SPRO display authorization

Similar Messages

• Create Display Authorization Profile for SAP Transaction SPRO (IMG).

  Dear All,
  In my current implementation project there is an requirement to create display authorization profile for SPRO. I have tried a lot but was not able to do so.
  Any one is having an experience in creating display profile for SPRO (IMG) ? If any one has worked on this issue then please guide me.
  Thanks,
  Avinash

  Hi
  This is security related question. I am not security expert.
  But you can check this, Include the following authorization objects in the profile and assign this profile to the target user.
  S_IMG_ACTV
  S_PROJECT
  S_PROJ_AUT
  S_PRO_AUTH
  and assign activity = 03 (Display).
  Hoipe it helps.
  regards
  Srinivas

• Role for display Authorizations

  Hi All,
  We need to know if thre are any standard Roles available by which i can have all Display authorizations in Production system.
  Currently we have many Custom roles and this thisng is really messed up in our organization. So i have suggested to Standardized the role related issues and starting with MM, i would like to know if in production we can have access with all Disply rights for all relevant authorizations along with SPRO display. Can anyone suggest something on this?
  Also if we need to create some "Z" or "Y" role; please suggest how we can achieve it.
  thanks a lot in advance!
  Prashant

  Hi Prashanth,
  First identify all the transactions which you want to have to give display authorization.
  Go to PFCG--> Enter All transactions which everyou want to give authorization for display.
  Save.
  Go to Authorization tab check for objects vreated for relevant transactions and provide display as activity in those objects.
  With Regards,
  Vijaykumar P

• WEB UI- only Display authorization for LEADS to users

  Hi Gurus,
  I have a requirement like i need to give only display authorizations for users to leads.
  I have created a new business role and assigned only search links. but in that search link we have Create New option. How i need to disable this.
  Users needs only display authorizations for Leads.
  Waiting for reply...
  Regards,
  Ajay.

  Hi Ajay,
  First of all, It is possible to disable the New button on the Search page without any code change. There is an SPRO setting which is to be done in order to achieve this.
  You might have created a new z navbar profile as you have created a new business role as per your business requirement.
  Lets take an example, you want to disable the New button on Contact Search Page. follow these steps:
  1.Go To T. code /ncrmc_ui_nblinks
  2. Select the Z navbar profile you have created for your business role
  3. Double Click on "Define Generic OP Mapping" in left hand side
  4. Select Object Type as BP_CONTACT and remove the Following entry
  BP_CONTACT     D Create     MD-BPCP-CR          MD-CONP-SR
  Please note the Obj. Action here D Create, if you remove this entry it means you are disabling the Create Action for this business role for object Contact.
  Hope this will help you.
  Regards
  Ajay

• Display Authorization for MASSD

  Hi,
  There is a requirement for giving a user only display authorizations for MASSD.
  I've tried various combinations of objects, however have been unsuccessful so far..
  Pls. help.
  Thanks,
  Saba.

  Hi Saba,
  the proposals (values maintained in SU24) should save time to role administrators.
  The developers maintain those values which make sense in their eyes. As example if they provide a transaction for creation of an item, they propably would maintain the activity 01, for a display transaction actvt=03 and so on. That will save time to admins, as they would not have to enter the values once more (compared to an empty field....). Of course, that proposals are still proposals only!
  For complex transactions it makes sense, to have a proposal of which authorization objects are necessary to be able to execute that transaction.
  Maybe you can remember the old procedure before pfcg had been invented - it was hard work first to identify all the objects checked with its values, then create the corresponding authorizations in SU03, then create the corr. profiles in SU02 and finally assign that profiles to users in SU01. That was really time consuming....
  So the invention of pfcg opened a very comfortable and quick possibility for that tasks with a high range of automatism. Of course this automatism can only be as good as the values which are behind it. So having accurate SU24 settings help a lot.
  So enjoy pfcg
  b.rgds, Bernhard

• Display Authorization for webdynpro component

  I have a requirement where , the source code has to be hidden . I have seen programs where it hides ABAP report but none for We dynpro. Is there a way to hide web dynpro code . Or is there any way to revoka even display authorization for the web dynpro components ? Please provide any suggestions.
  Regards,
  Sri

  Hi Srivijaya,
  Go to application, parameters tab give WDDISABLEUSERPERSONALIZATION give value to 'X'. It will disable user personalization settings, user can't see any help regarding component.
  Cheers,
  Kris.

• Complaints Display Authorization

  Hi Experts,
  My requirement is to restrict complaints Transaction Types to search and Dispaly for certain users.
  I tried restricting autorization object CRM_CMP and CRM_ORD_PR in the PFCG roles. In Autorization object CRM_ORD_PR, though I have given Activity as Display and in Transaction types the companis which I want to be displayed.
  Despite all this in the Web UI it allows me to create complaints. More over I have given display authorization for 3 complaints where as it is pops up for all complaints transaction types.
  Could please guide me, if I am missing any other authorization objects to be restricted??
  Only complaints should be searched and display.
  Regds...
  Arup

  Hi
  check all the PFCG roles if your user has multilple roles assigned and make sure that SAP_ALL and SAP_NEW profiles are not assigned to your user.
  Regards,
  S Reddy

• Display authorization for all modules Including Basis.

