Role Maintenance - Automatically generated names for authorization objects
Hello NG,
I've got a question concerning the mentioned subject.
Currently I am maintaining the roles/authorizations of a customers system (Rel. 3.0) which has moved to Rel. 7.0.
When I add an authorization object to a role, the technical name is generated automatically. How can I set up the naming conventions for the authorization objects?
Thank you very much.
Regards ..
Hi SUNIL L,
I refered to 3.0 but I think that the release version has no relevance for my problem. I think I should try to explain my problem once more:
When I add an authorization object to a role, a technical name is generated automatically and assigned to it. Is it possible to set any naming conventions for this?
Regards..
Similar Messages
-
Table Name - For Authorization objects and fields.
Hi
Could any one let me Know In which Table Authorization Objects and Authorization fields are stored.
Thanks N Regards.
Priyahi,
TOBJ ---> Authorisation Objects
Refer to the link.
http://saptechnicalinfo.blogspot.com/2008/07/sap-authorization-objects-tables.html
Regards
Sumit Agarwal -
Gurus
Any easy way to know package name for all objects.
Thankyou GurusHi,
double click on the object-then select extras menuthen select write transport request--
it will show the package of present.
hope this help you
regards
harikrishna N -
How to find Object name for a object?
Hi Experts,
How to find Object name for a particular Object? Is there a Tcode for it?
__Like Object name for__
Material number - materialnr
Goods receipts / return - matbeleg
Accounting documents - rf_beleg
How to find Object name for other Objects? Is there a particular way?
Thanks & Regards
ChandanHi,
You can find objects in SNRO transaction.
In SNRO search by giving long text...
for eg., Service .. for service entry sheet. keep the first letter in capital letter only.
Thanks & Regards,
Anand. -
Name for list object: ALVXXL01
Dear Gurus
I have query regarding expoert the data to spreadsheet , when i am doing the job system is asking below details , once i have provided that , file is not down loading, Please help me.
first i am getting below message
Filter criteria, sorting, totals and
not taken into account
Later system asking the below details
Name for list object: ALVXXL01
Title for SAPoffice:
Regards
SrinivasCheck:SAP EXCEL is not opening
End users not able to export a report to a spreadsheet
SAP note 1080608
Have a discussion with your BASIS team
Regards
Indranil -
Syntax error for automatic generated class for object MAS_AUTH_CUST
Hi,
I am configuring the mobile sales scenario. I encountered a weird problem. Basically the automatically generated class ZDOECL_013_00H_MWSR can not be activated. If you activate it manually it will give you the below error. Looks like the entity structure is too big. So the generated code has a very big loop which causes the dump. I found the issue when try to run the function module CRM_AUTH_CUST_INSERTCDS as suggested in the configuration guide.
I have tried to regenerate the object. But it still give me the same error.
Internal error occured during runtime generation of Class ZDOECL_013_00H_MWSR (Dump ID: GEN_BRANCHOFFSET_LIMIT_REACHED)
Message no. OO053
Diagnosis
An internal error occurred when the system tried to generate the runtime objects of the class. A dump has been created with the given dump ID. It can be analyzed using transaction ST22.
Our Netweaver version as below. It should contain already the latest patch etc.
SAP_ABA 711 0006 SAPKA71106
SAP_BASIS 711 0006 SAPKB71106
PI_BASIS 711 0006 SAPK-71106INPIBASIS
ST-PI 2008_1_710 0004 SAPKITLRE4
SAP_BW 711 0006 SAPKW71106
CRMSPGWY 110 0004 SAPK-11004INCRMSPGWY
CRM version.
SAP_ABA 702 0006 SAPKA70206
SAP_BASIS 702 0006 SAPKB70206
PI_BASIS 702 0006 SAPK-70206INPIBASIS
ST-PI 2008_1_700 0002 SAPKITLRD2
SAP_BS_FND 702 0004 SAPK-70204INSAPBSFND
SAP_BW 702 0006 SAPKW70206
LCAPPS 2005_700 0009 SAPKIBHD09
SAP_AP 700 0022 SAPKNA7022
WEBCUIF 701 0003 SAPK-70103INWEBCUIF
BBPCRM 701 0003 SAPKU70103
WFMCORE 200 0016 SAPK-20016INWFMCORE
VIRSANH 530_700 0011 SAPK-53311INVIRSANH
Any advice is appreciated.
Thanks
Hansen ChenHi,
Gateway1.1 to SAP Netweaver mobile is not supported with EHP1 of SAP Netweaver Mobile 7.10.
