T-CODE access

Similar Messages

• Project Admin & Contributor cource code access control

  I am setting up access control on a TFS 2013.2 TFSVC project
  To deny access by default I added the Contributors group in the root of the source tree and set all permissions to deny, then on individual source folders I set the permissions for specific groups. So far so good, members of those groups can see the code
  I want them too and only that code.
  The problem is for project admins.
  All teams are members of the contributors group so that they get team functionality such as team email alerts. If someone in the Project Admin VSO group is added to a team they therefore become part of the contributors group due to inheritence and their
  code access to the top of the source tree is denied by default.
  Is it so that project admins canot be members of teams? This would be a problem because often the project admins also are the leads who define and administer the teams in TFS. If no-one is able to see the top of the source tree, whould be able to create
  a new sub-folder?

  Hi QualityJanitor,
  Thanks for your reply.
  In your scenario, if you add the team project admin user in team group, he can view the source structure in Source Control Explorer, but he cannot open any file to read. He can create new sub-folder in Source Control Explorer, but he cannot check-in this
  sub-folder. 
  We suggest you create a custom team group in your team project, and add all the users(which you want deny the code access by default, exclude team project admin) in this custom group, then use this custom group instead of Contributors group in the root of
  source tree, and set all permission to deny for this custom group.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Limitting payroll t-code access

  Hi expert,
  I have a problem for restricting authorization for user for payroll t-code.
  Apparently, some user is only allowed to ru offcycle payroll. So for example, for t-code "PC00_M34_CALC", user should only be able to run offcycle payroll so on the field declaring payroll type, they should only be able to enter 'A' -> offycle payroll.
  I couldn't find a way to solve this through authorization object, so far my only found option is to manipulate the transaction selection screen.
  I tried to use transaction SHD0 to manipulate the screen for the t-code, but apparently, transaction variant for t-code "PC00_M34_CALC" can not be made. Therefore I tried to play with variant by:
  1. making the payroll type field is not inputable and automatically set 'A'
  2. Protect the variant so it couldn't be changed by people except me
  3.and then save the variant as customer variant "CUS" so that it could be transported.
  After that I created a new T-code let's say Z'' where the default variant "CUS" is used for the t-code.
  Problem arises as user has access to variant, they could create another variant, save it and then use it to open all access. Is there any way to limit either:
  1. User has no access to variant creation
  2. T-code couldn't be run except by a certain variant
  Is there a way to solve my problem?
  I'm open to any other possible solution to solve this problem.
  Thanks in advance

  Use authorization object S_PROGRAM.
  For the field P_ACTION do not include 'VARIANT'

• Limiting payroll t-code access

  Hi expert,
  I have a problem for restricting authorization for user for payroll t-code.
  Apparently, some user is only allowed to run offcycle payroll. So for example, for t-code "PC00_M34_CALC", user should only be able to run offcycle payroll so on the field declaring payroll type, they should only be able to enter 'A' -> offycle payroll.
  I couldn't find a way to solve this through authorization object, so far my only found option is to manipulate the transaction selection screen.
  I tried to use transaction SHD0 to manipulate the screen for the t-code, but apparently, transaction variant for t-code "PC00_M34_CALC" can not be made. Therefore I tried to play with variant by:
  1. making the payroll type field is not inputable and automatically set 'A'
  2. Protect the variant so it couldn't be changed by people except me
  3.and then save the variant as customer variant "CUS" so that it could be transported.
  After that I created a new T-code let's say Z'' where the default variant "CUS" is used for the t-code.
  Problem arises as user has access to variant, they could create another variant, save it and then use it to open all access. Is there any way to limit either:
  1. User has no access to variant creation
  2. T-code couldn't be run except by a certain variant
  Is there a way to solve my problem?
  I'm open to any other possible solution to solve this problem.
  Thanks in advance

