$USER in authorization

Similar Messages

• Report to view user nm, authorization objects, activity, transaction code.

  Hi All,
  I want to view a user-wise report that displays the transaction code, authorization objects and activities for which the user has authorization.
  Is there any standard report to view all this at a glance?
  Can anybody help me on this?
  Thanks.

  u can try SUIM tcode
  its really helps u
  regards,
  Abhilash

• How to know that User having Authorizations to which Tcodes?

  Hi,
  This is regarding Security.
  How can I Find that an User  having  the authorization to which  transations?
  SUIM will show me the all transation where the user having  authorizations.
  But my requirment is, say  i will enter 10 T-Codes, then the program should check these T-Codes  against with SUIM and show me the  result  of these 10 T-Codes which the user having the permission.
  Is there any standard program to do this? or I need to write a custom program?
  Points will be awarded for solution.
  Thanks All
  Siva

  I dont think there is any way through which you can give a list of t-codes and the system will come up with whether the user has authorization to exexute some or all of them or not.
  The best way as per me is to goto suim-> transactions->executable for users.
  Give the user name and download the list of transactions in an excel file . And finally apply v-lookup with your list of tcodes.

• Check user role/authorization during Web report run-time?

  Hello again,
  I ran into a problem. I need to check <b>user's authorization during webtemplate execution (run-time)</b>. I want to have a possibility to allow in one web template extra functionality (through template menu) to key users. Normal users, who are running same report, should not have this extra menu visible.
  Is it possible to check user authorizations or roles during web-template run-time?
  Thank you!
  Vitaliy

  Hi Harinam,
  From my logic your are right.
  The restriction is in two new roles (Requestor and Approver role).
  But ->
  If I assign my approver role the selection possiblities of the request types during the AR creation is restricted and the AR search function does not work.
  If I assign my requestor role the restriction of the request type is not there, but the AR search function works again. :-(
  If I assign the original approver role of sap I have the same behavoiur for the AR search.
  Both new roles are a 1:1 copy of the SAP standard roles - > Exception, ristriction on request type 'Execption Approval' is not displ.
  I have execute ST01 now. If I try to open the log, the system syst "No records that correspond to these search criteria".
  But I have found something else.
  The problem appears only if I search for Process ID "Access Request Approval Workflow".
  If I select other Process ID such as "Control Assignment Approval Workflow" or "Fire Fighter Log Report Review Workflow", everything works fine.
  Very strange!
  BR
  Melanie

• User based authorization to create Purchase Orders out of Purchase Req.?

  Hello,
  I have the following requiment for my client:
  User based authorization to create Purchase Orders out of Purchase Req.?
  I am told the same can be achieved using same standard menu path in IMG/Customizing.
  Please advise with the menu path and detials, Usefull answers will be rewarded.
  Thanks

  Using OMET Function Authorization, you can restrict users to create Purchase orders without Purchase Reqn.
  Using OMET trxn code Create one Function Authorixation Called pr and in General Parameters tab Select the Field Selection and in Possible reference Objects Tab Mark the With ref to Prs check box and save.
  Next, you've got to associate via SU01 
  Click Parameters, insert a new parameter id EFB to the authorization code. 
  Type in Parameters value you want e.g. XX 
  You have to assign the control for ALL the SAP buyers via thier SAP users id.
  Logoff and login again. Then try to create a Purchase Order without a reference.
  From Next time whenever you try to create with out referring PR it will not allow you to Save PO.
  Regards,
  Ashok

• BI Bex Query prompt based on User's Authorization....

  Hi
  In BI, I created 1 BEx Query based on Authorization. If a user runs the query, it prompts for 'Customer Name' to get data of particular customer. And Customer values are populated in the prompt based on User's Authorization.
  For example:
  User1 is authorized to see data of Customer1 & Customer2. So, Query prompt will show 2 values: 'Customer1' & 'Customer2'.
  But User2 is authorized to see data of Customer1, so Query prompt will show 'Customer1' only.
  I created 2 variables on Customer field:
  1) Authorization Variable in Filter Section
  2) Manual, Single Entry, Mandatory on Default Value section.
  My Requirement:
  If user is authorized to link with only 1 Customer, he should not get prompt & on the background prompt value should be populated from his authorization value. But if user is authorized to see multi-customers, then prompt should appear.
  If possible pls. provide some suggestions....
  Thanks...

