Setting up a Role to Restrict SQVI by user (on field BUKRS table KNC3)

Similar Messages

• How to set/get the values thru Wedbynpro coding for User mapping fields

  Hi All
  In system object we have the user mapping fields like District,city,plant,Salesmanager.
  now we want to set/get the values of these usermapping fields of system object thru webdynpro coding...
  if anybody have sample codes of the same then it would be great help to me
  Thanks in advance
  Thanks
  Trisha Rani

  Hi Kavitha
  Thanks for your reply
  My requirement is exactly as follows.
  1) i have created one portal system object in system administration and also i created usermapping fields in the system object from the usermanagement  in system object.
  i created the user mapping fields like Plant,SalesManager,District etc.
  i also created the system alias name for the same system object
  2)  Now i came to persoanlize link and mapped the system object to the portal user.
  while mapping to the system object we need to enter Mapping userId, Password , once we enter these values and we can also enter the values of usermapping fields which we defined while creating the system object ( for example District,Salesmanager,Plant etc)
  once we enter all the values and click on save then these usermapping  values to be mapped to the portal user.
  3) Now my requirement is , i  want to control the usermapping field values thru webdynpro coding for setting/getting the values.
  I need sample code of the same.
  Please let me know if u need more details on the same.
  Thanks
  Trisha Rani

• RBAC - What set of rights / role should be used

  Hello ,
  we have a requirement to provide access to two set of users who need elevated rights to perform a set of activity , wanted to know which role should I be using in the following scenario
  Report user - The user should be able to Create , edit, Schedule and execute reports ( SSRS) [ the 'Read-Only Analyst' does not show anything related to Create - we wanted to restrict other access to this user apart from reports]
  Automation user - This user should be able to Create Advertisements , Collections, Packages and programs via SCCM SDK [ Should this be the "Full Administrator" ? ]
  Thank you for the help in advance ..

  Hi,
  There are no role that fullfills the Report User need, you can copy the Report User role and modify it so it fits your requirements, for the second Automation User the Application Administrator role should be the closest one, but you need to add
  collection permissions to it so again copy it and modify it.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• To set a default role according to the user.

  Hi,
  I would like to set different default roles according to users. For example, we have the following prerequisites:
  1) 3 roles: roleA | roleB | roleC (in this order).
  2) 3 differents users: user1, user2, user3.
  So, if I log-in with the user1, the default role should be the roleA; if I log-in with the user2, the default role should be the roleB; and so on.
  But I don't want to change the order of the roles using "sort priority" property.
  How can I do this?
  Thanks,
  Samantha.

  Hello Samantha,
  Does each of the users need to have each of the roles? If not you could just not assign the other roles except the one you want to display as default role (a assume you mean the role that is displayed first after logon).
  If each of your users need every role, I am afraid your requirement is not realizable unless you use the sort priority property. Why don't you want to use it in the first place?
  On possible yet circuitous way to meet your requirements would be the following:
  Create another role for each of your user(-group)s. Say in your case Role 1, Role 2 and Role 3 which are not defined as entry points.
  Assign roleA, roleB and roleC to Role 1 where roleA has the lowest sort priority; and assign user1 to role 1.
  Assign roleA, roleB, roleC to Role 2 where roleB has the lowest sort priority; and assign user 2 to Role 2
  and so on.
  Of course you need to use sort priority for that and I think thats hard to maintain. (probably not even what you are looking for)
  Maybe you can get a litle more concrete what you are trying to achieve.
  best regards
  Stefan

• I set a password on my restrictions and now I've forgotten it, silly I know but was trying to keep kids from spending. Please help.

  Please help. I set a password on my restrictions and now I've forgotten it. How can I reset it.

  Follow the instructions in  iOS: How to back up your data and set up your device as a new device http://support.apple.com/kb/HT4137http://support.apple.com/kb/HT4137 to restore the device to factory settings.
  Once you have setup the device as a new one, you can then sync it back with your iTunes account and all your music, apps, contacts and any other content sync'ed with iTunes will be loaded on the device. Any content that is stored only on the device and not sync'ed with iTunes, like app logins or data, will be lost during this process. Be forewarned that this is a long process and can take a couple of hours or more to complete. This can be painful, but it is necessarily so to prevent users from working around the security settings. After the restore is complete, you can setup a new Restrictions passcode. Make a note of the passcode to avoid this situation in future.
   Cheers, Tom

• I don't remember setting a pascode in the restrictions and now I can not get my icloud on, can you help me?

  I don't remember setting a pascode in the restrictions and now I can not get my icloud on, can you help me?

