Sales Partner Functions - Restricted access for assigned partners

Similar Messages

• Restricting  Access for SQ01 User Group

  Hi ,
  Please let me how to Restrict  Access for a   User Group  to only some of  the specific users?
  Thank you
  Edited by: Vibhor Arora on Apr 12, 2010 7:29 AM

  Hi,
  Can you please clarify what exactly you want to know, your request can be interpreted in a few different ways.
  If you are concerned that people have access to all user groups, then you need to remove access to S_QUERY activity 02 and I think activity 23.  They will lose access to all user groups that they are not assigned to via SQ03.

• Restrict access for Vendor Master Data

  Hi all.
  Our company structure is like below:
  Single instance, just one mandant.
  Company codes like 1001, 3001, 6002, 6006, etc... over the world.
  At some companies just the central administration can create vendor for the companies using the transaction XK01.
  Now we need to give access to users from one of our company from other country but we can´t give access to transaction XK01 because just the central administration can create the master data for the vendors.
  I already read about the object F_LFA1_AEN that is possible to create some field groups and give access just for the rigth groups. I also read that this authorization groups don´t have effect on the vendor master data like address.
  How can I restrict access for the vendor master data? I´m thinking to give access to transaction FK01 and MK01 and restrict access for create a new vendor, I only want that the users can create the data for a new company or new purchase organization.
  Thank you
  Darlei Friedel

  among many other authorization objects, you find following three:
  F_LFA1_GEN general data
  F_LFA1_BUK company code data
  M_LFM1_EKO purchasing org data.
  If the user does not have authorization for F_LFA1_GEN , then he cannot maintain general data.

• Restrict Access for Asset with Ubuntu

  Hello guys,
  now i have a problem for you and i hope, that you could help me.
  The ArtBox have some problems on my ubuntu system. The error message shows me "Restrict Access for Asset".
  Can somebody give me some tips, how the error could be recognize or how i can fix it?
  Thanks for the help.

  Hi,
  After you finish installing Artbox , you must now make sure that samba is setup correctly. I just plan to try ArtBox and ubuntu using virtualbox, hope it can work fine.

• Restricting access for servlet

  Hi,
  I've two servlet urls:
  http://mymachine/servlet/f60servlet?config=One
  and
  http://mymachine/servlet/f60servlet?config=Two
  I want One to be open for internet and Two only open for intranet. With:
  <Location /servlet >
  order deny,allow
  deny from all
  allow from mynetwork
  </Location>
  in jserv.conf I can restrict access to my intranet but this restriction is applyied to both my applications.
  How can I restrict access for Two but not for One?
  I use iAS 1.0.2.2 on a Sun Solaris 8 machine and Forms6i patch 10.
  kind regards,
  Ivan

  Hi,
  I did open a tar with Oracle and the problem is solved by
  1) creating an alias for /servlet/f60servlet in zone.properties:
  servlet.f60listener.code=oracle.forms.servlet.ListenerServlet
  servlet.f60servlet.code=oracle.forms.servlet.FormsServlet
  servlet.f60servlet.initArgs=configFileName=/u01/app/oracle/product/8.0.6/forms60/server/formsweb.cfg
  servlet.f60listener1.code=oracle.forms.servlet.ListenerServlet
  servlet.f60servlet1.code=oracle.forms.servlet.FormsServlet
  servlet.f60servlet1.initArgs=configFileName=/u01/app/oracle/product/8.0.6/forms60/server/formsweb_internet.cfg
  In formsweb_internet.cfg is only the web-form app defined that should be open for internet
  2) in jserv.conf :
  <Location /servlet/f60servlet>
  order deny,allow
  deny from all
  allow from <mynetwork>
  </Location>
  <Location /servlet/f60servlet1>
  order deny,allow
  deny from all
  allow from all
  </Location>
  See also Doc ID: 180741.996 on metalink.
  Hi,
  I've two servlet urls:
  http://mymachine/servlet/f60servlet?config=One
  and
  http://mymachine/servlet/f60servlet?config=Two
  I want One to be open for internet and Two only open
  for intranet. With:
  <Location /servlet >
  order deny,allow
  deny from all
  allow from mynetwork
  </Location>
  in jserv.conf I can restrict access to my intranet
  but this restriction is applyied to both my
  applications.
  How can I restrict access for Two but not for One?
  I use iAS 1.0.2.2 on a Sun Solaris 8 machine and
  Forms6i patch 10.
  kind regards,
  Ivan

