Roles and transaction authorizations for XI developer

Similar Messages

• Authorisation roles and transaction codes for users(MTO--PPmodule)

  Hi !!!
  GURUS !!!!!!!!
  I am working here on live project for  make to order scenario.
  We are using only batch management.
  Could you give me transaction codes for users for authorisation roles.
  All codes from start to end scenario.
  Regards,
  Nitin

  Dear,
  You have to do the JRM - Job role mapping. The list of transactions cannot be decided commonly across all implementations, as per your Business process definition you have to list the transactions invovlved and which business roles are required for that.
  One example: PP_Planner is a Role, this is applicable for the planning person, he will be given transactions related to SOP, DM and MRP, he will not be given transactions related to SFC. Its vice versa for a operations person.
  Thanks & Regards,
  Vijaya Bhaskar A

• Transport roles and analysis authorization with user assigned

  Hi expert,
  I face with this problem transport roles and analysis authorization with user assigned. When I have created a transport request to move the roles and analysis authorization from development system to test system. I couldnu2019t maintain the user assigned, after transport I have to assigned manually all of user or create a program to fill AGR_USER table or there are other way.
  Thanks for your time,
  Luis

  Hi,
  In role administration, you have the following options for transporting roles:
  You can download the roles from one system and upload them into another  
  You can import the role from a remote system using RFC  
  You can transport the roles with the transport function.
  Role upload loads all role data, including authorization data from a file into the SAP system. The user assignments for the role and the generated profiles for the role are exceptions in this case.
  Transporting Roles with the Role Transport Function
         1.      Start the role administration function by choosing Tools ® Administration ® User Maintenance ® Role Administration ® Roles (transaction PFCG).
         2.      Enter the role to be transported and choose Transport Role.
  The Mass Transport of Roles screen appears. You can control the default settings for the options Also transport single roles for composite roles and Also transport generated profiles for roles using Customizing switches (see Role Administration Functions in the section Functions of the Utilities Menu).
  You should not change the authorizations profiles of the role after you have included the role in a transport request. If you need to change the profiles or generate them for the first time, transport the entire role again afterwards.
  For more information go thrpugh the below link
  http://help.sap.com/saphelp_nw70/helpdata/EN/6d/7c8cfd410ea040aadf92e1f78107a4/content.htm
  Regards,
  Marasa.

• Report to view all the Roles and Transactions assinged to a particular user

  Hi,
  I need to develop a report to view all the Roles and Transactions assinged to a particular user along with the Authorization values. So, if provide the Username, the report should be able to give Roles, Transaction Codes and the fields and thier authorization values for that TCodes..
  Regards,
  Sreenivas Raju

  Try this FM once - SUSR_USERS_LIST_ALV . It provides a list with Roles, Profiles, and also a detail button to check the authorization values etc.
  Also try this FM - SUSR_USER_DISPLAY_WITH_AUTHS, SUSR_USER_AUTH_FOR_OBJ_GET , SUSR_USER_DISPLAY_WITH_S_TCODE

• Auth Group for Accounting Doc and Account authorization for  Vendors

  Hi guys,
  I have question regarding Accounting Doc for Vendor and G/l Account.  I have a security client whree I build my business roles for end user but we we configuration client where all the functional focus wokring and doing configuration.  My questiion when I start creating business roles  and start going  into these authorization objects and filling up the field values (F_BKPF_BEK, F_BKPF_BES,  F_BKPF_BLA).
  I won't  see auth group that will be c reated by functional  cocus because they are working on configuration Client and they probably create auth group for above authorization objects in Config lcient and I'm building Roles in my security client. 
  If it is true what would be the best way to create business role.  I'm in realization face of the project  Should I build my roles in Config client?   Please advise.
  Thanks in advance
  Faisal

