Very special authorization issue

Hello,
I have the following problem with authorizations:
Our inventory user, sometimes need to change the indicator "Unlimited" in tab Delivery of Purchase order document, in order to receipt more quantity than the one in the Purchase order document.
The user do that by double clicking in the field "purchase order" of "purchase order data" tab in the MIGO transaction.
The problem is that this user, must have only authority for this change, and no other in the PO document.
How is this possible ??
Thanks in advance.
Moderator message: please use more descriptive subject lines from now on.
Edited by: Thomas Zloch on Dec 2, 2010 12:56 PM

Hi,
I don't have any tutorial, we are here to help to get the idea, not to solve your query, but I will summarize the steps. Search the forum for tutorials(if available any).
Create authorization object using SU21. Follow these steps :
1)Create Z Object Class from the Application toolbar-->Create->Object Class
   Give Z name(Ex:ZCLASS).
2)Create Authorization Object from the Application toolbar-->Create->Authorization Object
   Give Z name(Ex:ZOBJECT) and give field name ACTVT and click on "Permitted Activities", check the check box "02 Change'.
Then implement the BADI MB_MIGO_BADI. Write the code to check the authority in method LINE_MODIFY as
"Write your field condition here say your field will be set as 'X',( the structure available here is CS_GOITEM )
"Say for example you want to check field CS_GOITEM-FIELD
IF CS_GOITEM-FIELD = 'X'.
    AUTHORITY-CHECK OBJECT 'ZOBJECT' ID 'ACTVT' FIELD '02'.
    IF SY-SUBRC <> 0.
      MESSAGE E000(ZSW) WITH 'You are not authorized to do this activity'.
    ENDIF.
ENDIF.
Note : Most of the MIGO fields will come in the above said BADI, if your requirement is not getting full filled with this BADI then search for some other BADI/Exit/Enhancement Point
Thanks & Regards,
Faheem.

Similar Messages

  • Authorization Issue in WebUI (also ST01 question)

    Hi All,
    we are implementing new CRM 2007 and users will be working with the WebUI mainly in the future. Now here is something strange that we found out:
    When a user logs on to the Web UI and enters some sales transaction trying to add a new material he would use the F4 help to find the right material number. In our case he recieves an authorization error hindering him to display ANY materials (seems to be an authorization issue).
    But there are two strange thigs. When the user logs in to the old SAP GUI and triggers transaction CRMD_ORDER and accesses the very same transaction, trying to add a material and issuing the F4 help to recieve the material number it works! No authorization issues!
    Second strange thing that we discovered while investigating on this issue: The system trace ST01 seems to apparently not be working with WebUI. We can fully trace all authority checks for the latter case (when user logs in to SAP GUI), ST01 does not return ANY checks when being turned on while a user is working on WebUI.
    Any one of you experts out there any suggestions? Any experiences with that kind of traces and WebUI?
    Thanks in advance
    Alexander

    Hi All,
    I seem to have found the reason for both of my questions:
    1. Authorization objects checked in CRM WebUI are not at all the same as the ones checked in the CRM backend, i.e. in the old SAP GUI.
    2. There seems to be a known bug in transaction ST01 due to which no trace protocol at all is shown sometimes if too many authority checks fail. That's why it is apparently wise to run the authorization trace only with a high privileged user e.g. SAP_ALL to make sure the resulting protocol is accurate.
    Thanks, I will close this thread
    Alex

  • Maintain Text PA - Authorization issue?

    Hi experts,
    I'm having a problem when updating text in infotypes using "Maintain Text" (F9). Most user's SAP GUI block when trying t access the text window (after clicking Maintain text). SAP GUI just freeze (no message). It's the only time I have got an error like this.
    Since some users are able to maintain text, do you think it could be an authorization issue?
    Could you please show me which authorization object should be customized to let them to maintain text?
    If you think is not an authorization issue, any idea?
    I would really appreciate your help since I run out of ideas...
    Thank you very much
    Chema

    Hi Dilek,
    thank you for your help. SU53 shows a problem with authorizations for P_ORGXX (R, ,,,,) for people who can't maintain text, but it also show a problem with P_ORGINCON (R,,,,,,,) for people who can.
    I know these two authorization object are related to infotype read/writing, but it is also related to maintain text feature?
    MS Word comment seems a posible explanation, because since SAP GUI blocks should be any local configuration issue, but still all computers has the same version and instalation.
    Thank you again for your help
    Cheers,
    Chema

