SRM Authorisations
Hello Guru's
I am soon to be involved in the build of roles for an implementation of SRM 5.0, I have no experience of SRM transactions, or authorisations and I was wondering if anyone was aware of any documentation relating to this subject.
I have been involved in the build of roles and authorisations for Financial modules and HR/Payroll systems. But I beleive there are a number of differences when SRM is involved.
Thanks
Simon
Hi Simon,
You can download the SRM Security guides (and a whole load of other stuff) from:
http://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000401180&
You'll need access to an OSS ID to do it.
Similar Messages
-
Error in SRM: a user with enough authorisation level is miss
Hello,
We are on SRM 5.0 and our users get the following error in SRM when creating a shopping cart:
No user assigned to object a user with enough authorisation level is missing.
Anybody any idea ?
Thanks as everHello Can anybody helpe me please ?
-
SRM 7.0: Authorisation object? Aliases for services in java portal?
Here's how we did in old SRM 5.0 system (the old and working scenaio):
In SRM 5.0 we employed S_ICF object to determine, whether a particular user who has just logged in to a system via web using a particular alias - is authorised to use this service.
We want external and internal users to use different ways to get into system. We have two aliases:
for internal users: http://srm5.domain.com/srmint
for external users: http://srm5.domain.com/srmext
We make aliases using transaction SICF:
/srmext
/srmint
to service /default_host/sap/bc/gui/sap/its/bbpstart
For alias /srmext we set field SAP Authoriz. = EXT.
For alias /srmint we set field SAP Authoriz. = INT.
We make 2 roles, both containing just a S_ICF auth object with differend values of field ICF_VALUE, an appropriate role to a user. If a particular user logs in to the system using an alias matching to the authorization value set in his role, he gets in, otherwise he gets an error upon logon. So that his logon is only successful if he used the right alias in URL (provided correct login name and password of course).
Question. How do we apply similar scenario in new SRM7?
Is there an authorisation object for java portal in SRM 7.0 - similar to S_ICF object for ABAP portal in SRM 5.0?
Is it possible and how to make an aliases to java portal, or otherwise automatically detrermine at runtime upon logon, which way (which URL or using some parameter in address line) the user has logged in?This question has been answered by the following blog:
/people/ulli.hoffmann2/blog/2009/10/07/srm-70-running-it-without-the-portal -
User Authorisations in SRM 7.0
Dear Experts,
We are Configuring Extended Classic Scenario in SRM 7.0.
We have two Purchasing groups each responsible for one Product category.
We have one purchaser assigned to each Purchasing group and the we have given the Product category responsible for the Purchasing grioup in Extended attribut of the Purchaser Position.
After creating SC by the user when we try to process PO by loging in as Purchaser we can able to see the PO from both the Purchaser log in.
Can any one help in restricting the user to process the PO belonging to the assigned Purchasing Group.
Is it possible to restrict by attributes or through Authorisation objects assigned for the user.
Regards,
B.N.Karthikeyan.Hello,
To check correspondance between PO puchasing group and user purchasing group, you could:
1 - get PO detais using function modul BBP_PD_PO_GETDETAIL. At header level you can find Purch. Org and Purch. Group
2 - get user Organizational Unit ID (which is purchasing group ID) using BBP_OM_STRUC_GET_ORG_FROM_USER, then run FM BBP_OM_DETERMINE_RESP_PGRP to get purchasing group code linked to user Organizational Unit ID.
For FM BBP_OM_DETERMINE_RESP_PGRP, i don't remember if you can get directly purchasing group value using importing parameter is_object-objid = purch. group ID (and is_object-otype = 'O').
If not, run this FM without any importing parameter: you will get all purchasing groups.
Then, look for purch. group of you purchaser among them.
As you are in SRM 7.0, I dont know if all indicated FM are available: if not, look for their equivalent.
Regards.
Laurent. -
Authorisation issue in SRM 7.0
Dear Experts,
We are configuring Extended Classic Scenario in SRM 7.0.
