Transaction code authorization

Similar Messages

• Transaction Code Authorization in background

  Hi all, i have an issue whereby during a leave cancellation, the system is supposed to set a workflow item as 'completed'. However in order to do so, the user needs to have the authorization to Tcode SWIA.
  On the other hand, this user should not have explicit rights to execute this transaction in the command prompt. Is there a way to grant users this SWIA without letting them execute the transaction online ?
  Appreciate your advice.
  Reg,
  Pete

  Hi
  If you need to change the status of the work item, you can use the FM 'SAP_WAPI_WORKITEM_COMPLETE'.
  SWIA is for Workflow administrator and access for the same is not given to users. You can also look for more function modules in se37 by looking for the keyword SAP_WAPI*
  Hope it helps.
  Regards,
  Navneet

• Transaction Code authorization related query --- Not maintain tcode in Role

  Dear All,
  First of all, I have not found any specific area where I can post my problem.Then I found that the OS level expert should also have expertise in SAP basis administration.My query is as follow;
  I have found a scenario where i have seen that a tcode for ex. VA03 is present in an user from SUIM. But when I tried to find out in which Role and profile it is maintained not found.
  I have checked each and every Role & Profile but no where it is maintained although the user can run this tcode.
  Please note that the tcode VA01 is given as example I actually found this thing for a customized tcode called ZCOA,ZINTROT,ZPROINV etc.
  Please help me by giving some idea that how can they maintain this kind of authorization.
  Please note that this is a USA company running SAP from 2001 & current SAP version is 4.7.
  Thanks,
  Suman

  Hi,
  Please note that the tcode VA01 is given as example I actually found this thing for a customized tcode called ZCOA,ZINTROT,ZPROINV etc.
  Firstly what have you created roles or profiles to accomodate Z-tcodes. If its profile or if its roles select relevant option in tcode SUIM. Viz List transactions in roles / profiles.
  Hope this helps.
  Regards,
  Deepak Kori

• Report to view user nm, authorization objects, activity, transaction code.

  Hi All,
  I want to view a user-wise report that displays the transaction code, authorization objects and activities for which the user has authorization.
  Is there any standard report to view all this at a glance?
  Can anybody help me on this?
  Thanks.

  u can try SUIM tcode
  its really helps u
  regards,
  Abhilash

• How to authorize a transaction code for a user?

  Hello,
  How can I authorize the user for a specific transaction code and how can I block it?
  I would appreciate if you can give some insight.
  Thank you.
  Hakan

  Hi Hakan,
  We can achieve this by using two T.Code SU01 and SUIM.
  First check in SUIM,the T.Code that you want to block  T.Code is belongs to which role.
  For finding it Click on roles.Click on transaction assignment.Enter your T.code and execute.
  After finding this goto SU01 and unassign that role for that user.
  In this way we can block the user to use one particular T.Code.
  For providing authorisation,add the role to the user id in SU01 T.Code.
  Run SU53 T.Code after running the failure T.Code to know all the errors.
  Please contact your BASIS person for all these.
  Regards,
  Krishna.

• Authorization Issue for Transaction Codes PA10,PA20,PA30 &PA40

  Hi Experts,
  I have created Custom role for accessing ALL HR Transaction codes in IDES System and added to the user & Tested.
  All transactions codes are working except PA10,PA20,PA30 &PA40
  Please help me regading this.
  Advance Thanks,
  BBC

  Hi,
  I had check with basis Team, they told that I have all authorizations.
  This is New Installation for R/3 HR IDES System. even basis Team  also created role for above transaction code but not getting access.
  We can accesss all transaction codes except these.
  All are new for HR. here anything needs to  be configure for access PA10 to PA40 Transaction codes.
  Please advice me.
  Thanks & Regards,
  BBC

• Authorization Object for Transaction Code

  Hi,
  Is there a report I can execute to give me the list of authorization object for this transaction code?
  Thanks.

  Check Transaction SU24
  Alternatively you can go to SE16-- enter the table name TSTCA, then enter the T CODE, you will get the object related to that T Code.
  Reward points..

