T CODE authorization

Similar Messages

• PA  T codes Authorization

  Hi All,
  Could you please tell me what are the following T codes authorizations should be given to the end users to work in Production client.
  PA10 - Personnel file
  PA20 - Display HR Master Data
  PA30 - Maintain HR Master Data
  PA40 - Personnel Events
  PA41 - Change Hiring Data
  PA42 - Fast Data Entry for Events
  PRMD - Maintain HR Master Data
  PRMF - Travel Expenses : Feature TRVFD
  PRML - Set Country Grouping via Popup
  PRMM - Personnel Events
  PRMO - Travel Expenses : Feature TRVCO
  PRMP - Travel Expenses : Feature TRVPA
  PRMS - Display HR Master Data
  PRMT - Update Match code
  PS03 - Info type Overview
  PS04 - Individual Maintenance of Info types
  Please let me know asap this is very urgent......
  Regards,
  Sitarama

  Hi,
  Actually it depends on the users and department.For eg,end user having payroll area -AA (an eg) should get have authorisations to only  employees that come under that payroll area. and also there will be some user whom should run payroll.So all other users wont be having authorisation for payroll.You can give authorization for transaction which are required for the end user if client feels his/her works involves or need this transaction.Actually these details has to provide by the client manager. 
  Transactions that end-user use ?
  Regards,
  Manoj.

• One report, One Source System with multiple Company Codes -- Authorization

  Hello Guys
  We have 2 DEV source systems for our BI implementation right now. one for US (CCode - 406) an one UK(CCode - 301).
  We have already completed the implementation for UK with 38 reports.
  we are right now moving the US implementation.
  when we move to QAS we are going to have one Source system with both US and UK data.
  so when we move to QAS, the US clients wants to view the reports developed in UK implementation with their own data.
  How can we do that. since some reports doesn't have company code to restrict the data to respective users.
  Thanks and Kind regards,
  shekar.

  Hi
  First make the company code authorization relevant in infoobject BEx explore tab
  If your in BI7 , you have analysis authorization concept
  http://help.sap.com/saphelp_nw70/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm
  Regards
  N Ganesh

• T codes authorization required till proposal creation and edition stage

  Hi
  Could you please let me know how can I restrict any user from doing payment run in F110? I want that a user should be able to create and edit proposal and after that he should have no authorisation. I tried this by giving selected codes likes FBZ0 - Display/Edit Payment Proposal, FB03 - Display Document, F110 - Parameters for Automatic Payment, FBL1N - Vendor Line Items, FBL5N - Customer Line Items, SP01 - Output Controller. But proposal was not created immediately.
  thanks
  Sweta

  Hi Sweta,
  You don't have to restrict user from F110 in the relevant user role but you can restrict activities within F110 using following authorization objects. You need to decide wether you want to control these activities with F110 for specific company codes or for for the whole account type like vendor which will automatically cover all the company codes
  F_REGU_BUK - Using this you can contol activities in F110 by company code
  F_REGU_KOA - Using this you can contol activities in F110 by account type (vendor, Customer etc)
  Detail of the activities along with the keys has been provided by Kash in the earlier reply.
  Thanks
  Ron

• Release strategy and code authorizations

  Hi,
  We need to create a new release strategy for PO.  After setting strategy, we are assigning existing release codes A1 and A2 to strategy.  The same release code is also used in existing release strategy.
  Now, will this create any authorization issue if we assign same release codes to different strategies, and different users in user roles.
  Thanks
  Alex

  Hi,
  I am confused with your requirement. When you have a business requirement to control the release, may be a new department created or new character value requires for adding to release process.
  Option-1:--- >When you decided to create new release strategy, you should have gone for creating new release codes & design your release process with new release strategy with new release codes. Do not use same release codes, use different release codes for new release strategy which will be easy to control for authorization based on respective users.
  Option-2:--- > When you added a new release characteristic to release class based on requirement, then check assignment of release group to release class ( just make change & TR need to be transported),release strategy design which trigger on how release is to be affected & which manner with a logic. Also check the new value you are entering with your release class, release group & release strategy in Cl20N/CL24N t.codes. Also check during creation of new release characteristic, you have values with correct field name.
  Regards,
  Biju K

