Sensitive fields restriction to company code

Hello
we would like to activate sensitive fields for one specific company code. In standard SAP we can only define the sensitive fields for the whole client. Anybody did this before? Or do we need something like enhancement SAPMF02D to do this?
dT123

Hello Spotty/Accenture Accenture,
There can be different approaches to achieve the same, for which, I would like to know the following from you:
1. Are you using direct or indirect role assignments?
2. Do you want to restrict the authorization object at the user level or at the role level?
Regards,
Hersh.

Similar Messages

  • Block Sensitive field basd on Company Code

    Dear Experts ,
    We are blocking sensitive fields using the Customizing Setting in SPRO
    SPRO –> REF IMG –> Financial Accounting –> Accounts Receivable and Accounts Payable –> Vendors Accounts –> Mast*er Data –> Preparations for Creating Vendor Master Data –> Define Sensitive Fields for Dual Control (Vendors)
    Currently its is blokcing for all the Company Codes
    Can we include a Check that it will block only a specific Company Code ...
    We had cheked all the forums but unable to get the satisfactorily answers for the same.
    Regards,
    Saurabh Goel

    Hi,
    Sensitive fields effects at company code level and cannot be separated.
    You have two options; one is to use user-exit ZXF05U01 in order to block some vendors another one is to customize sensitive fields and approve those vendors which you don’t want to be blocked by coding.
    Best regards
    Melih

  • Search Help "PREM"  Restriction on Company Code

    Dear Friends,
    I have modified the screen SAPLKACB 0002. I HAVE APPLIED SEARCH HELP "PREM" ON COBL-PERNR(Personnel No).Now if u go to F-02 Transaction.We have a Company Code entered Say : 2200.
    Now if we fill in the mandatory fields we go 2 next screen there we have personnel no field where i have
    attached F4(Search Help).
    Now i need 2 restrict the search help according to the company code.
    if the Company Code i enter say 2100 and hIt enter.it should give me some king of msg that
    the company code 2100 does not match the (F-02 Transaction Company Code:2200).
    Please Guide as 2 how 2 Accomplish this.
    Regards,
    Essam

    Hi if you need to do any thing to search help u need to create a search help exit for it.
    check my [blog|https://wiki.sdn.sap.com/wiki/x/du0] on this code.

  • How to restrict the user id to a specific company code?

    Hi,
    I want to restrict a user id to access a specific company code only for both customizing and application data creation. This means that the user id can do customizing and create application data for that company code only and not for any other company codes.
    how can i do this?