  What is the benefit of a "security client" in DEV? I don't get it...
  You anyway need to protect the namespace... and the authorizations for role development (SU24) and admin (PFCG).
  Anyway, you have closed your question so we can only lick our wounds now
  Cheers and good luck on your project (let is know how it goes if you stick around for long enough to experience a release upgrade...
  Julius

• Roles and their authorization profiles time period

  Can roles and their authorization profiles be assigned to a user for a limited time period?
  please reply
  Thanks
  Edited by: tracey_hrecc6.0 on Nov 1, 2010 5:24 PM

  Hi,
  It is possible.
  Read below links for more details
  http://help.sap.com/saphelp_mic10/helpdata/en/69/1810a4c51144dc833353183155ec88/content.htm
  http://www.sap-img.com/basis/frequently-asked-questions-on-authorization.htm
  http://help.sap.com/saphelp_wp/helpdata/en/cd/cc5664d22a11d296110000e82de14a/content.htm
  Regards
  S.Ravi
  Edited by: S.Ravi-at-SAP on Nov 25, 2010 5:36 AM

• Roles and Responsibilities of an ABAP developer in Blueprint Phase

  Hi All ,
  I am about to get into HR implementation project Where its in the blueprint phase , I just want to know what are the roles and responsibilities of an ABAP Developer in this phase ? Is there something to be done on the functional part .

  Hi Hope you helpful this followings
  Getting the business Requirement document from functional consultant / functional analyst.
  Analyse the business Requirement.
  Analyse the estimated time for development.
  Development of Object (ABAP Application).
  Unit Testing by Developer.
  Releasing the object to testing environment.
  Prepare technical document of the development.

• Configure security-role and method permission for EJB 3.0 using Jdev 11g

  The EJB 3.0 session bean created by Jdev 11g EJB wizard does not have ejb-jar.xml. Where and how can security-role and method permission for the EJB be configured?
  For example,
  <assembly-descriptor>
  <security-role>
  <role-name>managers</role-name>
  </security-role>
  <method-permission>
  <role-name>managers</role-name>
  <method>
  <ejb-name>Employees</ejb-name>
  <method-name>setSalary</method-name>
  <method-params>
  <method-param>java.lang.Long</method-param>
  </method-params>
  </method>
  </method-permission>
  </assembly-descriptor>

  user516954,
  By default annotations are used. However, you can create a new descriptor and that will take presidence over any declared annotation.
  --Ric                                                                                                                                                                                                                                                                                                                               

• Role and Analysis Authorizations in BI

  Hello allo,
  Since analysis authorizations contains carateritics like infocube, queries, activities., is using role and the PFCG transaction (authorizations object)in BI obsolete ? i.e is Analysis authorizations completely replacing Authorization objects (and PFCG) in BI ?
  thanks !!

  Hatem,
  You have an option to use the old method however it's recommend to use analysis authorizations going forward.
  Take a look at the sap wiki for analysis auth for more info or search the site for other good info.
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/bi/authorizationinSAPNWBI&
  Cheers,
  Ben

• BW authorizations for standard development

  For a training workshop, I need to define some authorizations for the trainees. They shouldn't be allowed to do whatever they want on the BW and R/3 systems. So I can't give them the SAP_ALL profile!
  On the source system, the users would be allowed to do something like the following:
  - Activate DataSources as <u>local</u> objects (in the package $TMP or in test packages T*);
  - Edit the DataSource's active version;
  - Edit the function EXIT for the LO DataSources (can the EXIT be a <u>local</u> object?)
  On the BW side:
  - Replicate the DataSources;
  - Create DataSources for the FILE source system;
  - Create export DataSources for the <i>myself</i> source system;
  - Develop data models and flows;
  - Start InfoPackages;
  - Develop and run BEx queries.
  All these BW objects would be <u>local</u> (yes, this is the default behaviour in BW -- but how can I be absolutely sure a user is prevented altogether from putting an object in a productive package by mistake?)
  I'm not a security expert.. Can you give me some good advice and send me some links to useful docs on this topic?
  Thanks, <a href="https://wiki.sdn.sap.com/wiki/display/profile/Davide+Cavallari">Davide</a>

