SWIA Authorization to end users
One of the user executing PM Notification Work item is experiencing SWIA authorization problem in SU53.
Please suggest if the user should be given access to SWIA as its an administration tool
I'd rather not.
Of course you need somebody to monitor workflows ... but that should either be your Basis-team (that's what many companies do) or the SAP functional responsible for the process to which the workflow is attached (personally, I prefer that). This is not an end-user transaction in my opinion - but as opinions go, there might be various others. To grant such an authorisation to an end-user would call for an excellent knowledge of the process which one does not automatically exspect in a (typical) end-user.
Just my 3 cents ...
Similar Messages
-
Dear Experts,
The scenario,in PA30 and also in PA40 HR end user should not have access to edit his own data but he/she can able to view his own data and he should have access to edit,create,copy for other employees. Kindly let me know authorization object for the same.
Regards,
Deepan
Message was edited by: Sikindar AHello
P_PERNR: will prevent or let a user to maintain/see its own data cfr: P_PERNR (HR: Master Data ? Personnel Number Check) (SAP Library - Authorizations for Human Resources)
then depending if you use Contextual Authorization or not
P_ORGIN or P_ORGINCON lets a user to maintain/display the employees' master data.
Cfr:
P_ORGIN (HR : données de base) - Autorisations pour HR (Gestion des Ressources Humaines) - SAP Library
https://help.sap.com/saphelp_erp60_sp/helpdata/en/4c/197c8fad6671459b9dde3e915336b8/content.htm
regards
Hadrien -
List roles/profiles/authorizations for end user
HI All
Can anyone please give the list roles/profiles/authorizations
that needs to be added to our end user id so as to view
(Only Display) all the BEx Reports.
Points assured
Thanks
VijayaHi Vijaya,
Go through this link:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a07122ae-8216-2a10-c9a5-996717a0648b
Thanks,
Ajay -
End users get blank result from VC model calling an R/3 BAPI.
Hello everyone.
We have build a VC model calling a Z*BAPI that we built in the R/3 backend. Everything works fine through DEV and QAS. However in our production environment when an end user attempts to run the VC application and search for a record they get a blank table result. However if one of our core support team users runs the application it returns the search result successfully.
There are no authorizations on the BAPI itself.
I have tried to trap a security trace (ST01) in PRD but have not been able to capture a security trace for a failed attempt. There is no dump (ST22) and nothing in the sys log to indicate a problem (SM21).
Can someone tell me or point me to where I can determine all the authorizations an end user needs in order to run a VC model using a R/3 BAPI?
We are running on EP 7.0 and ECC 6.0.
Thanks,
-JonHi Shay,
When you ask "Have you tried adding the user to the permission list?". Can you be more specific.
Are you talking about the medium level security zone permissions in System Administration -> Permissions -> Portal Permissions -> sap.com/NetWeaver.Portal/medium_safety
For the following objects in the medium_safety folder, assign End User permissions:
com.sap.vc.mmcompiler
com.sap.visualcomposer
com.sap.visualcomposer.portalconnector
If so we have set the permissions to the Authenticated User Group to be "none" and "end-user".
We have also assigned end user rights to the Everyone group to the following PCD folders...
Assign End User permissions to VC Role for the following content:
pcd:portal_content/templates/pages/portalpagetemplate
pcd:portal_content/templates/pages/wdProxyPage
pcd:portal_content/templates/layouts/fullWidth
pcd:portal_content/templates/iviews/wdProxyiView
It still does not work unless the person has content admin assigned. Is there any other permissions (ACLs, PCDs, security zones, etc.) that a person needs in order to use a VC model?
-Jon -
End User Authorizations and Roles
Hi,
What all the authorizations i need to give to an End User, who uses the device.
Is it necessary for the userid to be same in <b>MI Client, MI server, Backend</b> systems.
Let me explain wat an end user does
>logs into MI client
>performs first synchronization
>Executes Mobile Application assigned
>and performs synchronization at the end of the day
rgds,
KiranHi Kiran
Probably I wanst clear with my reply. You need to assign both the above mentioned authorizations to the same user who is performing a sync from the MI Client. S_ME_SYNC is required for the user to perform a sync from MI Client to MI server. S_RFC is required for the same user so that the data can be transferred from MI server to SAP backend and vise versa.