I have 2 Purchasing groups and each having one Purchaser.
Each Purchasing group is responsible for 1 Product category.
When I create and approve shoping cart I need to restrict the processing of PO to the relavent Purchaser.
I have created 2 ZROLE in SRM by coping the standard Operational purchaser role with the modified Authorisation objects BBP_PGRP & BBP_PURORG and assigned it to the corresponding user.
For the purchasers I have asssigned the standard Operational Purchaser role in Portal.
When I log in as Purchaser still I can see and modify the PO's belonging to the both Purchasing group.
Can any one give me a suggestion how to over come this issue.
Regards,
B.N.Karthikeyan.Hi,
In the PPOMA_BBP -Change attributes . Go to the extended attributes in the give exact product category for the purchaser
so that he can shop only that product category he cannot modify other category
Regards
Ganesh -
Hi All,
Does anyone know how you analyse authorisation errors that arise within the SRM system, within normal R/3 systems we would use transaction SU53 to analyse errors. We are currently in the process of implementing SRM and we are experiencing number of errors when using BBP transactions in the web browser, but I am unaware of how to analyse these from a role perspective, does anyone know how this is done.
Thanks
SimonHi,
You can run the transaction from sapgui too ))
Kind regards,
Yann -
Authorisation Issue SRM 7.0
Dear Experts,
We are configuring Extended Classic Scenario in SRM 7.0.
I have 2 Purchasing groups and each having one Purchaser.
Each Purchasing group is responsible for 1 Product category.
When I create and approve shoping cart I need to restrict the processing of PO to the relavent Purchaser.
I have created 2 ZROLE in SRM by coping the standard Operational purchaser role with the modified Authorisation objects BBP_PGRP & BBP_PURORG and assigned it to the corresponding user.
For the purchasers I have asssigned the standard Operational Purchaser role in Portal.
When I log in as Purchaser still I can see and modify the PO's belonging to the both Purchasing group.
Can any one give me a suggestion how to over come this issue.
Regards,
B.N.Karthikeyan.Hello,
This might help.
Note 1334253 - Authorization Check missing in Sourcing Cockpit
Note 1335797 - Authority Check on Process Type missing in Sourcing Cockpit
Note 1242643 - Authorized Purchase Group and organisation in POWL
Thanks
Ashutosh
Edited by: ASHUTOSH TRIPATHI on Jul 22, 2009 10:35 AM -
SRM and OOSP Authorisation Structure
Hi,
I would like to know if it is possible via OOSP to set up a profile that would allow the users assigned to this profile
to unassign and assign user (S) in the Org. Structure but will not allow them to change the Org Unit (O)
That is for the whole organisational structure.
I have set up at the moment a profile allowing maintenance of S, US, CP and not allowing the maintenance of O
In PPOMA_BBP I can then not change an Org Unit, I can change a Position (name attributes...) but I am not allowed to move a user from an Org unit to another.
If you can please provide me the setting of the profile for this
Cheers
StephaneHi
<u>Welcome to world of SRM !!!</u>
<b>Please go through the following links, which will definitely help -></b>
Re: Org Model Report
Re: I want to replicate organisation structure tree of pposa screen?
Re: USERS_GEN and the 200 Limitation
<u><b>If an organizational structure with a large number of dependent nodes is displayed in the overview area, access to the transaction can take a very long time.
