T codes authorization required till proposal creation and edition stage
Hi
Could you please let me know how can I restrict any user from doing payment run in F110? I want that a user should be able to create and edit proposal and after that he should have no authorisation. I tried this by giving selected codes likes FBZ0 - Display/Edit Payment Proposal, FB03 - Display Document, F110 - Parameters for Automatic Payment, FBL1N - Vendor Line Items, FBL5N - Customer Line Items, SP01 - Output Controller. But proposal was not created immediately.
thanks
Sweta
Hi Sweta,
You don't have to restrict user from F110 in the relevant user role but you can restrict activities within F110 using following authorization objects. You need to decide wether you want to control these activities with F110 for specific company codes or for for the whole account type like vendor which will automatically cover all the company codes
F_REGU_BUK - Using this you can contol activities in F110 by company code
F_REGU_KOA - Using this you can contol activities in F110 by account type (vendor, Customer etc)
Detail of the activities along with the keys has been provided by Kash in the earlier reply.
Thanks
Ron
Similar Messages
-
documents edited on iphone, ipad, & mac what is the order of creation and editing and must each change be manually initiated to update the icloud?
No idea what you mean by the firsy part of your question.
Documents edited on the Mac need manually uloading to iCloud at iCloud.com,documents edited on the mobile devices are updated automatically. -
Mobile site, automatic creation and editing
I'm new to Muse and have just created my first web site which Im very pleased with. www.loosechippings.org BUT a big drawback for me is that I have to create a completely separate mobile site for smartphones. I'm told Weebly does this automatically and Direct Mail automatically creates mobile format emails. Please can Adobe introduce automatic creation and editing of mobile versions of the desktop web site?
Just have a look at a homepage of your choice and think, what would happen, if you automatically transpose this page completely into a phone layout. (quantity and size of text, images; menus, anchors, pinning and so on. I think, if you are aware of the horrible problems, you will never want to do this automatically.
-
Authorizations Required for Accessing WAD and setup an Active RFC
Hi All,
I an having problems for accessing WAD. It says 'You are not authorised to run WAD'. Does any one have idea of what authorizations are required to access WAD. I need to do the set up for information Broadcasting.
Also some help is need for setting up an active RFC server. Can any one specify what attributes are required to setup an active RFC Server.Hi,
will you be able to provide more specific information.... regarding it........
I need the information as I need to Broadcast a web template... -
CC 2014: are creation and editing of smart objects multiple cores cpu operations?
anyone knows it for sure?
thanks everyone
samChris Cox wrote:
Creating and updating smart objects are mostly just saving and loading files - which is a pretty serial operation.
If you have a transform or filter applied to the smart object, then those steps will be accelerated as the transform or filter normally would be.
Chris that is interesting. We were talking about Smart Objects reducing image size in RAM, and from what you are saying, creating a Smart Object saves it's details to hard drive. Judging by the resulting image size as stated in the Status Bar, the Smart Object uses similar memory to an equivalent raster layer. How does it work if the containing document has not yet been saved as a PSD? I imagine that saving the PSD file must contain the Smart Object information? -
How to Store and Edit Vendor No in IC Agent?
I have a requirement to display, store and edit the vendor no in the account identification.
Vendor No stored in venmap table. Currently, I added the custom field in the account identification. I am able to populate vendor no but not able to edit and store in the account identification. Is there any funcationality or configuration where we can edit and store vendor no. I am using CRM 7.0
Your reply is appreciated.
Thanks,
BanuI am closing this question, as no response from the forum.
-
Authorization control on material reservation creation and change (MB21 & M
Hi Friends
Please help me to find a solution on Authorization control on material reservation creation and change (MB21 & MB23).
Client looking for a control over end user on those T.Code s but not at T.Code level;
Client looking for control either based on "Storage location" and/or u201CProduct hierarchyu201D.
More specifically, user A and B both can Create/Change MR but user A only can do it for the MR which related to storage location say YY while B authorized for storage location ZZ
Thanks in advance.Hello Partha,
Only available Standard SAP Authorization Objects, related to Reservations, are M_MRES_BWA (Reservations: Movement Type) & M_MRES_WWA (Reservations: Plant) where you can maintain authorizations based on Movement Type & Plant respectively and hence seggested enhancement.
You can use Tcode-SUIM to search for Basis authorization details i.e. Roles defined for specific transaction/authorization object / profiles.
Revert if any further info required.
Regards,
Anup -
Release strategy and code authorizations
Hi,
We need to create a new release strategy for PO. After setting strategy, we are assigning existing release codes A1 and A2 to strategy. The same release code is also used in existing release strategy.
Now, will this create any authorization issue if we assign same release codes to different strategies, and different users in user roles.
