Securing IT 0002 at field level

Similar Messages

• CRM 2015 - How to limit Field Level Security based on unit/subunit ?

  Hello,
  I have a problem with field level security. 
  I have entity entityX, and then have set of financial fields on this entityX.
  These fields are under field level security profile named "Financials".
  Next, I have a team which can read/write those fields. This team "Team1" is in business unit called "Subunit1".
  "Team1" has a role "ReadWholeOrganization", which enables it to read entityX from complete organization.
  "Team1" also has a role "WriteOwnOrganization", which enables users from this team to read and change entityX in his unit and sub-units.
  How can I disable "Team1" users to see financial data for entityX, if entityX is  owned by users outside "Team1" users unit?
  In other words,  i want "Team 1" users to see all entityX entities based on "ReadWholeOrganization" role, but I don't want them to see financial data for complete organization. I want "Team1" to see financial data only
  for their unit and subunits.
  How can I solve this?
  Extracting financial fields in another entity is out of the question.

  Write javascript to hide the fields if you need to hide them just from the form. Here is
  sample to assist.  However this way they will still see the fields in Advanced Find. 
  Hope this helps.
  Minal Dahiya
  blog : http://minaldahiya.blogspot.com.au/
  If this post answers your question, please click "Mark As Answer" on the post and "Vote as Helpful"

• Field level Authorization for IT0002

  Hi All,
  We have a requirement to control the authorization for the field NI Number/Social Security number from IT0002.
  This field is getting displayed in various standard reports which are in use by administrators/Managers etc....
  We want to disable the access of this field to every one, even the HR administartor.
  Kindly suggest if this is possible using authorizations.
  I know that we can hide the field in display access for PA20 or PA30, but I am particularly serching the option for various reports.
  Regards,
  Umesh Chaudhari.

  Hi Umesh,
  Please see the documentations for authorization profile P_ABAP in the R/3 library and the following:
  SU03 -> HR Human resources -> position your cursor to P_ABAP HR: Reporting -> choose button "Docu."  -> the pop-up "help - P_ABAP" appears.
  There is an example, which describes a similar issue regarding RPTIME00 and the Basic pay infotype (0008).
  The standard reports of personnel administration are based on logical database PNP I would recommend to set your authorization as follows:
  Object HR: Master data (P_ORGIN) (two authorizations)
    Infotype                  0002             ' '
    Subtype                   *                ' '
    Authorization level       R                ' '
    Organizational key        ' '              0001YYYYXXX
  Object HR: Reporting  (P_ABAP)
    Report name                SAPDBPNP
    Degree of simplification   1
  Please note, that if a user has authorization for e.g. the birthday list , (s)he will be able to view the birth date through thisquery, although (s)he cannot access to IT0002 through PA20.
  Another possibility would be using Customer-Specific Authorization Object P_NNNNN. I have attached a file with a very comprehensive documentation regarding HR authorizations. P_NNNNN is documented on pages 40 ff.
  Hope this help
  Sarah

• We need to give field-level authorization for some fields

  The schenario is as follows :
  1. There are various storage locations within a plant.
  2. There is one or more people incharge of creating PO and receiving
  stocks for every storage location.
  3. We dont want to authorise the person incharge of one storage
  location to receive stock in another storage location or even view the
  other storage locations at the time of creating the PO or any other
  transaction. The user incharge of one storage location should not be
  able to view any other storage location in any storage location field's
  drop down.
  regards
  Manish
  +91 9811647727

  Hi Umesh,
  Please see the documentations for authorization profile P_ABAP in the R/3 library and the following:
  SU03 -> HR Human resources -> position your cursor to P_ABAP HR: Reporting -> choose button "Docu."  -> the pop-up "help - P_ABAP" appears.
  There is an example, which describes a similar issue regarding RPTIME00 and the Basic pay infotype (0008).
  The standard reports of personnel administration are based on logical database PNP I would recommend to set your authorization as follows:
  Object HR: Master data (P_ORGIN) (two authorizations)
    Infotype                  0002             ' '
    Subtype                   *                ' '
    Authorization level       R                ' '
    Organizational key        ' '              0001YYYYXXX
  Object HR: Reporting  (P_ABAP)
    Report name                SAPDBPNP
    Degree of simplification   1
  Please note, that if a user has authorization for e.g. the birthday list , (s)he will be able to view the birth date through thisquery, although (s)he cannot access to IT0002 through PA20.
  Another possibility would be using Customer-Specific Authorization Object P_NNNNN. I have attached a file with a very comprehensive documentation regarding HR authorizations. P_NNNNN is documented on pages 40 ff.
  Hope this help
  Sarah

• Why I can not find field:Level in Project Hierarchy in BAPI_BUS2054_NEW?

