Role Maintenance - Automatically generated names for authorization objects

Similar Messages

• Table Name - For Authorization objects and fields.

  Hi
  Could any  one let me Know In which Table Authorization Objects and Authorization fields are stored.
  Thanks N Regards.
  Priya

  hi,
  TOBJ ---> Authorisation Objects
  Refer to the link.
  http://saptechnicalinfo.blogspot.com/2008/07/sap-authorization-objects-tables.html
  Regards
  Sumit Agarwal

• Package name for all objects

  Gurus
  Any easy way to know package name for all objects.
  Thankyou Gurus

  Hi,
  double click on the object-then select extras menuthen select write transport request--
  it will show the package of present.
  hope this help you
  regards
  harikrishna N

• How to find Object name for a object?

  Hi Experts,
  How to find Object name for a particular Object? Is there a Tcode for it?
  __Like Object name for__
  Material number -  materialnr
  Goods receipts / return - matbeleg
  Accounting documents -  rf_beleg
  How to find Object name for other Objects? Is there a particular way?
  Thanks & Regards
  Chandan

  Hi,
  You can find objects in SNRO transaction.
  In SNRO search by giving long text...
  for eg., Service .. for service entry sheet. keep the first letter in capital letter only.
  Thanks & Regards,
  Anand.

• Name for list object:  ALVXXL01

  Dear Gurus
  I have query regarding expoert the data to spreadsheet , when i am doing the job system is asking below details , once i have provided that , file is not down loading, Please help me.
  first i am getting below message
  Filter criteria, sorting, totals and
  not taken into account
  Later system asking the below details
  Name for list object:  ALVXXL01
  Title for SAPoffice:
  Regards
  Srinivas

  Check:SAP EXCEL is not opening
                    End users not able to export a report to a spreadsheet
  SAP note 1080608
  Have a discussion with your BASIS team
  Regards
  Indranil

• Syntax error for automatic generated class for object MAS_AUTH_CUST

  Hi,
  I am configuring the mobile sales scenario. I encountered a weird problem. Basically the automatically generated class  ZDOECL_013_00H_MWSR can not be activated. If you activate it manually it will give you the below error. Looks like the entity structure is too big. So the generated code has a very big loop which causes the dump. I found the issue when try to run the function module CRM_AUTH_CUST_INSERTCDS as suggested in the configuration guide.
  I have tried to regenerate the object. But it still give me the same error.
  Internal error occured during runtime generation of Class ZDOECL_013_00H_MWSR (Dump ID: GEN_BRANCHOFFSET_LIMIT_REACHED)
  Message no. OO053
  Diagnosis
  An internal error occurred when the system tried to generate the runtime objects of the class. A dump has been created with the given dump ID. It can be analyzed using transaction ST22.
  Our Netweaver version as below. It should contain already the latest patch etc.
  SAP_ABA     711     0006     SAPKA71106
  SAP_BASIS     711     0006     SAPKB71106
  PI_BASIS     711     0006     SAPK-71106INPIBASIS
  ST-PI     2008_1_710     0004     SAPKITLRE4
  SAP_BW     711     0006     SAPKW71106
  CRMSPGWY     110     0004     SAPK-11004INCRMSPGWY
  CRM version.
  SAP_ABA     702     0006     SAPKA70206
  SAP_BASIS     702     0006     SAPKB70206
  PI_BASIS     702     0006     SAPK-70206INPIBASIS
  ST-PI     2008_1_700     0002     SAPKITLRD2
  SAP_BS_FND     702     0004     SAPK-70204INSAPBSFND
  SAP_BW     702     0006     SAPKW70206
  LCAPPS     2005_700     0009     SAPKIBHD09
  SAP_AP     700     0022     SAPKNA7022
  WEBCUIF     701     0003     SAPK-70103INWEBCUIF
  BBPCRM     701     0003     SAPKU70103
  WFMCORE     200     0016     SAPK-20016INWFMCORE
  VIRSANH     530_700     0011     SAPK-53311INVIRSANH
  Any advice is appreciated.
  Thanks
  Hansen Chen

  Hi,
  Gateway1.1 to SAP Netweaver mobile is not supported with EHP1 of SAP Netweaver Mobile 7.10.
  Please  check the release information note: 1539681
  So, i suggest you to install SAP Netweaver Mobile 7.10 with Gateway addon.
  Regards,
  Siva.

