Selection Authorisation for users

Similar Messages

• DMS :Select Range for User defined fields in Classification Tab in CV04N

  Dear All,
  We have added User Define Fields Date field in Classification Tab in CV04N Transaction But it has single search (parameter) where we need to have Date range selection (Like Select Option) for the documents.
  I request you to suggest me some solution whether it is possible to achieve with any standard configuration as it is very critical to the Business .
  I would appreciate for your quick response and support.
  Thanks in Advance,
  Regards,
  Vishal.

  Dear Ravindra,
  Actually My requirement is when we enter the exact date in the input field its giving the documents submitted on that date.But when i give date range its not displaying the any documents where the document submited in between those two dates.
  Ex: I have submitted the document ( in CV01N ) for the approval on 10.05.2010(this is the same field in classification).
  In the CV04N transaction ,classification tab if I enter date as 10.05.2010 its giving the document submitted on that date.but if I enter the two dates 01.05.2010 and 20.05.2010 where document is been created B/W the input dates.
  Please suggest how to fulfill my business requirement ,I also request to check any configuration for the user defined fields can solve this problem instead of selecting single value when it can select the range of values.
  Thanks for your earlier reply.
  Regards,
  Vishal.

• Authorisations for users receiving Alerts on Interface Failure

  Dear All,
  I have configured alerts to send out mails to relevant users in case of Interface failure.
  Now I need to know that what strategy is followed in Alerting. As in, how many user groups should be created and what all authirisations should be given to these users.
  As per my understanding, there should be 2 user groups to receive alerts:
  1) Business Users
  2) PI Support team.
  Please tell me if the above approach is fine and what authorisations should be given to each in both ABAP and Java side.
  thanks,
  Piyush

  Hi Piyush,
  If you are to send alerts to a specific user group through your alert category, the way could be to create a user account with basic authentications for PI monitoring and add this user as a fixed receipient for the Alert Category in ALRTCATDEF. Then assign a group mail id (add the required users to this group mail id in you mail server) to this user in SU01. This way the alert triggered against this particular alert category will be forwarded to this group mail id.
  Ideally both the adapter engine and integration engine alerts are forwarded to Support team, but for the business users only the Integration Engine alerts are meaningful (mostly mapping conditional failures). So it is good practice to create two separate alert categories for adapter engine and integration engine and then add fixed receipients accordingly.
  The other approach is to configure receipients via user role (create Z roles) for each alert category (ALRTCATDEF) and then assign the role to the specific users in the PI system.
  The smart approach is to cofigure subscription authorizations in ALRTCATDEF and then individual users can subscribe to alert categories as per their need from Alert Inbox in RWB (there is an option for alert subscription) and can unsubscribe when they desire.
  Regards,
  Suddhasatta

• Selection Screen for crystal report ?

  Hi to all,
  Is it possible to create selection screen using Crystal report designer alone ?
  I came to know that we can give selection parameteres using SELECT EXPERT option in desginer.
  Can we create selection screen for user input like we have in abab (selection screen) ?.
  Is it possible to check authorization using Crystal report designer ?
  If anyone knows anything .... remotely connected with the question I asked please reply.
  Waiting for reply.
  Regards,
  Surya.

  Surya,
  To do what you are wanting, you will want to do the following:
  1) Create parameters. Open the Field Explorer > right click Parameter Fields > fill in the necessary fields o create the desired parameter.
  2) Add the parameter to the Select Expert.
  2a) If you are using a SQL Command to generate your data set you will need to add the parameter name to the Parameter List of the Command and add it the selection criteria of the SQL statement.
  Something like this:
  WHERE f.FieldName = {?ParameterName}
  HTH,
  Jason

• Tables for User Details & User Tcode Details.

  Hi all,
      I'm need of the tables as per the criteria given below.
           1. User List
           2. Tcodes associated with the User.
       Also let me know if there is any Standard Report that returns list of users with tcodes associated with them.
       Can anyone help me out?
  Thank You.

  Hi Shrilath,
       You can use tcode SUIM - (User info system- most user related report can be found here).
  SAP has provided you with the SUIM tool for these kind of generic requirement, so avoid using this than creating your own custom program(no reinvention of the WHEEL).
  As about you requirement, execute tcode SUIM
  Execute the selection "Executable for User" and Enter user name
  You will be listed with all the tcode the user can execute in the system.
  As about your initial requirement to get all users in the system.
  You can execute the User section (drill down on first screenshot), and execute without any filter values on address or user name. You should get all the users in the system
  Thanks & Regards,
  Tashi

• How to skip authorisation for infotype when using dynamic selection ?

