topic Re: Authorization Objects and Custom Program in Application Development and Automation Discussions

Authorization Objects and Custom Program

former_member207873 — Fri, 27 Sep 2013 11:45:06 GMT

Hi Experts,

I have created a custom report which is showing Account Balances, Stock and Invoice. All these reports come under one Tcode. Below are the autho rization fields which are required for my each report.

Invoice Accounts Stock

Sales Office Sales office Company Code

Sales Division Plant

Here I have created my own authorization class, authorization objects and authorization fields.

ZAUTH (AUTH CLASS)

ZINVOICE(AutOb)

ZVKBUR

ZSPART

ZACCOUNT(AutOb)

ZVKBUR

ZSTOCK(AutOb)

ZBUKRS

ZWERKS

I did this much with tcodes SU20 SU21. What has to be done after this?

There are many levels of authorization to be achieved. First for the TCODE and then for the individual selections in the list box item. (Invoice, Stock and Accounts- All in the same tcode ). How to achieve this?

NB: Moreover SE93 transaction we can give only one authorization object. So how to assign multiple authorization objects to the same transaction code.

Re: Authorization Objects and Custom Program

RaymondGiuseppi — Fri, 27 Sep 2013 11:55:04 GMT

There is always S_TCODE (will be checked with the transaction code)
you can give an authorization object in SE93 (with initial values for fields to be checked at start of transaction)
you can add other authorization objects in SU24, but you have to code the AUTHORIZATION-CHECK statements in your program

Regards,

Raymond

Re: Authorization Objects and Custom Program

mayur_priyan — Fri, 27 Sep 2013 12:03:17 GMT

Hi,

Check the following link for the complete

process on Authorization objects

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c?QuickLink=index&overridelayout=true&5003637386464

Re: Authorization Objects and Custom Program

ThomasZloch — Fri, 27 Sep 2013 12:43:36 GMT

Is it really necessary to create new authorisation objects? For example, for G/L account balances in a company code there is alread object F_BKPF_BUK, which is checked for ACTVT = 03 in standard reporting for account balances and line items.

You can use the same logic in your custom reports.

Check first for existing objects that can be used, also speak to a security/roles expert in your team, often there is an overall authorisation concept in effect that you should align with in your developments.

Thomas

Re: Authorization Objects and Custom Program

former_member612950 — Fri, 27 Sep 2013 12:48:50 GMT

Hi,

Basis team is responsible to create Authorisation object and assigning the precision value such as *,2,3.

And you have to give the following:

AUTHORITY-CHECK OBJECT 'zinvoice'

ID ACTVT FIELD '3'

Here,Precision value '3' stands for Edit.

Regards,

Santhosh Kumar.K

Re: Authorization Objects and Custom Program

former_member207873 — Fri, 27 Sep 2013 13:03:44 GMT

Hi Thomas,

There is no overall authorization concept existing in the organization now. That is why I am going ahead with custom authorization concept. But I am confused with the steps to follow.

Here is the precise of what I have done so far.

1) Created custom Authorization fields with the existing data elements, (SU20)

2) Created Authorization objects and class (SU21)

3) Created a role in PFCG. (Added values say for sales office 2000 and activity '03').

4) Assigned TCode to Authorization Object in SU24.

5) Checked in my custom program with 'Authority check' for sales office with '2000'. But it is running for all sales office.

BR,

Re: Authorization Objects and Custom Program

ThomasZloch — Fri, 27 Sep 2013 13:27:37 GMT

OK, but I still strongly suggest using standard authorisation objects as much as possible, and according to the logic as implemented in SAP standard programs (check where-used lists).

Then, if your code doesn't work as expected, post the relevant snippet here for further investigation.

Some of the activities you are listing belong to the area, please have look in this space as well.

Thomas