Security on Field Level
Hi,
Actually We have a requirement to make some of the fields in not modifieble in Customer Master Transaction Code(XD01 and XD02).
The Background of this requirement is: We are using MDM for Customer Master data. In this Process Customers are created in MDM(With 150 fields out of 1000 in customer master remaining fields can be maintained in XD02).
If the user wants to change the data other than MDM fields it should be possible in R/3. But the user should not be allowed to change the data of MDM fields(150 fields).
To restrict modifications to those fields which is the bestway in Security. Please reply me.
Thanks,
Sekhar.J
Between:
a) Restricting the ability to create master records (actvt 01)
b) Differentiating between the central data, the company code data and the sales views of the data using authority.
c) Using F_KNA1_AEN to protect groups of fields (unless authorized to change them).
d) Customizing field status variants.
... you should be able to make some headway into the requirement to protect the 150 fields.
Otherwise, you will need to look into enhancements or custom applications.
Cheers,
Julius
Similar Messages
-
CRM 2015 - How to limit Field Level Security based on unit/subunit ?
Hello,
I have a problem with field level security.
I have entity entityX, and then have set of financial fields on this entityX.
These fields are under field level security profile named "Financials".
Next, I have a team which can read/write those fields. This team "Team1" is in business unit called "Subunit1".
"Team1" has a role "ReadWholeOrganization", which enables it to read entityX from complete organization.
"Team1" also has a role "WriteOwnOrganization", which enables users from this team to read and change entityX in his unit and sub-units.
How can I disable "Team1" users to see financial data for entityX, if entityX is owned by users outside "Team1" users unit?
In other words, i want "Team 1" users to see all entityX entities based on "ReadWholeOrganization" role, but I don't want them to see financial data for complete organization. I want "Team1" to see financial data only
for their unit and subunits.
How can I solve this?
Extracting financial fields in another entity is out of the question.Write javascript to hide the fields if you need to hide them just from the form. Here is
sample to assist. However this way they will still see the fields in Advanced Find.
Hope this helps.
Minal Dahiya
blog : http://minaldahiya.blogspot.com.au/
If this post answers your question, please click "Mark As Answer" on the post and "Vote as Helpful" -
Securing IT 0002 at field level
I'm searching for some method to secure an infotype down further. We have a need to let people see IT 0002 but not let them see the social security number of a user. Is there any one who has done this? I've already submitted an OSS msg and haven't heard back and combed through all the HR authorization objects.
If anyone has done this please point me in the right direction.
Thanks
Valerie BuitronHi Valerie,
You can try this. In feature P0002, in struct assignment for structure PME04 select field Pernr. Then use this pernr as a decision operator i.e. the pernr's for whom you want to display the social security field, return variable XX and for everyone else return variable YY. Now in view V_T588M depending on the return variable you can configure the displayed screen of IT0002. For return variable XX display the screen with social security number field whereas for return variable YY display the screen without social security number.
With Regards,
Roshan Gujaran. -
Why I can not find field:Level in Project Hierarchy in BAPI_BUS2054_NEW?
Dear experts,
Why I can not find the field of "Level in Project Hierarchy" in structure BAPI_BUS2054_NEW?
I only define the data to upload wbs:
PROJECT DEFINITION
PROJECT DESCRIPTION
PROJECT PROFILE
WBS Element
WBS description
Can you tell me which fields must to upload?
Looking forward to your reply.
Many thanks.
MerryzhangAnyone can help me ?I need the field "Level" in BAPI_BUS2054_NEW,But I can not find it.
-
Secure receivables field is not getting updated in FD32
Hi All,
I have created an LC for a customer & assigned the LC in the sales order. The system does not consider the LC amount as credit exposure which is a correct behaviour. When I post the Invoice the system does not populate any value in the secured receivables field in FD32 which should ideally haapen after posting the invoice.
Please guide me if I am missing anything.
Thanks In advance for your efforts.
Regards,
SulabhHi,
Found the ans by myself.
As these are the secured receivables, so after generating invoice, the invoice amount sit under secure receivable as this amount is secured with LC attached in sales order.
