SE54 Change Authorization Group
Hi all,
I have an immediate need -- a previous developer created a table view and generated a function group for maintenance. The authorization group they assigned was incorrect so I need to change it. How can I do this?
I went to SE54, changed the authorization group, then hit the "Change" button. It pops up asking for a "Reason for Change". My questions:
1. Will this overwrite the funciton group and generate a new one? I do not want this to happen.
2. Does it matter what reason I choose? There is not one for authorization group change.
Thanks in advance. Points will be awarded for helpful answers.
Message was edited by:
John S
Has anyone else encountered this problem? I have still not been able to find a solution.
A recap:
1. A previous developer created a custom table and a maintenance view to edit that table. Using the table maintenance generator he also developed some custom functionality and created a custom transaction to call this in SM30.
2. The table and maintenance view were created with &NC& authorization group.
3. We created a new authorization group that we need to assign to the maintenance view.
4. Somehow the auth group for the custom table was changed to the new auth group.
5. We have been unable to change the auth group for the maintenance view using a variety of ways.
Does anyone have any suggestions?
Similar Messages
-
Authorization Group in BOM Header
Can any one guide how to create Authorisation group for Bom and also it's use. <See field Authorization group in BOM header>
Regards,
SamarHi,
The Authorization group can be created as follows
Transaction SE54 >Select 'Authorization Groups'>Create/Change-->New Entries.
Now the authorization group created can be assigned to your table.
Goto transaction 'SE56' and select authorization group radio button and create your authorization group.
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
USE
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented.check Su22 and SU24u will get list of objects
Hope clear to you.
Regards,
R.Brahmankar -
Authorization Groups and table TBRG
In our system we have tables which are using custom authorization group ZEXC. I am looking at this via SE11 Table Maintenance Generator or SE54 Assign Authorization Group.
I can also see that it is assigned to roles by using SUIM -->Roles-->By Authorization values -->entry auth object (S_TABU_DIS) and click on entry values.
What I am not seeing is that the authorization group is defined in table TBRG.
So my question is.... An authorization group does not need to be defined in order to attach it to a table or assign it to a role? If the authorization group was created then deleted is it still valid to have it attached to tables and roles?Hi Sharon,
Assign the authorization to user and make it inactive mode.Then authorization will be deactived to tat particular user's. -
How can i transfer the 'Authorization Group'(SE54) to another client?
In project i must define an 'Authorization Group' in T-Code SE54---The 3rd radiobutton.
But there is no message to me to entry the Request NO.?
How can i transfer the 'Authorization Group' ?
I konw the date can be show from view 'V_BRG_54' ,but how to transport the data of the view?
TKS a millon~~Hi,
If your client is set for automatic recording of changes it should prompt for a transport, check there is not another client where you should make config changes. If not, the menu option Table View -> Transport will let you assign the Auth group to a transport.
Regards,
Nick -
Table authorization group SE54
fellows,
i created new authorization group in SE54 and assigned some tables to new auth. group. but now the business is asking me to reverse the whole thing, which means assign tables to auth. group assigned previously. but i dont remember previous auth. group. is there any i can find out that how it was before i made the changes? you help will be appreciated.You can only do that by using the "negative list" approach - also previously known as "ranging" in R/3...
At least it checks something, but the user might have access to everything which you do not exclude in their authorizations or the code.
Chances are very good, that users will have many different ways to access tables directly. So depending on how disciplined you are about your security concept, it might well be that they will bypass transaction code restrictions, organizational logic (contents of the table fields) and other programmed authority-check or file system logic to access / download data if they are determined.
Most users do not knowingly deploy such tools or queries, but that is of course no reason not to protect business or legal critical data, and other data.
Cheers,
Julius -
SE54: Assigning an authorization group to table &SM31&
Has anyone out there tried to assign an authorization group to the symbolic table &SM31& in transaction SE54?
Any success in using it?
Cheers,
JuliusThanks Bernhard!
> But what I did find was [SAP Note 42563|https://service.sap.com/sap/support/notes/42563] .
> ...-->it's from 1997....!!
Note that the SM31 refered to in the note is not the SM31 we know today. It looks like SAP renamed it to SM31_OLD and replaced by a new SM31 (and the current settings option). The alternative having been changing miles of code, this seems reasonable but can be confusing (release dependently).