• Link authorization object to transaction code

  Hi to all
  how to link authorization object to transaction code?
  i think we can do by using SU24, i am not getting how to do ?
  can any one help me on this Immediately
  Regards
  raadha

  In SU24
  In the Application tab
  Type of Application: 'Transaction'
  Transaction Code:  'Tcode'
  In the Authorization Object tab
  Authorization Object: 'Authorisation object name'
  Type of Application: 'Transaction'
  Then Execute or Press F8...

• Assigning the Authorization group to particular transaction code

  Hi,
    How do we Assign the Aughorization group to particular Transaction code with authorization object. Is there any transaction code ?
  if anyone know, please let me know.
  With Regards,
  Prasad.

  The Tcode is tied to a Program & you can assign the Program to an Authorization Group via its attributes. I don't think there is an option to directly attach a Tcode to an Authn Group.
  ~Suresh

• What authorizations and transaction codes needed to do transports?

  I would like to find out what authorization objects and transaction codes are needed to perform transports in r/3 v4.6? 
  Are transaction codes SE06, SE09, SE10 or authorization objects S_TRANSPRT, S_CTS_ADMI needed?
  Thanks
  Wade

  Hi,
  Yes you would need the following Tcodes to do the transports. In R3, usually when you create or change, you get prompted for a transport request and then all your changes are captured in there, till such time as you release the request.
  You can create, view and release requests using tcodes SE01, SE09 or SE10.
  You'll need the auth objects you specfied and the activites assoiciated with creating, viewing and carrying out other activites with transports via these autho objects. These need to be assigned to a role and the role assigned to the user.
  Cheers,
  Kedar

• List of Authorization Object with Transaction Code

  Dear All ,
      Does SAP provide  any report to list all the Authorization Object ? and which object is belong to which transaction code ?
  Thanks .

  hi olrang ,
  STEP BY STEP TO CREATE AUTHORIZATION OBJECT:
  STEP1:  goto  SU21 transaction and create a new Authorization Object
  Object Name:  Z.....
  Text:  ...........
  ClassL  SD (YOUR MODULE)
  AUTHOR:  YOUR ID
  STEP2:  Give authorizatin fields as
  ACTION - Action of the Authorization
  Activity -  Document Destribution.
  STEP3:  Basis will create a role using transaction  PFCG and assign this authorization object to that role.
  STEP4:  Call the AUTHORITY-CHECK Object in your code.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  IF sy-subrc 0.
  MESSAGE e000(zzpp) WITH 'No Authorization'.
  ENDIF.
  and it belongs to  SU24 transaction code
  Saurabh Goel

• Forcing Authorization for a transaction code without authorization check in

  Transaction code 'PP02' has an authorization object P_TCODE. So when a user who does not have authorization to transaction 'PP02' tries to execute it from command prompt, the SAP system appropriately restricts user saying "You have no authorization".
  However, If Ia program has  "Call transaction" verb calling this transaction and if the restricted user runs this report or module program, it does not restrict the user to access the transaction.
  Is there any way to restrict user to access the transaction from program without explicitly doing authorization check from within the program?
  Jitendra Mehta

  Hi Florin:
  S_TCODE restricts the user only at command prompt level, not if you run the transaction for program using "CALL TRANSACTION" verb.
  If we assign auth.object P_TCODE with some other transaction values (not one for which we want to restrict), then the authority check works for the above.
  But say, if I have no other transaction code values to be assigned to auth. object P_TCODE for the restricted user ( therefore, obviously I don't assign auth. object P_TCODE to any auth. profile for the restricted user) then again, I am out of luck.
  The only way, I have seen this working is to assign value space ( ' '  ) to auth. object P_TCODE and then assign this auth.object to one of the auth. profiles of the restricted user, BINGO!, then it works.
  But our Authorization team has an objection saying "We assign the transactions ( to auth. object ) which the user should have access. It is not  proper to assign a no value to auth. object ( assigning space value ) "
  I do not know how much merit their argument has, however, I was wondering if there is another way I could achieve it without relying on tens of hundred of programs doing auth. checks whenever they call the restricted transaction.
  Please let me know your thoughts.
  Thanks.
  Jitendra Mehta