  Yes, this can be done.
  but there is little work around.. Using guided navigations
  1. Create a report with column fx as case when 1=0 then markets.region else user() end
  2. apply filter on this column is equal to User_1
  3. Create another report with column fx as case when 1=0 then markets.region else user() end
  4. apply filter on this column is equal to User_2
  5. Now add all your prompts to dashboard, but each prompt should in each section object of dashboard.
  6. For first section click on section properties, go to Guided Navigation...
  7. Browse Source Request as first report.. and keep If request returns rows selected.
  8. Repeat above step for another section.. but this time browse 2nd report.
  9. Just save dashboard.
  Check now..
  Hope you understood..
  Regards
  Kishore Guggilla
  Edited by: Kishore Guggilla on Feb 18, 2009 12:57 PM

• Broadcast based on user's authorization

  Hi
  I have to broadcast the reports based on the user authorization. What are the possible ways of achieving this?
  1. Is it possible to execute the report only once and send the reports to different users based on thier authorization?
  2. For example, there are four sales organization and i want to send reports to users with only the sales org data he/she authorized to see. For this, do we have to create four user roles restricting it to the sales org? if any other way, please suggest.
  3. Is it possible to apply user's authorization on the file created by broadcasting? Basically i want to execute the report only once through broadcasting and apply the user's authorization and then burst the report data to the different users based on thier authorization.
  Thanks in advance.
  Regards
  Sadeesh

  Dear Sadeesh,
  We have teh similar Req in our project. We need to Broadcast BI Repotrt to Multiple User based on Their Authorization which has been maintained in BI. Do you have solution for this? Do we need to make some necesssary Settings in User Profile?
  Thanks In Adv.
  Deepika

• Regarding user administration authorization

  Hi ALL,
  i needs to give only display authorizations to the user in portal
  From the content administration>>Portal content i am able to restrict at some level for system administration and content administration
  but from content administration i am not able to restrict authorization for
  user administration
  user needs authorization for user administration
  so any one please guide me how can i give display access to users
  Thanks and Regards,
  Kishore

  Hi Kishore,
  Iam not very clear with your question but as per my understanding u want for eg in system administration only portal display to be viewed by user??and similarly in case of user administration and so on.
  In case of that you can
  Browse to Conten admin>Portal Content>content provided by sap>Admin Content>System Administration(User administration acc..)copy the syst admin role and paste it in some othe folder.Open its object and remove all other worksets not required leaving portal display.Now assign this role to particular user.....Hope it helps
  Regards
  Radhika Kuthiala
  P.S Do award points if it helps...

• Users and authorizations

  Hi All,
  I have created a report which shows users and their authorization in each object class.
  Now i want to the add the field values for each object related to the object class.
  Suppose in MM class user can only post the PO with amount between 1000 Rs to 10,000 Rs. So i can't able to find this limits table in the Data dictionary.
  Thanks in an advance and reward points to appropriate answers.
  Regards,
  Bharat Mistry.

  Hi UR,
  If you mean by "no data is populated" that the cubes are not "loaded" with data then this is ok since these InfoCubes are virtual providers (formerly called remote cubes). They access data directly on the underlying system tables.
  For more information, check out the below link on BW documentation:
  [http://help.sap.com/saphelp_nw70/helpdata/en/c0/fd8b41b5b3b45fe10000000a1550b0/frameset.htm]

• User with authorization to modify an specific field into the G/L Account

  Hi everyone,
  I´d would like to know if It´s possile GIVE AUTHORITY ONLY to some users will be able to modify the field SKB1 - ALTKT into the G/L Account Master Data through transacction FS02. In this way, only the selected users could introduce or modify information on this field.
  I´m not sure if it can be done trough a new Z object and assign the object to the transacction and also in the user profiles..or in other way...
  Thanks a lot for your help ¡

  Hello,
  I'm worried but there is no field group authorization for G/L account like customers and vendors. In customers and vendors you're grouping your changable fields and give auth for it. But in G/L master data, there is no solution like this.
  So I think you can use business transaction event for validation. You should use 00002310 BTE for this action.
  In this exit, you can validate I_SKB1-ALTKT is equal to SKB1-ALTKT for special user. You should create a user parameter like ZALKT and this 'X' value to this parameter for special user. And check user auth for parameter ZALKT = 'X' and then if it's ok compare I_SKB1 and database table SKB1 for ALTKT field. If this two value doesn't equal you can give error message while saving G/L account changes.
  Regards,
  Burak

