Two authorizations objects with OR function instead of AND

Similar Messages

• Authorization objects for  transaction, one to view, and one to maintain

  Hi all,
  My requrement is to create two authorization objects for  transaction, one to view, and one to maintain.
  I know how to create objetcs vai sm21, but i donot know how to crate objects with activity codes.
  Please suggest how to create object where i can asign activity codes.
  regards
  manish

  The Authorization Concept
  R/3 uses authorization objects to assign authorizations to users. An authorization object is a template for an authorization. For example, authorization object F_SKA1_BUK - G/L Account: Authorization for company codes requires the specification of two field values: Company Code and Activity. To allow a General Ledger supervisor to create a general ledger master record, he/she must be assigned an authorization to create (Activity 1) accounts for a specific company code (eg. Company Code 2000). Such an authorization is created using the object F_SKA1_BUK by assigning these field values and naming the authorization following an appropriate convention (eg. Z_SCC20001).
  Authorizations may be classified as general authorizations, organizational authorizations or functional authorizations. General authorizations specify the functions a user may perform. Authorization object F_SKA1_BUK has been assigned to the function for creating general ledger master records. The system checks for the useru2019s authorization to create general ledger accounts (Activity 1) in at least one company code. The system then checks whether the user is permitted to create accounts for the specified organizational unit (company code) and has the required functional authorizations. Authorizations in this case may restrict the user to certain Charts of Accounts. In addition, an authorization group may be defined in certain authorization objects to protect individual master records.
  Profiles relating to an organizational role (eg. General Ledger Supervisor) are defined consisting of a list of authorizations and other profiles. Such profiles are then assigned to users with that role and stored in their user master record along with other data (eg. password).
  Do check this link as well.
  http://articles.techrepublic.com.com/5100-10878_11-5110893.html

• Authorization object with no authorization field

  Hi Experts,
  I have created authorization object with no field checking.
  This is possible? Because i want to create this auth object for conversion only, and its not needed field checking.
  Please advice.

  Hi
  See this and do accordingly
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  Regards
  Anji

• HT5622 I have two iPhones synced with the same Apple ID and so the contacts are being shared in both of them. Is there any way to revert this?? The reason is that if I delete some contact from one device then it automatically erases from the second one as

  I have two iPhones synced with the same Apple ID and so the contacts are being shared in both of them. Is there any way to revert this?? The reason is that if I delete some contact from one device then it automatically erases from the second one as well

  Yes, you stop using the same Apple ID under Settings > iCloud.

• Authorization Object for Update Function Module

  Hi
  I have a Update Function Module and that FM should be executed based on the Authorization Object .
  I had created a Auth Object with Proper roled assigned to user and i also  did the following
  AUTHORITY-CHECK OBJECT <Obj Name>
             ID 'ACTVT' FIELD '38'.
  If Sy-subrc EQ 0.
  <Process the following>
  End IF.
  But the Auth Object is not working correctly like in the ebugging eventhough my role is not assigned to this Auth Object
  it is giving me sy-subrc as 0 (but in my case it must be not be zero.)
  Is it anything like Auth Object wont work on Update function Module or else is there any different approach we need to follow
  to acheive the functionality .
  Kindly share the inputs
  K.Nadesh Kumar

  Hi
  The issue is resolved
  K.Nadesh Kumar

• Authorization issue with upload functionality

  Hi,
  I have issue with authorization with upload functionality.
  we have country as authorization relavant field. if we are giving some country authorization to user it is giving authorization error at upload functionality.
  But if we give all country authorization than it is working fine.
  Could you guide me how to avoid this situation. We can not give all country authorization to all the users.
  Thanks,
  Naman Shah

  Hi Naman,
  For SAP BPS
  Here while defining a variable you can set the user authorization and can determine which all records can be seen by the user.
  For eg. Create a variable for country with replacement type User-specific values. Here you can assign values to a particular user id.
  Please check for more details:
  http://help.sap.com/saphelp_nw70/helpdata/EN/43/548bafbc0f357ee10000000a11466f/frameset.htm
  For SAP IP
  Please Check: User Authorization in SAP IP
  Regards, Rishi
  Edited by: Rishikesh Sinha on May 6, 2009 8:01 AM

