SAP Authorization
Dear All,
Good Day!
Hi! I would like to know if there is an site or link that discuss of SAP Authorization ( SAP R/3 System version 46c or 4.6c ), complete and detailed particulary. Since I am new in this field or environment I'm asking for your guidance and help being as SAP Basis Admin assigned in SAP Authorization Group. Your suggestion and help mean a lot to me.
Thanks A Lot,
Armin
Hi
for a detailed explanation of the Authorization concept & how to handle that, please go thru this ..
http://www.*********************/tutorials/authorization_analysis.htm
hope this info helps you!
with regards,
raj
<i>pls, award points</i>
<i>if, your query is answered, pls, mark this issue as answered. thanks!</i>
Similar Messages
-
Sap authorizations in Webdynpro
I have a question regarding the use of authorizations from WebDynpro. We wants to use standard SAP authorizations when accessing the BAPIs through WebDynpro. For example: A sales person having a SAP logon should be allowed to see the data he would see using the transactions through SAP GUI. On the other hand persons without rights to the transactions should not be allowed to access the sales order data.
How do you do this?Hi Rama,
According to me ,Upto Now thr is no such readymade facility available.But we can implement it.
1)Create a Bapi for Autherization Or Use standard Bapis if any.
2)Use those Bapis in ur Project.
3)Before u executing ur Actual Bapi U can execute Ur Autherization Bapi.
4)According to The Result of Autherization Bapi ,U can Execute Ur Actual Bapi.
Regards,
Ramganesh. -
Hi,
Iam working in SAP Authorization team. Recently we had one issue, and it is long days back we have added one single role to many of the composite roles. But suddenly last week that single roles got deleted in some of the composite roles only from production system.
Could you tell me how it is happened?
Thanks!> This is because one of your team member have transported the single role with the same role name frm development to production unknowingly thats reason it been overwritten in prd server
Then I think the changes should reflect even in DEV & TEST as well. But here the issue is only in PRD which is very surprising.
Regards, -
Enterprise/ SAP Authorization in CMC
Hi Experts,
Just need to clarify that if we are using CMC with Enterprise Authorization, is it necessary to use InfoView with same Authorization or can we use SAP Authorization with it?
Thanks & Regards,
SumeetHi,
thats the most common way you are explaining.
End- Users are using the SAP Auth. for InfoView and the Administrator(s) are using the Enterprise Administrator with the Enterprise Authentication in the CMC.
Regards
-Seb. -
hi all
is there anyway to limit the users access to only their own batch input sessions in tcode sm35 using sap authorizations.
thanks in advance
mohanhi,
check this
Checking User Authorizations in your ABAP Program
How to set Authorization to an ABAP Programs?
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
Use T/Code SE80 to Create Authorization object.
if u find it useful mark the points
Regards,
Naveen -
SAP Authorizations: ST01 - return code 12 (RC=12)
Hi All!
re: SAP Authorizations: ST01 - return code 12 (RC=12)
When using ST01 to trace SAP authorizations and you come accross a return code 12 (RC=12), how do change the authorization object to check?
Thanks for your help.Hi - some standard ST01 info I follow
Main RC codes
RC =0 Successful (user is authorised)
RC =4 Failed - user does not have authorisastions but does have the authorisation object in their buffer (different authorisation combination though)
RC = 12 Failed - user does not have the authorisation AND does not have not have the authorisation object in their buffer
With RC =0 it can be due to:
1. The user has access via authorisations
2. SU25 has switched the object off system wide
3. SU24 has switched the object off for the transaction
As a note with RC=12 - I find these fails can identify a misleading authorisation check. That is, the user is not meant to have access. Take care on RC=12, especially for object S_ALV_LAYO, S_DEVELOP, S_CTS_AMDI, S_USER_GRP and when investigating a typical end user.
IF the missing authorisation (RC=12) is required, you will need to fix the PFCG role and generate the authorisations so the user receives it. If the user has the access you will need to check user buffer or role generation/corruption issues. -
Multimedia tutorials & online courses in SAP authorization
Hello,
Could someone please guide me to where I can find multimedia tutorials or online courses, or even conventional courses related to SAP authorizations.