Hope I am clear now
Best Regards
Sivakumar -
How to create new user and How can i assign end user roles
Hi,
I am new to SAP, please explain how to create end users and their roles
Thanks
raviHi,
Roles are decided by IT managers. Suppose if Persons who are working in shopfloor or production side
give authorization to Production order create , change and Confirm like that etc
1. In role maintenance (transaction PFCG), choose the Authorizations tab page.
2. To change the authorization data for the transactions assigned to the role, choose Change Authorization Data or Expert Mode for Profile Generation. Otherwise, a dialog box appears in expert mode (see Regenerating an Authorization Profile After Changes).
Please take telp from Basis person also refer this link,
http://help.sap.com/saphelp_46c/helpdata/EN/52/6714a9439b11d1896f0000e8322d00/frameset.htm
Thanks -
Monitor connected front end users
Hi ,
I have an application with access control list and table which holds application users / used for authorization etc ...
at the database level I would like to see and know which session belongs to which fron end users!
at the database level I can only see session id's and application's username which is htmldb_public_user.... and its unique for every user..
lookin at Utilities>Database Monitor>Sessions page I can only see one developer connected! but cant see session or session id for front end users? is there anyway to find out the session info for this user?
Thanksits the same question with a diffrence that he is trying to have diffrent applications login as diffrent username so he can trace applications individually(which is what im intrested in too) where as im more intrested in knowing the session id for each front end users who are viewing/inserting or deleting data through the applications! hope this makes sense!
I dont undrestand below response!
Bill,
FYI, the engine does this for each database session:
begin dbms_application_info.set_client_info(g_user); dbms_session.set_identifier(substr(g_user,1,(64 - length(g_instance)-1))||':'||to_char(g_instance)); dbms_application_info.set_module('APEX:APPLICATION '||to_char(g_flow_id),'PAGE '||to_char(g_flow_step_id)); exception when others then null; end;
...where g_user is the authenticated user, g_flow_id is the application ID, g_flow_step_id is the page ID, and g_instance is the Application Express sessionID. I don't know where to tell you to look for these markers but they will be associated with the database sessions that you're seeing which are owned by APEX_PUBLIC_USER.
We are looking to move to a 4 RAC environment which is creating many questions concerning APEX architecture.
I've seen all your other posts about this and IMO, there are no questions to be answered about the architecture of Application Express vis-a-vis RAC, and vice versa.
Thanks
Message was edited by:
friendlier -
Hi Experts,
We have a issue with End user logon link.End user link is embedded in
portal. We have maintained guest user as well with all respective web-
services enabled. Data source is LDAP and authentication is NO.
Let me explain the scenario as:
1)When user1 clicks on link to raise any access request , it gives
error as attached. Although user1 exist in LDAP and has account in
GRC system with GRC base roles. It gives error as attached
(1st Image).There are 2 screenshot in attachment.
2)But when I assign SAP_ALL to this user1 in GRC , it clears the
authentication page without any issue.
3)When user is in LDAP, but has no account in GRC , it gives error as
attached(2nd Image)
4)Testing the webservice GRAC_UIB_ENDUSER works fine and any user
existing in LDAP able to authenticate the login.
We are in GRCAC 10.0 SP13.
Guest user has been given SAP_ALL. Appreciate your thoght on this
Thnaks,
MamoonHi Prasant/Colleen,
We have tried SAP_ALL and S_LDAP authorization to guest user. But problem still persist.
Although testing the enduser link from SICF works fine without any issue. But the same link when embedded in portal throws error.
Any suggestion here...
Thanks,
Mamoon -
Denying end users access to a flash file
Hi everyone,
I'm working on a project that I'm hoping to get some help
with, I'm very new to flash. I need a way to steam a flash video to
a users browser, without the file actualy being downloaded onto the
users computer. Basicly my company wants to sell views to some of
the courses we offer implimented in flash. We need to restrict the
user to accessing the flash file once, which I can do, but the part
that i'm not sure about is if a copy of it will always end up on
the users computer.
Sorry if this is not an appropriate place for this question,
but I was hopeing somone might have some insight.
Thanks!Hi,
did you maintain entries in SM30 BCOS_CUST
You have to have the following entry in your satellite system BCOS_CUST view.
