Roles/authorizations are required for my userid throughout the assignment.
  Currently, we have got,
  EXX_BC_SAP_ALL_RESTRICTED :: All authorization without basis
  SAP_BC_BMT_WFM_ADMIN::Administrator for Business Workflow
  SAP_BC_BMT_WFM_DEVELOPER::Developer for Business Workflow
  SAP_SWFMOD_ADMIN::Workflow Modeler Administrator
  Are these sufficient or do we need any other roles?
  With above authorizations, i am unable to access below mentioned t-codes,
  SWNCONFIG                     Extended notifications for business workflow
  SWU3                             Automatic Workflow Customizing
  SWWCOND_INSERT     Schedule background job for work item deadline monitoring
  SWWCLEAR_INSERT     Schedule background job for clearing tasks
  Pls let me know the role, i need to get for above t-codes.
  Kindly go thru your SU01 t-code & let me know what all roles are used in your workflow system.
  cheers.
  santosh.

  Hi,
  I recommend you to have roles related to SWLD tcode (SAP menu Workflow). The basis must know what are the exact names.
  These are some roles:
  SAP_BC_BMT_WFM_ADMIN                    --> Administrator for Business Workflow
  SAP_BC_BMT_WFM_CONTROLLER         --> Process Controller for Business Workflow
  SAP_BC_BMT_WFM_DEVELOPER                --> Developer for Business Workflow
  SAP_BC_BMT_WFM_GP_ADMIN                --> Role for Guided Procedure Business Workflow Administrators
  SAP_BC_BMT_WFM_GP_SERVICE_USER -->Service User for Guided Procedures Business Workflow API
  SAP_BC_BMT_WFM_PROCESS              --> Business Workflow Implementation Team
  SAP_BC_BMT_WFM_UWL_ADMIN              --> UWL: Administrator for Workflow Functionality
  SAP_BC_BMT_WFM_UWL_END_USER         --> UWL: End User for Workflow Functionality
  SAP_SWFMOD_ADMIN                              --> Workflow Modeler Administrator
  SAP_SWFMOD_TRANSPORT                         --> Access to transport manager
  SAP_SWFMOD_USER                              --> Workflow Modeler Administrator
  SAP_WF_ADMINISTRATION                         --> Business Workflow: Work for administrator
  SAP_WF_CONTROLLER                              --> Business Workflow:Work for process controller
  SAP_WF_EVERYONE                              --> Business Workflow: Work for Everyone
  SAP_WF_IMPLEMENTATION                         --> Business Workflow: Work for Implementation Team
  Regards,

• Preparation of Roles & Authorizations

  Dear Guru's
  Can you  plz help me in preparation of Roles & Authorizations...plz provide me the step by step procedure for this.
  Will assign the ponts
  Regards
  Sap Guru

  Hi,
  Roles and authorisation are created by Basis Person.
  We as functional consultant creates the same in Excel sheet and provide the same to Basis team. 
  1.  Identify the user along with there roles.
  2.  For executing the roles, the person needs the authorisation i.e. T.Codes
  3.  Create a Role and under that attach T.Codes.  Then the role is attached to the
       user(s).
  4.  In each T.Code, you have can restrict by certain objects which will differ
       organisation to organisation.
  Hope this is of some help, if yes, please assign points.
  Regards,
  Harish

• Check user role/authorization during Web report run-time?

  Hello again,
  I ran into a problem. I need to check <b>user's authorization during webtemplate execution (run-time)</b>. I want to have a possibility to allow in one web template extra functionality (through template menu) to key users. Normal users, who are running same report, should not have this extra menu visible.
  Is it possible to check user authorizations or roles during web-template run-time?
  Thank you!
  Vitaliy

  Hi Harinam,
  From my logic your are right.
  The restriction is in two new roles (Requestor and Approver role).
  But ->
  If I assign my approver role the selection possiblities of the request types during the AR creation is restricted and the AR search function does not work.
  If I assign my requestor role the restriction of the request type is not there, but the AR search function works again. :-(
  If I assign the original approver role of sap I have the same behavoiur for the AR search.
  Both new roles are a 1:1 copy of the SAP standard roles - > Exception, ristriction on request type 'Execption Approval' is not displ.
  I have execute ST01 now. If I try to open the log, the system syst "No records that correspond to these search criteria".
  But I have found something else.
  The problem appears only if I search for Process ID "Access Request Approval Workflow".
  If I select other Process ID such as "Control Assignment Approval Workflow" or "Fire Fighter Log Report Review Workflow", everything works fine.
  Very strange!
  BR
  Melanie

• Roles/Authorization to read / select  SAP/BW Tables

  Hi,
  i 'm trying to figure out:
  What authorizations/roles are necessary from which schema User
  to have
  read / select  access to the SAP/BW Tables in native  SAP/HANA (SAP/HANA Developer Studio) ?
  ThanXs
  Best Martin

  Hi Martin,
  Once you pull the table into HANA(from any source),its like more or less a normal table sits in HANA, so there is no special authorization needed for the tables which comes from BW.
  You can refer the Security guide of HANA which will give more insights about the required privileges and roles to read the tables
  http://help.sap.com/hana/hana1_sec_en.pdf
  Hope this helps you.
  Rgds,
  Murali