SAP Authorization

Dear All,
Good Day!
Hi! I would like to know if there is an site or link that discuss of SAP Authorization ( SAP R/3 System version 46c or 4.6c ), complete and detailed particulary. Since I am new in this field or environment I'm asking for your guidance and help being as SAP Basis Admin assigned in SAP Authorization Group. Your suggestion and help mean a lot to me.
Thanks A Lot,
Armin

Hi
     for a detailed explanation of the Authorization concept & how to handle that, please go thru this ..
http://www.*********************/tutorials/authorization_analysis.htm
hope this info helps you!
with regards,
raj
<i>pls, award points</i>
<i>if, your query is answered, pls, mark this issue as answered. thanks!</i>

Similar Messages

  • Sap authorizations in Webdynpro

    I have a question regarding the use of authorizations from WebDynpro. We wants to use standard SAP authorizations when accessing the BAPIs through WebDynpro. For example: A sales person having a SAP logon should be allowed to see the data he would see using the transactions through SAP GUI. On the other hand persons without rights to the transactions should not be allowed to access the sales order data.
    How do you do this?

    Hi Rama,
    According to me ,Upto Now thr is no such readymade facility available.But we can implement it.
    1)Create a Bapi for Autherization Or Use standard  Bapis if any.
    2)Use those Bapis in ur Project.
    3)Before u executing ur Actual Bapi U can execute Ur Autherization Bapi.
    4)According to The Result of Autherization Bapi ,U can Execute Ur Actual Bapi.
    Regards,
    Ramganesh.

  • SAP Authorization Query

    Hi,
    Iam working in SAP Authorization team. Recently we had one issue, and it is long days back we have added one single role to many of the composite roles. But suddenly last week that single roles got deleted in some of the composite roles only from production system.
    Could you tell me how it is happened?
    Thanks!

    > This is because one of your team member have transported the single role with the same role name   frm development to production unknowingly thats reason it been overwritten in prd  server
    Then I think the changes should reflect even in DEV & TEST as well. But here the issue is only in PRD which is very surprising.
    Regards,

  • Enterprise/ SAP Authorization in CMC

    Hi Experts,
    Just need to clarify that if we are using CMC with Enterprise Authorization, is it necessary to use InfoView with same Authorization or can we use SAP Authorization with it?
    Thanks & Regards,
    Sumeet

    Hi,
    thats the most common way you are explaining.
    End- Users are using the SAP Auth. for InfoView and the Administrator(s) are using the Enterprise Administrator with the Enterprise Authentication in the CMC.
    Regards
    -Seb.

  • Regarding sap authorizations

    hi all
    is there anyway to limit the users access to only their own batch input sessions in tcode sm35 using sap authorizations.
    thanks in advance
    mohan

    hi,
    check this
    Checking User Authorizations in your ABAP Program
    How to set Authorization to an ABAP Programs?
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    Use T/Code SE80 to Create Authorization object.
    if u find it useful mark the points
    Regards,
    Naveen

  • SAP Authorizations: ST01 - return code 12 (RC=12)

    Hi All!
    re: SAP Authorizations: ST01 - return code 12 (RC=12)
    When using ST01 to trace SAP authorizations and you come accross a return code 12 (RC=12), how do change the authorization object to check?
    Thanks for your help.

    Hi - some standard ST01 info I follow
    Main RC codes
    RC =0 Successful (user is authorised)
    RC =4 Failed - user does not have authorisastions but does have the authorisation object in their buffer (different authorisation combination though)
    RC = 12 Failed - user does not have the authorisation AND does not have not have the authorisation object in their buffer
    With RC =0 it can be due to:
    1. The user has access via authorisations
    2. SU25 has switched the object off system wide
    3. SU24 has switched the object off for the transaction
    As a note with RC=12 - I find these fails can identify a misleading authorisation check. That is, the user is not meant to have access. Take care on RC=12, especially for object S_ALV_LAYO, S_DEVELOP, S_CTS_AMDI, S_USER_GRP and when investigating a typical end user.
    IF the missing authorisation (RC=12) is required, you will need to fix the PFCG role and generate the authorisations so the user receives it. If the user has the access you will need to check user buffer or role generation/corruption issues.