This type of large organizational structure can occur when the vendors are transferred from the back-end system.</b></u>
<i><b>Please refer to the following SAP OSS Notes -></b></i>
Note 503915 - PPOMA_BBP: performance improvement overview area
Note 389869 - Organizational unit with many employees
Note 405806 - Transaction PPOMA_BBP for new material group attributes
Note 864221 - EBP 4.0+: Performance location
Note 920158 - EBP 4.0+: Shopping cart performance
Note 1044096 - RSWUWFMLEC: Wrong Emails and/or Bad Performance
<b><u>Also please see this SAP Consulting Note -></u></b>
Note 1095895 - Slow response times for several SRM transactions
Re: SRM Org Structure - Vendor Root
<b><u>Hope this will definitely help. Do let me know, Hope this will answer all your queries.</b></u>
Regards
- Atul -
Contact Person for Vendor in SRM/CUA
Hello SRM Expert,
We are using Central user administration (CUA and like other system SRM is connected to CUA. I am getting the error 'Central system not accessible' while creating the employee (manage business partner) for business partner (Vendor). When we remove CUA then the error disappear.
Could you please let us know would be our approach for creating employee for vendors (for bidding, auction etc..).
Steps for Reconstruction
1. Login to SRM
2. Click on Manage business partner (BBPMAININT)
3. Look for Employee for Business Partner 'Create' option and create a employee for one of the vendors.
4. You will get the message Central 'System not accessible' .
I know one approach where I can create a SU01 in advance from CUA and then in manage business partner use this user but this is very long approach looking at the number of vendors we have. Is there a simpler way ?
Thanks,Pradeep
Sorry yes it is not specifically about external users. You should review the note again, particularly scenario 2.
Essentially the note explains that, in a CUA environment, to create a user for an external contact person you need to create the following entry in table "BBP_CUST":
Key = "EBP_CUA_SCENARIO"; Value = "ACTIVE".
If you do not want to user table maintenance you can create the entry via the following IMG menu path:
Supplier Relationship Management > SRM Server > Technical Basic Settings >
Deactivate User Access to Solution Manager.
(Ignore the transaction title this transaction is essenatially maintenance of table "BBP_CUST").
Then you must ensure that the user specified on the RFC Definition for the CUA client has authorisations to create users IN THE CUA CLIENT, (it already has authorisations to create in the SRM client). This lack of authorisation is probably the reason for your error message.
Mike -
Authorisation object for Supplier field in Shopping Cart
Hi Team,
In Shopping Cart Source of Supply tab field Supplier is not getting displayed as it in hidden for some users, sor those users an authorisation object has to be provided to display the Supplier field.
Can you please Suggest me the authorisation object to be used to display Supplier field in Source of Supply tab of Shopping Cart.
Thanks & Regards,
Goutam Kolluru.Question is solved.
Answer can be find in bellow link
Field Supplier is not displaying in Shopping Cart with Std Roles SRM 7.0 -
Goods recipient cannot see PO to do confirmation in SRM
Hi Experts!
I have modified the Goods recipient of my purchase order in SRM. But the goods recipient cannot see the purchase order to do confirmation.
Does my goods recipient need to have extra authorisations to be able to see such a pruchase order ?
Do I need to do some configuration (on partner role) so that my goods recipient can see the PO and eventually do confirmation ?
THanks in advance!
Regards,
MaheshRun:-
CLEAN_REQREQ_UP &
BBP_GET_STATUS_2
For performance reasons, it is generally the case for transactions BBPCF01 and BBPCF03, that the proposal list contains a maximum of 50 purchase orders. In addition - also due to performance reasons - no backend orders are selected via selection option 'All' if all other selection parameters are initial. However, the number of purchase orders in the proposal list of transaction BBPCF02 is not restricted.
(See also note 361545,549846 ).
I guess the environment is SRM 5.0
Regards,
Vivek
Edited by: Vivek B on May 27, 2009 2:15 PM -
Material Replication from R/3 to SRM - Object status stuck in Running mode
Hi Experts, I am new to this Forum and I am facing the following issue,
System Info :
SRM 5.0
ECC 6.0
I am trying to replicate two materials from the backend R/3 system and have set material filters on the SRM side.
The filters are Table: MARA, Field: MATNR, OP= Equality(=low), LOW = T-SRM13, inclusive defined.
The filters are Table: MARA, Field: MATNR, OP= Equality(=low), LOW = T-SRM113, inclusive defined.