Please check the release information note: 1539681
So, i suggest you to install SAP Netweaver Mobile 7.10 with Gateway addon.
Regards,
Siva. -
Missing authorizations for authorization object UIU_COMP
I have generated the pfcg role for a business role using report CRMD_UI_ROLE_PREPARE and assigned the pfcg role to a user.
The user is apparently able to perform navigation as required. However, when a ST01 trace is run for the user, there are few missing authorizations for UIU_COMP. Could anyone please explain the reason for this? No changes have been made to object UIU_COMP i.e. only values generated by the report is present there. Should the missing authorizations be added manually to the role?I would recomend that you define for component UIU_COMP in your pfcg role full access (all set to *), because this authorization object is used for access to web ui components. Even thou if you define this object to full access users will still see just components defined in business role.
Regards. -
Prompt for Authorization Object
Dear Experts,
I would like to have control on certain authorization objects which are common among the roles while creating them.
Is it possible that while maintaining or creating a role, if by mistake the administrator does not block the object OR add an entry which we do not authorize, the system should alert the administrator as a popup or alert message?
I am aware about the report "RSUSR008_009_NEW" for maintaing critical authorizations, however, running a report and giving a prompt are two different things.
Any possibility of an alert?
Thanks and Regards,Hi J K
I take the following approach with SU24:
Complete Proposal - completely maintain an authorisation proposal when that values applies for any situation in PFCG role build. E.g. transaction FB03 for object F_BKPF_BUK has fields ACTVT and BUKRS. You can allow the value as ACTVT = 03 and BURKS = $BUKRS (org value) or each scenario
Partial Proposal - only maintain some of the fields where it will be consistent. E.g transaction OB52 for posting periods and S_TABU_DIS with field ACTVT and DIBERCLS. You leave ACTVT blank as sometimes you want change whilst DIBERCLS for auth group is static so you can enter a value there
Empty Proposal - leave the proposal values completely blank as the requirement will depend on the scenario. E.g transaction SM30 you might leave S_TABU_DIS empty as it will depend on the role for both fields.
If you take this approach, you minimise the need for deactivating object, copying/changing and manual objects in PFCG. You maximise role authorisation under status of Standard or Maintained.
Now if we set the proposals in su24, it will be applicable for other new roles as well for which we DO want the proposals to exist.
Yes if you change SU24 you should clean up all impacted roles but before you build roles you should review
At the end of the day your need to have competent security administrators who know what a display activity is and have attention to detail/meticulous enough to build the role with appropriate restrictions (i.e. do not put change access in a display role).
How can we avoid the "new authorizaiton objects" to be added to this display role.
To avoid this you are trying to avoid using SU24 integration. If you are tying to build a SAP display all role then you might as well copy SAP_ALL and go through and deactivate/remove any display access from the role. In this case you would not use the role menu.
Not all solutions are technical. It's why you need to have a clearly defined process that is adhered to.
My trick of display roles - I got the AGR_1251 role and look at the entire contents of the role and scan this list of objects and what's in the role. However, I do this as I know the objects relatively well and can identify the specific objects that are change/display but do not use ACTVT field (e.g. PLOG/P_ORGIN/P_PERNR)
Wonder why SAP prompts warning and errors messages doing a business/financial transaction and not security.
Exactly what would you want the system to prompt? How would SAP know what a display role is?
We noted that every time we add a t-code, the authorization object added is marked as "new" in the list. we jsut disable those and generate it
If you take this approach you cannot guarantee the transaction code will work. The user may need the underlying values and that is why SU24 has them marked as proposal.
My summary - defined your process to include a quality check after building a role and hire security administrators who know more than how to tick and click buttons in PFCG (i.e. they understand security objects and why some are sensitive).
Regards
Colleen -
Table for authorization objects
Hi All,
What is the table where all authorizations for a user for a particular authorization object is maintained?
Thanks,
Neelima.hi friend
usr04 -User master authorizations alone
usr07 - it will display all the authorisation object field name.
if its helpful reward for the same
regards
vijay -
Check for Authorization object
Hi All,
I have a report which will authorize the person running the report.
I have been given a requirement which is to not accept some users and accept some users.
Now I know this is possible with authorization object but as I never worked with it so I exactly kind of getting in confusion as to how to go about it.
Could some one let me know how to go about it. I have few questions.
1. what is the exact use of authorization object.
