topic Re: Authorization code in Application Development and Automation Discussions

Authorization code

Former Member — Wed, 07 Mar 2007 18:13:35 GMT

Actually I have the authorization key. I would like to know how to use the B_USERSTAT object to give authorization for this authorization key....

Re: Authorization code

Former Member — Wed, 07 Mar 2007 18:19:06 GMT

You can attach the authorization object to any of the roles you have in PFCG

Re: Authorization code

Former Member — Wed, 07 Mar 2007 18:44:30 GMT

Hi,

perform authority_check.

double on authority check and it will open up a form for you.

&----

*& Form authority_check

&----

text

----

--> p1 text
<-- p2 text

----

form authority_check.

AUTHORITY-CHECK OBJECT 'B_USERSTAT'

ID 'STSMA' FIELD ' '

ID 'OBTYP' FIELD ' '

ID 'BERSL' FIELD ' '

ID 'ACTVT' FIELD ' '.

IF SY-SUBRC EQ 0.

AUTH_CLEARED = 'X'.

ENDIF.

you have to fill in between ' ' with the information you have .

ACTVT is same for all '01' for CREATION , '02' FOR CHANGE ETC

endform. " authority_check

IF AUTH_CLEARED = 'X'.

YOUR REMAINING CODE

ELSE.

WRITE : 'NOT AUTHORIZED',

ENDIF.

HOPE IAM CLEAR

THANKS

\VENKI

Re: Authorization code

Former Member — Wed, 07 Mar 2007 18:50:40 GMT

Hi,

if you want the authorization object for a user , you better contact your security person or a basis person can help you.

This is for your information.

if you want to assign an object to a user , you have a create a role in PFCG

and then create a profile for that role , then assign the object to that role and then give user name for whom you want the authorization.

Then you have compare user profiles and then the user has to log off and log in again in order to be effective.

If the user has SAP_ALL already assigned to him this doesn't work.

SAP_ALL is the master of auth objects it just over writes all other auth objects.

Hope iam not confusing you with this . Its always better to contact the security incharge . They are in a better position to help you out .If you want anything else , get back to me i can help with the creation of objects , roles , profiles etc

Thanks

venki

Re: Authorization code

Former Member — Wed, 07 Mar 2007 19:36:02 GMT

Insert this code in your program.


AUTHORITY-CHECK OBJECT 'B_USERSTAT'
         ID 'STSMA' FIELD '__________'
         ID 'OBTYP' FIELD '__________'
         ID 'BERSL' FIELD <your authorization key>
         ID 'ACTVT' FIELD '__________'.

Your authorization key will go against BERSL ID.

Re: Authorization code

Former Member — Wed, 07 Mar 2007 19:59:46 GMT

Please copy and Paste it it will definatly work I have used in my object.

Do only one change assign your transactioncode instead of my Tcode.

I have marked it.


  DATA: v_object LIKE UST12-OBJCT VALUE 'S_TCODE' ,
        v_field  LIKE UST12-FIELD VALUE 'TCD',
        v_tcode  LIKE UST12-VON   VALUE 'ZWFP1'.     "<--- Assign your Tcode

*& FUNCTION TO GET THE AUTHORITY CHECK
  CALL FUNCTION 'AUTHORITY_CHECK'                       
    EXPORTING
      user                = sy-uname
      object              = v_object
      field1              = v_field
      value1              = v_tcode
    EXCEPTIONS
      user_dont_exist     = 1
      user_is_authorized  = 2
      user_not_authorized = 3
      user_is_locked      = 4
      OTHERS              = 5.
*    -- If the user does not have proper authorization then display message
  IF sy-subrc <> 2.
    MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
            WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    STOP.
  ENDIF.