Transaction FCHN authorization
Hi Experts,
I have a user who is trying to use transaction code FCHN with Payroll checks box checked. First SU53 showed she was missing P_ABAP for a report with deg. of simplification 02. Now she gets passed the first step but she still gets missing authorization. Now her SU53 shows missing P_PERNR with Read authorization for all infotypes, subtypes and PSIGN *.
My understanding is that P_PERNR was to check your own personnel no. - it should have been may be P_ORGIN. I am hesitant to give her this authorization. Can somebody shed some lights on this.
Thanks,
Netra
Neha,
first of all SU53 will not always give the correct information about missing authorizations. Say u have failed authorization checks for Auth Obj A and Auth Obj B in that order SU53 will show u the Auth Obj B and doesnt show the information about the Auth Obj A which in some cases might be the required authorization.
Secondly P_ABAP with Simplification 02 by passes the check at the level of P_ORGIN too.
So the best bet would be to trace the user and see what he is missing.
Some times the report might require access to S_DATASET as it tries to access a file to store the checks info.
See if this is cause of authorization error.
Hope this helps
Manohar
Similar Messages
-
Adding "Sending company code" to Transaction FCHN
Hi,
We would like to add a column "Sending company code" to the report out of transaction FCHN. The info for this column is present in REGUH-ABSBU. Is there anyway this could be done without copying the standard program into a custom program and modifying it.
Any help will be appreciated.
Thanks,
ALAM.Hi
I believe you would need an exit cause, FCHN is feed from table PAYR, and in taht table you don t have the sending company code field
Regards
Jose -
Transaction code authorization
have created a report using table BSID
I have used a variant name standard
Now when I have given authorization to the User.
1. The Variant authorization is not there .
2. The user does not have the rights to view table BSID.
How Can I
1. Authorization Variant.
2. Table View
regards,
SAP SDhi sap sd,
For First Question
1] PFCG
2] In menu tab click on Reports
3] U can define the authorization for a report with varient using ABAP Report radio button
For Second
1] In the same role menu add transaction SM31
2] generate the authorization for the same -
Transaction VASK authorization check on warehouse
Hello all,
Does anyone know why there is no authorization check on the warehouse in transaction code VASK? I have an issue where users from different warehouses are deleting groups created in other warehouses. I wanted to know if anoyone else has run into this issue as well. My solution is to create a custom transaction for VASK and add the warehouse check as well as a selection value. Does anyone else have a better soultion?
Thank you,
SteveI am going to create a new t-code and add the authorization check.
-
Transaction Code Authorization in background
Hi all, i have an issue whereby during a leave cancellation, the system is supposed to set a workflow item as 'completed'. However in order to do so, the user needs to have the authorization to Tcode SWIA.
On the other hand, this user should not have explicit rights to execute this transaction in the command prompt. Is there a way to grant users this SWIA without letting them execute the transaction online ?
Appreciate your advice.
Reg,
PeteHi
If you need to change the status of the work item, you can use the FM 'SAP_WAPI_WORKITEM_COMPLETE'.
SWIA is for Workflow administrator and access for the same is not given to users. You can also look for more function modules in se37 by looking for the keyword SAP_WAPI*
Hope it helps.
Regards,
Navneet -
Transaction Code authorization related query --- Not maintain tcode in Role
Dear All,
First of all, I have not found any specific area where I can post my problem.Then I found that the OS level expert should also have expertise in SAP basis administration.My query is as follow;
I have found a scenario where i have seen that a tcode for ex. VA03 is present in an user from SUIM. But when I tried to find out in which Role and profile it is maintained not found.
I have checked each and every Role & Profile but no where it is maintained although the user can run this tcode.
Please note that the tcode VA01 is given as example I actually found this thing for a customized tcode called ZCOA,ZINTROT,ZPROINV etc.
Please help me by giving some idea that how can they maintain this kind of authorization.
Please note that this is a USA company running SAP from 2001 & current SAP version is 4.7.
Thanks,
SumanHi,
Please note that the tcode VA01 is given as example I actually found this thing for a customized tcode called ZCOA,ZINTROT,ZPROINV etc.
Firstly what have you created roles or profiles to accomodate Z-tcodes. If its profile or if its roles select relevant option in tcode SUIM. Viz List transactions in roles / profiles.
Hope this helps.