• Removal of t-code authorization

  Hi,
  How to remove authorization for a single t-code from the list of about 500 users.
  They have been authorized to this t-code via different roles.
  Thanks in advance,
  RAMA

  Auke Visser wrote:>
  > It is simpel but a lot of work remove the t-code from every role!
  I assume that "simpel" has a completely different meaning to the generally accepted meaning of the English word "simple"?
  I dont think it is possible to answer this question in a usefull manner without knowing the transaction code(s)...
  In many cases, removing the transaction code from object S_TCODE (only) is useless (except for stupid end users).
  Relying on the fact that all end users are stupid, can quickly become an occupational hazard for many transactions...
  Depending on the transaction, my recommentation would be to look whether there is an object check upfront in the transaction's underlying coding or a common denominator object which is checked, regardless of how the user accesses the "transaction"... and then restrict those authorization object(s) or remove them entirely if you are sure that the access is not required for what ever reason.
  Some transaction groups have a "base check" function from which you can form an opinion.
  Kind regards,
  Julius

• Company code authorization

  Hi,
  In portal, I need to restrict users based on company code.
  When US users logged on to portal, needs to look at the reports, which has the company code value 10
  When Canadian users logged on to portal, needs to look at the report, which has the company value 20
  When Europe users logged on to portal, needs to look at the report, which has the company value 30
  Director of the company needs to look at all the reports, Company code values 10, 20 and 30
  How to handle this? Please help me in this.
  Thanks,
  Ashh.

  If you are using  0COMP_CODE as authorization relevant and have assigned this object to a role and this role to users you will get the company code for each user (then you have build a process to identify which company code the user belongs).
  The processing type "Authorization" enables variables to be filled with values automatically from the user authorization.
  http://help.sap.com/saphelp_nw04/helpdata/en/44/599b3c494d8e15e10000000a114084/frameset.htm
  Do you want to build a customer exit for reading the authorization? Then take a look at the function modules:
  RSSB_GET_AUTH_FOR_USER returns the permitted single values and intervals.
  RSSB_GET_AUTH_HIER_FOR_USER returns the node at the top of the permitted hierarchy section, as well as all permitted sub-areas. You should only use this module in special cases. This is because it uses the internal display of the hierarchy and nodes.
  Regards
  Andreas

• Transaction code authorization

  have created a report using table BSID
  I have used a variant name standard
  Now when I have given authorization to the User.
  1. The Variant authorization is not there .
  2. The user does not have the rights to view table BSID.
  How Can I
  1. Authorization Variant.
  2. Table View
  regards,
  SAP SD

  hi sap sd,
  For First Question
  1] PFCG
  2] In menu tab click on Reports
  3] U can define the authorization for a report with varient using ABAP Report radio button
  For Second
  1] In the same role menu add transaction SM31
  2] generate the authorization for the same

• Account code authorization

  Dear all
  Can we set the specific account code access so that other users can't view the transaction for certain account code in the system?
  Thanks in advance

  hi,
  Finacials --> Chart of acconts --> Select required a/c --> Tick mark Confidential(above balance)
  Update it.
  Jeyakanthan

• Transaction Code Authorization in background

  Hi all, i have an issue whereby during a leave cancellation, the system is supposed to set a workflow item as 'completed'. However in order to do so, the user needs to have the authorization to Tcode SWIA.
  On the other hand, this user should not have explicit rights to execute this transaction in the command prompt. Is there a way to grant users this SWIA without letting them execute the transaction online ?
  Appreciate your advice.
  Reg,
  Pete