  Hi folks,
  I have a problem here.
  When im using dynamic selection screen, i cannot skip authorisation for subtypes of an infotype. Eg. if my record for 0185 have records that do not have authorisation for the subtypes. Dynamic selection will filter away this record and will not get me into the Get Peras as id i use to run has authorisation configured. IT will skip out of Get Peras.
  However, if im not using dynamic selection screen, i will use the normal pnpce fields, i will be able to get the record, as i do my authorisation check using function module in the get peras, and i did not declare 0185 in the infotypes.
  May i know if there is any solution to this problem as dynamic selection screen is a standard...
  Thanks,
  lihui

  hi,
  however i cannot skip authorisation for the whole pernr as i need the authorisations for the processing reports.
  Currently the case is like this..
  i have a authorisations for infotype 0185. i have 2 subtypes records such as ZA and ZB. the user does not have authorisation to read ZB but has authorisation to read ZA.
  However, when use dynamic selection, it will skip out the pernr.
  If the pernr 0185 records has only ZA subtype but no ZB subtype, it will not skip this pernr when using dynamic selection.
  Anymore idea how to overcome this?

• Hi all, i'm new and facing a problem while creating a new file for Xcode. I can't select the box "with XIB for user interface" if the subclass is "UIViewController".this problem happen after i upgrade Xcode to 4.6 version.Appreciate for any help rendered.

  Hi all, i'm new to Mac book & Xcode. I'm learning and facing problems while creating a new file for Xcode. Before i upgrade the software, i have no issue to create simple steps in apps. After upgrade Xcode to 4.6 version, i'm facing lot's of issue eg.
  1) "the identity "iphone developer" doesn't match any valid certificate/ private key pair",
  2) can't select the box "with XIB for user interface" if the subclass is "UIViewController"..
  Appreciate for any help rendered.

  Mikko777 wrote:So what is the best?
  I wouldn't judge. I've been to Arch for a week, you know? But as said, it's VERY close to it.
  What I dislike after a week is makepkg not handling dependencies automatically (which would be overhead, so probably not appropriate).
  Mikko777 wrote:Also theres KDEmod for modular kde, dunno if its for 64 bits tho.
  Don't actually need that as said ... I see no real benefit of having that other than not beeing a KDE user or having Gentoos useflags.
  Mikko777 wrote:PS:You produce a lot of text and welcome smile
  Yeah. Wonder why I'm still employed? So do I ...

• Best practice for select access to users

  Not sure if this is the correct forum to post, if not then let me know where should I post.
  From my understanding this is the best forum to ask this questions.
  Are you aware of any "Best Practice Document" to grant select accesses to users on databases. These users are developers which select data out of database for the investigation and application bug fix.
  From time to time user want more and more access to different tables so that they can do investigation properly.
  Let me know if there exists a best practice document around this space.
  Asked in this forum as this is related to PL/SQL access.