  Hello David,
  using BI Authorizations in BW and then adding data level security in the Universe on top of that will only lead to situations like you have now.
  Data Level security goes into BW alone or into the Universe alone, mixing both will lead to issues and remember that the Universe has far less capabilities in this area.
  0BI_ALL is only related to data level security, so the fact that you see the request for 0BI_ALL in the trace clearly shows that your defined data level security entries contradict each other somehow and that BW then requires 0BI_ALL for the user to give the data that was requested.
  like I said above, not a good idea to mix those data level security concepts. all data level security should be in BW already.
  Also - why even use the Universe inbetween ?
  regards
  Ingo Hilgefort, SAP

• CRM Architecture: relations between business roles and transaction

  Hello Experts!
  I am dwelling on the topic of the relations between Business Roles, Transactions, Transaction Types etc. Do you know if there is any architectual diagram to make clear how these objects are related, and how they depend on each other?
  Thank you for help!
  Karolina

  Hi Javier,
  As far as I understand you want to restrict transaction types per business role.
  You can achieve this by customizing. You can create a transaction profile in customizing for each business role and assign the transaction types you have created to this transaction profile.You can find this customizing activity in spro transaction.
  Then you can assign transaction profile you have created to your business roile by assigning function profile 'transaction profile' to the business role in crmc_ui_profile tcode.
  In this way when you login with the business role the transactions you have maintained in transaction profile will only be shown up in the pop up.
  I hope this helps yiour requirement. Let me know if you require any further information. Thanks.
  Regards
  Yogesh

• Master Data and Transaction Data For DB Connect extracted Data...

  Dear Experts,
  I have been working on SAP NetWeaver BW 7.3 and for the first time I have extracted data from Oracle DBMS by using DB Connect. I have successfully extracted data of a View namely Sales_View into BW by creating a DataSource. This View has about 100 fields and I have been told that this view consists of Master Data and Transaction Data too. For my further reporting needs say building a Dashboard or InfoSpace I have to design a DSO and InfoCube for this DataSource. I'm bit confused about the Master Data and Transaction Data of this DataSource.
  1. Should I create all custom InfoObject against all fields of DataSource for DSO and InfoCube design?
  2. Do I need to create and load the Master Data for all InfoObjects or I need to create or load the Master Data for only those InfoOjects which will be   
       used for drill down or reporting in Dashboard or InfoSpace?
  3. Do I need to load the Master Data manually by creating Flat Files and using these files for Master Data loading for required objects?
  4. How should I approach the designing of DSO and InfoCube?
  I will appreciate your inputs in this matter.
  Many thanks!
  Tariq Ashraf

  Thanks!

• E71 Feedback and Wish list for future development

  Hi Nokia and Nokia Fans.
  E71 is a masterpiece but I believe there's much room for improvement. My E71 is indispensable to me. I wish Nokia will strive to thrive the E series and in particular the E71.
  Here's my wish list / features to add:
  1. A Task Manager for Symbian that's Nokia naively developed is absolutely essential as it's required to manage all aspects of applications, processes and threads, especially the misbehaving ones.
  2. Use better GPS Chipset with better sensitivity as the current one is really slackly.
  3. High-Speed WiFi connection to access and manage the phone including the mass storage instead of fiddling with wires.
  4. Secure zone for creating password-protected notes/memos/etc, previously called "wallet".
  5. Add SMS "Listen" feature for sent messages.
  6. Add "Timed" Profiles.
  My feedback / Issues to fix:
  1. "Memory card in use" Error. Despite proper removal of USB connection when using PC Suite or Mass Storage data transfer.
  2. Configure to display "Firstname Lastname" format .
  3. Configure Date display to American format (Wednesday December 03 2008).
  4. Save current "configurations and user preferences" for future deployment after firmware upgrade or maintenance routine.
  5. When receiving a Bluetooth message with (.sis or .sisx) attachment, provide save to memory card option rather than launching installtion process.
  6. Setting up "WPA2 Only" mode on WLAN Security Settings for a particular Access Point will not allow communication despite the access point router/gateway is configured to work on this particular mode.
  7. Camera is another isssue. Fix color fidelity and picture clarity issues.
  Thanks
  .......To be revised as needed.

