https://community.sap.com/t5/application-development-and-automation-discussions/regarding-authorization-object/m-p/9903650#M1793055 <HTML><HEAD></HEAD><BODY><P>You should always check first whether there is really a need for a new authorisation object. Most simpler tasks can be solved by using existing objects.</P><P></P><P>What exactly needs to be checked in your scenario? For simple may execute/may not execute scenarios, look at the authorisation groups in the program attributes, which is linked to S_PROGRAM (and S_DEVELOP) authorisation objects. Study the online documentation of these objects, also speak to your system and/or security administrator.</P><P></P><P>Thomas</P></BODY></HTML> Wed, 04 Dec 2013 08:48:44 GMT ThomasZloch 2013-12-04T08:48:44Z https://community.sap.com/t5/application-development-and-automation-discussions/regarding-authorization-object/m-p/9903646#M1793051 <HTML><HEAD></HEAD><BODY><P>Hello Every one,</P><P></P><P>I have a custom report and it needs to have authorizations. it means that only few users should be able to execute the report.</P><P>I am following the below path. Please let me know, if my approach is wrong or not a best practice.</P><P></P><P></P><P>I went to SU20 created a authorization field ztrxn with data-element as tcode.</P><P>Went to SU21 created an authorization object Z_AUTH_OBJ1, and assigned the above field to it.</P><P>In PFCG, i am trying to assign this authorization object to the user profile.</P><P>After this i am planning to use this auth-object created in the SU21&nbsp; as below code snippet.</P><P></P><P></P><P>AUTHORITY-CHECK OBJECT 'Z_AUTH_OBJ1' </P><P>&nbsp; ID 'ACTVT'&nbsp; FIELD '02' </P><P>&nbsp; ID 'CUSTTYPE' FIELD 'B'. </P><P>IF SY-SUBRC &lt;&gt; 0. </P><P>&nbsp; MESSAGE E... </P><P>ENDIF.</P><P></P><P></P><P>1) How do i make use of the ACTVT and CUSTTYPE&nbsp; fields ?</P><P></P><P>2) What is the authorization field 'ztrxn'&nbsp; created above ?</P><P></P><P></P><P>Thank you.</P></BODY></HTML> Wed, 04 Dec 2013 05:32:20 GMT https://community.sap.com/t5/application-development-and-automation-discussions/regarding-authorization-object/m-p/9903646#M1793051 Former Member 2013-12-04T05:32:20Z https://community.sap.com/t5/application-development-and-automation-discussions/regarding-authorization-object/m-p/9903647#M1793052 <HTML><HEAD></HEAD><BODY><P>hi,</P><P>&nbsp;&nbsp; You need to maintain the assignments of authorization objects in tcode: SU24.</P><P></P><P></P><P>ztrxn (as you mentioned above) is the field name used inside authorization objects.</P><P></P><P></P><P>Regards,</P><P>Madhumahesh.</P></BODY></HTML> Wed, 04 Dec 2013 05:37:24 GMT https://community.sap.com/t5/application-development-and-automation-discussions/regarding-authorization-object/m-p/9903647#M1793052 koolspy_ultimate 2013-12-04T05:37:24Z https://community.sap.com/t5/application-development-and-automation-discussions/regarding-authorization-object/m-p/9903648#M1793053 <HTML><HEAD></HEAD><BODY><P style="font-size: 11.818181991577148px; color: #333333;"><STRONG>ACTVT</STRONG> field points what kind of authority you want to check for, 02 indicates that you are checking to make sure that the user has been granted the authority to change.</P><P style="font-size: 11.818181991577148px; color: #333333;"><STRONG>CUSTTYPE</STRONG> field is for only certain CUSTTYPE's have the ACTVT = 02 setup which means only certain user will have the authority to change.</P><P style="font-size: 11.818181991577148px; color: #333333;">&nbsp;&nbsp; When the statement you have given is executed, this statement will check the configuration of authorization object 'S_TRVL_BKS' to see if the current user has the authority to change for CUSTTYPE = B. If the user does have the authority to change the sy-subrc will be zero, else it will be non-zero, in which case a message will be shown.</P></BODY></HTML> Wed, 04 Dec 2013 06:09:14 GMT https://community.sap.com/t5/application-development-and-automation-discussions/regarding-authorization-object/m-p/9903648#M1793053 Former Member 2013-12-04T06:09:14Z https://community.sap.com/t5/application-development-and-automation-discussions/regarding-authorization-object/m-p/9903649#M1793054 <HTML><HEAD></HEAD><BODY><P>Hi Chandra</P><P></P><P>Basically here you want to check whether use has change/display/create etc (ACTVT) for CUSTYPE values</P><P></P><P>Read F1 documentation for this</P><P>Nabheet</P></BODY></HTML> Wed, 04 Dec 2013 06:32:45 GMT https://community.sap.com/t5/application-development-and-automation-discussions/regarding-authorization-object/m-p/9903649#M1793054 nabheetscn 2013-12-04T06:32:45Z https://community.sap.com/t5/application-development-and-automation-discussions/regarding-authorization-object/m-p/9903650#M1793055 <HTML><HEAD></HEAD><BODY><P>You should always check first whether there is really a need for a new authorisation object. Most simpler tasks can be solved by using existing objects.</P><P></P><P>What exactly needs to be checked in your scenario? For simple may execute/may not execute scenarios, look at the authorisation groups in the program attributes, which is linked to S_PROGRAM (and S_DEVELOP) authorisation objects. Study the online documentation of these objects, also speak to your system and/or security administrator.</P><P></P><P>Thomas</P></BODY></HTML> Wed, 04 Dec 2013 08:48:44 GMT https://community.sap.com/t5/application-development-and-automation-discussions/regarding-authorization-object/m-p/9903650#M1793055 ThomasZloch 2013-12-04T08:48:44Z