    Hello Raja,
    You requirement of restricting users for application data can solved by adding the company code in the organization level button and the user will be restricted to mainatin application (transaction) data for the org element for which he is authorized for, if the transaction has objects which check company code.
    Customizing data authorization can be very tricky, as most of the customizing transactions are for maintaining customizing tables will not necessarily have an authorization check for org elements. In this case you may to manually insert a object called S_TABU_LIN alongwith S_TABU_DIS it will perform the job of restricting authorizations.
    In cases where the end user is accessing tables directly with SE16 S_TABU_DIS is the object that is check and maintained in PFCG.But,Such a restriction cannot be made with S_TABU_DIS alone. Fortunately SAP provides us with another authorization object S_TABU_LIN (Authorization for Organizational Unit), which can be used in conjunction with S_TABU_DIS to enforce such a restriction.
    This authorization object works only with Maintenance Views and Customizing tables. Also note that an Organization Criterion is a prerequisite for implementing the same
    A detailed step by step procedure to be followed is given below:
    1. The first step in implementation of line authorization is defining an Organization Criterion. For this we need to access the u201CSAP Reference IMGu201D customization page from SPRO transaction.
    2. From the IMG display screen select SAP Web Application Server -> System Administration -> Users and Authorizations -> Line Oriented Authorizations. Select the execute ( ) button for the u201CDefine Organization Criteriau201D.
    3. The resulting table display show all available Org Criteria values existing in the system. For our purposes we will create a new Org Criteria to suit our needs. Select the tab u201CNew Entriesu201D as shown below.
    4. Give an appropriate name starting with Y or Z for the new value. Note that a name starting with another letter will not be accepted by the SAP system. Click on u2018Saveu2019 button to save the newly created Org Criteria. This opens a new window asking for a Workbench Transport Request. This would be required so as to transport the new Line authorization restrictions further to the test and production systems.
    5. Now select the new Org Criterion u201CY_TESTu201D and double-click the u201CAttributesu201D tab as below to define the various Org Attributes.
    6. Provide the new Attribute name and Description for the same. Also fill the Authorization field value from the provided dropdown (1st Org Criterion Attribute u2026. 8th Org Criterion Attribute). The search help field is an optional field which can be filled if a search criterion exists or has been created earlier for the specific purpose. This field enables the u201CF4u201D when filling entries in the authorization object
    7. We already have a search help (C_T001) available, which provides as an F4 help the list of all available Company Codes in the system.
    Note that we can create up to 8 Org Attributes as per our requirements (by selecting u201CNew Entriesu201D tab), each corresponding to a column in the target table.
    8. Selecting the attributes link again will show us a list of all defined attributes and the authorization Field it will appear in. Now that we have defined the Attribute Field that we require, we need to associate each attribute to the corresponding Table Field in the target table.
    Select one of the attributes as below and double-click on the u201CTable Fieldsu201D button to define the field associations.
    9. Select the u201CNew Entriesu201D tab to create a new table field association.
    10. The View/table field must be filled with the target table which we need to control.
    11. The u201CField Nameu201D will require the field name of the target table which be linked with the specific Org Attribute. Performing an F4 on this field will display the list of all possible fields available in the View/table provided earlier. Here we will select the field name BUKRS (Company Code). Save the entries in the same workbench request created earlier.
    12. The next step would be to activate this new Org Criterion so that SAP now checks the authorization for S_TABU_LIN for every user
    13. In the u2018IMG displayu2019 go to SAP Web Application Server -> System Administration -> Users and Authorizations -> Line Oriented Authorizations. Select execute ( ) button for the u201CActivate Organization Criteriau201D.
    14. From the resulting customization screen tick the check-box for the Org Criterion that we have created. On saving the settings the system then asks for a Customizing Transport Request for further transport into test and development systems.
    15. Any user without this authorization will not be allowed in to the SM30 display/change screen for this table.
    16. In the role for which the S_TABU_DIS provides maintenance access for the table , we will now also need to maintain the object S_TABU_LIN.
    17. On selecting change button besides any authorization field you will need to select the Organization criterion which needs to be maintained here. Note that only one Org Criterion can be maintained in one instance of S_TABU_LIN object.

  • Company code restriction for dashboard and webi reports in BOBJ

    Hi Friends,
    We have a requirment where we need to restrict user on company code level in bobj.
    we have some dashborads and webi reports which need to be restricted at company code level, hence i have created a  role in BI and restricted the queries (bex queries) on company code level and same role and user i have imported in BOBJ.
    Now i can see the role and user in BOBJ and also i can login to BILAUNCH PAD with authentication as SAP  But unable to run the webi reports and dashboard hence i have added those reports to this user in bobj and now i can run the reports, but restriction is not working.
    In BI I am able to restrict user  but in bobj its  not restricting. kindly let me know if i am missing anything?
    We are having BO 4.0 SP6.
    Thanks
    Basis

    Hi Saurabh,
    In BI its wokring perfectly fine.
    I can run the query for specific company code and data is being populated as the respective compay code.
    I have also configure SSO between BI & BO using below link
    http://wiki.scn.sap.com/wiki/display/BOBJ/How+to+setup+SSO+against+SAP+BW+with+SAP+BO+BI4.0+Common+Semantic+Layer+%28UNX%29+or+BICS
    but when i am trying to create a olap connection in IDT with SSO connection test is getting failed with belwo error.
    com.businessobjects.mds.olap.OlapException: [Internal] SSO token or User password is empty.
    I checked STS is already there in APS .
    Thanks
    Basis

  • How to Restrict Intercompany Access By Company Code

    We have multiple territories, of which each is assigned their own company code  We'd like intercompany access to be restricted by company code so users only have intercompany access to only territories they have authorization for.   Currently, we have role X setup and authorized users have access to this role.
    Intercompany TCODES would include FBU2, FBU3, and FBU4. 
    The obvious solution would be to create additional roles via PFCG whereby each role has access to X company codes and assign these users to the appropriate role.  Any other ideas?  Also, with the ECC upgrade, doesn't this impact performance on the cube when trying to restrict roles by company code?
    Thanks in advance!
    Edited by: david kim on Feb 10, 2009 2:13 AM

    Hi david kim,
    Based on my experience, the best way is by maintaining the roles in Txn PFCG as what u did just now. FYI, there's no impact on performance on the cube when trying to restrict roles by company code. (we have faced it before when upgrading 4.6C to ECC6...with flying colors ...).
    Hope this will solve your problem.
    TQ
    Regards,
    Nazrul