  Did  u checked the authorisation for this user as per the roles assigned to him in Tcode PFCG
  http://saphruser.com/category/sap-hr-security/
  Goto tcode
  PFCG
  1.Create a Role and click the Third Tab Authorizations once you create the role
  click the change icon.
  2.EDIT->Insert Authorization->selection criteria
  search for human resources and add..
  3.in the tree navigate to HR master Data -->authorization Level as R
  M (read with entry helps)
  R (read),
  S (write locked record; unlock if the last person to change the record is not the current user),
  E (write locked record),
  D (change lock indicator),
  W (write data records)
  (all operations).
  Note:Use /nAuth to change the menu tree for authorization in left hand side .
  If you have IDES copy the profile HR940_RESTRICTED to Z profile and modify accordingly.
  http://help.sap.com/erp2005_ehp_04/helpdata/EN/97/27973b3ea3eb0fe10000000a114084/frameset.htm
  Edited by: Sikindar on Apr 12, 2009 4:13 PM

• Start workflow in code - access denied

  Im trying to start list workflow (sp 2013)  from MVC app.
  the mvc app (win auth enabled) is running by a user that is site owner.
  i always get ASP.NET access denied
  var workflowServiceManager = new WorkflowServicesManager(web);
  var workflowSubscriptionService = workflowServiceManager.GetWorkflowSubscriptionService();
  SPList oList = web.Lists["Employee"];
  SPListItem item = oList.GetItemById(557);
  //access denied on this line
   var subscriptions = workflowSubscriptionService.EnumerateSubscriptionsByList(oList.ID);
  thanks

  Hi
  Earlier I was putting the button (link) in the wrong place now that its in the dataform webpart @ID works !
  This link now will jump to the workflows page, the problem is that I have two workflows so the user may start the wrong workflow. Then I tried to link to the initiation page instead but this is where the error occurs.
  This is the workflow page link (Copied from browser url)
  http://sp20104/HitsMissesApp/_layouts/Workflow.aspx?ID={@ID}&List=deff1c34-4aec-43ad-b1e8-00444d3ab674&Source=http%3A%2F%2Fsp20104%2FHitsMissesApp%2FLists%2FHitsandMisses%2FAllItems%2Easpx
  This is the initiation page link, has a few more parameters. (Copied from browser url and used static ID for test)
  http://sp20104/HitsMissesApp/_layouts/IniWrkflIP.aspx?List={deff1c34-4aec-43ad-b1e8-00444d3ab674}&ID=6&TemplateID={8f72c2a0-7ec7-44ac-9bb7-c0a527a6b91a}&Source=http%3A%2F%2Fsp20104%2FHitsMissesApp%2FLists%2FHitsandMisses%2FAllItems%2Easpx
  When I enter the intitation link in SPD, SPD error with 'Error HRESULT E_FAIL has been returned from a call to a COM component.' and then crashes.
  So I can only link to the workflows page not the inititaion page. Perhaps the IniWrkflIP.aspx can only be called from a select page or something?
  Code for insering asp link:
  <asp:LinkButton runat="server" id="LinkButton1" PostBackUrl="http://sp20104/HitsMissesApp/_layouts/Workflow.aspx?ID={@ID}&amp;List=deff1c34-4aec-43ad-b1e8-00444d3ab674&amp;Source=http%3A%2F%2Fsp20104%2FHitsMissesApp%2FLists%2FHitsandMisses%2FAllItems%2Easpx">Start Workflow Feedback</asp:LinkButton>
  Alternatively, the button/link could simply start the workflow as I dont require the initiation page. Dont know if this is any easier though.
  Any assistance welcome on this .
  Thanks

• RSA1 T-code Access Problem in IDES server

  Hi Experts,
  Our BW consultant getting on error while using RSA1 t-code in ides client 900
  i.e you can only work in client 800
  Help details:-
  You can only work in client 800
  Message no. BRAIN009
  Diagnosis
  Your SAP BW system can only operate in client 800.
  Procedure
  Log on in client 800.
  For your information:- After completing the installation i have created the client 900 and select the profile sap_all and copied from the client 800 only and created the user id's and assigned the required authorizations.
  Component version :- SAP ECC 6.0
  Operating system :- Windows NT
  Database system :- ORACLE
  Please any one suggest me BW Consultant can only required the access in client 800 only/is there any way to provide the access in client 900 also.
  Regards,
  Reddy V

  Hi,
  In your IDES system BI is configured in client 800. And you can use only one client as BI client in a system, since BI tables are cross-client.
  You can change the BI client from 800 to 900 by updating the field BWMANDT to 900 in RSADMINA table.
  Caution: Everything in client 800 will be lost when you change BI client to 900.
  Usually client is changed during the post installation process(One time activity).
  hope it helps
  regards,
  Pruthvi R

• How do we supress the code access to wifi?

