SRM authorizations

Similar Messages

• Query on SRM Authorization for PO Print Preview from Web Browser

  Hi All,
  I would like to restrict PO Preview option in Web browser for users who has SAP_EC_BBP_EMPLOYEE Role only. Kindly let me know that how I can restrict the PO Preview option with popup message like 'Authorization is not given to see the PO Print Preview'.
  Thanks a lot in advance.
  Thanks,
  Sudarsan

  You can just revoke the authorization. This would remove the prining option for the user, rather than providing a message.
  I guess this should be
  Authorization Object - BBP_PD_PO
  Activity (ACTVT) - 04
  Note: The necesary object in the Object Class - BBP.
  Regards
  Kathirvel

• SRM 7 role mapping and authorization queries

  Hi all,
  We are on SRM 7.01.
  Can anyone confirm the folllowing:
  When std SAP roles are copied then does all authorization obejcts get copied ?
  Also if we need to check which authorization objects are getting called for which transaction then how do I check this in SRM 7??In SRM 7,the transaction cannot be run in backend as all the transactions under a role in PFCG are Web dynpro applications.

  Hi If you are trying to build custom roles you have 2 options.
  1. Copy the standard roles into a custom role, all authorization objects get copied. Since you are on SRM 7.01 make sure you copy the EHP1 roles which end with suffix *EHP1.
  2. Build role from scratch. To do this you can ask your security person to give the minimum Human resource related authorizations to a test user ID (so that he can logon into SRM system to start transaction). Then Switch on the security trace while you run the transaction with the test ID on portal. Using the trace the security member can identify the required authorization objects required for the transaction. this will take a number of trial but you have to be careful to execute every action within a particular transaction.
  Hope that helps.
  Regards,
  Hussain

• Assigning authorization role to position in PP02 (SRM 5.0) not working

  Hi,
  We've run into a problem in our SRM 5.0 system that we're not sure how to solve.
  We defined a role where we only set the BBP_APPROVAL_LIMIT attribute in the Personalization tab. It has no other transaction authorizations.
  When we assign this role to the user directly the user inherits the BBP_APPROVAL_LIMIT as expected.
  When we attempt to assign this same role to a position through PP02 and run the PFUD, the attribute values are not transferred to the user personalization attributes.   Doesn't matter what we do, we can't seem to be able to get it to work.
  Does anyone one have any experience with this that they could share?
  Regards,
  Jerry Martinek

  Hello Yann,
  Thank you for the reply.
  This is one of the things that I'm trying to confirm which is whether it can be done. I was told that it does work and that they use PP02. But as we can't get it to work I wanted to know if anyone else is using this process and if yes, how do you do it.
  If people mainly use the explicit user assignment via PFCG, do they manage it manually or systematically?
  Thanks,
  Jerry

• SRM 7.0 authorization objects for table maintenance

  Hi guys,
  I wanted to know how authorization objects work in SRM.
  I created a custom table which key filed is company code (BUKRS). And in the table maintenance view I have to add an authorization object based on the company code.
  Is it possible to do that in SRM?
  Thanks!!

  Hi,
  Authorization concept is same for all ABAP based application. Do you have any issue in SRM?
  Regards,
  Masa

• Replicating authorization roles via HR replication from ECC 6 to SRM 5.0

  Hi,
  I'm interested in knowing whether anyone has used the distribution model to copy roles (AG objects) between ECC 6 and SRM 5.0.
  Someone said that it's possible so I would like to validate that statement as I don't know whether it is possible and practical.
  If you have any knowledge or experience could you please share it?
  Regards,
  Jerry

  Hello Yann,
  I was told that it can be done but I don't know enough about the HR replication process to acknowledge or challenge, hence the question.
  Are you implying that it's not possible or simply that it's not done?
  I had an earlier post regarding assigning roles to positions in SRM Replicating authorization roles via HR replication from ECC 6 to SRM 5.0 that you replied to but never replied to my subsequent question. It can be done because one of my other clients is doing it. We're however unable to get it work at my current client's site. Do you have any experience with this subject?
  Regards,
  Jerry

• Problem related to BW (Reports, authorizations)    & SRM portal

  Hi friends,
  problem is that, we created some SRM reports on BW its working fine , we extracted data from R3 properly, and we can able to view on BEx those reports then we created some authorizations for SRM portal,that reports working results fine, but only particulate vendor not abule to see the data.
  Authorizations created on Plant/vendor combination
  That ODS contain Data and BW reports also fine.
  What may be the reason. plz provide some solution for this.
  as of now i am thinking it may be problem with authorization , i am unable to find that, becoz other combinations are working fine
  is any information required i will provide.
  Thanks
  Srinivasa Rao polapala

  Its Ok ,Sampath
  solved that problem in a diff way.
  what i find is problem with updations.
  how to make updation in authorization object.
  when i add new plant/vendor combination , its not updating for that role.
  y it is not happening, is there any way to do that
  Thanks
  Srinivasa Rao polapala