Thanks
AlexHi,
I am confused with your requirement. When you have a business requirement to control the release, may be a new department created or new character value requires for adding to release process.
Option-1:--- >When you decided to create new release strategy, you should have gone for creating new release codes & design your release process with new release strategy with new release codes. Do not use same release codes, use different release codes for new release strategy which will be easy to control for authorization based on respective users.
Option-2:--- > When you added a new release characteristic to release class based on requirement, then check assignment of release group to release class ( just make change & TR need to be transported),release strategy design which trigger on how release is to be affected & which manner with a logic. Also check the new value you are entering with your release class, release group & release strategy in Cl20N/CL24N t.codes. Also check during creation of new release characteristic, you have values with correct field name.
Regards,
Biju K -
Unable to make Postal code as required field in Vendor master creation
Hi,
We have a requirement of making Postal code (POST_CODE1) field under street address of new vendor master creation/change as a required field.
In the configuration settings of vendor account group (OBD3), SAP provided Postal code City combined as only one field.
Even after making the Postal code&City field as required in the configuration of a particular Vendor group (OBD3), the system is allowing to create new vendor master under that particular group with out the input of Postal code.
The system only making the city (CITY1) as required filed but not the Postal code (POST_CODE1) even after setting Postal code&City field as required in OBD3.
Could you please provide the activities to be performed apart from the above so as to make Postal code as required filed at the time of the vendor master creation/change
Regards
Mani PrasadYes, it is country specific. It will affect in vendor masters as well Customer masters.
You have two options now :
Create a Transaction variant using SHD0 and Make Postal code field as required and create a custom transaction code in SE93 (Transaction with Variant (Variant transaction) and assign here and save. Your requirement will be fulfilled.
Else you can go for Enhancement using EXIT_SAPMF02K_001 Vendors: User Exit for Checks prior to Saving
The following user exits exist for vendor master records:
o Check entered data before saving
Please refer to the interface description of the function module to see which data is available.
If we found any other solution we will let you know the same. -
Role creation and authorization objects in sap
Hi
i want to know the full relationship between creation of roles , authorization objects ,authorizations in web as abap
Please explain the process in detail the use of PFCG and all its options and how to create Z rolesAlthough, It would be a very long document to explain the query, I have briefed you on the concept. I hope it leads you well.
- Roles are nothing but a container for authorizations. A role represents a specific part of an employeeu2019s job.
- The R/3 authorization concept permits the assignment of either general and/or finely detailed user authorizations. These assignments can reach down to transactions, field and field value level.
For e.g. If a user wants to create a PO we can restrict him on:
u2022 Activity : Create/Change/Display
u2022 Org elements like Company Code, Plant, Purchase Organization etc
u2022 Document type etc.
- Authorization objects are grouped in an object class such as Materials Management: Master Data (MM_G). Each Object Class may have several authorization objects and within each object we can have several authorizations (max. up to 99).
- Fields :The permissible values for the fields constitute the authorization. For e.g. ACTVT (Activity) is a field with permissible values of 01 (Create), 02 (Change) & (03 Display) for the object M_MATE_CHG (Material Master: Batches/Trading Units). Value * for field BEGRU signifies all possible values.
- An authorization allows you to carry out an R/3 task based on a set of field values in an authorization object. By themselves authorizations do not exist and they only have a meaning inside a profile
- Authorizations are contained within profiles and these profiles are assigned to users manually or automatically via role assignment. When you assign the field values for all the authorization objects and save system will auto generate a profile name.
- Authorization check are included in the transactions source code in standard SAP R/3.A user may carry out an action if the authorization check is successful for each field in the object.
Edited by: Subramaniam Iyer on Nov 27, 2008 12:08 PM -
When I set up Adobe reader on my computer to be able to download books from a library and then transfer to my Nook e-reader, I initially stating No authorization required using Adobe. When I try to change it so I can transfer downloaded books by my Nook e-reader it I get an error message stating the Adobe user name and password is associated with another computer. What gives?
This is pretty surprising and wierd that even Reader 10.1.1 is crashing on your system. It works pefectly for me.
Would it be possible for you to get the crash dump, and upload it, so that I can have a look at the same.
Download PROCDUMP from <http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx> and extract it to a folder, say, c:\temp\procdump.exe
Open cmd prompt and type "cd c:\temp".
Launch the browser and open the PDF.
Open task manager, sort processed by name. Two AcroRd32.exe instances should have been launched. Note the PID (a small integer like 5588) corresponding to the AcroRd32.exe with the higher memory usage; this is the process that must be crashing. Note this PID.