  How do I supress the access code to Wifi?
  thank you

  Sorry. It's unclear what you mean. Please clarify what you mean by "suppress the access code to WiFi".

• Error with Material type/Tax code access sequence in Tax procedure

  Hi,
  I am trying to create an access sequence with Material type/tax code combination for my tax procedure. While I can generate the condition table successfully, I cannot create an access sequence. The access sequence gives me the pop up message " select a document field for MTART". I searched in the field catalog and its absent. However MTART exists in the table KOMG.
  How can I include the field MTART ( material type) in the field catalog. The tax code field is shown as green. Please help.
  Thanks and regards,
  Soumya.

  The field MTART was included as standard in the table . I didn't have to add anything. Further, i couldn't find any standard access sequence for tax procedures that include material type.
  I am really stuck with this!!
  Regards,
  Soumya

• Accurate t-code access list

  I am trying to retrieve a user access list for the following t-codes:
  Financial Reporting:
  FS00 u2013 general ledger accounts
  OB52 u2013 Close accounting periods
  Fixed Assets:
  AS01
  AS02
  ABZON
  ABAVN
  If we run it just by t-code, the access list is incorrect. Can anyone suggest a a different way to retrieve a correct user list such as what authorization objects, etc. I should specify when running each t-code?
  Thanks
  Raja

  you can check table AGR_1251 with object S_TCODE...
  In field" value" enter t-codes.
  This works as long as you havent defined a "from to" authorisation for S_tcode in your roles
  Edited by: Markus Roth on Nov 1, 2011 7:53 PM

• Compay code access

  Hello experts
  We have setup our roles as two sets; one set with org level access and other set with transaction codes/functional access. Whenever a user is setup we assign functional role and appropriate org level roles so he/she will have access to the transaction for desired org level.
  We have a user who has org. level roles for all company codes (read/write access). Now we need to restrict her access so she still has access to all company codes for most transactions. But for few transactions she could only view for certain company codes. I have told them this will not be possible unless she uses two separate ids for two scenarios.
  I know there exist a context sensitive solution in HR where you can link STR. Profile to a master record infotype. Is there similar solution to non HR data?
  I would appreciate your thoughts and inputs.
  Thanks,
  Netra

  This won't work unless the auth objects for the few transactions are not used for any other transactions in which the user requires the full org level access.  Lack of clarity around this sort of issue is just one of many of the limitations of using that particular approach

• Fixing Memory leaks in C code accessed via JNI

  Hi,
  I am working on an JNI interface between Java and legacy C code and I have problems with controlling the Memory inside the C code. In my application, I call many times from Java the C routines. In the C routines, memory is allocated but in a rather unclear and sloppy
  way. Not all memory is return after the C code finishes and I cannot go inside the code and release the memory block using free(). As a consequence, after a couple of runs all memory is consumed. Nevertheless, I know that all memory allocated in the C program should be available again after the C routine has finished.
  Is there a trick available that, for example, I can release all claimed memory by the C program before returning to Java, so the next time a C routine is called from Java, all free memory is again available for the C routine?
  Perhaps unloading the DLL and reloading the DLL before each C routine (how to do?).
  Or keeping track of the memory pointer before entering the C code and force it back to that position (freeing the claimed memory) after finishing the C code part (how to do?).