  Hi
  If you need to change the status of the work item, you can use the FM 'SAP_WAPI_WORKITEM_COMPLETE'.
  SWIA is for Workflow administrator and access for the same is not given to users. You can also look for more function modules in se37 by looking for the keyword SAP_WAPI*
  Hope it helps.
  Regards,
  Navneet

• Transaction Code authorization related query --- Not maintain tcode in Role

  Dear All,
  First of all, I have not found any specific area where I can post my problem.Then I found that the OS level expert should also have expertise in SAP basis administration.My query is as follow;
  I have found a scenario where i have seen that a tcode for ex. VA03 is present in an user from SUIM. But when I tried to find out in which Role and profile it is maintained not found.
  I have checked each and every Role & Profile but no where it is maintained although the user can run this tcode.
  Please note that the tcode VA01 is given as example I actually found this thing for a customized tcode called ZCOA,ZINTROT,ZPROINV etc.
  Please help me by giving some idea that how can they maintain this kind of authorization.
  Please note that this is a USA company running SAP from 2001 & current SAP version is 4.7.
  Thanks,
  Suman

  Hi,
  Please note that the tcode VA01 is given as example I actually found this thing for a customized tcode called ZCOA,ZINTROT,ZPROINV etc.
  Firstly what have you created roles or profiles to accomodate Z-tcodes. If its profile or if its roles select relevant option in tcode SUIM. Viz List transactions in roles / profiles.
  Hope this helps.
  Regards,
  Deepak Kori

• Code authorizes you to transfer the digital copy to one PC/Laptop to iPhone

  I am stay in malaysia. Last few week I was purchase a BD disc title The X-files(I want to believe) from united kingdom. Inside have an BDROM bonus disc which state that is able to transfer movie to iPhone. After I try it not work. And state that out of region. What shall I do ???

  That would be caused by the DRM style region encoding on the disc.
  you would need to be in the same region as where the title was sold to be able to use it.
  the UK is region 2
  Malaysia is region 3

• Authorization issue on comapay code in BI 7.0

  Hi All,
  We are facing some issue with the company code authorization.We have created analyses auths and these are included in the respective roles. These  roles are assigned to the users based on the requirement. We have used a exit variable for comapny code in the analyses auth and following code is used to populate the company code from DSO where we maintain the authorizaiton values for differernt users.
  We hav restricted the users only on the company code,activity and infoproviders. Users have access to all the info providers.
  we have given * access for all others objects.
  The below code was working fine till last month. But now users are getting the error message "you don't have analyses authorization for any of the char values of char 0comp_code" irrespective of the query they execute. Only BW consultants (have vast access) are able to execute the query.  we are unable find a single user id who cacan access so that we can comapare the other ids. We have checked the logs. No one has changed the code.
  Any pointer on this is highly appreciable.
  *& Report  ZBWI_YLQU01                                              *
  REPORT  zbwi_ycompcod.
  *--- Mandatory local variable for the User exit program
  TYPE-POOLS: rro01,                                   "Do not delete
              rrs0,                                    "Do not delete
              rsr,                                     "Do not delete
              sbiwa.                                   "Do not delete
  DATA: l_s_range     TYPE rsr_s_rangesid,             "Do not delete
        loc_var_range TYPE rrrangeexit.                "Do not delete
  --- local data definition         (if any) -
  TYPES : BEGIN OF st_compcode,
      comp_code LIKE /bic/azal_comp00-comp_code,
      /bic/zauth_val LIKE /bic/azal_comp00-/bic/zauth_val,
  END OF st_compcode.
  DATA : t_compcode TYPE st_compcode OCCURS 0 WITH HEADER LINE.
  *&      Form  variable_user_exit
        text
       -->I_VNAM         text
       -->I_VARTYP       text
       -->I_IOBJNM       text
       -->I_S_COB_PRO    text
       -->I_S_RKB1D      text
       -->I_PERIV        text
       -->I_T_VAR_RANGE  text
       -->I_STEP         text
       -->E_T_RANGE      text
       -->E_MEEHT        text
       -->E_MEFAC        text
       -->E_WAERS        text
       -->E_WHFAC        text
       -->C_S_CUSTOMER   text
  FORM variable_user_exit
                           USING  i_vnam        LIKE  rszglobv-vnam
                                  i_vartyp      LIKE  rszglobv-vartyp
                                  i_iobjnm      LIKE  rszglobv-iobjnm
                                  i_s_cob_pro   TYPE  rsd_s_cob_pro
                                  i_s_rkb1d     TYPE  rsr_s_rkb1d
                                  i_periv       TYPE  rro01_s_rkb1f-periv
                                  i_t_var_range TYPE  rrs0_t_var_range
                                  i_step        TYPE  i
                                  e_t_range     TYPE  rsr_t_rangesid
                                  e_meeht       LIKE  rszglobv-meeht
                                  e_mefac       LIKE  rszglobv-mefac
                                  e_waers       LIKE  rszglobv-waers
                                  e_whfac       LIKE  rszglobv-whfac
                                  c_s_customer  TYPE  rro04_s_customer.
    CHECK ( i_step = 0 ).
    REFRESH t_compcode.
    SELECT comp_code /bic/zauth_val FROM /bic/azal_comp00
    INTO CORRESPONDING FIELDS OF TABLE t_compcode
    WHERE username EQ sy-uname
      AND tctiobjnm EQ '0COMP_CODE'.
    LOOP AT t_compcode.
        CLEAR l_s_range.
        l_s_range-low = t_compcode-/bic/zauth_val.
        l_s_range-sign = 'I'.
        l_s_range-opt = 'EQ'.
        APPEND l_s_range TO e_t_range.
    ENDLOOP.
  ENDFORM.                    "execute_user_exit