Regards,
Sulabh -
How to populate the Error stack during error records in field level routine
hi,
I am capturing the error records in Field level routine in transformation. now i want these records to reflect in error stack.
i am using 'Append monitor-rec to MONITOR' at the moment but i cant see any records in error stack.
but when i am using the same statement in start routine i am getting records in error stack.
can anyone please help as to how can i populate error stack through field level routine?Hi,
Try to do it in the end routine instead of the field routine.
It should work.
Regards,
Joe -
E-Recruitment - Requisition - Infotype Field Level Change Log
Hi Experts,
We are implementing SAP E-Recruitment, and would like to know how to capture the changes made in Requisition at infotype field level.
For example: If a support team member is added/delete in the Requisition (Tab - Support Team), then these changes (NEW/DELETE) at the infotype field level are required.
I have tried to maintain the infotype and the required fields in V_T582A, V_T585A, V_T585B and V_T585C. But didnt get any result when I executed the report RPUAUD00. Is there any additional configuration required for this?
Please adivse.
Thanks and Regards,
Dinakaran RHi,
You can just to that with the infotype table log. Support team is stored in table HRP5131.
Regards,
Nicole -
JDeveloper 11.1.1.2.0 - Help text at field level
Hi,
We are making use of the Help.properties file to produce field level text. I have field's such as the following
<af:inputText value="#{bindings.DocumentName.inputValue}"
label="#{bindings.DocumentName.inputValue eq null ? '' : bindings.DocumentName.hints.label}"
required="#{bindings.DocumentName.hints.mandatory}"
columns="#{bindings.DocumentName.hints.displayWidth}"
maximumLength="#{bindings.DocumentName.hints.precision}"
shortDesc="#{bindings.DocumentName.hints.tooltip}"
id="it4"
autoSubmit="true"
helpTopicId="WORKFLOW_EDITPURCHASEORDER_DOCUMENTNAME"
readOnly="true"
rendered="true"Is there a elegant way to disable the help text? e.g. provide a form level radio button to enable/disable help text? The only way i can think at the moment would
be to set the helpTopidId to a key that doesnt exists using an EL expression.
RegardsHi,
I think what you suggest is the way to go in this case
Frank -
How to fix the field level Error(Invalid Date)
Hi All,
Error: 1 (Field level error)
SegmentID: ACK
Position in TS: 5
Data Element ID: ACK05
Position in Segment: 5
Data Value: 162014
8: Invalid Date
can anyone help me out, How to fix above error? i searched about this but only information about the error is given and no where it is mentioned how to fix it and how is it generated please help me out.
Thanks,
NitishAre you sending or receiving the EDI?
Either way, "162014" is simply not a valid EDI data format. Dates in x12 are expressed as CCYYMMDD so December 30, 2013 would appear as 20131230.
If you are receiving, you need to contact the sender and have them correct the output.
If you are sending, you need to property format that date value. For example:
myDateVar.ToString("yyyyMMdd"); -
Data conversion is necessary at field level
Hi everybody.
Im a BW consultant in a BCS project, and I had to make a change in a objetct that is used in BCS as a custom attribute.
What I made, is to remove the ALPHA routine in the object.
Later, the BCS consultant generetad the data basis again, and now when enter the UCWB a warning is showed, the message below:
But I dont know how to do the procedure showed in the message, does anyone face with the same problem? Any suggestion?
Best Regards,
Thiago
Field /BIC/ZC_EMPBPM: Data conversion is necessary
Message no. UGMD418
Diagnosis
Following a change to the definition of field /BIC/ZC_EMPBPM it is necessary to convert the old data for this field before the new attributes can be activated. This arises, for example, when the following attributes have been changed:
Conversion exit
Version or time dependency of hierarchies
System Response
You cannot start the application. A data conversion is necessary first.
Procedure
Execute the necessary data conversion at the field level. To do this, press the respective button with the symbol in the hierarchical detail display at the level of field /BIC/ZC_EMPBPM. If necessary, the system will prompt you for more information in a separate dialog box.
Regards!
Edited by: Thiago França Carvalho Silveira on Jun 10, 2010 11:13 PMHi,
I quess the following should help.