This is my sequence of operations in SRM:
I deleted exisiting queues, started initial load and then activated the inbound Queues for my client.
Then when checking, Monitor Load objects in SRM, the status for Material is stuck in Running mode with an yellow sign.
Please let me know if you have any advice.Hello,
First of all, check RFC queues in transatcion SMQ1 and SMQ2 for any detailed information.
Make sure if Your RFC user has SAP_ALL authorisation - if not add it and delete all material queues and run again.
Make shure if You run report BBP_PRODUCT_SETTINGS_MW with proper option and unchecked "Test mode". Once you have done this rerun your initial load for DNL_CUST_PROD0, DNL_CUST_PROD1, BASIS3 and MATERIAL.
Regards,
Marcin Gajewski
Please reward points for helpful answers. -
Hr data transfer in SRM system throgh Idoc
Dear All,
i am trying to send data throgh idoc in sap hr in srm system i am using basic type is HRMD_ABA05 to update somefirlds from t code ppoma , when i am processing idoc my idoc status is green but changes are not gettin reflected also i am unable to see any database update in infotype 0001, will you pls tell me why this is happening and also which is table for infotype 0001.
Many Thanks
Regards
Santosh LIt is important for the user that is creating the IDOC (sending it from the source system) does actually have access to the data. The IDOC will be limited in data, dependant on the users authorisations.
-
Business partner not created when User is intergrated in SRM org Structure
Hi SRM gurus,
A new users in integrated into the SRM org structure thro Z tcode ,business partner is not created.
the user is not able to create shopping cart.
When we try to check for t.code:BBP_BP_OM_INTEGRATE we are getting this error"
Connection of object us XXXXXX to object u2018CPu2019 is not unique"
how to resolve this error.
Regards
G.Ganesh kumarHi all,
1) I have checked the SLG1 -No error log is found
2) In the basic tab there is no details to enter.
I am getting this error"Missing Authorisation : info type 1001 ,object type BP,Subtype A207".
since it is Production system -can we run run PFAL directly
G.Ganesh Kumar -
Transfer of Product Master and Contract data from SRM server to CAT
Hi,
We are using XI system to send product master data from SRM system to CAT (catalogue authorising tool) wherein both the SRM and the CAT add-on have been installed on the same web application server.
On the SRM-> XI part, we are going to use ABAP client proxy. My question is can we use ABAP server proxy to send data from XI to CAT ? In other words, is CAT a part of ABAP system so that we can use proxy ??
I am new to SAP environment and hence this question.
Regards
RameshHello Ramesh,
for uploading SRM master data to CCM u need not do any developements in ABAP , u have to just import SAP predefined SWCV's in Integration repository and configure required scenario "MasterDataInclusionInCatalogOnWAS" for u r corresponding WAS version.
U can download configuration document from service marketplace named " Configuration Fact Book CCM 2.0 "
Regards,
Keith
Maybe you are looking for
-
How to get XSD data in workbench!
Hi All, I am new to Adobe LC. I want to know the steps for how to get the form data into the process using XSD. I have one XSD and I created New Data Connection using XSD Schema and drag & drop all the fields into the form. I have one
-
I have a couple thousand pictures in iphoto divided into several folders. While working with them the images disappeared and are only represented by dotted outlines where the picture was. Events are also represented this way. When the cursor is run a
-
Why do i have multiple iPhoto libraries
I am trying to migrate my iphoto library to a new location but i have 3 libraries to choose from. why were the others created? one library is 90gb, the other 2 are 22 gb Should i just delete the other 2?
-
I'm trying to download Adobe X Pro on my new computer. I have the license key number. Is this the same as the serial number? I type in the licence key number when asked and I receive an "INVALID SERIAL NO" response. Please help. Thank you Betty
-
As stated briefly: My PC crashed I have all files but cannot run os vista was to run itunes in a new win7 pc with prior data: I must connect ipad and synchr (but this says This device (IPAD 1) synchr with another Library go and delete data and replac