• Using specifc partner function as access field for pricing

  Hi all,
  i am planning to add a specific partner function as an access field in combination with the material with which i will maintain the condition record & i want this condition record to be fetched for my respective condition type.
  i did the following, i still dont get the value.
  copied the new field in the KOMK table (structure & activated it),  assigned it to the relevant access sequence & hence to the condition type, i still dont get the condition record value ( condition record is a valid one too).
  what am i missing here?

  Hello,
  Go to Sales Order - Item Detals - Condition Tab & Click on "Analysis". Here check the Accesses & whether system has found the Condition Record.
  Also, as mentioned by Ankur above, most probably the new Partner Function or either of the Accesses will not be prosent in Sales Order.
  Hope this helps,
  Thanks,
  Jignesh Mehta

• Partner Function Restriction for Export Licnese in GTS

  Hi GTS Guru,
  We are setting a export license with license type IVLP, in order to restrict the forwarding agent, we check "Partner function" in the "Objects to be check" in the definition of licnese type.
  And we also setup the appropriate partner group:
  10 WE   ship-to party
  20 AG    sold-to party
  30 CR    forwarding agent
  In the license, we also setup appropriate partners in the "partner" tab of the license.
  Then we go back to ECC.
  1. create a STO -> Add the forwarding agen partner;
  2. create the delivery -> it seems the forwarding agent partner was not copied from teh STO; then we add the appropriate forwarding agent in the header of the delivery;
  3. Run "/SAPSLL/MENU_LEGALR3" to transfer the outbound delivery from ECC to GTS.
  4. But it was blocked at the license check
  The detail error information is " Partner Function CR does not exist in the document"
  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  You can download a file include all screen snapshot for the whole progress.
  http://rapidshare.com/files/229733335/Log_For_SAP_Support.doc.html
  Thanks for your help...

  Hi Rajesh,
  1. I can't subsequent to create the transfer order for the delivery -> the issue log is " SAP GTS: Legal control: item () will not adopted", that might becasue the delivery was blocked by export license.
  2. I can see all 3 partner in the customs documents:
      The detail is as following:
     Sold-To Party for Export     4804     CN     320093                 -> partner function: AG
     Fwd. Agent (Export and Import)     33997     US     EXDO   -> partner function: SP
     Ship-to Party for Export     4804     CN     320093                 -> partner function: WE
  The root cause for this issue might be the partner function for 33997 is not CR, which is SP in this case.
  Then I go to check the partner function definition in GTS, the description for SP is sold-to party.
  Could you let me know what's the descript of SP in your standard system?
  The next step I am going to test is:
  1. Change the partner group, remove CR, and add SP.
  2. Update the export license: change CR to SP for 33997.
  3. I also need to change the assignment of partner function from Feeder System;
  4. Re-do the delivery transfer again.
  Please help and advice if it is the root casue for this issue.
  Thanks for your help.
  Edited by: Rick Guan on May 7, 2009 4:56 PM

• FERC Code of Conduct - Restricting access for employees

  hello - I am project lead for an effort to separate market and transmission data from certain employees in our company. I'm finding this to be a monumental task, since we have a large SAP implementation. FI/CO, MM, HR (postion-based security), Customer (IS-U-CCS), PM, PS, xRPM. We have implemented SOD for SOx compliance, but this is an entirely different effort. Unlike SOx, we need to totally restrict transactions that could contain non-public market and transmission data, so we need to separate the data behind the transactions. Does anyone have experience with this? Would love to hear what approach you took and swap ideas.
  Annette M Alboreo, FirstEnergy Corp.