Regards,
Deepak Kori -
Hi Gurus,
With transaction SU24 I am able to view the objects associated with a specififc Transaction code and also the details of the objects. However when I assign the same transaction code to a Role I am not able to Control/ VIew all the objects as I got to view from SU24.Can anyone please explain me the reason for this.Hello Parvez,
Run Su24 for the concerned transaction and go to authorization object screen. Look for the column: Check Indicator. Only if the value is maintained as check/maintain against a particular authorization object will it come automatically in a role to which the concerned transaction is assigned. It won't work if indicator is set to check.
Regards.
Ruchit. -
Transaction SP02 - Authorization question
Hi all,
In transactioon SP02 it is possible to open a spool request and change the "user name" to another one. So it is possible to redirect a spool request to another user.
Is there any way to restrict this function. I made some trials with authorization objecct S_SPO_ACT but it will not work.
Best regards and thanks for help,
KlausHi all,
In transactioon SP02 it is possible to open a spool request and change the "user name" to another one. So it is possible to redirect a spool request to another user.
Is there any way to restrict this function. I made some trials with authorization objecct S_SPO_ACT but it will not work.
Best regards and thanks for help,
Klaus -
Report to view user nm, authorization objects, activity, transaction code.
Hi All,
I want to view a user-wise report that displays the transaction code, authorization objects and activities for which the user has authorization.
Is there any standard report to view all this at a glance?
Can anybody help me on this?
Thanks.u can try SUIM tcode
its really helps u
regards,
Abhilash -
Restricting the authorization Object for B2B Transactions
Hi All
we are facing the problem in the ISA b2b app, actually the scenario is as below.
we have various transaction types like b2b sales,Peoplesoft order,Request for Order change, RMA ,Request for Quotation(RFQ) and metel order.
As per the requirement, The client wants only a few functionalities for a particular user.
Example:
Transaction Type Authorization
PeopleSoft order View only View only
B2B:Req. OrderCh x x
B2B: Req. RMA
B2B: Req. Quote x x
Metel Order x
For b2b sales transaction a lower level employee would only be able to view the order and he should be restricted to make any changes. Is there a posibility to restrict in this manner? This is Urgent. Please respond immediately. Thanking you in anticipation.
Message was edited by:
Sunil Kumar>
Viral741 wrote:
> Hi All
>
> I have a requirement in SAP Security to restrict the authorization object S_ALV_LAYO to a particular set of users.
>
> Background:
>
> We use composite roles which is shared accross all areas(Finace,marketing,work managment).Now the requirement is for from Work managment to restrict S_ALV_LAYO so that user cant change default layout and can create user specific layout,but other areas are not ready for this.So please let me know if there is any way i can restrict this auth object only for work managment area only.
>
> Thanks,
>
> Nitesh
Nitesh,
Remove access to S_ALV_LAYO for general users and give access to F_IT_ALV instead. Keep S_ALV_LAYO for the users who will be maintaining the default layout.
Good Luck! -
Custom transaction authorization
Hi,
I have a custom transaction which calls a custom table. And as there's no ABAP code for that, it's not possible to enter ABAP statement - AUTHORITY-CHECK to check any data before user run custom transaction.
Is it possible to restrict custom transaction in this scenario ?
Thanks..Thank you all for your answers. But I know what you all are talking about.
Well, let me be specific. I have 3 companies and all are using same custom table. And I have a custom transaction code which points to custom table for table display/update access.
Now, as there's no ABAP code for custom transaction, I can't insert AUTHORITY-CHECK to restrict one company's data from others.
So in this case, is there any way I can restrict custom transaction for authorization check, which would be inserted in user's profile, for specific company code value ?
I know you can do it using TSTCA table: insert authorization object and value and then check against user's profile. But would like to know what other folks are doing.
Cheers... -
Assign authorization group to transaction
Hi,
I have to assign a auth group to Z-transaction. How can i do this.
Thanks,Hi,
What type of paramater transaction you have created? Have you created a paramater transaction for a view or a table?
I think when you create a parameter transaction the authorization is controled from the parent transaction and not in the tcode definition.
You can use S_TCODE to assign the paraeter transaction to any user and control it based on the user profile.
Cheers
VJ -
Checking of Authorization and Transaction
Hi ,
I want to see for a user what the Transaction and authorization has given to a user. What are T-code assign to him, how can i check.
Regards
Brijesh PrasadHi Brijesh,
Go to SUIM
Roles | By User Assignment | Provide Username | Execute |
Click on Transaction Button on top if you wish to have Transaction.
or
Transactions | Executable for User | Provide Userid | Click on Execute.
Hope it helps.
