SRM recipient role restricted to plants
Hi
In SRM the organizational levels available in authorizations to the 'Recipient role' consist of 'Purch.org' and 'Purch.grp'.
How do I restrict the role to certain plants?
I tried adding the authorization object M_BBP_IM_1 to restrict actions according to plant but anyone with the recipient role can still see all purch.orders.
Hi
Sorry for the delay - I had to get back to my costumer to try out your suggestion.
Unfortunately it does not solve the problem. The goods recipient role does not automatically check for Plant. - then I would have to use the BADI too - and it would take a lot of maintenance, since we eventually will have 12 different hospitals with each 3 plants.
I need to create som recipientroles, that can be restricted to different plants.
Do you or anyone?? have guidelines to creating an authorization object, that restricts that role to certain plants?
BR
Astrid
Similar Messages
-
Disable the 'OUTPUT' Tab in the SRM PO Web Browser for SRM Employee Role
Hi All,
I would like to Disable 'OUTPUT' Tab in SRM PO (Web browser) for different users who are assigned to SRM Employee Role (who has PO Display Authorization) to restrict PO Print Preview only (not to restrict displaying PO field values in SRM Web Browser). I have to have BBP_PD_PO activity as 'Display' to display field values in SRM PO Web Browser - Under SRM Employee Role.
Let me know the solution for the above requirement.
Thanks a lot in advance.
Regards,
SudarsanHi all,
I have the same problem with the PO Output tab.
I would like to disable the Output tab for any user without modification.
SCREEN BADI is not working, because with screen BADI you can only influence position fields, here we ve got a TAB /Field on header level.
CHECK BADI: I did not get the message here. How should I block the user to change the output format only by throwing a message within CHECK_BADI?
The only way I see is a modification to disable the whole Tab.
@ Sudarsan:
You can make a modification within Include LBBP_PO_UI_ITSF0A
Disable output tab at Header Level
If g_prg-data eq gc_outprg.
screen-input = gc_off
endif.
--> switch screen-input to gc_off at any time!
Any other ideas how to disable mail or fax option for users without using a modification?
Thanks
Kind regards
Andreas -
Post goods issue - restriction on plant - VL01N tCode
Hi All!
I have an authorization/restriction problem as regards posting goods in VL01N and VL02N.
I have more users (U1, U2...) and each user has the authorization to post goods just for one plant (U1-P1, U2-P2......) . The user U1 can create delivery for P1, P2 but he must post goods only for P1.
I created 2 type of roles: one role for all users with no restriction on plant but with restriction on movement type (no authorization for 601) and the other type role has the authorization for movement type 601 and the plant (Role1 for 601 and P1 assigned to U1, Role2 for 601 and P2 assigned to U2). And is working if the user wants to post goods from VL02N. But if the user posts goods from VL01N (before saving the delivery)......U1 can post goods for P2...
I don't know if I made clear which one is my need. If I succeed, please let me know if there is one solution. Maybe there is a way to disable the button Post goods issue for tcode VL01N.
Thanks in advance.
Best regards,
Florina ChetaFlorina,
tried what you explained.
I created a role with just VL01N transaction and system asks for shipping point and assigns actions 01 and 06.
Later I added transaction VL02N and system doesnt add any new authorization but just adds activity 02.
Now, I do not understand what activity type you are refering by 601.
Otherwise, its very simple to restrict access as yiou mentioned. Its perfect. -
How to change the "Page Flow Error - Unsatisfied Role Restriction" page
When you try to access a page and are denied authorization to it, Weblogic automatically redirects you to a
"Page Flow Error - Unsatisfied Role Restriction" page, on the bottom of which tells you what roles you have to be in in order to access the resource. My question is how can I change this page to match the general look and feel of my application?I know you asked this almost a month ago, so you may have already figured it out... but you just need to add a handler for com.bea.wlw.netui.pageflow.UnfulfilledRolesException. Something like this:
@jpf:catch type="com.bea.wlw.netui.pageflow.UnfulfilledRolesException" path="roles-error.jsp"
You can put it at the class level of a specific page flow, or at the class level of WEB-INF/src/Global.app, which will apply it to all page flows.