  Hi Annette,
  First of all, good luck! Data segregation is always a tricky one to manage and needs to be carefully thought out.  This sort of activity has a large security and functional overhead and you need to make sure you have access to them.
  When I've worked on this sort of thing in the past, there are a few things that you need to identify
  - What data is sensitive?  The business should ID <b>all</b> sensitive data and the functional team translate that into fields etc.  What data needs to be legally segregated, what data is nice to have segregated.  A set of rules should be drawn up to say who get's what in which circumstances.
  - How are people accessing data? What transactions give access to sensitive data? Standard SAP tx, custom tx (which may need auth checks changing), access to SE38/SA38, SQ01, SQVI etc.  All of the routes to the data need to be identified.
  Once it is known what data needs to be restricted then it is possible to address how to restrict access to it.  A reasonable amount of it should be able to be catered for in the standard auth concept.  It's also likely that there will be the requirement for additional config & customising (e.g hide fields, change screens, user exits) to meet these new control needs.  I think it goes without saying that the more that you can fix with the standard auth concept, the easier it tends to be.  If this means removing some transactions from users then in some cases it may be less costly than knocking up a whole load of custom code to solve the problem - of course this is dependent on the situation.
  Hope that is of some use
  Cheers
  Alex

• Vendor partner function not available for pricing

  Dear Consultants,
  I am using a self defined partner function which is a vendor and attached to my customer master in sales area data tab.
  I have defined a condition table in which one of the key is this partner function. The condition record is maintained for this combination but during sale order creation this value is not getting determined in pricing. In the pricing analysis screen a exclamaiton sign is seen against this.
  Kindly help as to how to make the system read the value attached in the partner function tab.
  Thanks & Regards
  Sourabh

  You will need to populate it in MV45AFZZ in userexit_pricing_prepare_tkomk.

• Restricting access for condition types in VK11

  Hi
  ZWX1 and ZWX2 are SD discount condition types, I should use these condition types  only for sales deal , hence , I will create condition record only in VB21 with reference to sales deal.
  Some other users may create condition records in VK11 mistakenly, I need to avoid it, so these condition types should not be accessible to create condition records in VK11 or anywhere except  VB21.
  Any thought ? how can I achieve this ?   
  thanks

  Hi
  If you want to restrict the access for the condition types then you give the authorization for VK11 for maritaining  the condition records only to those users who has  to maintain the condition records for that condition types.So you have to take the help of BASIS team
  Regards
  Srinath

• Restricted access for user in SU01

  Hi All
  How can we give authorisation to a User to modify access (Create/Delete/Password Change/Role assign /Role Delete..etc) for other user IDs but that user should have only display access for his User ID.
  Please Help me in this.

  Hi,
  I have worked with many clients, and the requirement of handling the user Administration and Role Administration is different from each client to other client.
  Some client may ask for the same person should handle both User and Role ADministration, but some client may ask for separating the tasks.
  In your case, if you want to restric the person to maintain the other users but not the own user id, this can be achieved by doing the following:
  Create a separate user group who is doing the administration part and create other user groups for other users.
  Create a role with SU01 and restrict the Standard objects with all user groups except the administation one and add S_USER_GRP authorization object manually into the same role and provide only 03 with the administration object.
  The above will solve the problem of administration not able to update the own user id, but the other users.
  Regards
  Anandm

• Partner functions in EBP for extended Classic Scenario

  Hello Guru's,
  I have a few questions on handling partner functions in SRM 5.0 extended classic PO..
  We are planning to use a freight vendor partner as one of the partner functions. The PO raised should go to both the parties from SRM.
  Is the output handled in SRM or do we have to use the copied PO on R/3 to send it over to the freight vendor.
  Could someone throw in some points.
  Thanks
  Manoj