> Don't know if this is still used, as the check is in Rep.s SAPMSTBM, which is used in TX SM31_OLD, SM32, SM33 only.....
My rule of thumb is: If something is possible, then someone out there is either already doing it, or still doing it...
Cheers,
Julius -
Find when table Authorization Group was changed
Dear Experts,
Kindly help me on finding this. Table T001B have standard Authorization group as FB31 but it has been changed to &NC& by some one. It means &NC& means there is no Authorization group assigned to the table. I need to find when it was changed. Do i have any ways to find it out? I checked with entering table name in CDPOS i didnt find any entry. Kindly help me out how to find who and when this table Authorization group was changed for table T001B.
Thanks & Regards,
SathishThanks Thomas,
I check in that transaction it shows log only for 3 months. I dont see any changes to those table what i want may be this Authorization group change in done even older.
Thanks for your reply. -
"You no change authorization" SV 349 when run TCODE SE54.
Hi!
I need to adjust the maintanance dialog for View J_1BBRANCV but it is showing "You no change authorization" SV 349.
I am running TCOD SE54.
I am super user.
Do anybody know to do?
Thanks!Hello!
I am having the same issue with the view: J_1BECD_CUST03V.
Guess it's not a security/authorizarion problem the developer user has SAP_ALL.
Anyone can help? -
How to find tables changed from one table authorization group to other.
Hi Experts,
We have a issue where certain tables have been moved from one Authorizaiton group to the othe table authorization group.
We want to find all tables previous authorization group.
Is there any wayt we could find the old authorization group.
(for example)
Consider a scenario where a table agr_1251 was moved to the new auth group ZAUTH.
I wanted to find which auth group was holding the table agr_1251 previously.
Can you please help me on this request?
Thanks.One more way is to check TR (Table E070, E071). But you need to find the details for table (Like for role it is R3TR, ACGR).
Regards,
Arpan Paik -
Changing auth group of a SAP standard Table
I was wondering if someone could advise what the implications are if I changed the auth group of a SAP standard table (PA0033).
Does it affect programs behind the scenes, support packs, upgrades?I am not aware of any reason why an authorization group on a SAP standard table should not be changed.
I have also seen this done for specific infotypes without any problems.
See the documentation on transaction SUCU and SE54, and SAP notes and some of the discussions here on them.
Kind regards,
Julius -
Association of authorization group with authorization object
Dear Colleagues,
We are using ECC 6.0 system. There is a transaction EMMAC2 where in the user would pick the case categories & view/make changes as required in the cases.
However, we would like to have a user to pick only those case categories for which he/she is authorized & view/change the data.
This EMMAC2 is controlled by authorization object B_EMMA_CAS & this authorization object has field BRGRU (Authorization Group) along with ACTVT (activity).
We would like to control this via authorization groups
We would like to create authorizations groups based on case categories & those authorization groups would be assigned in this BRGRU field.
Meaning, the end result should be such that, when that new authorization group is added in BRGRU field & that role is assigned to an end user, the user should be able to see data only for those case categories for which the new authorization group has been created
If I use SE54 to create authorization group, it automatically associates itself with authorization object S_TABU_DIS & this does not solve my purpose.
But we would like to create a new authorization group & associate it with authorization object B_EMMA_CAS.
Can someone please let me know the steps on how to achieve it or any other method to achieve it(for above underlined text)?
Does a developer or functional consultant also need to be involved in this?
PS: I tried to search in Google & our forums but could not get any answersDear Aninda,
Thanks for the help.
I created an auth group via SE16 in table TBRG & associated to B_EMMA_CAS
A case category was then assigned to this auth group
We tested it - below are the results:-
1. The user is allowed to 'change' and 'display' the case for the case category for which the user is authorized: this works as per requirement.
2. The user is not allowed to 'change' case for the case category for which the user is not authorized: this works as per requirement.
3. However, he is able to 'display' cases for the case category for which the user is not authorized: this we do not want.
If I remove activty 03 (display), then the user is unable to display the case for the case category for which the user is authorized.
How to resolve this? -
ASSIGN AN AUTHORIZATION GROUP TO MANY TABLE
Hello,
I have several hundreds table to assgin an authorization group zaut.
Is there any easy way to do it?
I do not want to go se54 and change all table authorization group one by one.