• SRM 4.0 & structural authorizations

  Hi all,
  I have discovered that using structural authorizations (OOSP & OOSB) I can control all match codes and filter users on creating P.O.
  Does anyone have used OOSP & OOSB in SRM ?
  Is this supported ?
  Thanks
  Andrea

  Paula,
  Since SRM 3.0, we can not create private templates and item favorites anymore. Only public templates.
  even if corresponding status still exist in SC search criteria...
  For a RU SRM 5.0 customer upgrading from EBP 3.0, we asked SAP SRM Development to propose a solution to bring back private templates.
  Consulting note 911241 was created for this (not yet translated).
  Rgds
  Christophe

• Question about authorizations in SRM + cFolders

  Dear colleagues,
  We are working in a SAP SRM 7.0 prototype.
  Right now we are trying to configure cFolders (installed in the same server as SRM and with RFC working) but we've reached a point where we don't certainlly know what can be going wrong.
  After several tries with different user authorizations we've always had the same result, it's impossible to create or assign a collaboration to a bid when creating it due to an error which just says "Error creating collaboration; check user authorization"
  We have tried with different roles configurations (SAP_CFX_SUPER_USER_ADMIN, all CFX roles, just CFX_*_CREATOR roles...) just nearly everything you can think about, but always get the same error.
  The funny thing about it is that when accessing cFolders through BSP application CFX_RFC_UI this user can create folders and other short of objects, as all works fine.
  Thank you very much for your help.
  Miguel

  Hey Miguel,
  Did you ever find a solution for this issue?  I am having the exact same problem.
  My user has all the roles assigned and is able to create collaborations directly in CFolders, but when I try to create it from SRM RFx, I get the message:  "error creating collaboration; check user authorisation".
  If anybody else has come across the same problem, please help!!
  Thanks and happy new year!
  Monica

• Field Authorization on SRM Portal

  Hi Experts,
  There is field on SRM Portal in Shopping Cart Screen. We need to restrict access for this field. For this we need to create an authorization object so that it can be used in a role. Later that role will be used in UI_CONTROL_BADI to enable / disable access of that field.
  Can anybody guide me how this can be achieved?
  Thanks
  Siddarth

  Hi siddharth,
  Please go through following link for reference. it is very useful as a starter: (click on "view article" button)
  [http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c]
  and you can use this as well for better understanding:
  [http://help.sap.com/saphelp_nw04s/helpdata/en/08/e44ae047ff4f518c84dcf768b9c141/frameset.htm]
  ~vipin
  Edited by: Vipin Bhardwaj on Nov 19, 2010 5:42 PM

• SRM 7.0 - Avoid SRM PO creation from SC when the authorization WF ends

  Hello,
  We need to stop the SRM PO creation when the SC is approved. There is a background client process which creates the PO all nights so we need to stop the process and wait for the client process.
  It seems that the event of approve the SC triggers the creation of the PO.
  Any idea?
  Best Regards,
  Nacho

  Hello,
  You can set the shopping cart to be sourcing relevant.
  Doing this, after approved, it will have flag SOURCE_REL_IND as item level as "X". Then, PO will be created only after sourcer processes the cart manually.
  You can set a product category as sourcing relevant in SPRO ... -> SRM Server -> Sourcing.
  Kind regards,
  Ricardo

• SRM 7.0: Authorisation object? Aliases for services in java portal?

  Here's how we did in old SRM 5.0 system (the old and working scenaio):
  In SRM 5.0 we employed S_ICF object to determine, whether a particular user who has just logged in to a system via web using a particular alias - is authorised to use this service.
  We want external and internal users to use different ways to get into system. We have two aliases:
  for internal users: http://srm5.domain.com/srmint
  for external users: http://srm5.domain.com/srmext
  We make aliases using transaction SICF:
  /srmext
  /srmint
  to service /default_host/sap/bc/gui/sap/its/bbpstart
  For alias /srmext we set field  SAP Authoriz. = EXT.
  For alias /srmint we set field  SAP Authoriz. = INT.
  We make 2 roles, both containing just a S_ICF auth object with differend values of field ICF_VALUE, an appropriate role to a user. If a particular user logs in to the system using an alias matching to the authorization value set in his role, he gets in, otherwise he gets an error upon logon. So that his logon is only successful if he used the right alias in URL (provided correct login name and password of course).
  Question. How do we apply similar scenario in new SRM7?
  Is there an authorisation object for java portal in SRM 7.0 - similar to S_ICF object for ABAP portal in SRM 5.0?
  Is it possible and how to make an aliases to java portal, or otherwise automatically detrermine at runtime upon logon, which way (which URL or using some parameter in address line) the user has logged in?