• OIM 11g - User Management Authorization policy issues

  Hello,
  1) Created an organization -> Human Resource
  2) Created an Role -> HR_Admins
  3) Assigned HR_Admins roles as administrative role of Human Resource organization
  4) Created user1 with organization as Human Resource & Assigned HR_Admins role to this user.
  5) Created authorization policy for user management with following selections
  Permission -> Create User.
  Data Constraints -> Selected "Users that are members of selected Organizations" & selected above Human Resource organization.
  Assignment -> HR_Admins role .
  now when i log into user1 i am not able to see Administration tab where i can select Create user.
  I am working on this issue for couple of days ,but not able to find the solution & have i missed some configurations ?
  Thank-You
  Rahul Shah

  Hi Rahul,
  I have tested your scenarion.. with below clause
  1) Created an organization -> Human Resource
  2) Created an Role -> HR_Admins
  3) Assigned HR_Admins roles as administrative role of Human Resource organization
  4) Created user1 with organization as Human Resource & Assigned HR_Admins role to this user. : default role All Users
  5) Created authorization policy for user management with following selections
  Permission -> Create User. :- *"Select ALL"*
  Data Constraints -> Selected "Users that are members of selected Organizations" & selected above Human Resource organization.
  Assignment -> HR_Admins role .
  In data constraints
  Organization Security Setting     Hierarchy Aware (include all Child Organizations)
  Now I am able to see the create user tab and, I can create user in Human Resource org only.
  If it doesn't work for you. Just assign "REQUEST ADMINISTRATOR" IN AUTH POLICY. Test the result.
  Also what is your OIM version?
  Test it with fresh data like new role name, org and user,
  -kuldeep
  Edited by: Kuldeep on May 22, 2012 4:19 AM

• External Table User-ID authorization?

  Hi All,
  http://obieeblog.wordpress.com/2009/06/18/obiee-security-enforcement-%E2%80%93-external-database-table-authorization/
  In this blog, the procedure in connection pool, as data Source Name as Whatever.World, and the Shared Logon as, username. What should actually go in there, or does it really matter?
  Thank you.

  Hi ssk1974,
  What should actually go in there, or does it really matter?Yes you need to give the credentials as per your database,there in that blog he gave an example saying give out your username and password.
  In your case give your stage or development database name,user name and password your using for RPD and presentation server.
  So you can move ahead with the blog steps....Hope it helps you.
  By,
  KK

• User have authorization in Quality but not in PROD

  Dear All,
  We have a problem with a transaction code  PSV1 used for attendence maintanance and it is used by HR people of our org.
  Suddenly one day all the users were unable to change the attendence details of the users in the Production system, but they are succefully able to do in Quality. I have already checked the following to find whats the problem.
  1. I have already checked if the user ids have same authorization in both Quality and Prod in terms of roles , parameters.
  2.I already made sure that there is no SCUL error or IDOC flow from CUA to production.
  3. I checked, the roles which gives access to maintain this are same in both QUALITY and PROD sys.
  4. I looked for any change docs for the users for any changes as it stopped giving access suddenly one day that too only in PROD sys.
  5.I took trace in ST01 for the user in QUA and PROD and found that its checking for same authorization in both sys and both have same auth.
  6.Finally I approached ABAP team to Debug the program , but they came with no solution ( no prob with program).
  So can you please let me know if did I miss any thing else to check or how to resolve this issue.Users are able to do it succesfully in Q but in not in Prod :(...
  Thank you
  Jaags

  Can you explain exactly what the symptoms are and what error messages they get
  e.g. list the technical error message & the error number & describe what users can't do - like fields are greyed out etc
  Yes Actually I forgot to mention this in my Question. The Authorization error is unuusually showing in a Pop up window.
  Its Saying " You do not have authorization to do this" .Generally it should be in the bottom of screen right but it is showing in a popup window.
  And what HR associate is trying to Do is , they are going to PSV1 transaction and trying to create any new event and also maintain attendence for the event. they are not getting the change mode to update any detail.
  And regrading the Error number , there is no error number displayed ,, so I have no idea.
  Edited by: Julius Bussche on Dec 23, 2009 2:24 PM
  code tags --> quote tags, otherwise the formatting is distorted.