  Hi All,
  Is there any Role or profile for display authorization for sap modules .
  Regards,
  Eswar.

  Dear,
  That ROLE will be SAP_ALL_DISPLAY
  "what is to be done"
  just assign the role to the display user via SU01
  Hope this help!
  Also refer this ,
  DISPLAY ONLY AUTHORIZATION
  Regards,
  R.Brahmankar

• Display authorization for resource planning missing

  Hi,
  while open the Resource planner with log in service manager.it is showing following error
  Display authorization for resource planning missing
  i am not getting this error why it is showing.any one help me to solve this issue
  Thanks & Regards
  Kishore Kumar

  Maintain the authorization Objects for the PFCG role assigned to the user
  Authorization Object
  Description
  Authorization Field
  Value
  Value: System
  Relevance
  WFDS_RPA
  Authorization Object Transaction
  ACTVT
  3
  WFD server
  Service resource planning application (RPA)
  WFDS_RPA
  Authorization Object Transaction
  ACTVT
  2
  WFD server
  RPA
  B_BUPA_GRP
  Business Partner: Authorization Groups
  ACTVT
  3
  SAP CRM
  RPA
  Appointment scheduling
  B_BUPA_RLT
  Business Partner: BP Roles
  ACTVT
  3
  SAP CRM
  RPA
  Appointment scheduling
  B_BUPA_RLT
  Business Partner: BP Roles
  ACTVT
  3
  SAP CRM
  RPA
  Appointment scheduling
  WFDS_JFUNC
  Authorization Object Resource (Type of WFD Resource)
  WFDS_RTYPE
  WFD server
  RPA
  Appointment scheduling
  WFDS_JFUNC
  Authorization Object Resource (Job Function)
  WFDS_JFUNC
  WFD server
  RPA
  Appointment scheduling
  WFDS_JFUNC
  Authorization Object Resource (Job Level)
  WFDS_JLEVE
  WFD server
  RPA
  Appointment scheduling
  WFDS_SAREA
  Authorization Object Resource (Type of WFD Resource)
  WFDS_RTYPE
  WFD server
  RPA
  Appointment scheduling
  WFDS_SAREA
  Authorization Object Resource (Service Area)
  WFDS_SAREA
  WFD server
  RPA
  Appointment scheduling
  S_TCODE
  Transaction Code
  TCD
  /SAPAPO/LRP_ACCESS
  WFD server
  RPA
  Appointment scheduling
  UIU_COMP
  Authorization UI
  COMP_NAME
  WCC_SRV_RPA
  SAP CRM
  RPA
  UIU_COMP
  Authorization UI
  COMP_WIN
  WCC_SRV_RPA/MainWindow
  SAP CRM
  RPA
  UIU_COMP
  Authorization UI
  COMP_PLUG
  SAP CRM
  RPA
  UIU_COMP
  Authorization UI
  COMP_NAME
  WFDRPA
  SAP CRM
  RPA
  UIU_COMP
  Authorization UI
  COMP_WIN
  MainWindow
  SAP CRM
  RPA
  UIU_COMP
  Authorization UI
  COMP_PLUG
  DEFAULT
  SAP CRM
  RPA
  UIU_COMP
  Authorization UI
  COMP_NAME
  WFDRPA
  SAP CRM
  RPA
  UIU_COMP
  Authorization UI
  COMP_PLUG
  DEFAULT
  SAP CRM
  RPA
  UIU_COMP
  Authorization UI
  COMP_WIN
  WFDRPA/MainWindow
  SAP CRM
  RPA

• Display Authorization

  Hi all
  I have to configure the CMS for NWDI setup
  Iwas unable to click the LANDSCAPE CONFIGURATOR,it is in disable mode
  When i login usin my user id,having NWDI.admin role and NWDI.developer roleit is saying that this use is not havin the display authorizations.
  What is this DISPLAY authorization
  Plz help me out
  thnx
  madhu

  have a look at the std documentation here --
  http://help.sap.com/saphelp_nw04s/helpdata/en/da/f812d366aa44ad83a30418b34dae1c/frameset.htm
  it talks about authorization on CMS
  Thanks,
  GLM

• Spro full authorization without sap_all and sap_new

  Hi Friends,
  Can u suggest me how to give spro full authorization without sap_all and sap_new profile.
  Thanks & Regards,
  Tarun

