Upload of an authorization group at caracteritic level

Similar Messages

• Which table could i find 'Authorization Group'  used for Material master?

  Hi experts,
  Is there any table available could i find all 'Authorization Group' list as used by material master data.
  OR in SPRO, anywhere could i find 'Define authorization group' for material master data specific??
  Thanks.

  Hi
  Authorization group in the material master are maintained at the material type level.
  SPRO->IMG-> Logistics - General-> Material Master-> Basic Settings-> Material Types-> Define Attributes of Material Types
  List of authorization roups can be found in table T134-Material Types
  this filed is a free defined 4 charcter field.
  Thanks & Regards
  Kishore

• Document upload with new authorization type

  Dear All,
  A document "x" has been loaded in the system with the authorization group "MEIN" . Now the same document is to be loaded in the system with another new authorization type "SWE".While doing so, the version is being taken as "Version 2" .Wheareas there is no revision in the document, and the document is the same as the initial one "x".
  Can anyone guide me as to how to have the same description of the same document and yet, upload it with a new authorization group without the version climbing +1?
  Regards,
  Aditya

  Ok,
  problem solved...
  Thanks anyway!!!

• Authorization Group in se38

  Hi everybody,
  what is the use of Authorization group in se38 attribute? can we create and assign our own one?
  The actual scenerio which i am facing here is My report should not be viewed by some grop of  users. My friend is saying i can do that through the above said one. But i know i can do that using AUTHORITY-CHEK.  What i am asking here is can i accomplish this task by the above said attributes.
  Points will be awarded.
  Thanx in advance.
  Gladiator

  Hi,
  Authorization Checks
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  ·Starting SAP transactions (authorization object S_TCODE)
  Starting reports (authorization object S_PROGRAM)
  Calling RFC function modules (authorization object S_RFC)
  Table maintenance with generic tools (S_TABU_DIS)
  Checking at Program Level with AUTHORITY-CHECK
  Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
  AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
  The access protection system must ensure that only authorized individuals have access to the system and to particular data. For achieving precise application security concerning authorization and to protect confidential data against unauthorized access it is very important to focus on the use of authorization groups.
  The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. They usually occur in authorization objects together with an activity.
  The table that contains all authorization objects is TOBJ.
  The table that contains all activities is TACT.
  The table that contains definition of all authorization groups is TBRG.
  TBRG -- Contains all authorization groups and gives information about relation between authorization object and authorization group. The description of the authorization groups is defined in table TBRGT.
  The field name for authorization group -- BRGRU -- is used to make additional restrictions on authorizations /e.g. for document maintenance/. In authorization objects and authorization checks, there are fields which are checked to verify user authorizations. Customizing objects are combined in authorization groups, and the authorization group is one of the two authorization fields, for example, in authorization object S_TABU_DIS which is in the object class BC_A (Basis - Administration). This object is for displaying or maintaining tables. It controls access using the standard table maintenance tool (transaction SM31), enhanced table maintenance (SM30) or the Data Browser (SE16), including access in Customizing.
  Authorization object S_TABU_DIS has the following fields: DICBERCLS - Authorization group, maximum field length is four characters; and ACTVT - Activity (02: Add, change or delete table entries, 03: Only display table contents).
  Generally, SAP standard tables are assigned to authorization groups. These assignments can be changed. You can then assign tables manually to a suitable authorization group. To do this, start Transaction SM30 for maintenance view V_DDAT, and create an entry for each of these tables. In V_DDAT is stored the assignment of Tables/Views to Authorization Groups. V_DDAT is cross-client; therefore, it can be viewed and used in all clients.
  Note: If you don't make a selection, all tables maintained in Customizing transactions are assigned to authorization groups.
  Reward If Helpfull,
  Naresh.