  • Master data changes Dual control (per Company code)

    Hello Experts,
    Am now planning to setup Dual Control for Vendor & Customer Master's Sensitive fields like Bank Account details (note that Bank details are setup in "General data" irrespective of Company code.
    My client has Companies spread across the globe.
    I have some questions. Hope somebody can help.
    1) Can i activate Dual Control functionality for just 1 or 2 Companies. As far as i know this is not possible in config. Any easy work around?
    2) If i implement this change as it is , how does it work?
      For example if an Accounting clerk in Germany changes a Vendor Bank Account number , any one who has access to FD08 (or FD09) in France can approve this change. Where as ideally this change should only be able to confirm by a Manager in Germany.
    This means every body can see & confirm other companies master data changes.
    Just a thought, can i restrict this in authorisation by Account Group?
    But isn't there a way to display only the relevant changes to be confirmed by each manager(limited to thier own Company or Account group)
    Thanks in advance.

    Bank Details are not company code specific. So can't restrict per company code.
    Any other suggestions, please ?

  • Customer / Vendor Master Dual Control - Sensitive Fields

    Dear SAP Experts,
    I have configured a business requirement to extend the Senstive Field functionality towards customer master. I have defined the new Customer group and also assigned the fields. Every time a change to the Customer master record (KNA1 and KNB1) fields are changed, the message pops for the confirmation to be done thru FD08/FD09.
    The only question I have is the relevance behind this control as even after the changes not yet to be confirmed, the system is allowing me to bill the customer (Sd billing) and pass the entry to FI accounting? On the other hand the Vendor functionality does not allow a billing run unless and until the changes are confirmed. My question is what is the relevance of the customer master. Can anyone who has an idea about this provide some insight about the dual functionality of this sub module.
    Rgds,
    Abhai

    hello, friend.
    i wish to understand your situation better.  if the sensitive fields restrictions are working for vendor, then there should be similar features for customer.  the, my question is "are you -
    1.  "working in a DEV environment where you have consultant's (unlimited) authorization or
    2.  "working in a QAS/PROD environment where you have specific authorization?"
    perhaps you have already checked this, but please indicate if you the authorization groups and transaction codes authorization have been set for the users.
    many thanks.

  • Authority-check for a particular company code

    Hi,
       I need to check authorization for a particular company code.In my bdc call transaction program i'm fetching mass data from excel file and for every record i've to check the company code field.If the company code is not the required one then that record should not be processed.
      So before filling the bdc data i wrote like
    LOOP AT gt_inrec INTO gs_inrec.
         AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
                   ID 'ACTVT' field '02'
                   ID 'BUKRS' field '2800'.
        IF NOT sy-subrc = 0.
          MESSAGE e058(zz) WITH gs_inrec-bukrs.
          EXIT.
        ENDIF.
         PERFORM fill_bdc.
      ENDLOOP.
    but it is not exiting for different company codes and is allowing records with all company codes.
    can anybody pls tell me how to rectify this?
    thanks in advance,
    poornima

    I need to perform authority check on the field NAME1 present in the standard screen - customer master ( T.Code-XD02). Only certain users should be allowed to edit the field and others should be restricted.
    I have created a field exit FIELD_EXIT_AD_NAME1 for the ADRC-NAME1 field.
    Now inside this field exit i need to write the authority-check code.
    I have created the authorisation object Z_KNA1_NAM for the field NAME1 using the SU20 and SU21.
    For this scenario how do i write the authority-check code in my field exit?
    Below is my field exit code,is that correct?
    FUNCTION FIELD_EXIT_AD_NAME1.
    ""Local Interface:
    *" IMPORTING
    *" REFERENCE(INPUT)
    *" EXPORTING
    *" REFERENCE(OUTPUT)
    AUTHORITY-CHECK OBJECT 'Z_KNA1_NAM'
    ID 'NAME1' FIELD SY-UNAME
    ID 'ACTVT' FIELD '03'.
    IF SY-SUBRC = 0.
    MESSAGE 'Not Allowed to Edit the Name 1 Field' TYPE 'E'.
    ENDIF.
    ENDFUNCTION.
    In the above code i have given SY-UNAME in the code line 2 - ID 'NAME1' FIELD SY-UNAME ,is that correct? what should i give there?
    Please help me on this issue.
    Cheers,
    P.S.Chitra

  • Vendor company code

    Hi,
    Can anybody give a detailed explanation about what do u mean by vendor company codes.

