topic Re: authorization issue in Application Development and Automation Discussions

authorization issue

Former Member — Thu, 14 Sep 2006 09:40:16 GMT

Hi,

I have a confusion. Actually i have been given an authorization group and i have been told to keep it in the attributes of the program.

Actually this authorization is for checking who can execute this program and who cant.

Now my issue is Do i also need an authorization object or only giving the authorization group in the attributes is enough. I have not been given any authorization object so i believe it is not needed but in the function module we have to specify an object. i am confused. Can someone help

Re: authorization issue

Former Member — Thu, 14 Sep 2006 09:41:48 GMT

Hi pavan,

1. Its enough.

2. from help (F1 on authorisation group - attributes)

Authorization group to which the program is assigned.

The assignment of a program to an authorization group plays a role when the system checks whether the user is authorized to:

Execute a program

--> Authorization object S_PROGRAM

Edit a program (-Include) in the ABAP Workbench

--> Authorization object S_DEVELOP

Programs that are not assigned to an authorization group are not protected against display and execution.

Security-related programs should, therefore, always be assigned to an authorization group.

Report RSCSAUTH can also be used to assign programs to authorization groups. This report is documented in detail.

regards,

amit m.

Re: authorization issue

Former Member — Thu, 14 Sep 2006 10:00:55 GMT

Hi Amit,

So does that mean that i have to give

CALL function 'AUTHORITY_CHECK'

exporting

NEW_BUFFERING = 3

USER = SY-UNAME

object = S_PROGRAM (this is what is given in the F1 help)

field1 = 'ACTVT'

VALUE1 = '16' “ for Execution

Re: authorization issue

Former Member — Thu, 14 Sep 2006 10:02:11 GMT

Hi again,

1. of course not.

2. These all things will be taken care

by the R/3 system,

whenver that program is executed.

3. We don't have to write any such

check in our abap code.

regards,

amit m.

Re: authorization issue

Former Member — Thu, 14 Sep 2006 10:06:59 GMT

thanks Amit,

One more thing... How can i see if i am authorized to run the program.. is there any way to check it i have been included in the authorization group

Re: authorization issue

Former Member — Thu, 14 Sep 2006 10:33:37 GMT

AUTHORITY-CHECK OBJECT object

ID name1 FIELD f1

ID name2 FIELD f2

...

ID name10 FIELD f10.

http://www.geocities.com/siliconvalley/campus/6345/authorit.htm

http://help.sap.com/saphelp_banking463/helpdata/en/5c/deaa74d3d411d3970a0000e82de14a/content.htm

http://help.sap.com/saphelp_nw2004s/helpdata/en/9f/dbaccb35c111d1829f0000e829fbfe/content.htm

Please reward for the same.

Re: authorization issue

Former Member — Thu, 14 Sep 2006 10:35:16 GMT

check this example

Example

Check whether the user is authorized for a particular plant. In this case, the following authorization object applies:

Table OBJ : Definition of authorization object

M_EINF_WRK

ACTVT

WERKS

Here, M_EINF_WRK is the object name, whilst ACTVT and WERKS are authorization fields. For example, a user with the authorizations

M_EINF_WRK_BERECH1

ACTVT 01-03

WERKS 0001-0003 .

can display and change plants within the Purchasing and Materials Management areas.

Such a user would thus pass the checks

AUTHORITY-CHECK OBJECT 'M_EINF_WRK'

ID 'WERKS' FIELD '0002'

ID 'ACTVT' FIELD '02'.

AUTHORITY-CHECK OBJECT 'M_EINF_WRK'

ID 'WERKS' DUMMY

ID 'ACTVT' FIELD '01':

but would fail the check

AUTHORITY-CHECK OBJECT 'M_EINF_WRK'

ID 'WERKS' FIELD '0005'

ID 'ACTVT' FIELD '04'.

Please reward points.