Please help.
Thanks,
JeongbaeUse Tcode SM30V_DDAT to assign the Authorization Group to multiple tables.
Regards,
Naimesh Patel -
Creation of Authorization group
Hello All,
I have a requirement from FI consultant for creation of new authorization group. This auth. group we want to use in FI objects like F_BKPF_BEK. so that for few end users they should not change any vendor data in FK02.
I have gone through several posts, but not able to get / understand clear steps for creation of auth group and assignment.
One of the post i found is below:
[How to create Authorization group;
i tried to do few steps but not in right direction. Request you some one please suggest me the steps for cration.
Rgds,
Durga.Julius,
Thanks for the update. As suggested by you i have inserted one entry of auth group in TBRG table against FI object with SE16.
Now how do we maintain the view of V_TBRG. Is it from SE11?, if yes then i should do this step from ABAP login.
But what i heard is, this activity is purely involved by Basis people.
Please suggest.
Rgds,
Durga. -
Use of Authorization Group in OB52
Dear Experts,
I have updated Authorization Group as "OB52" in the last column of OB52 T-Code against each posting period variant with account type + , A,D,K,S,M etc with normal period 1 to 12 and special period 13 to 16.
The same Authorization Group "OB52" is updated in one of FI users say Mr X Role profile under authorization object F_BKPF_BUP.
Now as per the SAP standard practice the special period 13-16 should open for the user Mr X and block for all other users. But system is allowing to do transaction with special period 13-16 for other users also.
Please advise where I am wrong.
Regards,
AlokDear,
I will explain you the step involved for auth Mr.X to post for the particular period.
Let take an example that Mr.X has to be allowed to post between the period 1 to 11 and other user only for the period 11(Apr - March as fiscal year).
Now,for valuation variant with account ' +' for the first period, you enter from period as '1' and to period as '10' and in second period, you enter from period '11' and to period '11', provide the auth group (eg KU - key user) in the last column.
For other accounts (A,D,M,K,S) change the first period from '1' to '12' and dont assign any auth group.
Now you goto se16n and check in TBRG table whether your auth group KU is available for the object F_BKPF_BUP,if not maintain it.
The last step is to assign "KU" to Mr.X profile or role against the object F_BKPF_BUP.
Once you made the change"generate" and save it.
Now the system will permit Mr.X to post for the periods between 1 to 11 and other user only for 11 period.
Hope that i am ab;le to clear your boubt.
Do revert for any further assistance.
Take care
God Bless
Regards -
Authorization Group Material Master
Hello,
i am trying to restrict a user from accessing a single material. I am using Authorization Object M_MATE_MAT for this. When I use transaction mm03 to go on the material master I see a field for the Authorization Group but when I go to the same view in mm02 (View: Basic Data 1) I don't see the field Authorization Group or the section Material Authorization Group. Where can I enter the Authorization Group for a Material Master.
Thanks everyone - I'd really appreciate an answer,
Johannes
Edited by: Johannes Hintsch on May 15, 2009 12:17 PMHI..
You will have to make the field to display in OMS9.
Double click on MM02 - - >then for number 36 make the field as optional entry or required entry as desired.
Right now it must be showing in Hide.
After changing you will be able to see in MM02 and make the entry there.
Hope it helps,
Swapnil
Maybe you are looking for
-
Can I open a second Source Monitor for the audio track of a video?
I really dislike having to switch to the audio waveform in the Source Monitor pane when I want to tinker with a clip's audio track. I usually try to stay away from needing to use a panes drop down menu as much as possible. Is there a way to get this
-
How do I connect model a1355 to 2011 imac?
Install window says components are incompatible. Any help?
-
How to connect to a yamaha PSR-E423 music keyboard
How do I download songs from my mac to a Yamaha PSR-E423 music keyboard. I have in stalled the drivers but now what?
-
I was thinking to upgrade my MBP Early 2008 (2.4GHz Core 2 Duo). I had the logic board replaced for the nvidia issue and the battery is brand new so I think it's better upgrade some parts than replace it with a new model. An Apple Store tech suggeste
-
Parsing the respective data in the String which is dynamic
Hi, I have customer application, in which we are handling the validation for customer details through a custom validator For example, if I have not entered the mandatory value for custFirstName.I will get an error message in my java class as below:-