  Presumably you know that the correct way is to fix the C code?
  Maybe or mabe not...thinking out loud here...(and you need to check everything I say, since I am not doing the research, just pulling it out of my head.)
  The only way to do what you want is to dig deep, deep into the OS and compiler.
  Each process on the OS allocates a stack and a heap (this is not the java heap) to the process when it starts.
  You could then take a snap shot of the heap before starting. Then on exit you would free anything that wasn't in use when you started.
  However, your java app uses the same heap, so if you have any threads then it won't work. But you always have more than one thread, for instance the garbage collector. You could of course hack the jvm source to suspend all the threads (C suspension not java) to solve that problem.
  But you can't make any java method calls in your C code without doing the snap shot thing again. And I would bet that comparing the post and pre snap shots is going to take a while.
  Alternatively I do know that dlls use (or maybe used to use) either their own heap or their own stack. If it is the heap then at least the time problem won't be as much.
  I think there is also a way to replace the heap. This might be easy or hard. And either way it is probably dangerous. But if you did that then you would never have to worry about the snap shot comparison. Just throw away the new heap when you are done (give it back to the OS.)
  You might want to really look at that C code to. C programmers tended to use global variables a lot and initialize them in routines like
  static void* mylocal =0;
  void doit() { if (!mylocal) mylocal = malloc(sizeof(something)); }
  And if that occurs anywhere then switching heaps or deleting snap shots is probably not going to work.

• How to find T-codes accessed by Users

  Hi,
  How to find tcodes accessed by particular user for certain period of time.

  Please refer the thread
  Table for Tcode Access
  for a similar discussion.

• Code access to HsTBar.xla

  Hi
  Can any one help me in getting codes from HsTBar.xla smart view add-in?
  Thanks
  Mustafa

  If you are talking vba code, it is pretty well detailed in the SmartView documentation.
  http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/sv_user.pdf
  Check the Functions section.
  Edited by: Henson12 on Sep 20, 2010 1:46 PM

• Code access security for SSRS 2012 extension?

  I have a SSRS 2012 IAuthenticaitonExtension that I am trying to get up and running.
  Currently, it blows up trying to load one of 3rd party required assemblies.  How do I configure SSRS to allow .NET to load my DLL's?
  Failed to initialize the AppDomain:ReportManager_MSSQLSERVER_0
  Exception: System.Web.HttpException
  Message: Could not load file or assembly 'Castle.Windsor, Version=3.3.0.0, Culture=neutral, PublicKeyToken=407dd0808d44fbdc' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417)
  StackTrace:    at System.Web.Compilation.BuildManager.ReportTopLevelCompilationException()
     at System.Web.Compilation.BuildManager.EnsureTopLevelFilesCompiled()
     at System.Web.Compilation.BuildManager.CallAppInitializeMethod()
     at System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters)
     at System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters)
     at System.Web.Hosting.ApplicationManager.CreateAppDomainWithHostingEnvironment(String appId, IApplicationHost appHost, HostingEnvironmentParameters hostingParameters)
     at System.Web.Hosting.ApplicationManager.CreateAppDomainWithHostingEnvironmentAndReportErrors(String appId, IApplicationHost appHost, HostingEnvironmentParameters hostingParameters)
  InnerException: System.Configuration.ConfigurationErrorsException
  Message: Could not load file or assembly 'Castle.Windsor, Version=3.3.0.0, Culture=neutral, PublicKeyToken=407dd0808d44fbdc' or one of its dependencies. Failed to grant minimum permission requests. (Exception from HRESULT: 0x80131417)
  StackTrace:    at System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective)
     at System.Web.Configuration.CompilationSection.LoadAllAssembliesFromAppDomainBinDirectory()
     at System.Web.Configuration.CompilationSection.LoadAssembly(AssemblyInfo ai)
     at System.Web.Configuration.AssemblyInfo.get_AssemblyInternal()
     at System.Web.Compilation.BuildManager.GetReferencedAssemblies(CompilationSection compConfig)
     at System.Web.Compilation.BuildProvidersCompiler..ctor(VirtualPath configPath, Boolean supportLocalization, String outputAssemblyName)
     at System.Web.Compilation.ApplicationBuildProvider.GetGlobalAsaxBuildResult(Boolean isPrecompiledApp)
     at System.Web.Compilation.BuildManager.CompileGlobalAsax()
     at System.Web.Compilation.BuildManager.EnsureTopLevelFilesCompiled()

  Hi scott_m,
  According to your description, you want to load 3rd party assembly into SSRS. Right?
  In Reporting Services, if we want to use the custom/3rd assembly, we need to copy the .dll file into
  C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\bin
  C:\Program Files (x86)\Microsoft Visual Studio 9\Common7\IDE\PrivateAssemblies
  C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies
  Then add the assembly as Reference in Report Properties.
  If the assembly requires additional permission, we need to modify  
  Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\rssrvpolicy.config
  file
  For more information, please refer to the KB article below:
  How to use custom assemblies or embedded code in Reporting Services
  If you have any question, please feel free to ask.
  Best Regards,
  Simon Hou

• How to implement Oracle user/role security with Access front end?

