Roles,Authorization,Authorization objects for APD

Similar Messages

• Authorization issue object for material type !

  Dear,
  All.
  In my client system there are 10 users now my client want to restrict the access of various transaction on material type level to each user.
  (example if there is user mm.agt the system should allow him access for only raw material type , in various transaction )
  Please help me.
  Regards.
  Hassan Naveed

  Hello Naveed,
  If you are talking about restriction of material types under MC.1 & MC.9 , M_IS_MTART (ROH - Raw materials) is the object where you can restrict material types.
  If this is not the case,please elaborate your question with more info.
  Rgds,
  Gadde.

• Need to build the security roles (actual technical roles) with HRCON object

  I need to build the security roles (actual technical roles) with HRCON objectfor date driven security.
  Please help me that how could i learn and what should be the approach.
  i.e. What is the requirement for learing to build the security roles (actual technical roles) with HRCON object for date driven security.

  Hi marco,
  It is related to Context solution and I need to implement HR Security in terms of context solution.
  So Could you please describe Following points:
  1. What is context solution
  2. How can i implement this context solution and HR Basic security as well
  3 What is the prerequiest to learn about HR security
  4. I am new for HR Security, SO what would be the approach to implement HR Security.
  Thanks

• Find object for roles & authorization.

  Hi Gurus,
  How can i find the perticular object in SU24?
  I need object for "RELEASE FLAG ICON" in IW31,IW32 T.code.
  Till the time I have co relate following 2 objects.
  I_BETRVORG   &  I_VORG_ORD  and I have maintained both object value as a blank in role.
  Still I am not able to control release activity thru that role.
  Please guide any thing wrong or missing.

  Hi Upesh,
  Start the transaction that you like. Just before pressing the key "Release", type "/h" in the transaction code field and press Enter. This will activate the debugger.
  Now press the "Release key" - the system will enter the debugger. Once there use the menu "Breakpoints -> Breakpoint at -> Breakpoint as statement" and enter the ABAP command "authority-check". Then browse through the execution of the program using the pushbutton F8 ("Continue"). The debugger will stop at all the objects being checked.
  If you don't have a literal (enclosed in apostrophes ') after the keyword OBJECT but a variable, double-click on this variable to see its value.
  Good luck!
  Raf

• Authorization objects for BP in CRM 2007

  Hi,
  right now i'm struggling with the standard authorizations for the BP in the WEB UI.
  We want to restrict access to BP by role.
  There is the standard object B_BUPA_RLT which worked before in SAP GUI.
  The object is still relevant but in our system just the general rights to the BP are controlled. The value roletype really doesnt change anything. E.g. I just enter roletype customer and change, but I then can change all roletypes.
  The new object CRM_BPROLE just controlls the assignment of roles.
  Thus it doesnt help.
  Thanks
  Andreas

  Hi Andreas,
     THE new role CRM_BPROLE also controls the change access to Business Partners. We have implemented it over at our client site. I  think one step that you might be missing is implementing the BADI. The authority check is deactivated by default. FOr that you have to implement the BADI through the following path
  >>Master Data - Business Partner - Accounts and Contacts- Business Add-Ins Implementation: Filtering of BP Roles by Authorization
  Reward points if it helps.
  Thanks,
  Anand
  Edited by: Anand on May 7, 2008 1:59 AM

• Mandatory Authorization object for the BO user

  Dear All
  I am facing some problem for the BO user.
  can you let me know what are mandatory Authorization object for BO user to run the dashboard without error.
  Fast reply appreciate.
  Thanks
  Haji

  Dear All
  i am working for Analysis Authorization.
  i included Analysis Authorisation object  to the user.
  S_RS_AUTH  BI Analysis Authorizations in Role.
  when i checked in the BW side its working fine.
  when i checked the user in the BO side.
  filter values are coming correct, but the values in the column are not showing.
  its throwing an error.
  kindly help me to solve this issue.
  Thanks
  Haji