  If you don't remember the restrictions passcode, your only option is to force the phone into recovery mode and restore it as a new device.
  Do NOT restore your backup. The restrictions settings are part of the backup.

• How to set a sub-role invisible from the role

  Hi guys,
  Our roles are as following:
  Role1
  App1
  App2
  SubRole1
  SubApp1
  SubApp2
  We've assigned SubRole1 to Role1, but we don't want it is shown under Role1, how to set it?
  Many Thanks and Best Regards,
  Xiaoming Yang

  Hi,
  If you do not need these applications/iViews in the navigation hierarchy, then you do not have to do any fancy tricks.
  If all Role1 users should get subRole1 iViews, then just have one role and make those iViews invisible.
  If you want to be able to assign the iViews in subrole1, just create a second role with no entry point (it does not need to be a subrole) and set the permissions so there is no end user permission, and then assign it to users.
  Hope that helps.
  Daniel

• Role assignment restrictions

  Hi all,
  I am trying to restrict role assignment using the object S_USER_AGR. As an example i am using the following in the 'Role Name' field: T1050, T1500.
  However, with my test user, they are able to assign the role "T_50043964_5100-TEST" to a user
  But i cannot see how this is possible. Am I missing something here?
  Thanks,

  If I understand your example correctly what you are trying to do cannot be done.
  The restriction with authorization wildcards must come only at the end.  Example:  T_50043964*
  Cheers,
  Ben

• How to set the item property to restrict the user to not to copy from above

  Hi Guru's,
  I have a requirement like, There were two items on the form name email Id, Confirm email Id.
  I have to ristrict the user to not to copy from email Id item.. make him/her to enter the value into confirm email id item field manually.
  How to set the item property to restrict the user to not to copy from above item and paste it in this item.
  Please help.
  Thanks!!

  Just an opinion here, but that is about the dumbest requirement I have ever seen.
  I am always annoyed by web sites that ask me to enter my email twice. I ALWAYS copy the email address from the original entry and paste it into the second one.
  People enter their email addresses so often, it takes a real klutz to not get it right. And what makes you think that if they enter it twice, that they won't enter it wrong both times anyway???

• Do you really have to delete roles if you deactivate a user?

  I was searching through threads trying to find a recommendation regarding the best way to deactivate users in SAP.  I understand locking and changing the validity date, but I am also seeing recommendations to delete the roles...  In addition to roles do you also recommend deleting profiles (ones not associated with a specific role)?  I'm just asking because I was under the impression it was good for security purposes to know what roles/profiles (authorizations) the user had in the past if something happened that required research and the ability to identify "who had the ability to do what".  If we delete all of that information from their account, is their still a way to determine what they did have when they were an active user?  If it is OK to leave roles in and maybe just set their expiration date, how should profiles not associated to roles be handled?
  I guess most importantly, is there a known recommendation straight from SAP that I can reference?  My searches have come up empty.

  In my opinion, best is to:
  - Retire the user ID by locking the account (not just the password).
  - Set the validity on the user account to expire (preferably when this is known already, and not when a piece of paper becomes current...).
  - Setting the validity of roles is subject to the user compare to a large extent. It is very usefull.
  - Manual profiles are a bugger - dirty trick is to import them as a template into a role.
  > I guess most importantly, is there a known recommendation straight from SAP that I can reference? My searches have come up empty.
  I know that the technical explanations of how it works is to a large extent available, release dependently.
  If you search for the reports associated to the "user compare" (tcode PFUD) then you will find a lot of infos.
  Recommendations are more tricky, as it depends on what you want. SAP enables a lot of stuff and is responsible for the correct checks in the programs. But how you build your roles and profiles is up to you, and you have a lot of freedom in that area. You can also shoot yourself in the foot
  I am assuming that you are not on SAP release R/2. Perhaps a bit more details would help...
  Cheers,
  Julius

• Table access restriction to certain users

  Hi,
  How to restrict the particular user in accessing the database tables ?
  For example: A user should not be given the the rights to access the table AUFK.
  Thanks in advance.
  Regards,
  Harsha

  Hi,
  If you are talking about access of table through SM30, it can be done by authorization object concept. You can assign the appropriate authrization object while creating the table maintenance. Basis will assign the roles to the user. If it is SE16/SE16N then you need to create parameter transactions for each table user is allowed to view.
  Other generic option is, You can develop a report program and display the tables allowed for the user. On clicking the table name, you can take to SE16 screen. (You may need to create a transaction variant for se16/se16n for disabling the table name input field to control the user not to access other tables). Tables allowed for the user can be maintained in a Ztable.
  Thanks,
  Vinod.