  • Authorization issue regarding Bex Query

    Hi All,
    User Requirement: When ever the user is executing the report in Design Studio, user can able to see all the company codes (summary data) in the main page of the dashboard. If user wants to drill down to a particular Comp code, then user should access only which are authorized. Ex: If the user Test4444 is executing the report, then he/she can able to see all the comp codes data in the main page of the dashboard. If the user wants to drill down further to see the comp code wise data, then he/she should not allowed to see except comp code-4444 or what and all authorized .
    Back ground work:
    I have a Bex query, which is using the Design Studio. In this query, "0COMP_CODE" is a char InfoObj and I have created a Auth variable on this InfoObj. There are 4 autho objects created based on this "0COMP_CODE". And also 4 Roles and 4 users have created.
    Each autho_Objet has assigned to that corresponding Role and that Role is assigned to that correspond User. Details are as follows.
    Autho_Objet
    Role
    UserID
    ZTEST_MAIN (which includes all - 23 compny codes)
    ZMain_Role
    All users have to access this role
    ZTEST_1111 (which includes only CC- 1111
    Z1111_Role
    Test1111
    ZTEST_2222 (Which Includes only CC - 2222)
    Z2222_Role
    Test2222
    ZTEST_3333 (Which Includes only CC - 3333)
    Z3333_Role
    Test3333
    ZTEST_4444 (Which Includes only CC - 4444)
    Z4444_Role
    Test4444
    To achieve this requirement, I have created 1 auth.object for all Comp.Codes and assigned to one main role and this role is assigned to all users. This looks fine and hopefully it will work.
        The problem is the next step of drill down to comp.code. Here I have created individual autho.object per Role per User and mapped accordingly. Unfortunately, user can able to access all the comp.codes data because of the main role assigned. I got stuck here in this second level restriction. Could some one can through a light how we can achieve this in authorization. It would be a great assistance if some one help here. I would be much appreciated and grateful to your assistance and inputs. Thank you in advance!
    BR
    Venkat...

    In the role ZTEST_MAIN,
    You need to remove all company codes as this is overriding the rest
    Then add aggregate authorization, ie "0COMP_CODE" = ":"
    This is a special authorization which grants authorization to see the summation of all the 0COMP_CODE without giving detailed authorization to any.
    The rest of your design is fine.
    You should then use RSECADMIN to check any authorization issue you have.

  • A very special requirement regarding JCA1.5

    Hello,
    Our project encounters a very special issue when using JCA 1.5. As we all know, when an MDB is stopped (or the application server is shutting down), the "endpointDeactivation" is called inside the resource adapter class. But when this method is called, the endpoint is already stopped so we cannot use it to do anything.
    Our requirement is that before the endpoint is shut down, we want to do some clean up work which needs the context of the MDB. Then we can call "endpointDeactivation" as normel. MDB.ejbDestroy() apparently doesn't meet this requirement.
    Does anyone have any ideas on this? We are thinking about using MBeans but not quite sure if this can get it done...
    Thank you!

    I understand that ejbRemove() may not be called if the EJBContainer crashes or if a SystemException is thrown from the bean. In these circumstances, there is no mechanism available to perform cleanup from within the context of the bean. You will need to somehow do this cleanup outside of the MDB which is being stopped.
    Aside from the above scenarios you should be able to rely on ejbRemove() for cleanup operations. Can you explain why ejbRemove() does not meet your requirements.
    -John

  • A very very special thank you to Yvan Koenig  !!!!

