topic Re: Authority Object in Application Development and Automation Discussions

Authority Object

Former Member — Mon, 12 Mar 2007 11:06:03 GMT

If One Authority Object used in the Z report and that Authority object added in the role. This Role assigned to Two user.

But one of the user not required authorization for the Z report.

How actually this situation ideally handle ? New authority object need to create for that Z report or using the existing object we can solve the problem.

Regards

Nilesh Shete

Re: Authority Object

Former Member — Mon, 12 Mar 2007 11:09:11 GMT

Hi,

Remove the Assignment of the Role to the user who doesn't want to see that Z object.

Give him a sepearte role.Hope this helps.

Regards,

Anji

Re: Authority Object

Former Member — Mon, 12 Mar 2007 11:16:13 GMT

U have to create two separatly roles to be assigjned to the two users, in this way you can give two differents values to authorization object.

Max

Re: Authority Object

Former Member — Mon, 12 Mar 2007 11:17:28 GMT

then dont give authorization for this report(tcode) itself, and in ur program u have to check for the same.

<b> call function 'AUTHORITY_CHECK_TCODE'

exporting

tcode = 'YSCC'

exceptions

ok = 0

not_ok = 2.

if sy-subrc eq 2.

message e077(s#) with 'YSCC'. " No authorization to transaction

endif.</b>

if u want to create one more role,then no nedd to change ur program.

Regards

Prabhu

Re: Authority Object

Former Member — Mon, 12 Mar 2007 11:18:16 GMT

Hi,

You should have two roles, one with desired object and the second one without that object. One role should be assigned to user that needs an access to a report and another one to the user that should not run a report. Just make sure that the authorization object is not required by any other reports or transactions, which user, without access to your report, may need to execute.