  Hi Meghana,
  As Mohan suggested take the screenshot of SU53 Tcode and send it to Basis to add the respective company code Authorisation object in the role.
  Thanks & Regards,
  Dinakar.

• Report to view user nm, authorization objects, activity, transaction code.

  Hi All,
  I want to view a user-wise report that displays the transaction code, authorization objects and activities for which the user has authorization.
  Is there any standard report to view all this at a glance?
  Can anybody help me on this?
  Thanks.

  u can try SUIM tcode
  its really helps u
  regards,
  Abhilash

• CO authorizations by company code

  Dear all,
  I am looking for a solution to the following requirement: given is
  1 CO Area  for mutliple company codes
  Authorization shall be given to the controller for MOVEMENT DATA only for the company code he works for. So this could be controlled via RESPAREA in authorization object K_CCA. However, the same user shall be able to see ALL cost center hierarchies (standard and alternative hierarchies) and ALL cost center master data for all company codes. Thus RESPAREA would need a "*" with the effect that movement data can then be seen also from all company codes.
  Any idea how to resolve this, e.g. by using another authorization object or value? Thanks in advance.
  Peter
  Moderator: You'd better ask this in Security forum. As soon as you do, I'll close this thread

  Hi,
  I guess you should be able to control the authorisations with a single User ID.
  Follow the below steps :
  1. Create a new Role for the user.
  2. In the Role, for the authroisation object K_CSKS ( CO-CCA: Cost Center Master), you allow all cost centers. Thus, the user can get access to the master data of all cost centers in the given controlling area.
  3. For the reports, the authorisation object is K_REPO_CCA ( CO-CCA: Reporting on Cost Centers/Cost Elements ), here you need to restrict the cost centers for which he is allowed to view the reports . The pain here is that you don't have the option of entering the Cost center groups, rather you can give the cost center values in the range.
  4. In the authorisation object, K_CCA ( CO-CCA: Gen. Authorization Object for Cost Center Accounting), you try giving all cost centers in the controlling area , if it does not work then, don;t give any cost center so that it will take from the above authorisation objects in 2 & 3 above.
  I suggest you discuss with Basis consultant, who will guide you through the above process.
  Njoy
  Siva