topic Re: Authorization Check in Application Development and Automation Discussions

Authorization Check

former_member207873 — Thu, 26 Sep 2013 06:25:34 GMT

Hi Experts,

I have to do authority check for fields sales office, sales division (For 1st report) sales office (2nd Report) company code and plant (3rd Report) [All Custom Reports ].

I am aware of the existing authorization objects for this. V_VBKA_VKO, M_MATE_BUK, M_MATE_WRK. But the BASIS team havent given any authorization so far. (Or the existing configuration is like a particular sales office data visible by other sales office users). So from the ABAP side how to create one authorization object for these fields. In which class this have to be saved and which package. I already had a look on to http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c?QuickLink=index&overridelayout=true&5003637386464.

BR.

Re: Authorization Check

former_member207873 — Thu, 26 Sep 2013 07:34:41 GMT

Any Help

Re: Authorization Check

Arun_Prabhu_K — Thu, 26 Sep 2013 07:41:23 GMT

Whether you want to check if authorisation is available for a user to access a report?

If it is the case and if you have tcode for individual reports, then you can make use of

AUTHORITY-CHECK OBJECT 'S_TCODE' ID 'TCD' FIELD TCODE.

Then based on the sy-subrc value (0-Authorization available and 4-Authorization unavailable), you can proceed further.

Re: Authorization Check

former_member183069 — Thu, 26 Sep 2013 07:51:46 GMT

Hi,

Your question is now which package and which class...

It differs based on the client,

You have to discuss with the team lead or Basis team..

If they ok to create in new class you can create a new class..with the naming convention..

or if they asking to create in existing class then create your object under that.

You had also mentioned that you want to do authorization check for three reports.

so here you have to create three authorization object...

Re: Authorization Check

Former Member — Thu, 26 Sep 2013 07:52:34 GMT

You can create custom authorization object.

Re: Authorization Check

tamil_arasan — Thu, 26 Sep 2013 08:49:53 GMT

Hi,

Refer this link to create custom authorization objects

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60d70376-712c-2e10-61ab-c1f3700efee3?QuickLink=index&overridelayout=true&50676319258380

Best regards,

Pradeep

Re: Authorization Check

former_member207873 — Thu, 26 Sep 2013 09:52:43 GMT

Any more help...

Re: Authorization Check

Former Member — Thu, 26 Sep 2013 10:00:23 GMT

Which other help you need?

Max

Re: Authorization Check

former_member207873 — Thu, 26 Sep 2013 10:04:52 GMT

In which package can i save the authorization objects. Can i save it in the same package where I created the custom programs.

Re: Authorization Check

RaymondGiuseppi — Thu, 26 Sep 2013 10:06:41 GMT

Well, creating customer objects because standard objects were not correctly managed, is some kind of bad practices, no ?

Else create you own objects in SU21 in you own class, use a customer namespace like Z* or Y*, but use standard fields in the object definition, use also a customer package. As all those objects are local to your system, don't expect answer in the forum.

Regards,

Raymond

Re: Authorization Check

Former Member — Thu, 26 Sep 2013 10:22:29 GMT

Yes of course....why not?

You can use the custom package you want...it can only depends on the development rules of your company or customer

Max

Re: Authorization Check

former_member207873 — Fri, 27 Sep 2013 04:45:49 GMT

Thanks Max for your reply.

Can you please explain me how can we proceed if we need one-to-one relationship with username and the field. What I mean is.

username1 - sales office1.

username2 - sales office2..

etc.

So do we have to create as many roles in PFCG?

Re: Authorization Check

tamil_arasan — Fri, 27 Sep 2013 07:51:34 GMT

Hi,

Do you mean, you want to restrict the users by Organizational Unit ?

If yes you can do it by derived roles. you have to create derived roles and assign to users.

There are two possible reasons for deriving a role from an existing role:

● The role menus are identical but the authorizations for the menu actions are different in the derived role.

● The menu and authorizations of the derived role are identical, but the organizational levels are different in the derived role.

Thanks,

Pradeep