Cheers
Deepanshu -
Authorization check based on item category on sales order (VA01 or VA02)
I want to be able to restrict authorization of users based on item category. We only want certain users to be able to select a certain item category. I know I'm going to have to check one of the userexits in MV45AFZZ. The issue I'm having is the authorization object .
The item category is field VBAP-PSTYV.
What we are going is having a item category for emergency orders. But this requires more manual steps to associate with the original order. We already have the emergency item categories defined and working (no credit check etc) so there's no reason not to have them added to the original order. The issue is its use has to be restricted so when the user selects an alternative item category it checks whether they have the authority.
Any help would be appreciatedHi,
You can achieve this through authorization objects.
Transaction
SU20 - Authorization Fields
SU21 - Authorization Objects
Create the field PSTYV in the Authorization Fields.
Then Create the authorization object and include this field along with the standard field ACTVT (which determines what activities can be performed by a certain user i.e. Create, Change or Display) & user-name
In your your-exit, you can either use the ABAP command AUTHORITY-CHECK or the function-module AUTHORITY_CHECK and pass the values for these fields. The system can perform the test based on this values & based on the sy-subrc value you can restrict the users that are not having the authorization to select item-categories for emergency orders.
Following link should help you:
[SAP Authorization Concept|http://help.sap.com/saphelp_wp/helpdata/en/52/671285439b11d1896f0000e8322d00/content.htm]
Hope that helps you.
Regards,
Saurabh -
Restrict the user based on document type on migo transaction-prepare GRN
Hi,
We are running ECC6.0 R/3 system.We had a requirement as follows
In MIGO transaction , we want to restrict the user on document type i.e. we want that a particular user can prepare GRN for document type STO only. He cannot prepare GRN for other document type.
We checked SU24->maintain check indicators for transaction codes->enter migo->execute->check indicator.This returned us the authorisation objects present in Migo transaction.We checked the help of all these objects,but none of them we found suitable for above mentioned requirement.We were planning to find out the proper authorisation object to add to Profile generater.
The following is the objects which we have checked for.
A_B_ANLKL--> Asset Postings: Company Code/Asset Class
A_B_BWART--> Asset Postings: Asset Class/Transaction Type
B_USERSTAT--> Status Management: Set/Delete User Status
B_USERST_T--> Status Management: Set/Delete User Status using Process
C_AFKO_AWK--> CIM: Plant for order type of order
C_CACL_DSG--> Interface Design
C_DRAW_BGR--> Authorization for authorization groups
C_DRAW_DOK--> Authorization for document access
C_DRAW_TCD--> Authorization for document activities
C_DRAW_TCS--> Status-Dependent Authorizations for Documents
C_KLAH_BKP--> Authorization for Class Maintenance
C_STUE_BER--> CS BOM Authorizations
C_STUE_WRK--> CS BOM Plant (Plant Assignments)
C_TCLA_BKA--> Authorization for Class Types
C_TCLS_BER--> Authorization for Org. Areas in Classification System
C_TCLS_MNT--> Authorization for Characteristics of Org. Area
F_BKPF_BUK--> Accounting Document: Authorization for Company Codes
F_BKPF_BUP--> Accounting Document: Authorization for Posting Periods
F_BKPF_KOA--> Accounting Document: Authorization for Account Types
F_FICA_FOG--> Funds Management: authorization group of fund
F_FICA_FSG--> Funds Management: authorization group for the funds center
F_FICB_FKR--> Cash Budget Management/Funds Management FM Area
F_KNA1_APP--> Customer: Application Authorization
F_LFA1_APP--> Vendor: Application Authorization
F_SKA1_BUK--> G/L Account: Authorization for Company Codes
G_GLTP --> Spec. Purpose Ledger Database (Ledger, Record Type,
Version)
J_1IDEP_SL--> Authorization object for depot sale transaction
J_1IEXC_OT--> Authorization object for Other Excise Invoice Create
J_1IEX_PST--> Autorization object for posting Other Excise invoice
J_1IGRPT1--> Auth. for PART1 at GR
J_1IINEX --> Incoming Excise Invoice
J_1IRG23D--> Authorisation object for Depo Transactions
K_CCA--> CO-CCA: Gen. Authorization Object for Cost Center
Accounting
K_CSKS --> CO-CCA: Cost Center Master