  Hi Gowrinadh,
  This is an interesting discussion. I don't mean to take shots at your concept, but I have some concerns about it as a solution.
  > I have prepared a role 8 months back, we passed 2 patch upgrade cycles and I can confirm that this role will work even after the next version of ECC upgrade.
  Sometimes the symptoms only make themselves visible later, and we don't know what is coming in the next version of ECC. Of course it should be largely compatable, but there will be new stuff. You can be sure of that.
  > If there are any modules or new functionalities required, then customer has to request for it in addition.
  My understand is that the customer requests a full and working SPRO role for each release. They will not find the tcodes for you and do not want to play ping-pong via support tickets either with it.
  So each time you bill your customer for the 20 or 40 hours work for maintaining these tcodes manually in ranges? Appart from being error-prone, this solution is not scalable for when SAP might introduce another 20000 tcodes into the SPRO. Or someone convinces SAP to introduce an S_TCODE check for every line of code the whole system... (this is something which some people seem to believe in...), which would introduce several billion new tcodes for you...
  > For which we can build separate role.
  That is different. The question here (and certainly your solution) is to have them in the same role without duplicates but still including all SPRO access.
  If you build them as seperate roles, then you can merge them as projects into one composite and live with the duplicates while checking for any known objects which should not be included.
  I would agree with you. That is in my opinion a better solution, but it is not what you have been describing earlier.
  > We can plan for authorizations and build roles based on the inputs for today and tomorrow received from customer.
  That is the whole point in having maintainable roles and scalable processes. Manually maintaining 20k tcodes is incompatable with such requirements.
  > By the way, the max no of consultants and business process owners having this role is not more than 40.
  I don't think that assigning the role to less people will make it more usefull, nor that assigning it to more people will bring down it's per user cost of maintenance.
  There is some old code posted here already which does what you have described in less than 1 minute. You can find it via the tables I have mentioned above, and will recognize it (and it's age)  by the header lines it uses for internal tables. But it still works, since about release 3 point something...
  Cheers,
  Julius

• Roles  for only display authorizations

  Hi Experts,
  Can any one suggest me how to creat the role only for display authorizations for basis.
  Is any standard role like this? if it is please let me know.
  Thanks & Regards.
  Reddy V

  n k wrote:>
  > Hi,
  >
  > just give the tcodes required with the display activity, that is 03.
  I consider that to be dangerous advice because it assumes that activities are checked in all transactions.

• SPRO Display only role

  Hello Gurus,
  I wanted to create SPRO display role and i am not sure what tcodes SPRO calls in the background. I googled and find out that giving S_TCODE = * and making other auth obj's like S_PROJECT and S_PROJECTS (related to SPRO) to display only (03) will serve my purpose of creating SPRO display only role.
  My question is, if i give S_TCODE = * , i am giving access to all the tcodes in SAP which i don't want to. Is there a solution for this? (SPRO display only access with tcodes that SPRO calls in the background)
  Any suggestion, advice, comments are appreciated
  Thanks Gurus
  Venkat

  Hi Venkat,
  Yes you right. S_TCODE '*' is a hightened access to give.
  I am not sure if there is an easier way to do this. You could get the list of Tcodes within SPRO in a slightly long procedure:
  Steps:
  1. Activate the IMG activity display using the Path Additional Information>Additional Information>Display Key> IMG Activity.
  2. Use the Table CUS_IMGACH to find the Tcodes associated for each of the IMG Activity
  3. You could try assigning only these values under S_TCODE.
  Also I am not sure it works. But if you don't find an easier way out, this could be worth a try.
  Regards,
  Ann

• Display Authorization to PE01,PE02,PE03,PE04 and PE50

  Hi Experts,
  We have requirement to have display authorization only to PE01,PE02,PE03,PE04 and PE50 transactions. Is it possible? Is their any alternative transactions which would provide that access?
  Would really apprecaite kind guidance on the same.
  Thanks in advance.
  Thanks,
  Aashish

  Hi,
  When I check in the objects behind this transactions only three objects found.
  P_PCLX (HR: Clusters). Only this object has maintainance functionality. Read more about this object in
  http://help.sap.com/saphelp_47x200/helpdata/en/98/b7b83b5b831f3be10000000a114084/content.htm
  If you just set the filed AUTHC to R and test it. The display possibility might be okay. You can also perform trace and see if this transactions are using any other HR objects and set only display access on them as well.
  and other two objects are S_TCODE and P_TCODE. Which are used to call the transactions.
  Regards,
  Gowrinadh

• Regarding SPRO Display

  Hi all,
  My requirement is all the functional consultant's should have SPRO in Display mode. They should even able to see the settings but they should not have change authorization...<removed_by_moderator> please send me a detailed solution so that my problem gets solved
  <subject_modified_by_moderator>
  Read the "Rules of Engagement"
  Regards
  Surya
  Edited by: Juan Reyes on Aug 22, 2008 1:18 PM

  Hi Kunal,
  It doesn't work for me. I followed your instruction on creating the new role and also referred to the link
  http://www.*********************/r3_security/r3_security_tips.htm
  In this link, it mentions
  Object       Field       Value
  S_CODE       REMOVE       SPRO
  There is no such object as S_CODE. Is it a typo ? should it be S_TCODE ? But even in S_TCODE object there is no REMOVE field.
  After creating the ZSPRO_VIEW and assigned to user. User can go to tcode SPRO, but when drilling down, for example
  SPRO --> Controlling --> General Controlling --> Organization --> Maintain Versions
  will hit by the message "You are not authorised to use Transaction SM34"
  same message prompted at the bottom of the screen if try other structure in SPRO.
  my work around is to add another object S_TCODE and assign * to the field TCD. after this, most of the item in SPRO structure can be execute with DISPLAY only.
  not sure if this is the right way to do.
  pls advise.
  Thanks.
  Regards,
  Kent