On the cmd window, type "procdump -e -ma 5588 c:\temp\01.dmp" (replace 5588 with the actual PID of the process noted in Step 4). Procdump will now wait for the aoolication to crash. If it throws a EULA, accept it.
Perform your steps to cause the crash.
Procdump will have created a dump file at "c:\temp\01.dmp". Zip it up (since it will be 100s of MBs otherwise) and share with me.
Thanks in advance for all your help
Ankit -
T-codes for accrual doc creation and posting
Hi,
Anyone knows the T-codes for accrual doc creation and posting?
Thanks,
CWHi,
Try with T Codes:
FBS1 - Enter Accrual/Deferral Document
F.81 - Reverse Accrual/Deferral Document
Thanks
Chandra -
Background job fails for BDC profile creation and role assignment
Hi Experts,
I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
Below is the process of job
1. ZMIS_AUTH_OBJECT_CREATE
Variant : auth-create
2. ZMIS_AUTH_ASSIGN_TO_ROLE
Variant : auth-assign
The problem is in second program, runs in foreground but fails in background.
Code which i have written in my second program
***BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
***Generation of Profile created
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14 .
Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
Regards,
ChetanHi Praveen,
Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
To achieve this i have written two programs
1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
"" Creation of Authorization Object
CALL FUNCTION 'ZAUTHOBJ'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
g_authname_001 = 'ZDUMMY_MIS'
g_targetauth_002 = wa_tab-auth
g_authtxt_003 = wa_tab-short_desc
g_authtxtmd_004 = wa_tab-med_desc
marked_04_005 = 'X'
g_authtxt_006 = wa_tab-short_desc
g_authtxtmd_007 = wa_tab-med_desc
tctiobjnm_04_008 = 'ZBUS_UNIT'
g_authtxt_009 = wa_tab-short_desc
g_authtxtmd_010 = wa_tab-med_desc
marked_05_011 = ''
opt_01_012 = 'EQ'
low_01_013 = wa_tab-bu
g_authtxt_014 = wa_tab-short_desc
g_authtxtmd_015 = wa_tab-med_desc
marked_04_016 = 'X'
g_authtxt_017 = wa_tab-short_desc
g_authtxtmd_018 = wa_tab-med_desc
tctiobjnm_04_019 = 'ZCONTRCT'
g_authtxt_020 = wa_tab-short_desc
g_authtxtmd_021 = wa_tab-med_desc
marked_05_022 = ''
opt_01_023 = 'EQ'
low_01_024 = lv_contract
g_authtxt_025 = wa_tab-short_desc
g_authtxtmd_026 = wa_tab-med_desc
g_authtxt_027 = wa_tab-short_desc
g_authtxtmd_028 = wa_tab-med_desc
g_authname_029 = wa_tab-auth
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
"" Creation of role
LOOP AT it_role INTO wa_role.
CLEAR wa_text.
wa_text-text = wa_role-desc.
wa_text-langu = 'E'.
APPEND wa_text TO it_text.
wa_jobrole-agr_name = wa_role-role_name.
wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
wa_method-usmethod = 'CHANGE'.
CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
EXPORTING
jobrole = wa_jobrole
parent = wa_parentrole
method = wa_method
TABLES
* RETURN =
shorttext = it_text
* LONGTEXT =
* MENU_NODES =
* MENU_TEXTS =.
ENDLOOP.
2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
""*BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message .
COMMIT WORK AND WAIT.
""*Generation of Profile created
LOOP AT it_role INTO wa_role.
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDLOOP.
For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
Regards,
Chetan -
I want to exclude certain vendors up front of proposal creation from F110
Hi,
I want to exclude certain vendors up front of proposal creation from T.code F110.
Meaning - I would use the range 850000 - 999999, but I would also like to exclude for example vendor #'s 912271, 912771, 959281 from this proposal.
Currently the only way to exclude a vendor is to skip it from the proposal after it creates.
But is there anyother to overcome with this issue because it requires lot of time to find vendor and then delete it.Hi,
Its possible to exclude with the help of field LFA1-NAME1 in the free selection screen. Select the field, give the names and mark exclude values indicator.
Hope this helps.
Thanks
Krishna. -
hi,
this is my requirement
how to provide authorization to be primarily based on
plant code
purchasing group
material group
incoterm
vendor account group.
please provide me the procedure and if there is any code for it please provide.
thanks in advancePARAMETERS carr TYPE spfli-carrid.
AT SELECTION-SCREEN.
AUTHORITY-CHECK OBJECT 'S_CARRID'
ID 'CARRID' FIELD carr
ID 'ACTVT' FIELD '03'.
IF sy-subrc <> 0.
MESSAGE 'No authorization' TYPE 'E'.
ENDIF.