OSS_MSG
W
<Your RFC Destination to SOLMAN>
CUST620
1.0
then you'll be able to create a support message.
Also create BPs in SOLMAN, using DSWP -->Edit --> Create Business Partners.
Select your system and date somewhere back dated all the endusers in your satellite system will be populated select the users and create BPs.
You don't have to worry about end user authorization.
This will solve your problem.
Feel free to revert back.
--Ragu -
Restriction of back ground from end user
Hi all, i am ABAPer, but i need to work on authorization issue,
I have to restrict our FI End users (8 users) from the back ground job,
At present scenario is they can run others job also in SM35 including thier job, recently our company aduit found this given the below solution
Excessive batch job authorisation was given to end users (End users should be restricted from the object S_BTCH_ADM and S_BTCH_NAM which allows them to release and schedule jobs using other usersu2019 ID)
when i go thorugh i chenged the value S_BCTH_ADM as N and S_BCTH_NAM as *
and S_BTCH_JOB as LIST,RELE,PROT.
Kindly give me the solution <removed_by_moderator>
Regards
Chandra
Edited by: Julius Bussche on Jun 16, 2008 6:02 AM> Is there any possiblity to restrict the naming convention of background job ie in the sm36 screen Jobname coloumn if i want to restrect with a particular naming convention is int possible example Z:XYZ is the first part of the job name.
AFAIK you can only restrict this for JOBACTION 'SHOW' and this would only work if your JOBGROUP field was already populated with a value.
The name of the job would not work. So I would say that you need to arrange that organizationally.
I think way back a few years ago there was a thread here about this and the possibility of using the user's ID as the JOBGROUP value - but if I remember correctly it was disbanded as being impractical.
So the answer is most likely: No.
Cheers,
Julius -
How to disable end user personalisation for all webdynpro application.
Dear Experts,
I have a requirement where I have to disable the end user personalization of each and every
webdynpro application in my server.
I know how to disable the personalization of a single application or a single component, but my requirement is to disable the personalization of all applications.
Request you to please suggest.
Warm Regards,
Upendra AgrawalHi,
As per SAP help,
Customizing: User-Independent, Client-Wide Modifications
While a single user u2013 during a personalization process u2013 can manipulate his or her own settings, an administrator has the option of executing Customizing settings for all users. Technically, this procedure is not different from personalization; both take place at runtime of an application. The difference lies in the range of the settings. In addition, for these global settings an application must run in a special administration session. This is always automatically the case if an application was started in the portal in the preview session. Independently of the portal, you can start an application in the following manner from within the workbench in administration mode:
Double-click the name of the application in the object list.
In the Web Dynpro Applications menu in the upper, left-hand corner of the Workbench window, choose Test Execute in Admin Mode .
The configuration mode is passed to an application as the sap-config-mode=X URL parameter.
Note
All the adjustments made by the administrator in admin mode are stored as client-specific. Presently no option is available for structuring smaller user groups on an administrative basis. Since cross-client adjustment applies to the respective configuration, the structuring of smaller groups can be implemented currently through the maintenance of different configurations.
End of the note.
You start personalization by calling up the context menu for the respective UI element in your application. In the corresponding context menu for an administrator (that is, with URL parameter sap-config-mode=X), in addition to the standard settings administrators have the option within a UI element container to sort either single lines (Grid, Matrix aund RowLayout) or single elements (FlowLayout).
Note
Administrators require special authorization for client-wide modifications. This can be a developer authorization or the special authorization S_WDR_P13N. You cannot create configurations at design time with this authorization, but you can make modifications at runtime.
End of the note.
These modifications are valid for all users but take place in the current client only.
Thanks,
Chandra -
Hi,
I was wondering if the end-users need access to save the reports as workbooks and views. We definetly do not want to give them access to create new queries or change them. Can we just give them authorization to save as workbooks and views. And I am not sure if giving auth. to save as views also gives them access to query change.
Thanks
AceHello!
you can restrict the access of a user to work with Views and not with Queries. I think giving the authorization to display and change authorizations only to views is posible usinf RS_comp, rs_comp1.
and regarding workbooks i am not able to understand exactly what you need. if you give authorization to work with views then users can not change the queries but can save the views in workbooks.
hope it helps
with regards
ashwin
<i>PS n: Assigning point to the helpful answers is the way of saying thanks in SDN. and you can assign points by clicking on the appropriate radio button displayed next to the answers for your question.yellow for 2, green for 6 points(2)and blue for 10 points and to close the question and marked as problem solved.closing the threads which has a solution will help the members to deal with open issues with out wasting time on problems which has a solution and also to the people who encounter the same porblem in future.