• List of Authorization Object with Transaction Code

  Dear All ,
      Does SAP provide  any report to list all the Authorization Object ? and which object is belong to which transaction code ?
  Thanks .

  hi olrang ,
  STEP BY STEP TO CREATE AUTHORIZATION OBJECT:
  STEP1:  goto  SU21 transaction and create a new Authorization Object
  Object Name:  Z.....
  Text:  ...........
  ClassL  SD (YOUR MODULE)
  AUTHOR:  YOUR ID
  STEP2:  Give authorizatin fields as
  ACTION - Action of the Authorization
  Activity -  Document Destribution.
  STEP3:  Basis will create a role using transaction  PFCG and assign this authorization object to that role.
  STEP4:  Call the AUTHORITY-CHECK Object in your code.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  IF sy-subrc 0.
  MESSAGE e000(zzpp) WITH 'No Authorization'.
  ENDIF.
  and it belongs to  SU24 transaction code
  Saurabh Goel

• Two View objects with one Entity object

  Hi
  I have such a requirement that, I need to take some mandatory attributes of one table in one page and the remaining in following page. After clicking Submit in the second page, i need to insert data in to the table.
  How to proceed with this ? When i click on next button of first page it is validating for all mandatory fields.
  Regds,

  Use custom DataAction for the first page:
  package controller;
  import oracle.adf.controller.struts.actions.DataAction;
  import oracle.adf.controller.struts.actions.DataActionContext;
  public class Class1 extends DataAction
    protected void validateModelUpdates(DataActionContext actionContext)
       //super.validateModelUpdates(actionContext);
        // put you custom validation here
  }http://www.oracle.com/technology/products/jdev/collateral/papers/10g/ADFBindingPrimer/index.html#usingdataaction
  Message was edited by:
  Sasha
  Message was edited by:
  Sasha

• Two url's with GO function

  We have one dashboard ('unit zuiveren') with 2 tabs in it ('algemeen' and 'rwzi'). I want to have one url which opens the dashboard in the first tab (algemeen') and a other url which opens directly the second tab. ('rwzi'). When I read the documentation about GO URL I only can find information to skip directly to the individalyy request but not the a tab of the dashboard.
  Thanks in advanced.
  URL we are using to open the dashboard:
  http://server36/analytics/saw.dll?Dashboard&_scid=KH-V7VgssC8?Go&NQUser=zvb&NQPassword=

  Hi,
  You have to add the PortalPath and Page parameter.
  So it should be similar to this (assuming that the dashboard Unit Zuiveren is stored in the shared folder of the demo Paint environment):
  http://server36/analytics/saw.dll?Dashboard&PortalPath=/shared/Paint+Demo/_portal/unit+zuiveren&Page=rwzi
  Of course you also have to add NQUser and NQPassword if you are calling it from outside OBI.
  Regards

• T codes with similar functions in AP and AR process

  Hi,
  I need  list of T codes which has similar functions in entire AP and AR process.
  Thanks
  SM

  Hi,
    From the menu  Extras > Settings >   Tick "Show Technical Names".
  The look through the standard menu for AP & AR . Items with similar descriptions = Similar T-Code.
  regards

• Issue with Anlytical Functions,Ref Cusor and Bulk Collect

  Hi All
  pls go through the following code
  declare
  type salt is table of emp.sal%type index by binary_integer;
  st salt;
  type refc is ref cursor;
  rc refc;
  begin
  open rc for 'select max(sal) over (Partition by deptno) as Sal from emp';
  fetch rc bulk collect into st;
  close rc;
  for i in st.first..st.last loop
  dbms_output.put_LINE(st(i));
  end loop;
  end;
  When execute above code following error come :
  declare
  ERROR at line 1:
  ORA-01001: invalid cursor
  ORA-06512: at line 8
  since Anlytical functions are not supported at pl/sql,i used the ref cursor,but these record are not allowed to collect in pl/sql table.
  pls can one send a work around.
  to insert recs into pl/sql table from anlytical function.
  Thanks for Reading the Request
  Raj Ganga
  mail : [email protected]