Execute UCWB01 t-code, goto your data basis, in the tabstrip for assigning roles drag and drop any characteristic, then save. The system will find the change and check and regenerate data structures (that's what you need).
Then either in UCWB or UCWB02 t-code got your ConsArea and regenerate it. -
IGS: Vulnerability "security hole in level 3"
Hi!
We are using SAP ERP 6.0 system with an ingetrated IGS 7.0
We already changed IGS according to sap note 896400 to the version 7.00 (Patch 15)
When we run scan on demand we get the following information:
A security hole in level 3 was found at server ServerX.
Vulnerability-Level [highest]: 3
Vulnerability-Level [highest counted]: 0
Vulnerability Details
Date: Sun 10 May 2009 1:26:13 MET
Vuln: 300803
Vulnerability: SAPXPG Remote OS Command Execution at sysnr 3
ToDo: Set up a project to implement access restriction rules to RFC programs
with the 'secinfo' and 'reginfo' (only available in SAP Netweaver) mechanism
CertRef: M906071, SAP 30/08
Tool Reference: proprietary CERT and IPINS scanner
Comment:
Counted in: 2009-07
Monitor:
Date: Sun 10 May 2009 1:26:17 MET
Vuln#: 100806
Vulnerability: External Server Registration is possible at sysnr 3
ToDo: Secure remote registration of RFC programs (only possible in SAP Basis
7.00 and later)
CertRef: M906071
Tool Reference: proprietary CERT and IPINS scanner
Comment:
Counted in: 2009-07
Monitor:
Date: Sun 10 May 2009 1:26:17 MET
Vuln#: 101802
Vulnerability: IGS HTTP Administration is enabled and this version has
reported vulnerabilities at sysnr 3
ToDo: Upgrade to a higher patch level, i.e., for BC-FES-IGS 6.40 Patch Level
17 or higher and for BC-FES-IGS 7.00 Patch Level 07 or higher
CertRef: SAP 34/09
Tool Reference: proprietary CERT and IPINS scanner
Comment:
Counted in: 2009-07
Monitor:
End of Vulnerability Details
Question:
What we have to do to avoid s security holein level 3?
Thank you very much!
regardsDo you solved tye probllem below. ??? Can you help me.
I have the same problem.
What the format of secinfo, reginfo and what value to to profile gw/reg_no_conn_info ??
Thanks,
Vulnerability Details
Date: Sun 10 May 2009 1:26:13 MET
Vuln: 300803
Vulnerability: SAPXPG Remote OS Command Execution at sysnr 3
ToDo: Set up a project to implement access restriction rules to RFC programs
with the 'secinfo' and 'reginfo' (only available in SAP Netweaver) mechanism
CertRef: M906071, SAP 30/08
Tool Reference: proprietary CERT and IPINS scanner
Comment:
Counted in: 2009-07
Monitor: -
IGS: Vulnerability (security hole in level 3 was found)
Hi!
We are using SAP ERP 6.0 system with an ingetrated IGS 7.0
We already changed IGS according to sap note 896400 to the version 7.00 (Patch 15)
When we run scan on demand we get the following information:
A security hole in level 3 was found at server ServerX.
Vulnerability-Level [highest]: 3
Vulnerability-Level [highest counted]: 0
Vulnerability Details
Date: Sun 10 May 2009 1:26:13 MET
Vuln: 300803
Vulnerability: SAPXPG Remote OS Command Execution at sysnr 3
ToDo: Set up a project to implement access restriction rules to RFC programs
with the 'secinfo' and 'reginfo' (only available in SAP Netweaver) mechanism
CertRef: M906071, SAP 30/08
Tool Reference: proprietary CERT and IPINS scanner
Comment:
Counted in: 2009-07
Monitor:
Date: Sun 10 May 2009 1:26:17 MET
Vuln#: 100806
Vulnerability: External Server Registration is possible at sysnr 3
ToDo: Secure remote registration of RFC programs (only possible in SAP Basis
7.00 and later)
CertRef: M906071
Tool Reference: proprietary CERT and IPINS scanner
Comment:
Counted in: 2009-07
Monitor:
Date: Sun 10 May 2009 1:26:17 MET
Vuln#: 101802
Vulnerability: IGS HTTP Administration is enabled and this version has
reported vulnerabilities at sysnr 3
ToDo: Upgrade to a higher patch level, i.e., for BC-FES-IGS 6.40 Patch Level
17 or higher and for BC-FES-IGS 7.00 Patch Level 07 or higher
CertRef: SAP 34/09
Tool Reference: proprietary CERT and IPINS scanner
Comment:
Counted in: 2009-07
Monitor:
End of Vulnerability Details
Question:
What we have to do to avoid s security holein level 3?