BEx on linux</i> -
hai
everyone
can any body tell me wht is the roll of the end user and what he will do as an enduser wht r the authorisations given to the end user
as i was told to train end user
thanks
thejaHi Theja,
The other end user role could be of a payroll manager who would be responsible for the payroll process. For this, you will need to give them authorizations to PA03, PC00_MXX_CALC, Posting to Finance program, Drill Down reporting, Wage type reporter for reconciliation, Pre-DME and DME program etc.
You will need to provide them with manuals for releasing the payroll, running the payroll, releasing the payroll for correction, Posting process, Exiting Payroll, Creating DME file etc.
You may also include a spreadsheet with the commom errors during a payroll run like employee being locked, no bank details, no work schedule rule so that they can correct the error immediately.
Hope this helps.
-Akshay -
How to prevent end user to create a Query View and save back to BW Server?
Dear All :
Do Someone know that how to setup authorization for Bex Query View Creation? We want to prevent end user to create a Query View to save back to BW Server his favorite folder. when our user run Bex Query, he can base on this query and use Bex Analyzer's save function to save a Query View and save into his favorite folder.
My question is :
1. Can we set up a Authorization to prevent end user to save Bex Query View?
2. Or can I remove Save function from Bex Analyzer to prevent end user use save function, But Developer should not to be prevent .
Thanks for all of your kindly response.
Best Regard
Lawrence KuoHi.
Yes, you can do it like you outline in your point 1):
You need to use the authorization object S_RS_COMP for this. This object let's you control what parts/components of a query the user can do stuff to. So, in your case, you need to have a role for the users, where you do not grant create-access to the component QVW, and then you need another role for developers, where you grant full access or whatever you need for your developers.
See [this post|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a6c54319-0e01-0010-20a4-fb81ad32f330?QuickLink=events&overridelayout=true&5003637661135] and the [SAP Help entry|http://help.sap.com/saphelp_nw70/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/content.htm].
You will also need to use the authorization object S_RS_COMP1. If you already have a productive system with users doing reporting, both objects will be maintained in one of the roles already.
You also want to consider using the object S_RS_PARAM to allow users to create variants for the variabel screen.
Good luck.
Jacob -
Purchased OS Lion, but license says not for end user
I bought a new camera for Christmas, but software needed 10.7 and up and I have 10.6.8. I have a Macbook Pro Core 2 Duo so Lion is as far as I can go. I bought the download and waited 2 days for the authorization email. I unlocked the pdf license and it says - "you must redeem the Content Code(s) to an Apple ID account owned and controlled by your organization, institution or company and not to a personal Apple ID account owned by any end user." I've emailed customer support (case 714357991) on Dec 16 and have no received a reply. Is there a way to follow up on a case number? Am I miss-reading the license?
Thank-you,I had the same problem, but I finally figured it out.
You have to go to 'Purchases' in the Mac App Store, and click install next to OS X Lion.
It might ask for your password again, but after that, it should start downloading!
Maybe you are looking for
-
Error: 'Transaction type not possible (no affiliated company specified)'
Hello, I am trying to transfer an asset under construction to following asset class: 'low value assets' with ABUMN It get the error message: 'Transaction type not possible (no affiliated company specified)'. I could go to AO76 to mark the 'post to af
-
Unit test with Dynamic Value Query
Hi, I am planing a function which should return a table name for a given ROWID. The ROWID will be selected from a view. Now I am trying to setup a unit test which consists of Startup and Teardown Process as well as a Dynamic Value Query. During Start
-
When I ask Siri "What time is it", it replies, "Sorry [me], I don't know the time in 105 - 201 5 Ave W." I don't understand why it can't simply look at the clock on the phone and tell me the time. As if this isn't frustrating enough, I can't even get
-
Hi All, Can any 1 help me out with the document of upgrading 8i to 9i database. Thanks in advance.
-
Almost every time my daughter FaceTimes me, another person answers and he is getting very annoyed. I have checked my settings and can't figure out why this is happening.