  • Multimedia tutorials & online courses in SAP  authorization

    Hello,
    Could someone please guide me to  where I can find multimedia tutorials or online courses, or even conventional courses related to SAP authorizations.
    Thank you in advance for your cooperation.
    Best regards.
    Reda Khalifa
    IT Department - Almansour Automotive Group - Egypt

    Hi Reda,
    The "traditional" SAP auth courses are ADM940, ADM950 & ADM960
    ADM940 is your standard auth concept stuff, 950 is mainly regarding Audit & 960 is looking at system level security (the most technical of the three)
    There is loads of info on the individual courses on the SAP education site: http://www.sap.com/services/education/index.epx
    Alternatively there is some pretty good (if not 100% accurate in all cases) info here:
    http://www.*********************/
    The security section of OSS is very, very useful with a whole load of guides on there:
    https://websmp205.sap-ag.de/security
    You will need an OSS ID to access the documentation.  Your BASIS team will have one that they should let you borrow if you don't already have one.
    A few other resources are a book/pdf called Authorizations Made Easy and the R/3 Security Guide: VOLUME I, II & III
    If you enter those terms into google/another search engine you will get links to where you can buy those.

  • SAP Authorization errors

    Hi Experts ,
    When we run the WEB- I report created on  bex query which has characteristic variable of processing type Authorization  and ready for user input.
    The error we are getting as " error getting levels for hierarchy (Dimension) : Unknown error.
    Some time we get error as " Supplied XML is not valid "
    Some time we get error as " Error in MDDatasewBW.getcelldata :Unknown error.
    those error are coming when I choose value for the user input prompt in BO side.
    Please help me to resolve this.
    Regards
    Ashutosh D

    Hi Ingo,
    The details are
    SAP version: 710 Final Release Patch 8.
    BO version XI 3.1 Patch level 1.7
    The qurey run fine in BEx and give the data set which user is authorized to see ..
    in BO we are getting this error.
    If we do not slect any value in user input prompts it work fine in BO , but of no use we have to selcet some of value for user input prompts ...
    Senario is : One user has access to global level data having * Authorization on Region
    other user have restricted accees to data ( only for 2 region )
    in BEX it gives right result
    in BO it give error as meantioned.
    let me know if you need any other information.
    Regards
    Ashutosh D

  • SAP Authorizations Concept Project

    Hello,
    Before, i would like to say that this thread will stay open, with questions and answers. Thanks
    I am starting a little project on authorizations. The company has only 9 users, and all of them have the SAP_ALL, SAP_NEW profiles, wich after an audit generated the need to have them removed and the need to implement an Authorization Concept from the root.
    The first step and most important is to get the profiles fixed before the next audit, wich i think will only give me time to create generic profiles based on a List of Transactions and Reports, that each one of them, or a group, executes. I've been reading the ADM940 module, and i have some experience in SAP BI Authorizations, but no experience in Authorizations at a higher level.
    My questions are, Recomendations and attentions i must have to implement this concept i've described and
    Is the automatic profile generator, based only on transactions and reports enough to fullfil the needs i described before enough? Or after that i'll have to maintain some Authorizations objects manually?
    Thank you very much
    JO

    Closing the thread, as it has a lot of days by now

  • Electronic Signatures / SAP Authorizations

    Default functionality of the electronic signature is that it validates the SAP MII User.  We, on the other hand, need to validate the SAP User.  One thing comes to mind is to have ABAP Security in place, and all users must have an SAP account.  What happens if we decide to use the UME and when we decide to do the electronic signature it checks the SAP user account?

    Hi Isabelle,
    Thanks for your patience in understanding my question.
    My primary worry is if i use this exit to have electronic signatures in 4.0b and i know this functionality (Electronic  signatures) is standard in latest versions, what will happen to the electronic signature data that i create until i upgrade.
    The electronic signature data is the user id , date and time associated with a notification. I plan to store this in a custom table.
    I will appreciate , if you can share with me your analysis.
    Thanks
    Manoj Jain

  • SAP Authorization in XI for SLD is red in PFCG

    Hi
    To perform the post-installation activities in XI 3.0 on Windows and Oracle DB, I created the XISUPER user in SAP Exchange Infrastructure client:
    As a Dialog User created role for XISUPER are follow..
    SAP_BC_AI_LANDSCAPE_DB_RFC
    SAP_SLD_ADMINISTRATOR
    SAP_XI_ADMINISTRATOR
    SAP_XI_CONFIGURATOR
    SAP_XI_CONTENT_ORGANIZER
    SAP_XI_DEVELOPER
    SAP_XI_MONITOR
    After saving user all the role are green except the roles are SAP_BC_AI_LANDSCAPE_DB_RFC
    SAP_SLD_ADMINISTRATOR are RED.
    Please help me in this regards,
    Jayson.
    Edited by: Julius Bussche on Aug 13, 2008 10:53 PM