  Dear experts,
      Why I can not find the field of "Level in Project Hierarchy" in structure BAPI_BUS2054_NEW?
  I only define the data to upload wbs:
  PROJECT DEFINITION
  PROJECT DESCRIPTION
  PROJECT PROFILE
  WBS Element
  WBS description
  Can you tell me which fields must to upload?
  Looking forward to your reply.
  Many thanks.
  Merryzhang

  Anyone can help me ?I need the field "Level" in BAPI_BUS2054_NEW,But I can not find it.

• How to populate the Error stack during error records in field level routine

  hi,
  I am capturing the error records in Field level routine in transformation. now i want these records to reflect in error stack.
  i am using 'Append monitor-rec to MONITOR' at the moment but i cant see any records in error stack.
  but when i am using the same statement in start routine i am getting records in error stack.
  can anyone please help as to how can i populate error stack through field level routine?

  Hi,
  Try to do it in the end routine instead of the field routine.
  It should work.
  Regards,
  Joe

• E-Recruitment - Requisition - Infotype Field Level Change Log

  Hi Experts,
  We are implementing SAP E-Recruitment, and would like to know how to capture the changes made in Requisition at infotype field level.
  For example: If a support team member is added/delete in the Requisition (Tab - Support Team), then these changes (NEW/DELETE) at the infotype field level are required.
  I have tried to maintain the infotype and the required fields in V_T582A, V_T585A, V_T585B and V_T585C. But didnt get any result when I executed the report RPUAUD00. Is there any additional configuration required for this?
  Please adivse.
  Thanks and Regards,
  Dinakaran R

  Hi,
  You can just to that with the infotype table log. Support team is stored in table HRP5131.
  Regards,
  Nicole

• JDeveloper 11.1.1.2.0 - Help text at field level

  Hi,
  We are making use of the Help.properties file to produce field level text. I have field's such as the following
  <af:inputText value="#{bindings.DocumentName.inputValue}"
                                  label="#{bindings.DocumentName.inputValue eq null ? ''  : bindings.DocumentName.hints.label}"
                                  required="#{bindings.DocumentName.hints.mandatory}"
                                  columns="#{bindings.DocumentName.hints.displayWidth}"
                                  maximumLength="#{bindings.DocumentName.hints.precision}"
                                  shortDesc="#{bindings.DocumentName.hints.tooltip}"
                                  id="it4"
                                  autoSubmit="true"
                                  helpTopicId="WORKFLOW_EDITPURCHASEORDER_DOCUMENTNAME"
                                  readOnly="true"
                                  rendered="true"Is there a elegant way to disable the help text? e.g. provide a form level radio button to enable/disable help text? The only way i can think at the moment would
  be to set the helpTopidId to a key that doesnt exists using an EL expression.
  Regards

  Hi,
  I think what you suggest is the way to go in this case
  Frank

• How to fix the field level Error(Invalid Date)

  Hi All,
  Error: 1 (Field level error)
    SegmentID: ACK
    Position in TS: 5
    Data Element ID: ACK05
    Position in Segment: 5
    Data Value: 162014
    8: Invalid Date
  can anyone help me out, How to fix above error? i searched about this but only information about the error  is given and no where it is mentioned how to fix it  and how is it generated please help me out.
  Thanks,
  Nitish

  Are you sending or receiving the EDI?
  Either way, "162014" is simply not a valid EDI data format.  Dates in x12 are expressed as CCYYMMDD so December 30, 2013 would appear as 20131230.
  If you are receiving, you need to contact the sender and have them correct the output.
  If you are sending, you need to property format that date value.  For example:
  myDateVar.ToString("yyyyMMdd");