• User Roles & Authorization to run 'WebDynpro ABAP Application scenarios'

  Hi All,
  I am developer and my user ID is having developer roles, so when i am testing
  'WebDynpro ABAP Application scenarios' it is working fine.
  Problem is when I am executing with enduser portal WWID's (i.e. WWID's are also defined as sap
  user), 'WebDynpro ABAP Application scenarios' giving me dump in screen & in ST22.
  Pls guide me what roles or authorization we need to assign to user ID's
  who can use 'WebDynpro ABAP Application scenarios'.
  URL for Webdynpro application is like : https://xxxx.yyyy.zzzz:/sap/bc/webdynpro/sap/ZPA_EXTENSION_U?ZDATA=10028705591320090406
  ST22 Error when testing with portal WWID's
  Runtime Errors         OBJECTS_OBJREF_NOT_ASSIGNED_NO
  Exception              CX_SY_REF_IS_INITIAL
  Short text
      Access via 'NULL' object reference not possible.
  What happened?
      Error in the ABAP Application Program
      The current ABAP program "CL_WD_ADOBE_SERVICES==========CP" had to be
       terminated because it has
      come across a statement that unfortunately cannot be executed.
  Error analysis
      An exception occurred that is explained in detail below.
      The exception, which is assigned to class 'CX_SY_REF_IS_INITIAL', was not
       caught in
      procedure "PARSE_XML_SCHEMA" "(METHOD)", nor was it propagated by a RAISING
       clause.
      Since the caller of the procedure could not have anticipated that the
      exception would occur, the current program is terminated.
      The reason for the exception is:
      You attempted to use a 'NULL' object reference (points to 'nothing')
      access a component.
      An object reference must point to an object (an instance of a class)
      before it can be used to access components.
      Either the reference was never set or it was set to 'NULL' using the
      CLEAR statement.
  Explorer screen error
  Error when processing your request
  What has happened?
  The URL https://xxxx.yyyy.zzzz:/sap/bc/webdynpro/sap/ZPA_EXTENSION_U/ was
  not called due to an error.   
  Note
  The following error text was processed in the system QJ1 : Access via 'NULL' object reference not
  possible.
  The error occurred on the application server sapqj1ci_QJ1_78 and in the work process 21 .
  The termination type was: RABAX_STATE
  The ABAP call stack was:
  Method: PARSE_XML_SCHEMA of program CL_WD_ADOBE_SERVICES==========CP
  Method: GET_SCHEMA_VERSION of program CL_WD_ADOBE_SERVICES==========CP
  Method: CONSTRUCTOR of program CL_WD_ADOBE_SERVICES==========CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/LADOBE==================CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/LADOBE==================CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
  Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L7STANDARD==============CP
  Method: CONV_VIEW_INTO_VE_ADAPTER_TREE of program CL_WDR_INTERNAL_WINDOW_ADAPTERCP
  Method: SET_CONTENT_BY_WINDOW of program CL_WDR_INTERNAL_WINDOW_ADAPTERCP
  Thx

  Please refer to thread [Authorization Error|WDA adobe error] where various solution to the problem specified by you are described.
  Regards
  Rohit Chowdhary
  Edited by: Rohit Chowdhary on Apr 7, 2009 9:41 PM

• How to change the portal role presentation based on users BW authorization?

  Hello,
  I have created 3 BW Roles, each one contains an iView with a certain report.
  For simplicity let's name the Roles A,B,C and assume that in order to see the proper report the user needs to be assigned to the matching group (A,B,C) at the BW side.
  I have imported these 3 roles to the portal as worksets, created new pcd role, placed these 3 worksets inside the new role and assigned this role to a certain group of users in the portal (these users are ABAP users so they are the same at the BW side as well).
  What I would like to do is this: I would like that each user that I have assigned this new role to will see only the worksets that he/she allowed to see based on it's BW authorization. Meaning, if I have been assigned roles A and B at the BW I will see only worksets A and B inside the role.
  The problem is this: From the portal I cannot assign the users to the BW groups and from BW I cannot control pcd roles so this kind of change requires me to make two modifications: One for authorization from the BW and one for presentation from the portal. I would like to manage it just from one place, either from the BW or from the portal, I don't care.
  How can I achieve this?

  I think I have found a solution: Export it as a role instead of a workset and do one to one assignments with the BW groups.