    A very very special thank you to Yvan Koenig !!!!
    I found myself in the middle of computer nowhere land with trying to work with a MS spreadsheet
    and them having a crash occurring every 5 minutes.
    To the rescue came Yvan and saved me countless hours of work if I had to do a re entry of all the info.
    The issue is not how much he knew and how little I knew about converting and the AW program BUT
    how he was SO generous with his time and actually did the conversion FOR ME !!!!
    Even after I failed initially to grasp the directions he still continued to not only help but
    redo and simplify the instructions for a (kindergarten understanding) computer person that I am.
    Again thank you thank you !!!!
    Greg Lamont

    Hello
    It's the third message of this kind.
    Don't thank too much, this kind of activity is my brain "jogging"
    Yvan KOENIG (from FRANCE dimanche 1 avril 2007 12:36:06)

  • Secured WebDAV Mounted Volume Authorization Issues

    I use a secure WebDAV mounted volume from myDisk.se and up until the latest Security Update have had zero issues being able to manipulate files and folders as I would on a normal volume. However, since the installation of the Security Update (2009-004 (PowerPC) 1.0) I find weird things happening with this mounted volume:
    1) I am able to mount the secured WebDAV share using my security credentials.
    2) I can create a default "untitled" folder but when I try to change its name, the WebDAV authorization dialog pops up and despite entering the same credentials (why, I am not sure as the volume has already been properly credentialed in order to be mounted), access is denied.
    3) Trying to create a file within a folder on the mounted WebDAV volume I previously created pre-update causes the same authorization issue.
    I have no other WebDAV shares I can try to mount from any other companies so I am not sure if this is a myDisk issue or one borne from the Security Update. I am not a .Mac/MobileMe user and that info is not filled out in System Preferences. The internal hard drive has been meticulously maintained with Disk and Permissions repair being run both before and after each and every software update installed. Likewise, the volume's structure is also checked both before and after and shows no need for repairs.
    Any ideas? Perhaps there is a corrupted file somewhere that's affecting the authorizations needed by this third-party WebDAV volume?
    The machine that has this problem is the last model iBook G4/1.33GHz 12" display, 1.5GB RAM, and a 100GB 5400rpm HD which replaced the stock OEM 40GB 4200rpm drive about one year ago.
    I'm not willing to do an Archive and Install at this point as the loss of the WebDAV access to my online volume is not critical. Inconvenient as heck but not to the point where I'm willing (or able) stop my normal work to spend the hours it will take to get WebDAV access back.
    Thanks in advance for any insights.

    same problem here with webdav, I can't mount my idisk from university network on Mac Pro 10.5.3 (although it mounts fine from home network on both ibook and PMG5 10.5.3). Everything was fine with 10.5.2 and I already re-installed 10.5.3 combo. Other bugs as well with .Mac prefs (keeps crashing, sometimes it shows the available space on idisk but still no mounting, with error -35 or -8086), but .Mac sync is OK
    Jun 11 12:34:21 webdavfs_agent[579]: mounting as authenticated user
    Jun 11 12:34:22 kernel[0]: webdav server: http://idisk.mac.com/[username]/: connection is dead
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 received VQ_DEAD event (32)
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 type 'webdav', mounted on '/Volumes/[username]', from 'http://idisk.mac.com/[username]/', dead
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 found 1 filesystem(s) with problem(s)
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:52: --- last message repeated 1 time ---

  • BI 7.0 Analysis Authorization issue: some reports displaying a blank page.

    Hi All,
    This is regarding BI 7.0 Analysis Authorization issue.
    Overview:
    we have restricted some queries at infoobject level.
    Issue:
    a. For some of the queries, we can see the selection screen but when we try to execute the query by clicking on the execute button (Queries WAD) we get a blank page, meaning nothing is displayed on the output (white/Blank screen).
    b. When we execute the same query through RSRT, we get a message which says "Disconnecting from BW server..".
    c. Let me explain further on this. Basically we are doing this in order to have limited access to Auditors at the client side. At the same time normal users should not get impacted due to this, hence we created two roles. One for normal users and other for Auditors.
    d.  Now the thing is that we execute the same report with normal user ID's the report executes properly and displays the output. it does not show the blank page.
    e. But when we execute the same report with Auditors ID then we get a blank page.
    Any idea why this is so?

    Hi Neha,
    I tried the below also,
    GL Acnt
    I EQ 0000134010
    I EQ :
    but still it didn't work.
    No Infoobject is missing in Authorization Object.
    For your point, "rsecadmin - > analysis -> execute as -> check for the desired user & analyze the log" it didnu2019t allow me to analyze, since as soon as click on execute button a pop-up comes up saying "Disconnecting from the BW server..."
    As mentioned earlier also it is giving me the below message,
    ""I>> Row: 103 Inc: AUTHORITY_02 Prog: CL_RSR_RRK0_AUTHORIZATION                                                                       RS_EXCEPTION        301CL_RSR_RRK0_AUTHORIZATION                         AUTHORITY_02"
    Kindly suggest, since this is a show-stopper for us!
    Thanks,
    Ishdeep Kohli.