  Just ran it exactly as it is. It works.
  I am on 9i which version are you using..
  SQL> declare
  2 type salt is table of emp.sal%type index by binary_integer;
  3 st salt;
  4 type refc is ref cursor;
  5 rc refc;
  6 begin
  7 open rc for 'select max(sal) over (Partition by deptno) as Sal from emp';
  8 fetch rc bulk collect into st;
  9 close rc;
  10 for i in st.first..st.last loop
  11 dbms_output.put_LINE(st(i));
  12 end loop;
  13 end;
  14 /
  PL/SQL procedure successfully completed.
  SQL> set serveroutput on
  SQL> /
  5000
  5000
  5000
  3000
  3000
  3000
  3000
  3000
  2850
  2850
  2850
  2850
  2850
  2850
  PL/SQL procedure successfully completed.

• Authorization object for requirement tracking number

  I want authorization object for requirement tracking number in PR ME51N.
  I have to make control over User against requirement tracking number that particular user can use this tracking number only while using ME51N.

  Check the t code su21 whether your requirement is fullfill or  not.
  If not make a authorization object with the help of abaper and assign this object to the particular user in their profile.
  Hope this is help.

• Adding authorization object for "Function Group"s ?

  Is it possible to add any authorization object for any function group ?
  We have an issue i.e. whenever user "XYZ" is getting some Windows Excel related error whenever trying call an excel report from BW server. System log related to "XYZ" user shows that -> User "XYZ" has no RFC authorization for the function group "ABCD". The RFC authorization object is S_RFC.
  Function Group you can check through SE37->GoTO->Display Function Group
  Now is it possible to add authorization for any "Function Group" ?

  You give authorisation for all function groups by giving auth object S_RFC a * value in field RFC_NAME
  However I do not recommend this as giving wide access to RFC's can bypass a lot of the security you have implemented for the users.
  In this case, add only the function group that the user requires in this instance into S_RFC

• Program with authorization object

  Hi Experts,
  I have an issue regarding rules and authorization.
  I have created a program with 2 radio buttons transfer and backload. The requirement in authorization is not all users can access both; some can only access transfer and some can access backload only. (r_trans,r_back)
  The basis told me that they need an authorization object in order for them to block/separate the transaction for transfer and backload.
  Is there a way for me to modify the program and put an authorization object with my radio button? or is it possible to do this with the current program?
  Thanks!

  Hi,
  Thanks for the reply,
  Our basis is using PFCG for roles and authorization , how can they check if my authorization object was created using that code?
  Here is my code: Im getting sy-subrc = 12.
  IF r_trans EQ 'X'.
     AUTHORITY-CHECK OBJECT 'ZACTIVITY'
                  ID 'ACTVT' FIELD '01'.
     IF sy-subrc NE '0'.
       MESSAGE 'User not authorized' TYPE 'S'.
       LEAVE LIST-PROCESSING.
     ELSE.
       MESSAGE 'User is authorized' TYPE 'S'.
       LEAVE LIST-PROCESSING.
     ENDIF.
  ELSEIF r_back EQ 'X'.
     AUTHORITY-CHECK OBJECT 'ZACTIVITY'
                  ID 'ACTVT' FIELD '02'.
     IF sy-subrc NE '0'.
       MESSAGE 'User not authorized' TYPE 'S'.
     ELSE.
       MESSAGE 'User is authorized' TYPE 'S'.
     ENDIF.
  ENDIF.

• Authorization objects to function module

  Hi Experts
            I want to set the authorization object to the particulare function module.
            How can we set the authorization objects to the function modules, plese explain me briefly.
  regards
  rajaram

  Hi,
  Goto
  s_tcode,s_program,s_rfc,s_tabu_dis these are authorization objects that SAP provides..
  also go through thsi following link..
  http://help.sap.com/saphelp_nw04/helpdata/en/4f/b541d812aea34695d54758cec0796f/content.htm
  Regards
  Kiran