• How to Restrict F4 values for Std Field

  Hi ,
  I need to restrict the F4 values of a standard field from a standard t-code.
  Example:
         In standard t-code : XD01 .
         If i press F4 on company code field , i shows all the company codes exists from table , like : 1000 , 2000 , 3000 ...etc..,
        But, My requirement is : I want the restrict the values .     
        Say , I need to show only 1000 & 3000 company codes when he press F4 on company code field on XD01 or XK01 ,
       where  ever the Comapny Code field (BUKRS) is used.
       Answers will be rewarded

  Hi Lakshman,
  Me to aware of search help exit...
  If i do for search help level , it affects only 1 field of 1 transaction.
  Say Example: If i have search help exit for BUKRS field in XD01 t-code , it will not affect in t-code XK01 , since Xk01 BUKRS
  field uses some other Search help...
  I need to know , if we set once for BUKRS field .. will it affect on all T-Codes..
  Is there any way to do it
  Edited by: Surendar on May 6, 2010 2:38 PM

• How to restrict the length of input field

  Hi,
  How to restrict the length of input field. That is we should not be able to enter more thatn 10 charecters.
  Regards,
  H.V.Swathi

  Hi swathi,
  For this you have to create a simple data type. No need of writing a code.
  Go to Dictionaries -> Local Dictionary -> Data Type - > Simple Type - > Right click and "Create Simple Type".
  Here you should create a Simple type with String as built-in Type. Here you will also see the Length Constraints option.
  Set the value of maximum length and minimum length. In your case set the value of maximum length to 10. At runtime this will not allow the user to enter more than 10 characters.
  Now create an attribute and bind it to this newly created simple type. Bind the value of the input field with this particular attribute.
  Regards
  Manohar

• Virsa Config Logic?: Include Role/Prof mitigating contls in User Analysis

  Hello All, 
  After changing configurations option "26 Include Role/Prof mitigating contls in User analysis(YES/NO)" to YES from NO, I noticed that the mitigation seems to be overextending itself into other roles. Example:
  User with RoleA, RoleB and RoleC has potential conflicts. It turns out that RoleC is not a real problem but RoleA and RoleB are. So, I mitigate one rule against RoleC.
  With the configuration option 26 set to YES, I would expect that The mitigation control would apply only against RoleC and SoD issues against RoleA and RoleB should still be a problem; however, RoleA and RoleB are now also mitigated. Therefore, this means that roles which I had not intended to be mitigated are mitigated.
  How should the logic within Virsa be understood?
  Thanks, Dylan

  Adding details to this subject, here is a test scenario for which anyone can try:
  Build RoleA only with S_TABU_DIS and change/display access to P000 to PZZZ table groups.
  Build RoleB with transactions PC00_M10_CDTC and PC00_M99_CURSET
  Build RoleC also with transactions PC00_M10_CDTC and PC00_M99_CURSET
  Create a dummy user with all three roles assigned and run the SOD report against the user and risk H00600501.
  Afterward create a mitigation for that risk and RoleC combination only.
  Re-run the report. If possible, please also list your Virsa version and support pack level. The customer system I'm on is 4.0 and SP 04.
  Many thanks for any help in this regard. The mitigations configuration option is a really important option under the circumstances and I would like to use it but cannot at the moment considering the results.

• ASA WebVPN - restrict access to users in an AD group via ACS

  Hi folks.
  I'm doing an WebVPN pilot on one of our ASA's (running 7.2.2). Everything is working fine, but I've been asked to restrict access to users that are members of a certain Active Directory group (lets call the group "VPNTEST")
  Right now the ASA does radius auth against out ACS 4.x appliance, which has an external database mapping (via the ACS remote agent) to our Windows active directory domain.
  Currently there are only two groups in ACS, the Default (which we use for Wireless authentication) and the "Operations" group, which we use for TACACS auth for the network.
  I can create a group in ACS that maps to the AD VPNTEST group, but where/how do I restrict WebVPN access to just members of that group? Is it a setting on the ACS or the ASA?

  Try using the following to tie users to certain group policies:
  Using a RADIUS Server
  Using a RADIUS server to authenticate users, assign users to group policies by following these steps:
  Step 1 Authenticate the user with RADIUS and use the Class attribute to assign that user to a particular group
  policy.
  Step 2 Set the class attribute to the group policy name in the format OU=group_name
  For example, to set a WebVPN user to the SSL_VPN group, set the RADIUS Class Attribute to a value
  of OU=SSL_VPN; (Do not omit the semicolon.)