  • Variable screen/variant screen authorization issue

    HI All,
    We have implemented standard Cost Center Overview Report(0SR_C02_Q0002) in BI 7.
    We have three selection fields:
    1.Company Code which is mandatory
    2.My controlling Area which is also mandatory
    3.Costcenter which is not mandatory
    The requirement we are facing over here is that in the Variable screen/variant screen when I enter a company code, then I need to display dynamically only those "My Controlling Area" values which are assigned to that particular company code and not all. In the same way after selecting the appropriate "My controlling area" value, I need to display only those cost centers in the cost center selection field which are assigned to the selected company code and My controlling area combination and not all.
    can anyone guide me on how to go about on this authorization issue at the variable screen itself.
    Please treat this issue/requirement on high priority.
    Appreciated in advance.
    Regards,
    raps.

    Hi,
    I think that an alternative to solve your concern could be using Web Application Designer (WAD).  In this respect, there are several design options, with different levels of complexity.
    As the simplest alternative, you could create a WAD including your query and three Dropdown Boxes: one for Company, a second for Controlling area and another for Cost center.  The four mentioned elements should be linked to the same dataprovider so, when you select a company, the options in the other two Dropdown boxes and the information in the query are updated.
    In order to enforce mandatory filter selection at Company and Controlling area level, you should set NO_REMOVE_FILTER='X' in both two Dropdown boxes, so that "All values" option -which would mean no filtering- is not offered.
    I hope this helps you.
    Regards,
    Maximiliano

  • Authorization issue - help request

    Hi guys,
    One of the consultants is having an authorization issue ( He is not abele to run a t-code)
    I ask him to run a su53 report and i am not sure how to proceed with this.
    Please help.
    Here are the details from the SU53 report.
    DISPLAY AUTHORIZATION DATA FOR USER VYXXXX
    User : VYXXX                       profile parameter authorization buffering    4
    Authorization Object: F_KNA1_GRP
    Description
    Authorization check failed:
          + Authorization object F_KNA1_GRP Customer Account Group Authorization
                Activity                                08
                Customer Account Group     ZM01
    Users Authorization Data :
          +  Authorization object F_KNA1_GRP Customer Account Group Authorization
                   Authorization  T-PD19002300
                  Authorization  T-UG39000900
                  Authorization  T-UG39001000
    Please help me guys what need to  be performed.
    Regards,
    Vamsi.

    Hi Vamsi,
    SU53 shows us the last failed authorization for a user. However, it might not only be the failed authorization object failed.
    Hence, "just to learn" , you can use transaction ST01 to enable and run a trace for particular users. Be sure to use in a test environment first, and with proper filters. (for a particular user only).
    Then check-> which auth object is failing.
    RC=4 means a object value is failing.
    RC=12 means an object is missing!
    Check, which tcode is calling that object and this tcode is present in which role. Then.........proceed.
    You can check the SAP documentation on running traces on the help portal of SAP.  I think you will find the answer yourself by troubleshooting more and may be massaging some test roles here and there!
    Likewise, if you are new to security, I would encourage you to start by reading some books on SAP security. Authorizations made easy is a good book to start with.
    Let me know if you have any questions
    EOD for me :P . take care
    Abhishek

  • Authorization issue during Jump

    Hi all,
    I am faced with an authorization issue when I am jumping from a BW report into an ABAP report in R/3. The particular BW report is built on a Multiprovider and when I jump to the R/3 report it displays a message saying that I have no authorization to display the R/3 report. Now the issue is that when I run the same report on the base infocube and perform the jump there is no problem. It works just fine.
    Both the multiprovider and the base infocube have the same authorization objects checked.
    Can someone please help?
    Regards,
    Ashmith Roy

    Pls have a look on the below thread:
    Authorization by InfoArea
    Regards
    Ganesh
    *Assign points if this helpful