AUTHORITY-CHECK OBJECT auth_obj [FOR USER user]
ID id1 {FIELD val1}|DUMMY
[ID id2 {FIELD val2}|DUMMY]
[ID id10 {FIELD val10}|DUMMY].
Addition:
... FOR USER user
Effect
This statement checks whether authorization is entered in the user master record of the current user or the user specified in user for the authorization object entered in the field auth_obj, and whether this authorization is sufficient for the request specified in the statement. A flat character-type field that contains the name of an authorization object is expected for auth_obj. Without the addition FOR USER, the authorization of the current user is checked.
With id1 ... id10, you must have at least one and can have a maximum of 10 authorization fields listed for the authorization object specified. With id1 ... id10, "flat", character-type fields are expected that contain the name of the authorization fields in uppercase letters. If an authorization field is specified that does not appear in the authorization object, no check can be executed and sy-subrc is set to 4. For each specified authorization field, you must specify with FIELD either a value to be checked in a flat, character-type field val1 ... val10 or the addition DUMMY.
The authority check is carried out if the check indicator for the specified authorization object for the current context is set to check with any proposal status. If the check indicator is set to no check, no authority check is carried out and sy-subrc is set to 0, as with a successful check.
The authorization check is successful if one or several authorizations are created for the authorization object in the user master record and if - for at least one of the authorizations - each of the value sets defined there for the authorization fields specified using FIELD includes the value val1 ... val10 to be checked. Authorization fields that are not included in the statement or that have DUMMY specified for them are not checked. If the check is successful, sy-subrc is set to 0. Otherwise, it is set to a value not equal to 0 (see below).
System Fields
sy-subrc Meaning
0 Authorization successful or no check was carried out. An authorization for the authorization object was found in the user master record. It's value sets include the specified values.
4 Authorization check not successful. One or several authorizations were indeed found for the authorization object in the user master record and they include the value sets, but not the values specified, or incorrect or too many authorization fields were specified.
12 No authorization was found for the authorization object in the user master record.
24 Incorrect authorization fields or an incorrect number of authorization fields was found. This return value is no longer set since Release 6.20. Up to Release 4.6 it is set only if the profile parameter "auth/new_buffering" has a value less than 3.
40 An invalid user ID has been entered in user.
Notes
The authorization fields of an authorization object are fields for data and a field with the name ACTVT for activities. Activities are represented by abbreviations with two characters that are defined in the ACTVT column of the database table TACT or have a customer-specific definition in TACTZ. Possible activities are assigned to the authorization field ACTVT in the authorization object. In the user master record, you have authorizations for data and activities in the form of operands for logical expressions stored as value sets. Here, masking characters can be used for generic authorizations.
When checking the authorization of the current user without the addition FOR USER, the content of the system field sy-uname is not evaluated, but the actual user name is used instead.
The most important contexts for which check indicators can be set are transactions. The execution of a statement AUTHORITY-CHECK can have different results depending on how the current program flow was started. In general, a check indicator should always been set to check.
For authorization objects of the areas SAP NW AS ABAP (BC) and human resources management (HR), a check indicator cannot be set to no check.
Addition
... FOR USER user
Example
Check as to whether the current user has the authorization required for displaying the airline that he specifies on the selection screen. The used authorization object is called S_CARRID and includes the authorization fields CARRID for the name of an airline and ACTVT for the activity. The abbreviation "03" stands for the "Display" activity and is one of the activities that are assigned to the authorization object S_CARRID.
PARAMETERS carr TYPE spfli-carrid.
AT SELECTION-SCREEN.
AUTHORITY-CHECK OBJECT 'S_CARRID'
ID 'CARRID' FIELD carr
ID 'ACTVT' FIELD '03'.
IF sy-subrc <> 0.
MESSAGE 'No authorization' TYPE 'E'.
ENDIF.
Maybe you are looking for
-
Trying to install update 8.1.3, my iPad says I need 1.5 gb but I actually have 17.1 gb. Why will it not let me install?
-
Help on Virtual PC running on G5 with OS 10.5 accessing FAT 32 hard drive?
Hello I've had Virtual PC 7 working just fine with OS 10.3.9 on my Power Mac G5 tower. I used it for connecting an external hard drive formatted for Windows FAT 32 which allowed me to not only access and grab files but also upload files into that ext
-
Help my sons ipod touch is disabled and it says connect to itunes, nut when i do that itunes says need to enter password to unlock and i cant
-
hi How can we know the size of the entire database, number of tables,views ,procedures in the database .. thanks
-
I'm very new to InDesign, so please excuse me if I've missed something. I'm trying to insert references into a document and have a table at the end like this Branke 1998 Jurgen Branke. Creating robust solutions by means of evolutionary algorithms. I