  Welcome to the forum!
  Whenever you post provide your 4 digit Oracle version.
  >
  Are you aware of any "Best Practice Document" to grant select accesses to users on databases. These users are developers which select data out of database for the investigation and application bug fix.
  From time to time user want more and more access to different tables so that they can do investigation properly.
  Let me know if there exists a best practice document around this space.
  >
  There are many best practices documents about various aspects of security for Oracle DBs but none are specific to developers doing invenstigation.
  Here is the main page for Oracles' OPAC white papers about security.
  http://www.oracletechnetwork-ap.com/topics/201207-Security/resources_whitepaper.cfm
  Take a look at the ones on 'Oracle Identity Management' and on 'Developers and Identity Services'.
  http://www.dbspecialists.com/files/presentations/implementing_oracle_11g_enterprise_user_security.pdf
  This paper by Database Specialists shows how to use Oracle Identity Management to limit access to users such as developers through the use of roles. It shows some examples of users using their own account but having limited privileges based on the role they are given.
  http://www.dbspecialists.com/files/presentations/implementing_oracle_11g_enterprise_user_security.pdf
  And this Oracle White Paper, 'Oracle Database Security Checklist', is a more basic security doc that discusses the entire range of security issues that should be considered for an Oracle Database.
  http://www.oracle.com/technetwork/database/security/twp-security-checklist-database-1-132870.pdf
  You don't mention what environment (PROD/QA/TEST/DEV) you are even talking about or whether the access is to deal with emergency issues or general reproduction and fixing of bugs.
  Many sites create special READONLY roles, eg. READ_ONLY_APP1, and then grant privileges to those roles for tables/objects that application uses. Then that role can be granted to users that need privileges for that application and can be revoked when they no longer need it.
  Some sites prefer creating special READONLY users that have those read only roles. If a user needs access the DBA changes the password and provides the account info to the user. When the user has completed their duties the DBA resets the password to something no one else knows.
  Those special users have auditing on them and the user using them is responsible for all activity recorded in the logs during the time the user has access to that account.
  In general you grant the minimum privileges needed and revoke them when they are no longer needed; generally through the use of roles.
  >
  Asked in this forum as this is related to PL/SQL access.
  >
  Please explain that. Your question was about 'access to different tables'. How does PL/SQL access fit into that?
  The important reason for the difference is that access is easily controlled thru the use of roles but in named PL/SQL blocks roles are disabled. So those special roles and accounts mentioned above are well-suited to allowing developers to query data but are not well-suited if the user needs to execute PL/SQL code belonging to another schema (the app schema).

• Variable Selection For User in Web Interface for BPS

  Hi All,
  I've created a manual Input sheet in BPS0 to upload target sales. User need to select the month, plant and then enter the target amount for each category. Its working fine.
  Now I need to create web interface for user to upload the data every month. Using BPS_WB I've created the interface (with help of Wizard). I'm getting the input sheet. But I'm not able to get screen where user can select the parameters?
  How to get this? It should work like web report, where user select the report variables then execute. Only difference here is user will have to enter the data for selected variable.
  Thanks in advance.
  Regards: Gaurave

  Hi....add the variables to a folder along with the layout. Then create the web interface.

• User presses F4 on the selection screen for the field ''Transport Request"

  Dear ALL,
                   I want to build up a functionality in my report where if the user presses F4 on the selection screen for the field ''Transport Request", then it will display all the Transport Requests involving that particular User...
  What I mean is the normal process that is provided by SAP on saving an object in a package & assigning it to TR...
  How do we Achieve it ?

  Hi.
  First we need to give the client after that client number related requestes display in second parameter F4 help for that purpose i used two function modules.First for read the client no dynamically after that pass the client number second function module.
  then u can get all the request for that client.
  DFIELD-FIELDNAME = 'P_MANDT'.
  APPEND DFIELD.
  CALL FUNCTION 'DYNP_VALUES_READ'
    EXPORTING
      dyname                               = 'Y9EZ_TR_COPYCLIENT'
      dynumb                               = SY-DYNNR
    tables
      dynpfields                           = DFIELD
  READ TABLE DFIELD INDEX 1 ."WITH KEY DFIELD-FIELDVALUE = 'P_MANDT'.
  V_MANDT = DFIELD-FIELDVALUE.
  CALL FUNCTION 'TR_F4_REQUESTS'
  EXPORTING
    IV_USERNAME                   = SY-UNAME
    IV_TRKORR_PATTERN             =
    IV_TRFUNCTIONS                =
     IV_TRSTATUS                   = 'RNDL'
    IV_FROM_DATE                  =
    IV_TO_DATE                    =
     IV_CLIENT                     = V_MANDT
    IV_PROJECT                    =
    IV_TITLE                      =
    IV_VIA_SELECTION_SCREEN       = 'X'
    IV_COMPLETE_REQUESTS          = 'X'
    IT_EXCLUDE_REQUESTS           =
  IMPORTING
     EV_SELECTED_REQUEST           = S_TRKORR-LOW.
    ES_SELECTED_REQUEST           =
  'TR_F4_REQUESTS' This function module for request
  Regards
  muralii

• User has no authorisation for function group SYST?

  Hi All,
  I was trying to open Bex Analyzer in BI 7.0.
  I am getting the error as mentioned below:
  "User has no authorisation for function group SYST".
  Why is it so.
  Please reply.
  Thanks in Advance.