• Missing authorizations for authorization object UIU_COMP

  I have generated the pfcg role for a business role using report CRMD_UI_ROLE_PREPARE and assigned the pfcg role to a user.
  The user is apparently able to perform navigation as required. However, when a ST01 trace is run for the user, there are few missing authorizations for UIU_COMP. Could anyone please explain the reason for this? No changes have been made to object UIU_COMP  i.e. only values generated by the report is present there. Should the missing authorizations be added manually to the role?

  I would recomend that you define for component UIU_COMP in your pfcg role full access (all set to *), because this authorization object is used for access to web ui components. Even thou if you define this object to full access users will still see just components defined in business role.
  Regards.

• Prompt for Authorization Object

  Dear Experts,
  I would like to have control on certain authorization objects which are common among the roles while creating them.
  Is it possible that while maintaining or creating a role, if by mistake the administrator does not block the object OR add an entry which we do not authorize, the system should alert the administrator as a popup or alert message?
  I am aware about the report "RSUSR008_009_NEW" for maintaing critical authorizations, however, running a report and giving a prompt are two different things.
  Any possibility of an alert?
  Thanks and Regards,

  Hi J K
  I take the following approach with SU24:
  Complete Proposal - completely maintain an authorisation proposal when that values applies for any situation in PFCG role build. E.g. transaction FB03 for object F_BKPF_BUK has fields ACTVT and BUKRS. You can allow the value as ACTVT = 03 and BURKS = $BUKRS (org value) or each scenario
  Partial Proposal - only maintain some of the fields where it will be consistent. E.g transaction OB52 for posting periods and S_TABU_DIS with field ACTVT and DIBERCLS. You leave ACTVT blank as sometimes you want change whilst DIBERCLS for auth group is static so you can enter a value there
  Empty Proposal - leave the proposal values completely blank as the requirement will depend on the scenario. E.g transaction SM30 you might leave S_TABU_DIS empty as it will depend on the role for both fields.
  If you take this approach, you minimise the need for deactivating object, copying/changing and manual objects in PFCG. You maximise role authorisation under status of Standard or Maintained.
  Now if we set the proposals in su24, it will be applicable for other new roles as well for which we DO want the proposals to exist.
  Yes if you change SU24 you should clean up all impacted roles but before you build roles you should review
  At the end of the day your need to have competent security administrators who know what a display activity is and have attention to detail/meticulous enough to build the role with appropriate restrictions (i.e. do not put change access in a display role).
  How can we avoid the "new authorizaiton objects" to be added to this display role.
  To avoid this you are trying to avoid using SU24 integration. If you are tying to build a SAP display all role then you might as well copy SAP_ALL and go through and deactivate/remove any display access from the role. In this case you would not use the role menu.
  Not all solutions are technical. It's why you need to have a clearly defined process that is adhered to.
  My trick of display roles - I got the AGR_1251 role and look at the entire contents of the role and scan this list of objects and what's in the role. However, I do this as I know the objects relatively well and can identify the specific objects that are change/display  but do not use ACTVT field (e.g. PLOG/P_ORGIN/P_PERNR)
  Wonder why SAP prompts warning and errors messages doing a business/financial transaction and not security.
  Exactly what would you want the system to prompt? How would SAP know what a display role is?
  We noted that every time we add a t-code, the authorization object added is marked as "new" in the list. we jsut disable those and generate it
  If you take this approach you cannot guarantee the transaction code will work. The user may need the underlying values and that is why SU24 has them marked as proposal.
  My summary - defined your process to include a quality check after building a role and hire security administrators who know more than how to tick and click buttons in PFCG (i.e. they understand security objects and why some are sensitive).
  Regards
  Colleen

• Table for authorization objects

  Hi All,
  What is the table where all authorizations for a user for a particular authorization object is maintained?
  Thanks,
  Neelima.

