topic Re: Program with authorization object in Application Development and Automation Discussions

Program with authorization object

Former Member — Thu, 11 Sep 2014 10:42:07 GMT

Hi Experts,

I have an issue regarding rules and authorization.

I have created a program with 2 radio buttons transfer and backload. The requirement in authorization is not all users can access both; some can only access transfer and some can access backload only. (r_trans,r_back)

The basis told me that they need an authorization object in order for them to block/separate the transaction for transfer and backload.

Is there a way for me to modify the program and put an authorization object with my radio button? or is it possible to do this with the current program?

Thanks!

Re: Program with authorization object

FredericGirod — Thu, 11 Sep 2014 10:53:15 GMT

Hi,

the SAP logic is to test the authorization after user start program. You just check if he ask transfer if he could .. or if he ask backload ....

you don't need to create two object, you could create one object with a field that contain 2 possibles values. SU20 SU21

regards

Fred

Re: Program with authorization object

Former Member — Thu, 11 Sep 2014 10:55:31 GMT

You should create an authorization object having 2 activities, for example:

- 01: Transfer

- 02: Backload

So you can check the object in the AT SELECTION-SCREEN event of your program:


AT SELECTION-SCREEN.

    CASE 'X'.
       WHEN <RADIOBUTTON 1>. ACTIVITY = '01'.
      WHEN <RADIOBUTTON 2>. ACTIVITY = '02'.
     ENDCASE.


AUTHORITY-CHECK OBJECT <YOUR OBJECT>
       ID 'ACTIVITY' FIELD ACTIVITY.
IF SY-SUBRC = 0.
   user is author.
ELSE.
   user is not author.
ENDIF.

Max

Re: Program with authorization object

Former Member — Thu, 11 Sep 2014 11:11:18 GMT

Hi,

Thanks for the reply,

Our basis is using PFCG for roles and authorization , how can they check if my authorization object was created using that code?

Here is my code: Im getting sy-subrc = 12.

IF r_trans EQ 'X'.

AUTHORITY-CHECK OBJECT 'ZACTIVITY'

ID 'ACTVT' FIELD '01'.

IF sy-subrc NE '0'.

MESSAGE 'User not authorized' TYPE 'S'.

LEAVE LIST-PROCESSING.

ELSE.

MESSAGE 'User is authorized' TYPE 'S'.

LEAVE LIST-PROCESSING.

ENDIF.

ELSEIF r_back EQ 'X'.

AUTHORITY-CHECK OBJECT 'ZACTIVITY'

ID 'ACTVT' FIELD '02'.

IF sy-subrc NE '0'.

MESSAGE 'User not authorized' TYPE 'S'.

ELSE.

MESSAGE 'User is authorized' TYPE 'S'.

ENDIF.

Re: Program with authorization object

RaymondGiuseppi — Thu, 11 Sep 2014 11:18:13 GMT

You could also manage the authorization in PBO/AT SELECTION-SCREEN and disabling the forbidden radiobutton (also manage default value) So user wont be able to select unauthorized button, and wont receive some authority failed message.

To identify roles created with PFCG which use your object, call transactions like S_BCE_68001422 or S_BCE_68001425 .

Regards,

Raymond

Re: Program with authorization object

rosenberg_eitan — Thu, 11 Sep 2014 11:31:01 GMT

Hi,

Another option is to assign a different transaction to the program .

Like sap do (MM01,MM02,MM03) .

And in the program hide the unrelevant buttons base on sy-tcode .

The transaction can be assign to a role .

IMHO hiding is more user friendly .

Regards.

Re: Program with authorization object

Former Member — Thu, 11 Sep 2014 11:31:17 GMT

Hi Raymond,

Sorry, but can you please explain it more?

How can I manage the authorization of users in my program? Is there a way that I can manage that without using the PFCG ?

User1 can access transfer button only

User2 can access backload button only

Is there a way that I can do that in my code?

Re: Program with authorization object

Sudhakargadde — Thu, 11 Sep 2014 11:37:07 GMT

Hi Jepoy,

If any Tcode we don't have an access we go through the Tcode SU53, and check what are the roles was missed for the users. and the missed roles add to the user the he/she can able to access the Tcode.

execute the authorization object at Initialization event and receive the subrc based on the what activity you have received in the code.

For Program Why don't you try the Check Box Concept.

Case 1:

if the user have the access of Transfer and BackLoad show them as enable, if he select one, un check the other one using the user command field.

Case 2:

If He/she has only access for 1 check box. enable that one grayed out the other one.

Regards

Sudhakar

Re: Program with authorization object

RaymondGiuseppi — Thu, 11 Sep 2014 11:41:23 GMT

I never suggested not to use authorization objects in my answer, read again, I only suggested to hide not allowed option to users, no need to make them bitter or jealous ...

LOAD-OF-PROGRAM

Execute the diverse AUTHORITY-CHECK and save result in global variables,

AT SELECTION-SCREEN OUTPUT

LOOP AT SCREEN and hide radiobutton when not allowed,

Authorization-objects and roles (PFCG) are the way to manage authorization in SAP. Either you create a new object, or as suggested by Eitan, create different transactions (so you would check sy-code in your program), but administrator will also manage authorization for transaction (Authorization object S_TCODE) in some roles for PFCG. Remember that transactions allowed are also to manage in PFCG roles.

Regards,

Raymond

Re: Program with authorization object

Former Member — Thu, 11 Sep 2014 12:02:52 GMT

Here is my code: Im getting sy-subrc = 12

It means you'haven't the authorization objecy in your profile

Max