• Authorization objects for  transaction, one to view, and one to maintain

  Hi all,
  My requrement is to create two authorization objects for  transaction, one to view, and one to maintain.
  I know how to create objetcs vai sm21, but i donot know how to crate objects with activity codes.
  Please suggest how to create object where i can asign activity codes.
  regards
  manish

  The Authorization Concept
  R/3 uses authorization objects to assign authorizations to users. An authorization object is a template for an authorization. For example, authorization object F_SKA1_BUK - G/L Account: Authorization for company codes requires the specification of two field values: Company Code and Activity. To allow a General Ledger supervisor to create a general ledger master record, he/she must be assigned an authorization to create (Activity 1) accounts for a specific company code (eg. Company Code 2000). Such an authorization is created using the object F_SKA1_BUK by assigning these field values and naming the authorization following an appropriate convention (eg. Z_SCC20001).
  Authorizations may be classified as general authorizations, organizational authorizations or functional authorizations. General authorizations specify the functions a user may perform. Authorization object F_SKA1_BUK has been assigned to the function for creating general ledger master records. The system checks for the useru2019s authorization to create general ledger accounts (Activity 1) in at least one company code. The system then checks whether the user is permitted to create accounts for the specified organizational unit (company code) and has the required functional authorizations. Authorizations in this case may restrict the user to certain Charts of Accounts. In addition, an authorization group may be defined in certain authorization objects to protect individual master records.
  Profiles relating to an organizational role (eg. General Ledger Supervisor) are defined consisting of a list of authorizations and other profiles. Such profiles are then assigned to users with that role and stored in their user master record along with other data (eg. password).
  Do check this link as well.
  http://articles.techrepublic.com.com/5100-10878_11-5110893.html

• Custom Authorization Object for HR

  Hi,
  As per our Company's internal needs I have created a Custom Authorization Object for HR named ZP_ORGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction & do a trace on it, the object ZP_ORGIN is never checked (for a user having this object in his/her User Master). Only P_ORGIN object is checked instead.
  I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell  which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked.
  Your help will be appreciated.
  Thanks,
  Mandeep Virk

  Hi,
  I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction  the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
  We've ran the report RPUACG00 also which is mentioned in this thread.
  We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
  I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked
  but still it is taking the P_ORGIN object.

• HR Authorization : Custom Authorization Object  for P_ORGIN

  Hi,
  I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
  We've ran the report RPUACG00 also which is mentioned in this thread.
  We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
  but still it is taking the P_ORGIN object

  Online Help
  <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/d9/64141c0774194593da29f3cb813f1b/frameset.htm">P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context)</a>

• Authorization object for 351 movement type

  Dear expert
  Please guide me
  How to restrict 351 movement type for created STO for self plant in self plant?
  for eg : there are 2 plant 1001, 2001.
  STO CREATED IN 1001 PLANT
  IN THIS  suppling plant : 2001 & Recieving plant : 1001
  Now, suppling plant has to do 351 movement type & Recieving plant has to do 101 movement type.
  Now my doubt is receving plant should not do 351 movement type.
  but it shows that my 1001 plant (receving plant) doing 351 MOVEMENT TYP.
  Logically it should not do this.
  So , How to restrict 351 movement type for created STO for self plant in self plant?
  Regards
  SANTOSH KADAM.

  M_MSEG_BMB
  M_MSEG_BWA
  M_MSEG_BWE
  M_MSEG_BWF
  M_MSEG_LGO
  M_MSEG_WMB
  M_MSEG_WWA
  M_MSEG_WWE
  M_MSEG_WWF
  if your 1001 plant never needs a 351 movement, then dont assign the 351 together with 1001 in these objects for roles that are used in 1001 plant.
  But if 1001 needs to perform as well a 351 to any other plant, then you cannot use authorization to restirct it.