  hi friend
  usr04 -User master authorizations alone
  usr07 - it will display all the authorisation object field name.
  if its helpful reward for the same
  regards
  vijay

• Check for Authorization object

  Hi All,
  I have a report which will authorize the person running the report.
  I have been given a requirement which is to not accept some users and accept some users.
  Now I know this is possible with authorization object but as I never worked with it so I exactly kind of getting in confusion as to how to go about it.
  Could some one let me know how to go about it. I have few questions.
  1. what is the exact use of authorization object.
  2. I can build in the logic but what all should one start with before going for before implementing authorization object for the report.
  3. I know there is some basis work involved in this but what is that ?
  Thanks,
  Mahen

  Hi,
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  Reward points if useful
  Regards
  Anji

• Change documnet name for BOR object DEVICE.

  Hi expert,
                      Could You please tell me Change document object name of BOR object DEVICE for creating new entries in SWEC transaction.

  It does not look like there is one. How to find out?
  1- Find the actual table of the BOR object
  2- Go to transaction SWED to find out if this table is linked to a change document object

• Generating names for instanses of classes dynamically pls help????

  Hi this is what i am trying to do. I have two classes. 1)DragDrop and 2) Create. In the create class I want to declare an instance of DragDrop and call a method from the DragDrop class. The method i want to call is to draw an object to the screen. So if i wanted to draw one object the call would be:
  DragDrop d = d.add(object)
  I do not know how many objects need to be drawn till runtime, and I also need to be able to know the variable name assigned to the instance of the class, so for 100 objects i will need to know 100 variable names, this is so that each object can be manipulated and i need the variable name to do this. What i want to know is how can i assign different variable names depending on the number of objects that need to be drawn, i have considered using hashmaps but still don't see how it would be possible, any help would be much appreciated. Thanks.

  It's not possible. A Map is the closest you can get.

• Translate Object class (for authorization objects)

  I wonder where I can translate the objects class (SU21 - auth objects). I manages to find where I can translate the authorization objects in SE63.
  What what is the object type for the objects class in order to translate it.

  SAP itself told me there is no way to do so. They recommend to directly edit the corresponding text table.

• Field Validation for Authorization Object field on selection screen

  Hi Experts,
  We have included a new field u2018Authorization Objectu2019 in the selection screen which should be reflected in the field Authorization Object of the spool property. Please let us know how we can provide F4 help for this field and also validate it in the code.
  The data element "RSPOAUTH" is used for the field on selection screen parameter. However, as there is no value table attached to the domain, we are unable to provide any F4 help and hence cannot validate the field in the code.
  Looking forward for your valuable reply.
  Thanks in advance.
  --Warm Regards,
    Prajakta Kanitkar.

  Hi Prajakta,
     You can refer the following code for getting F4 help.
  TYPES: BEGIN OF stru_btc,
           zesgbtc TYPE zhr_del_btc,
         END OF stru_btc.
  DATA: it_btc TYPE STANDARD TABLE OF stru_btc
  SELECT-OPTIONS: s_zzbtc FOR pa0001-zzbtc NO INTERVALS.
  AT SELECTION-SCREEN ON VALUE-REQUEST FOR s_zzbtc-low.
    SELECT * FROM zbtc INTO CORRESPONDING FIELDS OF TABLE it_btc.
    CALL FUNCTION 'F4IF_INT_TABLE_VALUE_REQUEST'
      EXPORTING
        retfield        = 'BTC'
        dynpprog        = sy-repid
        dynpnr          = sy-dynnr
        dynprofield     = 'S_ZZBTC'
        value_org       = 'S'
      TABLES
        value_tab       = it_btc
      EXCEPTIONS
        parameter_error = 1
        no_values_found = 2
        OTHERS          = 3.
    IF sy-subrc <> 0.
  MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
          WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
  Hope this will help you.
  Thanks & Regards.
  Aniruddha

• Form name for WCM Objects

  Pl suggest which print forms I should select in IDES client for WCM Objects while configuration for Enhanced WCM Model?
  Thanks
  Lucky

  I have got the form names using SE71 with language as English and used the same form to copy from 000 client to IDES client for scenario execution.