Thank you very much!
regardsDo you solved tye probllem below. ??? Can you help me.
I have the same problem.
What the format of secinfo, reginfo and what value to to profile gw/reg_no_conn_info ??
Thanks,
Vulnerability Details
Date: Sun 10 May 2009 1:26:13 MET
Vuln: 300803
Vulnerability: SAPXPG Remote OS Command Execution at sysnr 3
ToDo: Set up a project to implement access restriction rules to RFC programs
with the 'secinfo' and 'reginfo' (only available in SAP Netweaver) mechanism
CertRef: M906071, SAP 30/08
Tool Reference: proprietary CERT and IPINS scanner
Comment:
Counted in: 2009-07
Monitor: -
Data-level security in user level
Hi All,
In our OBIEE we have created several application roles and assign them to the users. We set data-level security for each application role, and the filter does apply to all related users. But we want to do more specific data-level security for each user, which we did by clicking on user name in Manage Identity, and set permission with additional data filter. But this does not work.
Let's say we have Application Role1 with access to region='Asia', but then we want to set User1 to access only subregion='North Asia' and User2 to access only subregion='South East Asia', where User1 and User2 belongs to Application Role1.
Is this possible to work in OBIEE 11g?
Thanks.Hi,
Yes it is possible,
Please refer the below link.
http://satyaobieesolutions.blogspot.in/2012/06/obiee-11g-security-week-row-level.html -- stey by step is there.
Hope this help's
Thanks
Satya -
Field Level Authorisation Control
Hi Expert,
i want field level authorisation control for Usage Probablity in Bill of Material. In CS02- Change Material BOM for some user i want to restrict to change the usage probablity of particular component.
how to do this. i already tried through creating & adding authorisation object in Role but it's not working.
Pls suggest solution with detailed steps.
Regards,
DevDev,
You can better try using, transaction variants using transaction SHD0 and assign them to the respective users.
You can do a search in this forum to find topics on how to create transaction variants.
Regards,
Prasobh -
How to assign possible agents at security role / CAG level?
Hi Experts, How to assign possible agents at security role / CAG level?
Yes, that's exactly what I'm talking about. In your task maintenance, goto additional data -> agent assignment -> Maintain
Click on th task, click on the assign button. Choose object type 'Role', enter role.
Cheers,
Mike
Maybe you are looking for
-
Can you sync different iPhones with the same iTunes library on your computer?
I have two I phones an old 3G and 4S. I use the 4S in the US and I planned to unlock the 3G in order to use it in France. I have itune on my computer and I would like to know if I can sync my two iphones on the same itune ? Thank you for helping me V
-
Making an iPhone 4S manual backup to a MacBook Pro does not work in iTunes?
Hello. I am helping a client's iPhone 4S (iOS 5) to back up his data to his 13.3" MacBook Pro (Mac OS X 10.8.2 with updates including the latest iTunes v11 without iCloud). We told iTunes not to automatically synchronize when connected. We did tell i
-
How To Do Frame animation w/ Multiple Layers Per Frame
So I'm working on an 8-bit character template as game art. I've got multiple layers (ie: Hat Apparel, Body, Pants, Shirt, Neck Apparel, Mouth Apparel). I want all of these to be animated in their own layers. Is there a way to do that? I have all of t
-
HT204017 After updating to Yosemite my Macbook is slow
After updating to Yosemite my Macbook is slow, especially iTunes
-
Mac Mini Ethernet SSL connection issues
Hi, Up until recently I have been using my Late 2012 Mac mini with a WiFi connection. Recently though I've had reason to switch to a Gigabit Ethernet connection (short version, moved from UK to Canada, living with in-laws and they have a crappy wirel