2. I can build in the logic but what all should one start with before going for before implementing authorization object for the report.
3. I know there is some basis work involved in this but what is that ?
Thanks,
MahenHi,
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Reward points if useful
Regards
Anji -
Change documnet name for BOR object DEVICE.
Hi expert,
Could You please tell me Change document object name of BOR object DEVICE for creating new entries in SWEC transaction.It does not look like there is one. How to find out?
1- Find the actual table of the BOR object
2- Go to transaction SWED to find out if this table is linked to a change document object -
Generating names for instanses of classes dynamically pls help????
Hi this is what i am trying to do. I have two classes. 1)DragDrop and 2) Create. In the create class I want to declare an instance of DragDrop and call a method from the DragDrop class. The method i want to call is to draw an object to the screen. So if i wanted to draw one object the call would be:
DragDrop d = d.add(object)
I do not know how many objects need to be drawn till runtime, and I also need to be able to know the variable name assigned to the instance of the class, so for 100 objects i will need to know 100 variable names, this is so that each object can be manipulated and i need the variable name to do this. What i want to know is how can i assign different variable names depending on the number of objects that need to be drawn, i have considered using hashmaps but still don't see how it would be possible, any help would be much appreciated. Thanks.It's not possible. A Map is the closest you can get.
-
Translate Object class (for authorization objects)
I wonder where I can translate the objects class (SU21 - auth objects). I manages to find where I can translate the authorization objects in SE63.
What what is the object type for the objects class in order to translate it.SAP itself told me there is no way to do so. They recommend to directly edit the corresponding text table.
-
Field Validation for Authorization Object field on selection screen
Hi Experts,
We have included a new field u2018Authorization Objectu2019 in the selection screen which should be reflected in the field Authorization Object of the spool property. Please let us know how we can provide F4 help for this field and also validate it in the code.
The data element "RSPOAUTH" is used for the field on selection screen parameter. However, as there is no value table attached to the domain, we are unable to provide any F4 help and hence cannot validate the field in the code.
Looking forward for your valuable reply.
Thanks in advance.
--Warm Regards,
Prajakta Kanitkar.Hi Prajakta,
You can refer the following code for getting F4 help.
TYPES: BEGIN OF stru_btc,
zesgbtc TYPE zhr_del_btc,
END OF stru_btc.
DATA: it_btc TYPE STANDARD TABLE OF stru_btc
SELECT-OPTIONS: s_zzbtc FOR pa0001-zzbtc NO INTERVALS.
AT SELECTION-SCREEN ON VALUE-REQUEST FOR s_zzbtc-low.
SELECT * FROM zbtc INTO CORRESPONDING FIELDS OF TABLE it_btc.
CALL FUNCTION 'F4IF_INT_TABLE_VALUE_REQUEST'
EXPORTING
retfield = 'BTC'
dynpprog = sy-repid
dynpnr = sy-dynnr
dynprofield = 'S_ZZBTC'
value_org = 'S'
TABLES
value_tab = it_btc
EXCEPTIONS
parameter_error = 1
no_values_found = 2
OTHERS = 3.
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
Hope this will help you.
Thanks & Regards.
Aniruddha -
Pl suggest which print forms I should select in IDES client for WCM Objects while configuration for Enhanced WCM Model?
Thanks
LuckyI have got the form names using SE71 with language as English and used the same form to copy from 000 client to IDES client for scenario execution.
Maybe you are looking for
-
Enhancements is not active and cannot be transported
Hi All, We are getting following error message when releasing a Transport request in CRM system which is on 7.0 version on MaxDB. "Enhancements is not active and cannot be transported". The strange thing is that the Tasks underneath are all released
-
Creative Cloud interferes with reinstallation of other licensed Adobe product
I have a number of Mac computers used by staff, all of which have Acrobat 11 Pro installed. The Acrobat software was purchased separately over several years from Adobe store and are licensed. On my computer I also installed Creative Cloud. I neede
-
I have multiple users on my iMac. When I sign in as Admin, I give authorization in iCloud to "Find my Mac". When someone else logs in, the Find my Mac is grayed out and says Administrator authorization required. How do I fix this so no matter who is
-
Flashing questionmark in folder in macbook
Hi, I'm a new mac user and am extremely grateful for these forums. I think i have figured out my problem. I am trying to boot my macbook and all that i get is a flashing question mark in a folder. I've tried resetting the pram and installing from a c
-
i dont have the option to delete a contact or to edit anyone know's why?