• Authorization for a Transaction code

  Hi,
  In ECC 5.0, how can we get an authorization for a transaction code by debugging the code?
  Actually in 4.6C, we used to debug the code & change SY-SUBRC code to '0' & get the authorization for a perticular transaction code.
  Similarly how can we do this in ECC 5.0?
  I tried, but I am not getting where to change the sy-subrc code to '0'.
  Any help or clue is greatly appreciated.
  Thanks,
  Sarika.

  Hi Sarika,
  You can try out this workaround. In function module 'RS_TRANSACTION_TEST' put a breakpoint at statement ' call function 'AUTHORITY_CHECK_TCODE''. Execute the required transaction using tcode SE93.If you don't have the authorization then sy-subrc will be 4 after the above statement. In debugging mode change it to 0. Hope this helps.
  Thanks,
  Roshan Gujaran.

• Authorization to new hierarchy node (Profit center) in 3.5 Transaction code

  Dear Colleagues,
  I have an autorization problem that I wish you can help me with.
  I have a (3.5) profit center hierarcy with authorizations on each node. These were made a long time ago by another consultant. Suddenly we have an additional node in the hierarchy (a new region). How do I give authorizations for this new node? Which transaction codes do I use, and how? I am a little bit familiar with PFCG, and have just briefly seen RSSM and SU01. But I can't see where I add authorization functionality yo the new node, and then give it to the user.
  Will sign points!
  Regards Silje

  Look in RSSM to find out what your authorization object is for Profit Center.
  Then lookup the roles that use this Profit Center authorization object -- Not sure how to do this because I usually know the roles I create!  Ask the security or basis team for help if you can't find them.
  Look at those roles and get an idea of how they are used ... In some cases you can group together values and use a wildcard to select a whole group.  Such as, if I have profit centers ABC, ACD, ADE and BAC, I can select the group A* to only allow access to the profit centers starting with A.  This person will not have access to the BAC profit center.
  So, try to figure out how the other consultant assigned the profit centers, then add your new one in in the same way.
  Brian

• PFCG issue - removing transaction codes from menu and not clearing up the authorization tab

  I’m using SAP ERP version ECC6 and EHP5 and also we have updated our system with the PSCD FI module.
  I’m having the following issue in PFCG transaction code - I have created a new single role by copied other or from scratch and added few  transaction codes into the menu.  After that, I went in the authorization tab using the "Change Authorization Data" and I felled all the missing information until the role was green out.  I generated the role then I totally went out.  I come back to the same role that I created earlier and I did removed all the transaction codes from the menu and I did find the following:
  - the Authorization tab light didn't change from green to red
  - I went into the Authorization tab by "Change Authorization Data" and a part of the objects were still in.
  Normally behave should be:
  - when we remove one transaction code from the menu the light from Authorization tab should change from green to red.  When you empty the menu then the light color should change also, but the authorization tab should be also empty.
  Could please give me some idea how to do it next?

  Hi Gabriela,
  Most of the times standard roles contains manually added authorization objects. When ever you are creating a new role by copying the existing standard role so by default, these objects will come in to new role.
  Now, coming to your role. After removing t code from role if nothing has changed in Authorization tab means.
  Here are the possible reasons.
  1.  The t code which you have removed might not have any checked and maintained authorization objects, that's why your Authorization tab still in unchanged.
  2. Rememeber, when ever you are adding or removing t code from menu always use expert mode for profile generation option along with "Read old status and merge with new data" Option.
  This will bring the all checked and maintained data for each t code.
  3. After removing the t codes from menu and if you generate the Authorization tab by using expert mode option still if you find authorization objects means, those are manually added authorization objects that's why those were not removed.
  I hope this will give some clue to your issue.
  Thanks,
  Siva