• Authorization Group in T-Code: OB52

  Hi,
  I need to maintain 2 Auth. Group in T-Code: OB52, my requirment is below:
  for some users (nearly 25) needs to post the transaction in June Month and for some users (nearly 10)should have to post for selected GL in the month of June.
  So we decide to create two roles and assign the Auth Group in F_BKPF_BUP Auth. group. But i need to know whether the system will allow to assign two Auth. Group for one Company code (ie., 2 Auth. Group and all common users)
  Please revert ASAP.
  Regards
  JS

  The help on AuGr field in OB52 is good.  Here it is
  Authorization Group
  The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. The authorization groups usually occur in authorization objects together with an activity.
  Use
  A posting period can be made available to only a limited set of users using the authorization group.
  Procedure
  If only a limited set of users is to be able to post in a particular posting period, proceed as follows:
  Add the posting period authorization (authorization object F_BKPF_BUP) to the authorizations of the selected users. Assign an authorization group (e.g. '0001').
  Enter the account type '+' for the posting period variant to which the restriction is to apply. Enter the period(s) whose use is to be restricted in the first period, those which are available to all users in the second period, and the authorization group (e.g. '0001') in the last column.
  Examples
  A posting period can be successively restricted. If, e.g. 10 users have the posting period authorization with authorization group '0001', and 3 of these 10 users also with authorization group '0002'.
  If the period is only to be accessible to the 10 selected users the authorization group '0001' is entered in the posting period variant. Access can later be restricted to the remaining 3 users by entering '0002'.
  I guess your requirement can very well be met, as explained in the example above.  Also implement the following SAP Note to be able to assign the authorization group at document header level (account type '+') and at line item level in Transaction OB52.
  https://service.sap.com/sap/support/notes/891505
  Srikanth
  PS: I have seen in a reply above that AuGr controls only special periods, which is not a correct statement.  AuGr controls postings in the period specified in From per.1/Year To period/Year in OB52.

• How work Authorization Group in cv02n ?

  Dear Gurus
  i would like to know how i can use the Authorization Group in cv02n?
  Is possible use this objcet in order to enable the some user to change document data ?
  Thanks a lot
  Daniele

  You can use the Authorization Group to control the authorization at DIR level,
  Person authorize for a one Authorization Group will be not able to access the DIR of other Authorization Group.

• Limit Security by Excluding Authorization Groups for S_TABU_DIS

  Is it possible to assign security for object S_TABU_DIS by excluding authorization groups in lieu of including all authorization groups for which security is to be assigned.
  Thanks,
  Barbara

  Yes, some fields have cross-object relationships. For org. levels it is much the same.
  There are limits to these fields - you can over-ride them or bypass the checks, but it is no guarantee that it will work.
  There are many "tools" ouside of PFCG which do this... without respecting the limits.
  Do not be surprised if it does not work, or you have perforamce problems, or strange user experiences....
  Cheers,
  Julius
  Edited by: Julius Bussche on Oct 5, 2009 10:53 PM

• Authorization in Business Agreement Level CRM

  Hi experts
                  I have given authorization on business partner level by using authorization groups.I need to give authorization at business agreement level also.In ISU in FKKVKP table there is one field authorization group but in CRM i am not finding any table or config so that in UI authorization can be given in business agreement.Please guide me how to do that.
  Thanks a lot in advance

  Please reply..

• Basic steps in creating an authorization group/role?

  Hi,
  What are the basic steps followed in creating an authorization group and role?

  HI,
  http://help.sap.com/saphelp_wp/helpdata/en/52/6714b6439b11d1896f0000e8322d00/frameset.htm
  Steps,
  Go to PFCG
  Enter role name say ZSALES ORDER PROCESSING and click on single role
  Enter discription and save
  Then click on MENU tab,then click on transaction and maintain t-codes like VA01,VA02,VA03 and click on assign transactions and save
  Then click on AUTHORIZATION tab and click to Change autorization data,then it will ask for orgz. level maintain orgz.data or click on FULL Authorization
  Then you can able to see modules from where the the transaction code belongs(SD)
  Expand it to lower level node and maintain autorization for Perticular sales document, sales area
  Then save and click on GENEREATE ICON (Shift+F5)
  Now go to tab USER and assign users
  Click on user comparision >> Complete comparision
  Now when the assigned user log in syatem system will display this role for user and he/she may authorization for perticular sales document and sales area depending uppon your authorization provided in this role.
  You can see existing roles and copy from existing one
  kapil

• Assign posting periods to authorization group in tcode S_ARL_87003642

  Hello,
  I want to restrict posting periods for some users. Therefore, I have created 2 functions associated to 2 authorization groups.
  In transaction S_ARL_87003642, when I try to assign different posting periods to each authorization group to the same company code (Posting Period Variant) it appears a message saying u2018Target key must be different from source keyu2019.
  What am I doing wrong? Do you know how can I restrict posting periods for some users?
  Thanks and regards
  Ana Rita