• Data conversion is necessary at field level

  Hi everybody.
  Im a BW consultant in a BCS project, and I had to make a change in a objetct that is used in BCS as a custom attribute.
  What I made, is to remove the ALPHA routine in the object.
  Later, the BCS consultant generetad the data basis again, and now when enter the UCWB a warning is showed, the message below:
  But I dont know how to do the procedure showed in the message, does anyone face with the same problem? Any suggestion? 
  Best Regards,
  Thiago
  Field /BIC/ZC_EMPBPM: Data conversion is necessary
  Message no. UGMD418
  Diagnosis
  Following a change to the definition of field /BIC/ZC_EMPBPM it is necessary to convert the old data for this field before the new attributes can be activated. This arises, for example, when the following attributes have been changed:
  Conversion exit
  Version or time dependency of hierarchies
  System Response
  You cannot start the application. A data conversion is necessary first.
  Procedure
  Execute the necessary data conversion at the field level. To do this, press the respective button with the  symbol in the hierarchical detail display at the level of field /BIC/ZC_EMPBPM. If necessary, the system will prompt you for more information in a separate dialog box.
  Regards!
  Edited by: Thiago  França Carvalho Silveira on Jun 10, 2010 11:13 PM

  Hi,
  I quess the following should help.
  Execute UCWB01 t-code, goto your data basis, in the tabstrip for assigning roles drag and drop any characteristic, then save. The system will find the change and check and regenerate data structures (that's what you need).
  Then either in UCWB or UCWB02 t-code got your ConsArea and regenerate it.

• Field Level Authorisation Control

  Hi Expert,
              i want field level authorisation control for Usage Probablity in Bill of Material. In CS02- Change Material BOM for some user i want to restrict to change the usage probablity of particular component.
  how to do this. i already tried through creating & adding authorisation object in Role but it's not working.
  Pls suggest solution with detailed steps.
  Regards,
  Dev

  Dev,
  You can better try using, transaction variants using transaction SHD0 and assign them to the respective users.
  You can do a search in this forum to find topics on how to create transaction variants.
  Regards,
  Prasobh

• Error during transport-Structure change at field level (convert table /BIC)

  Hi,
  I am trying to transport from DEV to Test when I encountered this error.
  The tables are both consistent when I checked with SE14.
  Start of the after-import method RS_CUBE_AFTER_IMPORT for object type(s) CUBE (Activation Mode)
  Error/warning in dict. activator, detailed log    > Detail
  Structure change at field level (convert table /BIC/DZCRUSDI026)
  Table /BIC/DZCRUSDI026 could not be activated
  Return code..............: 8
  Following tables must be converted
  DDIC Object TABL /BIC/DZCRUSDI026 has not been activated
  Error when activating InfoCube ZCRUSDI02
  Error/warning in dict. activator, detailed log    > Detail
  Structure change at field level (convert table /BIC/DZCRUSDI023)
  Structure change at field level (convert table /BIC/FZCRUSDI02)
  Table /BIC/DZCRUSDI023 could not be activated
  Table /BIC/FZCRUSDI02 could not be activated
  Return code..............: 8
  Following tables must be converted
  DDIC Object TABL /BIC/DZCRUSDI023 has not been activated
  Error when resetting InfoCube ZCRUSDI02 to the active version
  How do I resolve this
  thanks

  Hi,
  There are no Inactive objects in the cube in DEV system. Also must of the changes I made in Test are already in the cube in TEST But the cube is not active.
  SAP proposed that the cube be activated manually but is not a good procedure to activate in TEST system.
  Error when resetting InfoCube ZCRUSDI02 to the active version
  Message no. RSO410
  Diagnosis
  Errors arose when activating InfoCube ZCRUSDI02. An active version already existed before the activation.
  System Response
  InfoCube ZCRUSDI02 could not be reset to the old active version. Since the generated objects no longer correspond to the old active version, they were reset to inactive.
  Procedure
  The old active version of InfoCube ZCRUSDI02 can no longer be used. Remove the cause of the activation error and activate InfoCube ZCRUSDI02 anew.
  thanks

• Field level trigger on qualifier field

  Hello,
  Here is my scenario.
  I have a qualified field : ACTIVE FLAG  in address qualified table.
  What i want to do is if the value of this field changes to N (possible values of this field : Blank,Y and N),i want my workflow to trigger.
  I know its possible with field trigger option where you create one time stamp field and will give the field you want to comare
  but in case of qualified tables you can not select qualifier as a selected field for timestamp field.you can only select non qualifiers.
  is there any other way this can be achieved?
  thanks
  Bindi

  SharePoint doesn't provide field level permissions.  Fellow MVP Dan Holme has a good article that recommends some approaches on this here:
  http://sharepointpromag.com/blog/3-approaches-restricting-access-sharepoint-columns-and-metadata
  Another approach you could take is to make the form an InfoPath form from in an InfoPath LIBRARY instead.  This way you can control the form fields and prevent users from directly editing fields.  It also plays really well with workflow.
  I trust that answers your question...
  Thanks
  C
  |
  RSS |
  http://crayveon.com/blog |
  SharePoint Scripts | Twitter |
  Google+ | LinkedIn |
  Facebook | Quix Utilities for SharePoint
  thanks for your reply , seems that creating two lists will work for me better. but can you provide some useful links that talks about how to create two lists and link them , and specify different permissions for each list using web-parts...