  This question has been answered by the following blog:
  /people/ulli.hoffmann2/blog/2009/10/07/srm-70-running-it-without-the-portal

• SRM 7.0 - Can't Create a shopping cart for an Asset

  Hi,
  I am trying to create a SC with account assignment Asset in SRM 7.0, extended classic.
  Once I change the Account Assignment Category to Asset and I search for the asset number I receive the following message.
  Missing Authorization check to display master data.
  The user ID has SAPALL, also communication between R3 4.7 and SRM is working fine for vendors, PO's, Confirmations, Invoices, material groups, etc....so the system users would appear to be working ok I assume.
  Also, if I click the Create Asset Master button on the detailed account assignment screen it is not able to generate/retrieve an asset number as it should.
  Any ideas?  The account assignment configuration should be fine, it matches our production SRM 3.0 system, which has no issue with this functionality.
  Thanks,
  Matt

  It seems that the table does not have the entries, maybe b/c we are on R3 4.7.  Could you tell me what the entries are suppossed to be to allow the Asset and Cost Center lookup?  The search does work for WBS element though and I don't see anything specific to WBS element in that table.  In any case if you know the entries that would be great, also this table is not modifiable via SM30, here are the entries that I have in that table.
  AUF_NETNR     PLM_HELPVALUES_AUTHCHECK
  BU_PARTNER     BUPA_BAPI_F4_AUTHORITY
  DAENR     PLM_HELPVALUES_AUTHCHECK
  DOKNR     PLM_HELPVALUES_AUTHCHECK
  EQUNR     PLM_HELPVALUES_AUTHCHECK
  KUNNR     PARTNER_BAPI_F4_AUTHORITY
  LIFNR     PARTNER_BAPI_F4_AUTHORITY
  MATNR     PLM_HELPVALUES_AUTHCHECK
  NW_AUFNR     PLM_HELPVALUES_AUTHCHECK
  PARNR     PARTNER_BAPI_F4_AUTHORITY
  PS_POSID     PLM_HELPVALUES_AUTHCHECK
  PS_PSPID     PLM_HELPVALUES_AUTHCHECK
  QMNUM     PLM_HELPVALUES_AUTHCHECK
  S_AGNCYNUM     INT_FLBOOK_F4_AUTHORITY
  S_AIRPORT     INT_FLBOOK_F4_AUTHORITY
  S_BOOK_ID     INT_FLBOOK_F4_AUTHORITY
  S_CARR_ID     INT_FLBOOK_F4_AUTHORITY
  S_CITY     INT_FLBOOK_F4_AUTHORITY
  S_CONN_ID     INT_FLBOOK_F4_AUTHORITY
  S_COUNTNUM     INT_FLBOOK_F4_AUTHORITY
  S_COUNTR     INT_FLBOOK_F4_AUTHORITY
  S_CUSTOMER     INT_FLBOOK_F4_AUTHORITY
  S_FLCONN     INT_FLBOOK_F4_AUTHORITY
  S_FLCONN1     INT_FLBOOK_F4_AUTHORITY
  S_FLCONN2     INT_FLBOOK_F4_AUTHORITY
  S_PLANETYE     INT_FLBOOK_F4_AUTHORITY
  S_TRNUM     INT_FLBOOK_F4_AUTHORITY
  TPLNR     PLM_HELPVALUES_AUTHCHECK
  USCOMP     SUSR_BAPI_F4_AUTHORITY
  XUBNAME     SUSR_BAPI_F4_AUTHORITY

• SRM 7.0 PO document type

  Hi,
  In SRM 7.0, how is the transaction type for the PO decided.
  I know it is ECPO for Indirect PO's
  and ECDP for Direct PO materials.
  Pls let me know, how the transaction type is decided.
  because, whenver I create a PO, the number range is chosen from ECDP and not from ECPO.
  Though I dont use a material in my PO, I just create a account assigned PO.
  I had set the attribute BSA as : ECPO in SRM Root node and it applies to all.
  Regards
  harish

  (tr:SPRO)
  SAP Supplier Relationship Management
  SRM Server
  Cross-Application Basic Settings
  Define Transaction Types
  Trying to set BP : on FM BBP_GET_PROCTYPE_FROM_PUR and check.
  I can't check this due to limited authorizations.
  You can use BADI BBP_DOC_CHANGE_BADI to change the BE_DOC_TYPE for your items.
  Regards
  Lauren

• SRM 7.0 - Hide 'Create Memory Snapshot' and 'System Info' buttons in SC

  Dear forum gurus,
  I have a requirement to hide these 2 fields which appear in the shopping cart wizard in SRM 7.0.
  The configuration to hide fields only handles header and item fields, and this is a screen field. Presumably this would involve a change to the web dynpro application, and is something which cannot be done via configuration?
  Can anyone confirm how this can be done and provide steps?
  Thanks,
  Nick

  Hi,
  The buttons are not displayed if you use standard role.
  If you use custom role, please check this note. You should remove the authorization object.
  https://service.sap.com/sap/support/notes/1385649
  Regards,
  Masa