  Hi
  I think, we cannot send PO output to multiple partners (vendors) at one point of time.
  You need to use the 'repeated output' check box in the 'output' tab of PO in SRM to send the PO to other partners.
  Rgds
  Reddy

• Ver 8.8 Restricted access for BP and activities

  Currently, I am not aware of a way to restrict access to certain BP accounts, including the related activities for a BP. For example, our bank, HR consultants, etc. where I would like to limit the access to these BP accounts and related attachments to certain users, such as our management group.
  Primary importance would be to limit access to related activities where sensitive information may be stored in the form of emails, attachments, etc.
  Our previous CRM allowed us to flag BP accounts as restricted and set up permissions to authorized users.
  Is anyone aware of a way to limit access to these activities?
  If not, this is a great enhancement for future releases.

  Current system design has only set up confidential GL Account but not for BP. You probably need to post it on the R&D forum here:
  /community [original link is broken]
  Thanks,
  Gordon

• Trying to restrict access to Business Partners Roles and Relationships

  In CRM 7.0 I am trying to restict access to creating and maintaining certain Business Partner Roles and Relationships.  Some roles and relationships are brought over from our primary R/3 system and users are not allowed to change these.  However, certain Roles and Relationships exist only in CRM and should be allowed.  I am working with the authorization objects B_BUPA_RLT and B_BUPA_BZT.  The only field that seems to be checked is the Activity.  Even when I put limited BP Roles it seems that this field is not being verified.  My security trace returns the following:  B_BUPA_RLT  ACTVT=02;RLTYP= ;

  Authorization object B_BUPA_RLT as used in SAP GUI can't be used in CRM WebClientUI. In SAPGUI business partners always need to be maintained in a bp role regardless of the update-characteristic of this bp role. As there's no authorization-object to control maintenance of bp in general, auth. object B_BUPA_RLT also was used to restrict visibility of bp (data). The creation of a bp is controlled by assigning authorizations for the maintenance of bp roles. If i.e. no authorization for any bp role is available, the user can't create a bp at all. Authorization object CRM_BPROLE is in CRM WebClient UI used instead of authorization object B_BUPA_RLT.
  For more info about this see the following notes:
  1129682 - Authorization for BP roles in CRM5.2 WebClient UI.
  1259940 - Authority check for accounts depending on roles
  regards.

• Restricting access for import manager and syndicator

  Hi All,
  I wanted to know whether is there any way on how we can restrict the access to import manger and syndicator.
  I have one scenario whether user needs to be given the access to data manager only but not to other components.It is ok if they are able to open but should not be able to import or syndicate.
  Please help in this
  Thanks
  Nitin

  Hi Nitin,
  No i get your point Nitin,I said if a unwanted user logs into Import manager he can try to add/modify/replace record,this can be stopped if he is not given the rights.For this go to Console,Admin table and goto Roles and set rights and privileges on that.
  whenever a user logs into Import Manager he has to give his user id and password,and from there we can control this.
  If he tries to import records,it will fail.also if he tries to modify map,it wil fail too.
  To get a clearer picture try doing it for one user and run this scenario.
  An excerpt froim reference guide:
  "The groups and functions displayed in the Name column are listed in Table 89; access privileges for each function are directly editable in the Functions pane"
  record - Add records
   Modify records
   Modify checked out records
   Delete records
   Merge records
   Merge checked out records
   Protect records
   Unprotect records
   Check out records
   Check out new records
   Check in owned records
   Roll back owned records
   Check in non-owned records
   Roll back non-owned records
   Modify join permissions for non-owned records
  Consolidation and distribution - Add import maps
   Modify import maps
   Delete import maps
   Add syndication maps
   Modify syndication maps
   Delete syndication maps
   Enable key mappin
  You can control these setting privileges in Console.
  thanks,
  Ravi