  Nice wishlist, willing to front up the extra cash to have these features? Got to remember that until these feature become more common they will stay as premium items and that you need to pay the extra money or move to a higher priced plan for them. Getting something like device locks would be great though but then what would device locks do for a customer base? and they do have the data encryption built in....
  I would like to see a 16:9 aspect ratio in the next version of the phone myself. A holster pouch w/ belt clip rather than looking for and buying an ill fitting pouch cos I really don't like the pouch it comes with and cant find a nice one. The ability to have more than just the plain 6 applications on the screen, it used to scroll if I remember correctly in the older ones. The ability to skip music tracks when pressing volume up or down. 3.5mm audio jack. Time and date or at least time shown on the top strip of the display when going through the menu (there are a number of time I want to know the time and have to program juggle to find out what it is. More symbols on the other keys rather than just on the right hand side, I do have 2 thumbs available to use and fairly dexterous with either hand.
  Less "download - **bleep**" in the web menu it takes me to a link with useless stuff on it.....
  That GPS chip needs to be replaced, it has me walking down the road or in my neighbours house when I'm just lying in my lounge.
  This wish is for all Nokia Symbian devices, I would love to see a Nokia App store. I'm sure it'll come around once they get the symbian foundation off the ground but i'm impatient and a lil lazy and haven't always got the time to find an application for something I have thought up. Blackberry and Apple have got something of a centralised store up and running, C'mon Nokia! Get a move on!
  Nokia E71-1 (254.03)
  110.07.127
  RM-346

• Use roles and/or cos for delegated administration?

  I am using iDS 5.1 SP1. I want managers of departments to be able to modify certain attributes of people in their department. I am aware of the userdnattr aci keyword but I read in the 5.1 admin manual that it is being deprecated.
  Here is our current set up. We have an ou=people and an ou=departments. People are in ou=people and their entries have an attribute that denotes their department membership by a department code. The departments are in ou=departments with an entry for each department listing basic information like name, address, telephone, and the department code. They could contain other attributes like mamanger to make a roles and/or cos mechanism for delegated admin work. So fee free to suggest anything. The departments are there merely for lookup purposes now and are not connected to the people entries.
  The main issue I cannot grasp is how to easily enable managers to modify entries in their respective departments. I could add managers to the department entries and based on the department code in the department entry somehow match that to a department code in a people entry? I am thinking there is a cool way to do this with roles and/or cos, but can't figure out how and what aci to create.
  Also if there is an easy way to do this with groups let me know.

  I am using iDS 5.1 SP1. I want managers of
  departments to be able to modify certain attributes
  of people in their department. I am aware of the
  userdnattr aci keyword but I read in the 5.1 admin
  manual that it is being deprecated.The new "userattr" ACI keyword should be used instead. It does everything that userdnattr did and much more.

• Role and Analysis Authorization Transport

  Dear Experts,
  I'm working with migration authorization project from 3.5 to 7.0. My doubt is when migrate in development enviroment enhancement each whith join S_RS_AUTH with Analysis Authorization which the role doesn't have any users assigning and transport to test enviroment where have a same role with user assigning. Do lose the user assign?
  Thank for all,
  Luis

  Hi,
  I think it will orverwrite the Role. If you want to lock the target system against import of user assignments, you can goto sm30 (Table - PRGN_CUST). Make an entry - USER_REL_IMPORT (value - NO).
  Thanks