https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173111#M123646 <HTML><HEAD></HEAD><BODY><P>Thanx friends,</P><P></P><P>can u tell me which tcodes to refer step wise.</P><P>i m having list of su* all transactions. but i m unable to find wht actually they r doing.</P><P></P><P>if anyone having help file like pdf format. plz mail me to hariabap2005@yahoo.co.in</P></BODY></HTML> Mon, 23 Jan 2006 10:13:26 GMT Former Member 2006-01-23T10:13:26Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173107#M123642 <HTML><HEAD></HEAD><BODY><P>can anyone send me good material on Authorization object concepts ??</P><P></P><P>Also plz tell me why we need authorization object in abap program. Wt is the syntax.? Guide me in detail</P><P>uses ? example ?</P></BODY></HTML> Mon, 23 Jan 2006 09:45:56 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173107#M123642 Former Member 2006-01-23T09:45:56Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173108#M123643 <HTML><HEAD></HEAD><BODY><P>Hi Hari,</P><P></P><P>authorization is a too big subject to be simply answered. Look the help : <A href="http://help.sap.com" target="test_blank">http://help.sap.com</A></P><P></P><P>object and element will be list in the transaction SU20 / SU21. </P><P>To check if you miss an authorization look the transaction SU53.</P><P></P><P>and finaly, if you allow a user to create a delivery maybe you will not allow to create a purchasse order or anything else.</P><P></P><P>For the command, the magic button "F1" on the authorization-check will answer you.</P><P></P><P></P><P>Rgd</P><P>Frédéric</P><P></P></BODY></HTML> Mon, 23 Jan 2006 09:52:01 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173108#M123643 FredericGirod 2006-01-23T09:52:01Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173109#M123644 <HTML><HEAD></HEAD><BODY><P>Authorization Object are used to give authority to the user according to the position he or she is holding the organization unit.</P><P>Different roles are assigned to the position of the organization unit and these roles in turn are assigned to the task.</P><P>In SAP these task are assigned to the transactions .</P><P>So the user is given authorization for the particular transaction.</P><P>This way user are controlled from using the data which they are not supposed to accesss.</P><P>Sometimes the authorizatio is only to read , that mean user can see the data but cannot change.</P><P></P><P>In some case the user is not eligible to see the data not relevant to his aera . eg. a sales rep in one sales area is not supposed to view the data of another sales area or sales rep.</P><P>Even the user might be authorized for a transaction but the usage will be limited to area relevant to his /her work.</P><P></P><P>Syntax u can find in abap help.</P><P></P><P>AUTHORITY-CHECK type this and use F1.</P></BODY></HTML> Mon, 23 Jan 2006 09:57:56 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173109#M123644 Former Member 2006-01-23T09:57:56Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173110#M123645 <HTML><HEAD></HEAD><BODY><P>Check the below link..</P><P><A href="http://help.sap.com/saphelp_47x200/helpdata/en/b5/ea95ccf91c7644b1499e26d44c8318/frameset.htm" target="test_blank">http://help.sap.com/saphelp_47x200/helpdata/en/b5/ea95ccf91c7644b1499e26d44c8318/frameset.htm</A></P><P></P><P></P><P>Authorization is used to check whether a particular has the authorization to execute certain operation.For eg calling a transaction.With this we can avoid unauthorized access in SAP System..</P><P></P><P>Abdul</P></BODY></HTML> Mon, 23 Jan 2006 10:00:52 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173110#M123645 abdul_hakim 2006-01-23T10:00:52Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173111#M123646 <HTML><HEAD></HEAD><BODY><P>Thanx friends,</P><P></P><P>can u tell me which tcodes to refer step wise.</P><P>i m having list of su* all transactions. but i m unable to find wht actually they r doing.</P><P></P><P>if anyone having help file like pdf format. plz mail me to hariabap2005@yahoo.co.in</P></BODY></HTML> Mon, 23 Jan 2006 10:13:26 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173111#M123646 Former Member 2006-01-23T10:13:26Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173112#M123647 <HTML><HEAD></HEAD><BODY><P>use transaction su03 for creating auth objects.</P><P></P><P>pg</P></BODY></HTML> Mon, 23 Jan 2006 10:19:35 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173112#M123647 lajitha_menon 2006-01-23T10:19:35Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173113#M123648 <HTML><HEAD></HEAD><BODY><P>This a snap shot of how authorizations works</P><P></P><P>Authorization object is created in tcode SU21. And authorization fields are created in SU20.</P><P></P><P>For each authorization object, we insert a number of fields. If the field for which we want to create authoriztion is not there, we create that field in SU20. </P><P></P><P>Eg : F_BKPF_BLA is an authorization object which has two fields, authorization group(BRGRU) and activity(ACTVT). Using this authorization object, you determine with which document type line items can be posted and processed.</P><P></P><P></P><P>Authorizations are created for this object giving the value permitted for each field</P><P></P><P>eg authorization 1 - S_AUTH_1</P><P> </P><UL><LI level="1" type="ul"><P>activity - 01</P></LI></UL><P> </P><UL><LI level="1" type="ul"><P>BRGRU - authorization group </P></LI></UL><P>Users have this authorization can perform activity 01, that is creating.</P><P>authorization S_AUTH_2</P><P> *activity - 01, 02, 03.</P><P> </P><UL><LI level="1" type="ul"><P>BRGRU - authorization group </P></LI></UL><P>Users having this authorization can perform activities 01, 02 and 03, that is create, change and display.</P><P></P><P>A profile is created to store the authorizations and transactions allowed for a particular user(by defining the role). This is done using transaction PFCG. And this profile name is maintained in the user record for each user.</P><P></P><P>When the user logins, the user record is checked.</P><P></P><P>Every time an action is taken by the user, an authority-check command must be called in the program</P><P></P><P></P><P>AUTHORITY-CHECK OBJECT 'F_BKPF_BLA'</P><P> ID 'BRGRU' FIELD T003-BRGRU</P><P> ID 'ACTVT' FIELD '03'.</P><P></P><P>Now, for this particular login, if an authorization for the given value is present, the transaction is accepted. Else the check fails and the action will not be allowed for the user.</P><P></P><P>For eg, if authorization S_AUTH_1 is there in the profile for that user, then this is allowed. But if only S_AUTH_2 is there, then the check fails.</P></BODY></HTML> Mon, 23 Jan 2006 10:46:31 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-object/m-p/1173113#M123648 Former Member 2006-01-23T10:46:31Z