    Hi Sandeep,
    You want to know abt the assignement of vendor at diffferent levels then , it is assigned at 3 levels :
    Client
    company Code
    Pur Org
    Apartf rom above you can miantina vendor related information pertaining to plant, provided plant should come under the pur org.
    If you want to know about the screen layout of venor master/field status for company codes, ckeck the link below :
    http://help.sap.com/saphelp_47x200/helpdata/en/01/a9b47b455711d182b40000e829fbfe/frameset.htm
    BR,
    Krishna

  • Cross company code validation in CO Area

    Dear All Experts,
    I am having one query regarding cross company code validation in CO area. I have ticked Cross company code validation in controlling area, and it is working perfect.
    we have total 11 company codes. 10 for US & 1 for Canada. Say 1001 to 1010 US company codes & Canda it is 1101.
    The requirement is :-
    Now client wants to post cross company code transaction within these 10 US company codes and it should not throw an error  ( Ideally which is giving right now ). It should give error only when posting to US company code transaction and Canada Cost Center or Internal Order.
    Can we restrict the company code for cross posting validation ? OR Can selected company codes set for validation indicator ?
    Experts guidance will be great on this.
    Regards,
    Sharvari Joshi.

    Dear,
    Murali.
    Thanks for your reply.
    As you said :- Validation check applies for all the company codes which are assigned to your controlling area.
    Means simply we can not apply this option to selective company codes, Right ?
    Once it is ticked it is applicable to all company codes.
    Regards,
    Sharvari Joshi.

  • How to schedule one report for multiple company code?

    How you can schedule reports in BW 3.5? Suppose I need to schedule one report for multiple company code, how can you do that and notify the users? I do not want to send multiple emails to the same user if the report runs for 20 times (for 20 different companies).
    points are given for ASAP replies.
    Thanks in advance
    Peter

    Dear Peter,
    Try to restrict the Company Code with  those 20 values and schedule.
    Regards,
    Ramkumar.

  • FB70: Cross-company code transaction

    Hello
    In Cross-company code transaction with FB70, we use company code A and company code B for the line Items.
    In the document overview display for customer invoice, the line items long text entered appeared only in the text field for the company code B entered for the line item.
    Is there anyway to make appear line itemu2019s long text entered for company code B in the text field on the document overview display of company A?
    Thanks,
    VWA

    Hello Madhu,
    Thank you for your input. What I need is to have the text entered for the line item of Cie B on the document overview display for A.
    In cross-company transaction such as FB70, the text entered for each Cie appears only on each document but I want B to appear on A.
    Regards,

  • Company code related Idoc type

    hi guys,
    Can you help me how to search an Idoc type which contains a perticular field. Say 'company code'.

    I do nnot think there is a way to do this.
    If the Idoc Type has a description that Contains "Company Code" then you can go to WE60 and press F4 and then use Find button.
    Regards,
    Ravi

  • Company code specific data

    Hi Experts,
    In the customer master record, what data would be specific to company code.
    Thank you

    HI
    The data is categorised into General data, Company code data and sales area data. Each area have different tab pages with all the related information.
    All the tabs and fields in the 'Company Code Data' Area of customer master holds the information related/specific  to a particular company code.
    Thanks,
    Ravi/specific

Maybe you are looking for

  • What value to be set in DB_FILE_NAME_CONVERT ?

    Hi all, I try to create standby database and my datafile are all over my hard disk, what should I do to my DB_FILE_NAME_CONVERT to let my standby database know this issue ? example /prod_data1/system01.dbf /prod_data2/user01.dbf /prod_data3/rbs01.dbf

  • Podcasts on my iPod...

    Is there a way to stop my podcasts from showing up under "albums" and "songs" on my iPod? My video podcasts are also showing up it "podcasts" under music. I'd be much happier if they were all in the right place. Can anybody help? Thanks.

  • Function Module FTI_LDB_GET_POS_DATA

    Hi All, When I export parameters to FM- FTI_LDB_GET_POS_DATA with Securities ID and Deal number output I am getting for total position instead of that deal number and security id. Validation for deal number will not work for securities ID ? Export Pa

  • How can I track my iPhone 3GS

    Hi can any one tell me if there is a similar tracking system for the 3GS please?

  • T.code to access table T030K

    Hi Gurus, Good day. Please kindly help advice the t.code to access table T030K. Also, spro path will be very helpful. Thanks in advance! Rellie