Hope this helps.
Rich -
Role creation for Plant maintenence
Hi Folks ,
i need to create a ROLE only for Plant Maintenence (only Plant maintenence authorization).......
regards
sathishHi
> i need to create a ROLE only for Plant Maintenence (only Plant maintenence authorization).......
Search the roles for this module & make copy of this roles to zroles.After the zrole was created assign this new roles to that user.
Search the role by writing plant,maint & check which are related to plant maintenence & copy that role.
Again check all the transaction which are going to use in the module PM.Create a new role & assign this transaction in this role.this is another way to create the user with authorization only for PM.
For more details about PM modules transaction check the following link
http://www.sap-img.com/sap-pm.htm -
CRM: PFCG Roles restricted based on Sales Organization
Hi,
I have a requirement in SAP CRM 7.0 to create roles restricted based on Sales Organization(locations). We have two Sales Organization XXX and YYY, for which users need to be restricted. I have used the following objects for this regard.
CRM_ORD_OP, CRM_ORD_LP, CRM_ORD_PR, CRM_ORD_OE, CRM_BP_SA
Every user has assigned a sales role in which the above objects are deactivated and separate roles with values to the objects, with respective Sales Org values for the objects CRM_ORD_OE, CRM_BP_SA been provided. I have assigned these roles to respective users (User A with XXX, User B with YYY) based on their sales org locations. These users are positioned in the Organizational Model (PPOMA_CRM) under their respective Sales groups as per the requirement for the object CRM_ORD_LP, and authorization to this object is restricted to A for CHECK_LEV (Your Own Sales Organization). We use * for the objects CRM_ORD_OP and CRM_ORD_PR, as we do not control these.
After restricting all these, we do not find that the result not appearing as we expect, that is, restricting the sales organization data. We need all accounts, all activities, all opportunities, all leads, all campaigns etc. should be restricted by Sales Org, but when we search for accounts, activities, opportunities, leads, campaigns, we get result list with all data without any restrictions. I even checked the following forum, http://forums.sdn.sap.com/thread.jspa?threadID=1579211, which talks about the same kind of issue, but as I have already using the same objects for the restriction, it didnt help me much. I tried deactivating object CRM_BP_SA as it is not discussed on the forum, also tried CHECK_LEV=A,B,C,D,E for object CRM_ORD_LP, but all results the same.
Additional Info: When tried to create a project, with user A who is authorized for XXX, normally it would pick up the Sales Area Data for the project from the user (meaning User A from the XXX Sales Org.), but I get an error message: Enter a sales org, enter a dist. channel and enter an org unit etc. Even when I search for leads, it displays a list of data, when I click on any, it issues the error message: Enter a sales org, enter a dist. channel and enter an org unit (Sales) etc
Is that we miss any object restriction that is not restricting these objects properly or is it any customization missing? Please advice.
Thanks in advance.
Regards,
Shahul Hameed M
BASIS ConsultantHi Shahul,
I have a similar requirement as of yours. I have maintained auth values, in role as below:
CRM_ORD_LP
03 ACTVT
A CHECK_LEV
* PR_TYPE
CRM_ORD_OE
03 ACTVT
11 DIS_CHANNE ( the user is assigned to this dstrbtion channel in org structure)
SALES_GROU
SALES_OFFI
SO1 SALES_ORG
SERVICE_OR ( the user is assigned to this sales org in org structure)
And, when I try to display the LEADs in CRM UI ...I still get the display of LEADs belonging to all sales orgs.
And my trace record for CRM_ORD_LP is....
CHECK_LEV ' blank '
PR_TYPE LEAD
ACTVT 03
that means, it is not considering the auth value ' A ' for auth field CHECK_LEV
Could you please let me know ...how you have achieved this restriction . Is there anything , i m missing here?