• What is standard authorization object for  Personal development  P_PLOG

  Hi,
  Recently i got a object in HR and i dont have any experince in HR.Could you guide me how to asssign standard authorisation object for the personal development p_plog? how to see the infotypes and what is the header field in innfotypes?

  1-First of all the object is "PLOG"  for personal planning. There’s no object with  p_plog , most of time to maintain HR master we use object P_ORGIN.
  2- You want to assign authorization for certain infotypes?
  if yes, you have to go TR.PFCG  and assign the authorization to that specific role.
  Now you might have question , how you’ll will track down the roles against the authorization object .
  There’re several ways , you can go to Tr.SUIM and find reports by user , roles etc.
  You can also go SE16-> give table AGR_1251, give object and you can see the values in table.
  After finding the suitable roles you can go to PFCG and assign the values to the roles.
  As a good practice its better to create your OWN role Z:hrXXXX and assign it to users.
  Hope this’ll give you idea!!
  <b>P.S award the points.</b>
  Good luck
  Thanks
  Saquib Khan
  "Knowledge comes but wisdom lingers!!"

• Authorization Object for data downloading from application server

  Hi friends ,
     My program downloads and uploads data from the application server .
  My requirement is  ,
  Authorization checks should be performed on the Server directories to ensure that the user has access to read and write to the directory. It should check the s_dataset authorisation object for this.. If a user does not have the s_dataset authorisation object no upload or download should be allowed.
  Can you please tell me how to deal with this ? how do we check the above condition ??
  Many thanks ,
  Hemant

  hi,
  This is not a single step process.
  First of all you have to create a field for authorization for server directories from su20 and then create authorization object from su21.then define a role from pfcg with this authorization object and assign this role to user profile from su01 with values defined.
  Then you have to call this authorization object in your program at selection screen.

• Authorization Object for Material Type

  Hi All,
  Is it possible to restrict the user from creating the material master based on Material Type. If yes then what is the authorization object for the same.
  Regards
  Mahendra

  Dear Mahendra,
  You can definitely restrict a end-user to only particular Material Type thru Authorizations.
  Authorization Object: M_MATE_MAR
  This can be done thru authorization management. Consult your Basis person or follow this:
  SU01 - Enter the user Id & select display button. Now click on the Roles Tab & note down the role assigned to this user Id.
  Go to T-Code - PFCG - enter the Role name & select the change icon.
  Click on the Authorizations tab page. & then Click on Change Authorization Data.
  Now expand the menu tree of Materials Management: Master Data & further expand the menu tree of Material Master: Material Types. Now click on the change icon next to Authorization Group & select the required Material Type that you want to authorize the end-user.
  This is how you can give authorizations only for a particular Material Type. 
  Hope this helps.. .
  Give point if useful...
  Thanks,
  Jignesh Mehta
  Mumbai

• Authorization object for "add approver" in contracts

  Hello, Experts,
    I am looking for authorization object for adding approver in contracts.
  But without adding authorization for changing contracts.
    Regards,
      Rami Kleiman - HP

  1. you can try to restrict  the authorization object ( Manager Role-- /SAPSRM/MANAGER) for contracts to display ( remove the change).
  2. you can also change the personalization object key "BBP_WFL_SECURITY" to None ( but i, think this will affect all the objects like shopping carts purchase orders etc..)
  Thanks
  velu

• Authorization object for vL02N

  Hi,
  I need the Authorization object for the VL02N.
  My requirement is i need to give authorization for doing PGI in VL02N screen,but the user can only generate the VL02N(no change or modification). How can i control this?
  pls advice

  Hi,
  The authorisation object is:V_LIKP_VST
  First Goto T.Code:SUIM
  Check the role used for this T.Code:VL02N.I identified the role as "SAP_LE_GOODS_ISSUE_DELIVERY".
  Next goto T.Code:PFCG.
  Enter this role here.Click on Display.
  Goto Authorisations tab.
  Click on Display Authorisation data.
  Goto Utilities-->Technical names on(if it is available else leave it).
  Regrads,
  Krishna.