    Hi,
    Generate the role and perform usermaster comparison.
    Its should work fine!!
    Rakesh

  • FS - RI module in SAP - authorizations for Account Release into FS-CD

    Dear experts,
    I have the following problem.  I have provided certain authorizations by creating roles which are being used for a) to display reinsurance treaty b) to create Account for the treaty and c) to release the created account into FS CD module.
    Now, these specific roles ( for example z_role_account release) works fine when a user has used it.  This user is able to create an account for a particular treaty and also release the account.
    Then, when the same role is given to another user (actually twenty of them who need to do the same tasks on daily basis), it does not work.  I ran the TC /nsu53 and the message appeared is "all authorizations checked are so far successful".
    My question is,
    The same account is released with first user id. 
    It is not released when working in the login of the second user.
    Both the users have similar authorizations.
    /nsu53 tells me there is no problem with authorizations, when checking second user.
    There are no data errors since the same account could be released by the first user.
    SQL trace mechanism does not display any records when tried.
    How to solve this problem.
    I tried to give same roles to a new user but, no difference.
    RK

    DFKKLOCKS

  • Problem SAP authorizations

    I have a user with Professional license with full authorization for the sales module In data ownership authorizations, have permission to view all documents The problem is when in Item Master Data, right click and Status Inventory (Quantity ATP) no documents are sales order, just go purchase orders. I tried to check various authorizations but I can not see the documents that user.
    Someone may help to know that the user must have authorizations?
    Thanks

    Thanks for your attention,
    Add pictures of the form
    Regards

  • SAP authorizations  in ABAP

    hi folks,
    I have another question that goes like this, how to create authorizations in ABAP programming ?
    explanation with examples would be really helpful.
    thanks
    Vinu

    Hi,
    Checking User Authorizations in your ABAP Program
    How to set Authorization to an ABAP Programs?
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check. 
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object> 
       ID <authority field 1> FIELD <field value 1>. 
       ID <authority field 2> FIELD <field value 2>. 
       ID <authority-field n> FIELD <field value n>. 
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    Use T/Code SE80 to Create Authorization object.

  • Regarding about sap authorization

    Hi all,
                   I have some doubts about security in sap.
    1.If I assign a tcode to a role ,will it take immedeate effect to the user or he need to logon again?
    2.when will user logon to the system again ?
    Regards,
    nani

    Hi,
    There is no need for the user to log off..
    He or even Basis can just refresh and to get the new authorisation assigned
    Hope this helps
    Cheers
    Senthil

Maybe you are looking for

  • After upgrading to Mavericks, the free space on my SSD keeps going down for no apparent reason

    I downloaded Mavericks and installed it on my macbookpro ( with Crucial M4 SSD) and the free space on my ssd keeps going down for no reason. I reinstalled it from a bootable flashdrive, and the free space went from 20G to 60. Since then it keeps goin

  • How to pass xml data as objects into Database using store procedures

    Hi All,      I don't have much knowledge on store procedure,can anybody help how to pass the xml as objects in Database using store procedure. My Requirement is I have a table with three fields EMPLOYEE is table name and the fields are EMP_ID,EMP_TYP

  • Why won't my macbook pro repair disk permissions after upgrading to Mountain Lion?

    I upgraded my 2010 Macbook pro with 2.4gHz core 2 duo processor to Mountain Lion and ever since it has been giving me issues. One of my biggest concerns is that it will no longer repair disk permissions. The progress bar goes about half way and just

  • UDF for repeated node

    Hi, My requirement is how to map data in below situation. I have one node which occur repeatedly. Source: Node A   comment Node A   comment Node A   comment Target: comment comment comment How can I achive this using UDF.

  • PAYRAYT

    I purchased a new computer preloaded with Windows 8 for my wife in Dec 2013. I am reasonably computer literate having had computers since the days of DOS and currently using Windows7. From day one, the operating system on new computer started malfunc