  Dear,
  You simply have to define authorisation groups in OB52 and assign this group to F_bkpf_bup in SU01 against user proflie as desired. Take basis help.
  Regards

• Authorization Group for G/L Account

  Hi,
  What?
  - I wish to restrict the 'posting' of a G/L account to be done by certain users only
  How?
  - What I have done was...
  a) From FS00, I have added a free-text (BANK) into the Authorization Group for a G/L account
  b) From PFCG, a new role was created to allow these 2 Authorization Objects, F_BKPF_BES and F_SKA1_BES
  c) 'BANK' was entered for the Authorization Group for both these 2 Authorization Objects
  d) From there, I have assigned this new role to the user that I wish to allow Posting of the G/L account
  Problem?
  - Other users still can do Posting for this G/L account
  - Any steps which I have missed out here or done wrongly?
  Thanks,
  Brandon

  Hi,
  Some other roles of the users may override and cause the users to post against this GL account.
  Check all the roles relevant for the restricted users. 
  Use SUIM t-code to find if the auth object mentioned above is included in any other role.
  If it be, restrict that again.
  Generally if one role as no restriction against this auth and not all, this issue tends to happen.
  Regards,
  Sridevi

• Restrict Vendor line items display by Vendor authorization group

  Hi Gurus,
  I have a requirement to restrict Vendor line item diplay for Tcode FBL1N, I have updated the Authorization object F_LFA1_BEK, its work fine if all the vendors have authorization, However it also display vendors whose auth. group is "BLANK" or "SAPCE",
  Is there a way that I can slove this issue, is there any SAP notes of other object which needs to be updated ?

  Hi,
  this problem has been discussed on this forum last week. Basically, SAP does not perform authorization check if the authorization group is blank. Hence you need to assign authorization object to all vendors.
  Cheers

• Authorization group in GL A/C

  Hi,
      I have a role that has the authorization group in the authorization objects  F_BKPF_BES , F_SKA1_BES  updated only with 'AUTH' but the same role is also able to access GL accounts with authorization group 'REST'.
     I want to restrict the role to access GL Accounts only with authorization group 'AUTH'.
  How to do it.Kindly advise.
  Thanks.

  GL account Authorization
  Re: How to create authorization groups for G/L Accounting
  Thanks
  Javed

• Authorization group in GL A/C using FB01

  HI, We have  activated the authorization Group in GL A/c. Using the authorization object F_BKPF_BES we were able to create restrictions on other tcodes like F-28 . However when using the u201CFB01u201D tcode, the authorization check does not have any effect. I have already check the authorization in SU24 for fb01 and status is set to YES. I have also created a trace(using ST01) for this transaction but ST01 does not show any authorization trace for F_BKPF_BES.

  Hello,
  Authorization object：F_BKPF_BES should be checked when you run FB01.
  In your case,please try to check the following points:
  1.Authrization group was assigend to G/.L master data correctly.
  2.Authrization group  was assigend to object：F_BKPF_BES correctly.
  3.Avtivity was defined in this object correctly.
  4.Role was assgined to user correctly.
  5.SAP_ALL authorization was deleted from the user profile.
  Note: it is impossible to define the authorization group as '  '(space) in object：F_BKPF_BES,
  if '  ' was defined, system will consider there are no any setting existed.
  Hope the above infor. could help you to solve this issue.
  Best Regards,

• Creation of Authorization group

  Hello All,
  I have a requirement from FI consultant for creation of new authorization group. This auth. group we want to use in FI objects like F_BKPF_BEK. so that for few end users they should not change any vendor data in FK02.
  I have gone through several posts, but not able to get / understand clear steps for creation of auth group and assignment.
  One of the post i found is below:
  [How to create Authorization group;
  i tried to do few steps but not in right direction. Request you some one please suggest me the steps for cration.
  Rgds,
  Durga.

  Julius,
  Thanks for the update. As suggested by you i have inserted one entry of auth group in TBRG table against FI object with SE16.
  Now how do we maintain the view of V_TBRG. Is it from SE11?, if yes then i should do this step from ABAP login.
  But what i heard is, this activity is purely involved by Basis people.
  Please suggest.
  Rgds,
  Durga.