  Unless you have full authorizations (SAP_ALL / SAP_NEW) you have to grant authorizations for each activity.
  With PFCG, add the following RFC on Authorization Object S_RFC:
  RFC1
  RS*
  SDIFRUNTIME
  SYST
  SYSU
  Hope it helps
  GFV

• Saved Selections for users

  Hi,
  Is there a way to control the option ' Save selections for others'? I know how to control the selections option from Privileges. But, I don't see the option to control saved selections for others.
  Can someone please let me know if this can achieved?
  Thanks
  Chandu.

  Hi,
  The option you have specified controls from having selections privilege for a user.
  I want to control the options * to save selections for others*.
  Meaning that, I want to disable the option - * Page Options --> Save Current Selections --> For Others*, but keep the option * Page Options --> Save Current Selections --> For Me*
  Is it possible?? Please let me know.
  Hi..I just realized that, for non-admin users, ( user without admin privileges) will not be seeing the option ' Page Options --> Save Current Selections --> For Others'
  Thanks.
  Edited by: Chandu.bi on Mar 20, 2011 12:47 AM

• Access to some UDFs authorised for certain user

  Dear All,
  This issue made me confusing, it is about UDF access authorisation. Is it possible to authorise a certain user to open or view UDF ?For example : I have 5 UDFs that only can be used by sales dept user and 5 UDF's are for purchasing dept. How to authorized the UDFs according to its dept ? Thanks in advance.
  Rgds,

  Hi All,
  I managed to resolve this problem by using additional authorisation creator that using form ID 38 and then in the general authorisation --> user authorisation is set to no. if it is authorised per user name, the user will not able to open UDF settings (CtrlShiftB) except there is the same level with him/her that can open the document, I think the settings can be opened. I almost escalated this problem to SAP support.
  Tks for your all participations. More power to you...
  Rgds,

• OIM11g R2 - If two roles (ACF2 and AD) are selected together for a user req

  Hi ,
  We are facing a problem In the Catalog, if two roles (ACF2 and AD) are selected together for a user and checking it out.The request goes to approval process.We have not created any approval process flow.
  Plz let me know how to recover from it and provide an option to provision two roles simulaneously to a user without going into approval process.
  Steps to Reproduce:
  1. Create a user in OIM .
  2. Search that user.Administration->Users->Search User
  3. Click on 'Roles' tab and select 'Request Role' under that tab.
  4.'Catalog' tab opens .Click on Search icon and Add AD and ACF2 Role to the cart.
  5. Click on 'Check out'
  6. Click on Submit button
  7. Request Summary tab opens with Request status shown as 'Obtaining Request Approval' and Request Type as 'Assign Roles'.
  Note: If we assign AD and ACF2 individually to user and running Evaluate User Policies we are able to see account in Provisioned state under Accounts tab of User and request is not going to approval process
  Thanks in advance

  Hi,
  As mentioned I created two auto approval policies
  1. Request Type= Assign Roles
  Level= Request Level
  Auto Approval checked
  Approval Rule=Requester.UserLogin Equals XELSYSADM
  (Created this rule as i am logeed in as XELSYSADM)
  2. Request Type= Assign Roles
  Level= Operation Level
  Auto Approval checked
  All Scope Checked
  Approval Rule=Request.RequestType Equals Assign Roles
  After that i opened the user request role page and requested 2 roles (AD and ACF2).
  But now also request went to approval work flow
  Please point which step i have missed or any other step need to be performed.
  Regards,
  Edited by: Puneet Lobana on Jan 7, 2013 12:54 AM

• Authorisation roles and transaction codes for users(MTO--PPmodule)

  Hi !!!
  GURUS !!!!!!!!
  I am working here on live project for  make to order scenario.
  We are using only batch management.
  Could you give me transaction codes for users for authorisation roles.
  All codes from start to end scenario.
  Regards,
  Nitin

  Dear,
  You have to do the JRM - Job role mapping. The list of transactions cannot be decided commonly across all implementations, as per your Business process definition you have to list the transactions invovlved and which business roles are required for that.
  One example: PP_Planner is a Role, this is applicable for the planning person, he will be given transactions related to SOP, DM and MRP, he will not be given transactions related to SFC. Its vice versa for a operations person.
  Thanks & Regards,
  Vijaya Bhaskar A