Thank you in advance for your cooperation.
Best regards.
Reda Khalifa
IT Department - Almansour Automotive Group - EgyptHi Reda,
The "traditional" SAP auth courses are ADM940, ADM950 & ADM960
ADM940 is your standard auth concept stuff, 950 is mainly regarding Audit & 960 is looking at system level security (the most technical of the three)
There is loads of info on the individual courses on the SAP education site: http://www.sap.com/services/education/index.epx
Alternatively there is some pretty good (if not 100% accurate in all cases) info here:
http://www.*********************/
The security section of OSS is very, very useful with a whole load of guides on there:
https://websmp205.sap-ag.de/security
You will need an OSS ID to access the documentation. Your BASIS team will have one that they should let you borrow if you don't already have one.
A few other resources are a book/pdf called Authorizations Made Easy and the R/3 Security Guide: VOLUME I, II & III
If you enter those terms into google/another search engine you will get links to where you can buy those. -
Hi Experts ,
When we run the WEB- I report created on bex query which has characteristic variable of processing type Authorization and ready for user input.
The error we are getting as " error getting levels for hierarchy (Dimension) : Unknown error.
Some time we get error as " Supplied XML is not valid "
Some time we get error as " Error in MDDatasewBW.getcelldata :Unknown error.
those error are coming when I choose value for the user input prompt in BO side.
Please help me to resolve this.
Regards
Ashutosh DHi Ingo,
The details are
SAP version: 710 Final Release Patch 8.
BO version XI 3.1 Patch level 1.7
The qurey run fine in BEx and give the data set which user is authorized to see ..
in BO we are getting this error.
If we do not slect any value in user input prompts it work fine in BO , but of no use we have to selcet some of value for user input prompts ...
Senario is : One user has access to global level data having * Authorization on Region
other user have restricted accees to data ( only for 2 region )
in BEX it gives right result
in BO it give error as meantioned.
let me know if you need any other information.
Regards
Ashutosh D -
SAP Authorizations Concept Project
Hello,
Before, i would like to say that this thread will stay open, with questions and answers. Thanks
I am starting a little project on authorizations. The company has only 9 users, and all of them have the SAP_ALL, SAP_NEW profiles, wich after an audit generated the need to have them removed and the need to implement an Authorization Concept from the root.
The first step and most important is to get the profiles fixed before the next audit, wich i think will only give me time to create generic profiles based on a List of Transactions and Reports, that each one of them, or a group, executes. I've been reading the ADM940 module, and i have some experience in SAP BI Authorizations, but no experience in Authorizations at a higher level.
My questions are, Recomendations and attentions i must have to implement this concept i've described and
Is the automatic profile generator, based only on transactions and reports enough to fullfil the needs i described before enough? Or after that i'll have to maintain some Authorizations objects manually?
Thank you very much
JOClosing the thread, as it has a lot of days by now
-
Electronic Signatures / SAP Authorizations
Default functionality of the electronic signature is that it validates the SAP MII User. We, on the other hand, need to validate the SAP User. One thing comes to mind is to have ABAP Security in place, and all users must have an SAP account. What happens if we decide to use the UME and when we decide to do the electronic signature it checks the SAP user account?
Hi Isabelle,
Thanks for your patience in understanding my question.
My primary worry is if i use this exit to have electronic signatures in 4.0b and i know this functionality (Electronic signatures) is standard in latest versions, what will happen to the electronic signature data that i create until i upgrade.
The electronic signature data is the user id , date and time associated with a notification. I plan to store this in a custom table.
I will appreciate , if you can share with me your analysis.
Thanks
Manoj Jain -
SAP Authorization in XI for SLD is red in PFCG
Hi
To perform the post-installation activities in XI 3.0 on Windows and Oracle DB, I created the XISUPER user in SAP Exchange Infrastructure client:
As a Dialog User created role for XISUPER are follow..