Thank You -
Transfer Posting of Restricted stock Plant to Plant
Hi,
How to do transfer posting of restricted stock Plant to Plant
KunalHI
One step stock transfer from one plant to another is 301 movement type.. Remember the stock should be in unrestricted use. If it is in quality and or blocked the same will not work
2 step process is 303 and 305
From Stock transfer order Documnt type UB with item category as U. Movement type used is 351 and 101 -
Hello all, I am working with SRM 7.0 MDM 7.1 and I need to know which are technical name about SRM MDM roles?
Thanks in advance
Rosa RodríguezHi Rosa,
If you are talking about SRM MDM catalog Roles then The following roles are available for the SRM-MDM Catalog:
Catalog Manager, Catalog Content Approver, Catalog User and UI Configuration Manager etc.
For complete details refer page 33/45 of this below Article
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/90cb1670-52c1-2c10-adb8-cb9a23133d3e?quicklink=index&overridelayout=true
Regards,
Mandeep Saini -
SRM Portal roles are not getting accessible
Hello SDN contributors,
I have a strange burning issue. Please help me out.
Issue:
When I assign any SRM Portal roles to users,roles are not getting accessible until I assign a custom ESS(HCM) role in the backend ECC system which is mapped with a portal ESS role.
After doing this only from Portal front-end perspective ,SRM users are getting access on SRM roles.
But I do not able to find out the possible reason behind this.
Please suggest me to get out of this issue.
Regards,
SriramHello Bala,
First of all thank you for your response.
Yes , I'm sure that the back-end role is mapped to only ess role not to SRM roles.
Unable to find out the origin for this issue. Please throw some valuable suggestions on this.
Regards,
Sri ram. -
SAP Query SQ01 restriction at Plant level
Hello All,
Is possible to restrict SAP SQ01 Query report at Plant level? I mean if it can be restricted through Auth object at Role level?Hi,
OK, when a query is created you can hard code selection parameters into the query itself (i.e. default in the company code). That way you have have queries:
ZQ_SHIP_LIST_1000
ZQ_SHIP_LIST_2000
ZQ_SHIP_LIST_3000
Where the 1000, 2000, 3000 represents a data element by which you are separating them.
As Arpan mentioned you could tie this in with your user group policy to make sure users in certain groups (e.g. arranged by plant) are only allocated queries for their respective area.
A downside of this is that you will potentially have a lot more queries. Depending on how your S_QUERY auths are set up, the selection screen entries could be modified.
Ultimately both methods are a faff and my POV is that if you want to report on business data then it's best to code reports from scratch (including the required auth checks) or use something like BW with restrictions tied to the data model. -
SRM 7 role mapping and authorization queries
Hi all,
We are on SRM 7.01.
Can anyone confirm the folllowing:
When std SAP roles are copied then does all authorization obejcts get copied ?
Also if we need to check which authorization objects are getting called for which transaction then how do I check this in SRM 7??In SRM 7,the transaction cannot be run in backend as all the transactions under a role in PFCG are Web dynpro applications.Hi If you are trying to build custom roles you have 2 options.
1. Copy the standard roles into a custom role, all authorization objects get copied. Since you are on SRM 7.01 make sure you copy the EHP1 roles which end with suffix *EHP1.
2. Build role from scratch. To do this you can ask your security person to give the minimum Human resource related authorizations to a test user ID (so that he can logon into SRM system to start transaction). Then Switch on the security trace while you run the transaction with the test ID on portal. Using the trace the security member can identify the required authorization objects required for the transaction. this will take a number of trial but you have to be careful to execute every action within a particular transaction.
Hope that helps.
Regards,
Hussain -
How to restrict other plant material assigned to SA BOM explosion
Dear Experts
One of our client havea issue of assigning wrong material to the scheduling agreement BOM explosion.
Actually there are two different plant code one for manufacturing plant and another one trading.Subcontractor activity will be carried out in trading plant , but users assigning the BOM components from manufacturing plant material.
So they are sending material to vendor from manufacturing plant and receiving material to trading plant.But finance guy don't want do like that.