  • Authorization issue in Info spoke

    Hi all,
    I am facing some authorization issue when executing info spoke in process chain.
    Info spoke is working fine in direct Scheduling (both background and Dialog).
    Am getting this error after execution of process chain
    "System error: RSDRC / FORM AUTHORITY_CHECK RSDRC / FORM AUTHORITY_CHECK R"
    "System error: RSDRC / FUNC RSDRC_BASIC_CUBE_DATA_GET RSDRC / FUNC RSDRC_B"
    "System error: RSDRC / FORM DATA_GET RSDRC / FORM DATA_GET RSDRC / FORM DA"
    "Extraction Cube : Error in DataManager API".
    I dont know why this problem comes.
    Can anyone tel me what went wrong and how to solve it.
    Thanks in advance.
    Kind regards,
    Shanbagavalli.S

    Hi All,
        The above issue is getting due to # character in text at end(e.g ljdfsaa##). After removing # characters in text issue got resolved.
    Thansk,
    Manjunatha

  • Authorization issue after the Support packs upgrade

    We're having problem on authorization issue after the SP upgrade.
    One issue if "You are not authorized to call up line item display" using FCH1 and FS10N tcodes.
    And the SU53 showing problem on S_TCODE FAGLL03.
    How are we going to solve this issue? We dont want to add this missing auth object on all our finance roles.
    Thank you in advance.

    How can i send you the trace file? What is your email address?
    If I were you, I won't do that. Did you not ever sign some confidentiality agreement? I wonder.
    Anyhoo... (copy right @ David)
    What are the objects been caught in category RC=4, RC=12?
    Relate them with functional aspect of the transaction (error screen)
    Edited : You can paste RC=4, RC=12 objects here without customer specific value if you want to.
    Regards,
    Arpan Paik
    Edited by: P Arpan on Aug 23, 2011 2:36 PM

  • Authorization issue - need to know the Role providing this access

    Hi,
    User is facing an authorization issue below:
    "You donot have authorization to display DataSource 2LIS_06_INV, Component MM" and
    "You donot have authorization to display DataSource 2LIS_11_VAITM, Component SD"
    Kindly let me know what Role is missing from the user's profile?
    Thanks and Regards,
    Sachin
    SAP Security Consultant

    Hi Murali,
    It helped.
    I found out the BW Data Support role for the object S_RO_OSOA and when checked it was already in user's profile but the missing part was user Comparision for that role.
    I did user comparision and then user is able to view the below DataSources....
    Thanks for your help, it triggered to find the root cause.
    Thanks
    Sachin

  • Authorization issue to execute query via analyzer

    Dear,
    We are experiencing an authorization issue that we can not solve...
    We have grant to user the expected objects to execute query (S_RS_COMP & S_RS_COMP1) and the central objects like S_GUI, S_USER_AGR.
    When we test in RESCEADMIN, everything is fine. We can execute the query.
    When we test it in the analyzer, the variable screen does not pop-up and we get the error message:
    "There is no variable in the workbook, which allows user input"
    Does anybody have a direction to help us to orientate our investigation?
    Many thanks,
    Rodolphe

    Hello,
    What is the basic settings you have in the Query Properties basic setting tab
    Try making it mandatory
    Regards
    Nitin Bhatia

Maybe you are looking for

  • Receiver SOAP Adapter (HTTP AXIS)

    Hi Experts, I need to use receiver soap adapter to communicate with a WebService, actually it is a AXIS service i can see when i give the soap url in web browser. my question is for axis service, does it mean i have to use HTTP AXIS in the receiver c

  • Vendor Debit Balance

    Dear All I have a Vendor who has a Debit Balance. How can I show that Vendor' s Debit Balance Separately in Balance Sheet. Currently it is being adjusted with the Balances of other Vendors and it is being shown under Sundry Creditors. Please advice..

  • How to set common profile in portal server 6.2

    Hi, I have two servers installed with portal server 6.2 and Directory server 5.2 in both. I hav to configure common ldap authentication for server1 and server2 i.e..primary LDAP is server1 and secondary ldap is server2 for both the servers, when i tr

  • [ShareIt] ShareIt can't work on my working machine.

    I installed ShareIt 2.1.11.0 on my working machine(Windows 7 64bit OS), and try to Send/Receive files from another machine, but it can find the object machine, please see the screenshot as below.

  • Find out wich class have colled method at run time

    hello If I have one class with some public method, is there a way to find out wich class have called it, and do it at runtime? I can't modie classes that a using this method.