topic Re: Run Time Authorization in Application Development and Automation Discussions

Run Time Authorization

former_member375795 — Wed, 26 Feb 2014 10:06:23 GMT

How to give Run time authorization

Scenarios Like that

Username --- Alok1

( Not having a authorization to Change material details )

but

There is a zprogram Username - ALOK1 having authorization to use but in ZPROGRAM contain MM02 to change the material how i give runtime Authorization to user ALOK1 to zprogram->MM01

Re: Run Time Authorization

Former Member — Wed, 26 Feb 2014 10:40:58 GMT

hi alok,

you have to maintain the authrozation object for that in t-code su21.

later you have to provide this in to the user role of required user .

after that in coding part of your program.

you haver to do like that.

at selection-screen.

         AUTHORITY-CHECK OBJECT 'ZSSS'
           ID 'VKBUR' FIELD VKBUR-LOW
           ID 'ACTVT' FIELD '16'.
IF SY-SUBRC NE '0'.

MESSAGE I0001

ENDIF.

hope it helps.

vikas

Re: Run Time Authorization

Former Member — Wed, 26 Feb 2014 10:48:25 GMT

Please check T-CODE SE97.

BR,

Prakash

Re: Run Time Authorization

former_member187748 — Wed, 26 Feb 2014 10:54:17 GMT

Hi Alok,

talk to your basis person, and ask if any standard object exits for MM01 or MM02,

if the persists on it, you can make a change in your zprogram to restrict user

for any transaction, if they are not able to configure any standard object, then please

talk to them to create a zobject in SU21 tcode.

Now you can use this zobject in your zprogram , to restrict or use particular user.

The basis guys generally provides authorization, so they will provide it in SU21

transaction.

The general for of authorization check is as shown below

IF SY-TCODE = 'MM01' .

AUTHORITY-CHECK OBJECT 'your zobject name'

ID 'ACTVT' FIELD '01'

id 'ACTVT' field '02'

id 'ACTVT' field '03'

ID 'WERKS' FIELD VBAP-WERKS.

IF SY-SUBRC EQ 0.

ELSE.

MESSAGE 'YOU ARE NOT AUTHORISED ' TYPE 'E'.

MESSAGE E000(ZMSGCLASS) WITH VBAP-WERKS.

ENDIF.

Here activities are like change, display, etc

Re: Run Time Authorization

former_member183073 — Wed, 26 Feb 2014 11:13:54 GMT

Hi Alok,

You want to allow user to access MM02 even though the user doesnt have authorization to it.

you cannot do that even though you write code and allow only specific users through zprogram they still need to have access to MM02 because the SAP will again check the Authorization before starting the Transaction

Re: Run Time Authorization

former_member187748 — Wed, 26 Feb 2014 11:18:31 GMT

Hi Ali,

if i am not wrong user does not have authorization for MM02, but can get authorization for MM01

through zobject, if he has not authorization for MM01 at all, then its not possible to assign authorization

through any code.

Re: Run Time Authorization

former_member183073 — Wed, 26 Feb 2014 12:08:30 GMT

Didnt get you Sanjeev,

If user dont have authorization to a transaction, how can you allow it to be accessed by code. There will Standard Code for Authorization which executes each time you call a Transaction.

Re: Run Time Authorization

former_member187748 — Wed, 26 Feb 2014 12:15:06 GMT

Hi Syed,

i means to say that, if user have no authorization at all, we can't provide it through our custom code.

But in this case user don't have authorization for MM02, but he can get authorization for MM01

and it can be (for MM01) controlled through our custom program

Re: Run Time Authorization

ThangaPrakash — Wed, 26 Feb 2014 12:44:49 GMT

Hello Alok,

You can try to do the coding as suggested by

It will work I guess. Please refer the below link for the list of authorization objects for Material master.

Maintain Authorizations and Authorization Profiles (SAP Library - Material Master)

Regards,

Re: Run Time Authorization

former_member183073 — Wed, 26 Feb 2014 13:29:55 GMT

I stated your first point in my earlier reply..