• Field level Validation in SAP PI

  Hi All,
  I am integrating with a 3rd Party system (File to Proxy scenario). Source file contains around 30 fields. I was asked to do field level validations for each of this field in PI. Is this a good practice. Do we do field validation in PI Integration development? I think PI should contain more of integration logic than field level validations. Please suggest.
  Also out of all the 30 fields few are numeric, some are text and some are dates. While creating data types do I need to created all as string or based on their nature I need to use integer,date etc? Please suggest which is the best practice.
  Thanks.

  I agree with Rahul.
  Yes we can perform validation in PI (most of the cases we do by request of the Business team).
  But always have a thumb rule for your self.
  1. Check first weather the source system is capable of doing the validation at its end.
  2. If YES make sure the source system does the validations required. (I am sure most of the app would be able to the validation).
  3.If NO then accept the validation process to be done in PI end.
  One Important thing:
  What kind of validation are you taking about? i assume this is field level validation rite?
  and this is a Proxy to file scenario rite.
  I will strongly suggest you to do following things at source and receiver Business systems.
  1.gather a meeting the with the end business teams (source and receiver).
  2.Force them to create data type at their end (sorce and target)with  same data type structure- with same field length even.
  ie, if source first field is integer with maxlen25  corresponding reciver field is also integer with maxlen25, if source has char field then in reciver also its char.
  If you make both the source and reciever business to have same data type at there end, NO VALIDATION would be required to be done in PI
  also in this case you can declare all the data type as STRING in PI and pass the data to receiver system. (which has the same data type as sender).
  Regards,
  Senthilprakash.

• Best way to author field level help for a CHM?

  Hi
  I have been asked to create an HTML help (CHM) system for a .Net application which will include context sensitive help at both page and field level.
  I have used map ids for page level help before - i.e. assigned a map id to topics and given this list to a developer for implementation, but I have never created field level help.
  I've been looking at the 'What's This?' help project wizard but am confused as to whether this is the best approach and how it fits with the project as a whole (or even if it compatible with .Net applications). Does this mean that I need two help projects for the application - one for the main help, and one for the field level help? Is there a way to create field level help without using the 'What's This?' wizard?
  I am using Robohelp 7.
  Any advice gratefully received!
  Chloe

  Hi, Chloe,
  As Peter notes, even Microsoft has backed away from using field-level Help in the last few years, so it may be worth trying to determine whether your users will benefit from having it available to them. That's not to say that you can't deliver field-level Help, however, as all the required methods for calling it are still available to .NET developers.
  To clarify, what Madcap Software calls "DotNet Help" is just a proprietary Help viewer that the company hopes will be more modern and appealing to writers than the older HTML Help (.chm) viewer. HTML Help remains the recommended format for Windows applications, whether .NET or not, and you can use any authoring tool that is capable of outputting a .chm file to create online Help for a .NET application.
  The method that your developers use to call field-level Help determines how it should be authored. If they use the standard .NET method (the SetHelpString method of the HelpProvider class), each text string is embedded in the application code itself, and not retrieved from your .chm file. More information here:
  http://msdn.microsoft.com/en-us/library/system.windows.forms.helpprovider.sethelpstring(VS .71).aspx
  http://support.microsoft.com/kb/821777
  http://helpware.net/mshelp2/demo2/h1xNET.htm
  Alternatively, developers can use the old HTML Help API to retrieve the text string from a .chm file. See:
  http://msdn.microsoft.com/en-us/library/ms670082(VS.85).aspx
  http://helpware.net/htmlhelp/how_to_whatsthis.htm
  http://support.microsoft.com/?kbid=317406
  The drawback of both methods is that the Help popups are plain text only — no graphics, text formatting, hyperlinks, etc. To work around this, some people use the third-party KeyHelp control to create feature-rich HTML popups. See:
  http://www.keyworks.net/keyhelp.htm
  This allows you to deliver the type of Help that you mentioned in your second message ("is there a way to do this so that these topics open in a small popup, without the TOC / tri-pane structure?").
  Pete