How to restrict other material (material not part of SA plant)assignment to SA BOM explosion
Thanks in advance
Regards
SSThanks for your reply.
In BOM creation CS01 , if plant is differ from header to line item system will give error message M3 351
"Material &&&&&& not maintained in plant &&&&".
Like that i want to make it in ME38 BOM explosion also.If plant is differ from scheduling agreement line item to BOM line item system should give error message.
For the above scenario I need the solution
SS -
Mapping SRM Portal roles with SRM backend roles
Using ABAP as UME when we create a user in SRM backend and assign backend roles, then corresponding portal roles should also get assigned to the
user so that portal roles are not to be assigned separately by portal admin.
Currently for the requirement I followed the following steps:
1. To SAPJSF user in SRM backend assigned roles SAP_BC_JSF_COMMUNICATIONand SAP_BC_JSF_COMMUNICATION_RO.
2. Created a RFC SPML of type 'G'.
3. Activated UME-SPML connection in SPRO.
4. Then in PFCG for the role personalization assigned PCD path of portalrole.
But I am not able to achieve the requirement through the aforesaid steps.
Please Guide.
Regards,
Gagandeep.If you are using ABAP persistency for UME your ABAP roles should appear in the UME as groups. Just assign the portal roles you need to your ABAP roles/groups. Thats it,
cheers -
Authization object to restrict in Plant for tcode PMEVC
Hi Support,
In our company peoples are working in tcode PMEVC - Variant Configuration Modeling Environment. Now we want to restrict peoples in plant field. How to do it ? what is the authorization object for it. Can anybody help me for it? If yes then please.
Thanks
AsadDear,
Transaction is used for material types KMAT as per standard SAP.
Normally for material master, below authorization objects are used:
M_MATE_BUK - Company code
M_MATE_LGN - Warehouse Numbers
M_MATE_MAN - Data at Client Level
M_MATE_MAR - Material Types
M_MATE_MAT - Materials
M_MATE_MEX - Export License Data per Country
M_MATE_MZP - Customs Tariff Preference Data
M_MATE_STA - Maintenance Statuses
M_MATE_VKO - Sales Organization/Distribution Channel
M_MATE_WGR - Material Groups
M_MATE_WRK - Plants
If you are using KMAT material type and would like to restrict user, use M_MATE_MAR &M_MATE_WRK.
Regards,
Pardhu -
Internal Order restriction with Plant during PR & PO
Hi All,
Generally we create budget based PO for each plant.
So we have defined internal order for each plant and we assigned those order during PR and PO creation
But my requirement is i want to restrict the Order with respective Plant
e.g If Order VX123 is created for plant A then Plant B can not use this order during PR and PO.
So can it be possible in std SAP or i will go for Enhancement?
Regards
PRDear Priyaranjan,
You can achieve above requirement by using the Badi, at the time of creation/change of PR and PO.
For PO use ME_PROCESS_PO_CUST
For PR use ME_PROCESS_REQ_CUST
R,
Amala
Maybe you are looking for
-
How do I move an instance of CC from one machine to another?
I use Adobe CC on two machines, my machine at home and the one I have as part of my job. I understand that this is the total number of machines allowed. However, I am considering leaving my current job and so i want to delete the Adobe CC programs fr
-
Cannot receive or send email from my iphone
cannot receive or send email
-
Color Swap Between Libraries: Is this Possible?
I work with a large number of Illustrator files daily that all use the Pantone Solid Coated library for their swatch color scheme. This color library will be used whether customers provide the art pieces or if I design the pieces for them. However, I
-
Flickering footage in Premiere Pro CC 2014 but not in Premiere Pro CC 2013
Hi guys, I've been having repeated issues with Premiere Pro CC 2014 on Windows. Basically my footage has a weird strobe/flicker when in the suite and when rendered off even although the footage looks fine, unaltered out of the camera. I rendered off
-
I have registered my 3GS with my iTunes account but every time I plug it in it want's me to register again. Why?