SAP_BC_AI_LANDSCAPE_DB_RFC
SAP_SLD_ADMINISTRATOR
SAP_XI_ADMINISTRATOR
SAP_XI_CONFIGURATOR
SAP_XI_CONTENT_ORGANIZER
SAP_XI_DEVELOPER
SAP_XI_MONITOR
After saving user all the role are green except the roles are SAP_BC_AI_LANDSCAPE_DB_RFC
SAP_SLD_ADMINISTRATOR are RED.
Please help me in this regards,
Jayson.
Edited by: Julius Bussche on Aug 13, 2008 10:53 PMHi,
Generate the role and perform usermaster comparison.
Its should work fine!!
Rakesh -
FS - RI module in SAP - authorizations for Account Release into FS-CD
Dear experts,
I have the following problem. I have provided certain authorizations by creating roles which are being used for a) to display reinsurance treaty b) to create Account for the treaty and c) to release the created account into FS CD module.
Now, these specific roles ( for example z_role_account release) works fine when a user has used it. This user is able to create an account for a particular treaty and also release the account.
Then, when the same role is given to another user (actually twenty of them who need to do the same tasks on daily basis), it does not work. I ran the TC /nsu53 and the message appeared is "all authorizations checked are so far successful".
My question is,
The same account is released with first user id.
It is not released when working in the login of the second user.
Both the users have similar authorizations.
/nsu53 tells me there is no problem with authorizations, when checking second user.
There are no data errors since the same account could be released by the first user.
SQL trace mechanism does not display any records when tried.
How to solve this problem.
I tried to give same roles to a new user but, no difference.
RKDFKKLOCKS
-
I have a user with Professional license with full authorization for the sales module In data ownership authorizations, have permission to view all documents The problem is when in Item Master Data, right click and Status Inventory (Quantity ATP) no documents are sales order, just go purchase orders. I tried to check various authorizations but I can not see the documents that user.
Someone may help to know that the user must have authorizations?
ThanksThanks for your attention,
Add pictures of the form
Regards -
hi folks,
I have another question that goes like this, how to create authorizations in ABAP programming ?
explanation with examples would be really helpful.
thanks
VinuHi,
Checking User Authorizations in your ABAP Program
How to set Authorization to an ABAP Programs?
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
Use T/Code SE80 to Create Authorization object. -
Regarding about sap authorization
Hi all,
I have some doubts about security in sap.
1.If I assign a tcode to a role ,will it take immedeate effect to the user or he need to logon again?
2.when will user logon to the system again ?
Regards,
naniHi,
There is no need for the user to log off..
He or even Basis can just refresh and to get the new authorisation assigned
Hope this helps
Cheers
Senthil
Maybe you are looking for
-
After upgrading to Mavericks, the free space on my SSD keeps going down for no apparent reason
I downloaded Mavericks and installed it on my macbookpro ( with Crucial M4 SSD) and the free space on my ssd keeps going down for no reason. I reinstalled it from a bootable flashdrive, and the free space went from 20G to 60. Since then it keeps goin
-
How to pass xml data as objects into Database using store procedures
Hi All, I don't have much knowledge on store procedure,can anybody help how to pass the xml as objects in Database using store procedure. My Requirement is I have a table with three fields EMPLOYEE is table name and the fields are EMP_ID,EMP_TYP
-
Why won't my macbook pro repair disk permissions after upgrading to Mountain Lion?
I upgraded my 2010 Macbook pro with 2.4gHz core 2 duo processor to Mountain Lion and ever since it has been giving me issues. One of my biggest concerns is that it will no longer repair disk permissions. The progress bar goes about half way and just
-
Hi, My requirement is how to map data in below situation. I have one node which occur repeatedly. Source: Node A comment Node A comment Node A comment Target: comment comment comment How can I achive this using UDF.
-
I purchased a new computer preloaded with Windows 8 for my wife in Dec 2013. I am reasonably computer literate having had computers since the days of DOS and currently using Windows7. From day one, the operating system on new computer started malfunc