K_CSKS_SET--> CO-CCA: Cost Center Groups
K_PCA--> EC-PCA: Responsibility Area, Profit Center
L_TCODE--> Transaction Codes in the Warehouse Management System
M_ANFR_BSA--> Document Type in RFQ
M_ANFR_EKG--> Purchasing Group in RFQ
M_ANFR_EKO--> Purchasing Organization in RFQ
M_ANFR_WRK--> Plant in RFQ
M_BEST_BSA--> Document Type in Purchase Order
M_BEST_EKG--> Purchasing Group in Purchase Order
M_BEST_EKO--> Purchasing Organization in Purchase Order
M_BEST_WRK--> Plant in Purchase Order
M_MATE_CHG--> Material Master: Batches/Trading Units
M_MATE_STA--> Material Master: Maintenance Statuses
M_MATE_WRK--> Material Master: Plants
M_MRES_BWA--> Reservations: Movement Type
M_MRES_WWA--> Reservations: Plant
M_MSEG_BMB -->Material Documents: Movement Type
M_MSEG_BWA--> Goods Movements: Movement Type
M_MSEG_BWE--> Goods Receipt for Purchase Order: Movement Type
M_MSEG_BWF--> Goods Receipt for Production Order: Movement Type
M_MSEG_LGO--> Goods Movements: Storage Location
M_MSEG_WMB--> Material Documents: Plant
M_MSEG_WWA--> Goods Movements: Plant
M_MSEG_WWE--> Goods Receipt for Purchase Order: Plant
M_MSEG_WWF--> Goods Receipt for Production Order: Plant
M_RAHM_BSA--> Document Type in Outline Agreement
M_RAHM_EKG--> Purchasing Group in Outline Agreement
M_RAHM_EKO--> Purchasing Organization in Outline Agreement
M_RAHM_WRK--> Plant in Outline Agreement
Q_TCODE QM --> Transaction Authorization
S_ADMI_FCD--> System Authorizations
S_ALV_LAYO--> ALV Standard Layout
S_BDS_DS--> BC-SRV-KPR-BDS: Authorizations for Document Set
S_BTCH_ADM--> Background Processing: Background Administrator
S_BTCH_JOB--> Background Processing: Operations on Background Jobs
S_CTS_ADMI--> Administration Functions in Change and Transport System
S_DATASET--> Authorization for file access
S_DEVELOP--> ABAP Workbench
S_DOKU_AUT--> SE61 Documentation Maintenance Authorization
S_GUI--> Authorization for GUI activities
S_OC_DOC--> SAPoffice: Authorization for an Activity with Documents
S_OC_ROLE--> SAPoffice: Office User Attribute
S_OC_SEND--> Authorization Object for Sending
S_PACKSTRU--> Internal SAP Use: Package Structure
S_PRO_AUTH--> IMG: New authorizations for projects
S_RFC--> Authorization Check for RFC Access
S_SCD0 --> Change documents
S_SPO_DEV--> Spool: Device authorizations
S_TABU_DIS--> Table Maintenance (via standard tools such as SM30)
S_TCODE --> Transaction Code Check at Transaction Start
S_TRANSLAT--> Translation environment authorization object
S_TRANSPRT--> Transport Organizer
S_WFAR_OBJ--> ArchiveLink: Authorizations for access to documents
V_LIKP_VST-->Delivery: Authorization for Shipping Points
V_VBAK_AAT-->Sales Document: Authorization for Sales Document Types
V_VBAK_VKO-->Sales Document: Authorization for Sales AreasHave you executed a trace while a functional user executes the transaction code for the specific parameters? (i.e. document type). The trace will then show which objects are being checked; then look at the object documentation in txn Su21 to determine if there are any ways to restrict on the particular value; in some cases, if the authorization group field is being checked, additional configuration is needed in order to implement the security (Su21 will explain in detail for the particular object).
Maybe you are looking for
-
Reading Each String From a text File
Hello everyone..., I've a doubt in File...cos am not aware of File.....Could anyone plz tell me how do i read each String from a text file and store those Strings in each File...For example if a file contains "Java Tchnology forums, File handling in
-
As the question / statement says, When in Firefox, once I've started my webmail application through Go Daddy, I can compose an entire email filling out all the required info. But, when I put the mouse over the 'Subject Line' and click, no cursor appe
-
How to send group emails from ipad
How to send group emails from ipad
-
Iphoto crashes with pictures taken iphone 3gs
places remains working until it locks, his only happens with the photos taken on my iphone 3gs, active when this function "search places" o "search locations" excuse my English, I'm from Colombia, I hope you can help me, I'm desperate thanks Message
-
Can CUCM 8.5 version be installed on a DL 380 G5 server in Virtual environment (Vmware Esxi 4.0 or 4.1)? Or does it have to be only installed in UCS boxes for VMware? 1. If the installation is possible for the Vmware instance on a DL 380 G5/G6 server