topic Re: Authorization Check in Application Development and Automation Discussions

Authorization Check

Former Member — Thu, 09 Nov 2006 22:13:30 GMT

Can any one tell me how to check authorization for perticulat T-Code ,i.e who is authorised to use it.

Please answer.

Regards,

Re: Authorization Check

Former Member — Thu, 09 Nov 2006 23:02:44 GMT

Try SU01 transaction code.

Re: Authorization Check

Former Member — Thu, 09 Nov 2006 23:10:41 GMT

Please check below thread

Thanks!

Lakshmikandh

Re: Authorization Check

Former Member — Fri, 10 Nov 2006 04:20:45 GMT

also can check from SUIM.

Regards

Prabhu

Re: Authorization Check

Former Member — Fri, 10 Nov 2006 04:31:47 GMT

When a user starts a transaction, the system performs the following checks:

· The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.

· The system then checks whether the user has authorization to start the transaction.

The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.

The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.

If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).

If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).

· The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.

The check is not performed in the following cases:

You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction

SE93

. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.

This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.

You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.

So that the entries that you have made with transactions <b>SU24 and SU25</b> become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to “Y” (using transaction RZ10).

All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.

Have a look at below link. It will help you for sure.

http://help.sap.com/saphelp_nw04s/helpdata/en/52/67129f439b11d1896f0000e8322d00/content.htm

Best Regards,

Vibha

*Please mark all the helpful answers

Re: Authorization Check

Former Member — Fri, 10 Nov 2006 04:55:20 GMT

Hi,

Try SU01, SU03 and SUIM.

In SU01 or SU03 u will find tht der is a field with SAP_ALL this means u r authorised to use each and every TXN in SAP.

AUTHORITY-CHECK OBJECT object

ID name1 FIELD f1

ID name2 FIELD f2

...

ID name10 FIELD f10.

You can use ST01 to switch on the authorization trace. If you do not have access to ST01, you can execute SU53 to check the authorization objects being checked for a transaction.

For eg you execute MM01 and then you execute SU53 to see what authorization checks were

performed when you executed MM01.

object

Field which contains the name of the object for which the authorization is to be checked.

name1 ...

Fields which contain the names of the

authorization fields defined in the object.

f1 ...

Fields which contain the values for which the

authorization is to be checked.

Hope this helps,

Regds,

Seema.

Re: Authorization Check

Former Member — Fri, 10 Nov 2006 05:37:30 GMT

Hi vj,

1. simple

2. use the FM AUTHORITY_CHECK_TCODE

regards,

amit m.

Re: Authorization Check

Former Member — Mon, 27 Nov 2006 16:28:45 GMT

Use SUIM / USER / User By Comp. Sel. Crit. / By Transaction Auth.

You should get a list of all Users able to execute that transaction

Re: Authorization Check

Former Member — Tue, 20 Feb 2007 06:37:53 GMT

Hi,

The easiest way is brows the table USOBT for the authorization objects for a tcode.

Dont forget to award a point if useful