  Hi,
  We have successfully migrated our Access database tables to Oracle 10g using SQL developer. We've recreated all the users and roles(i.e., access groups) in Oracle and granted rights to tables.
  In the Access front end database, in the Database window we have saved linked Oracle tables which replaced the Access tables. The forms, reports, queries run fine with the linked Oracle tables. All the linked table use one ODBC DSN to the Oracle database with the same Oracle user id.
  We need to be able to authenticate users into the Oracle database and RE-link the tables based on their own unique user id. By during so we can allow users to use the Oracle standard user id/role and system privileges to control select, update, ect. rights to the database.
  I've been able to use the VB code within Access to logon into the database with a unique id, but I have not been able to find out how to RE-link the tables to the unique user id using VB. There should be some way to relink tables dynamically, based on users login into the Access front end.
  I don't know a great deal about Access projects, but I do know with SQL server allows login into your Access project and link tables dynamically.
  Can someone give me some assistance or point me in the right direction?
  Thanks in advance,
  Larry

  We had one of our programmers here come up with a VB code solution for re-linking table within Access. However the relinking takes 3-4 minutes for 100+ tables.
  In an effort to help you understand the situation better, I will attempt to elaborate on the problem:
  We have an Access 2003 application which currently has a front end using Access(forms, reports, queries, & VB code) and a MS Access 2003 backend.
  We have migrated the backend tables to Oracle. However, we still have a need to maintain the front end in Access, since we have over 60 forms, 40 reports, 200+ queries in Access. Its easy to understand, we have a significant investment in the front end(Obviously, the plan is to migrate the front end also at some future date).
  In order to utilized the existing front end, we have to validate and modify the current front end connections to the new Oracle backend. One of the features of Access is that you can "link" tables and save the link for runtime. Each Access table can have its own link which is a separate ODBC/JET connection. As such, each separate link has its own userid/database information.
  The other issue with using the Access front-end is that Access utilizes a workgroup file to implement user and group security. The workgroup file contains all the users and which groups the users belong to in Access. Then within Access, you allow users access to object(tables, queries, ect) by their userid and or group. When users open an Access database with Access security enabled, they are required to log into Access. The login is authenticated by the workgroup file. Once, logged into Access, users have rights to Access objects based on their rights granted to their userid and groups they belong. The problem here is that when you remove the linked Access tables and replace them with linked Oracle tables, Access has knowledge about Oracle table rights granted to users; nor would you expect it to.
  The dilema is the disconnect between Access and the fact Oracle utilizes a similar but much more sophisticated security model. It creates users and roles(which are similar to Access groups), and again this is independent of Access security.
  Our solution was to still use the Access workgroup file security along with the Oracle security model. By using the Access userid and then creating a similar Oracle userid with similar table rights granted in Access, you could apply security within Access and also with the Oracle database.
  For example, a user BOB logs into Access via the workgroup file, using VB code, Access then establishes a Oracle connection logining into Oracle using the same unique userid BOB into Oracle.
  After connecting and validating user BOB into Oracle, then the Access tables are relinked to Oracle using the user BOB userid and table rights.
  This Oracle userid has been granted table rights specific for this userid.This allows the user BOB to use the Access application and still be authenticated into the Oracle database.
  The problem with this solution is that the relinking of the saved Access tables takes 3-7 minutes for about 100+ tables. This is not acceptable for users each time they log into the application.
  Our current alternative is to use one Oracle userid to login each user, and use Access form restrictions/security to allow/prevent users from updating/viewing data. Obviously, this is not the optimal solution in respect to security, but it at least allows us to control access to the data(via the forms) by using one logon required for each user, and quick startup time for the application.
  I understand SQL server does a better job in integration, but we use Oracle which is what I am trying to work with.
  Larry