topic Re: table authorization in Application Development and Automation Discussions

table authorization

Former Member — Tue, 17 Jul 2007 09:31:24 GMT

Hi experts ;

I want to give authorization to users only for certain customized table.

So what can be the procedure for it ?

Is it necessary to create authorization group ? If so what can be the procedure for it. Please breif me detailly

looking for your kind help in advance

REgards

Sanjeev.S

Re: table authorization

Former Member — Tue, 17 Jul 2007 09:34:45 GMT

Hi,

U can do it. Goto SE11 and enter the table name. Now, from menu choose Utilities-->table maintenance generator..Here specify the authorization group and activate the same.

Now, U can assign users to this specified authorization group. so that onlt those users can access the table for maintenance.

Regards

Re: table authorization

Former Member — Tue, 17 Jul 2007 09:36:55 GMT

Create an Authorization Object and assign it

see the doc on authorization concept

In general different users will be given different authorizations based on their role in the orgn.

We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.

USe SUIM and SU21 T codes for this.

Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.

If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.

This means you have to allocate an authorization object in the definition of the transaction.

For example:

program an AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT <authorization object>

ID <authority field 1> FIELD <field value 1>.

ID <authority field 2> FIELD <field value 2>.

...

ID <authority-field n> FIELD <field value n>.

The OBJECT parameter specifies the authorization object.

The ID parameter specifies an authorization field (in the authorization object).

The FIELD parameter specifies a value for the authorization field.

The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.

http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm

To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.

Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.

You program the authorization check using the ABAP statement AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'

ID 'ACTVT' FIELD '02'

ID 'CUSTTYPE' FIELD 'B'.

IF SY-SUBRC <> 0.

MESSAGE E...

ENDIF.

'S_TRVL_BKS' is a auth. object

ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.

The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.

This Authorization concept is somewhat linked with BASIS people.

As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.

Take the help of the basis Guy and create and use.

<b>Reward points for useful Answers</b>

Regards

Anji

Re: table authorization

Former Member — Tue, 17 Jul 2007 09:44:05 GMT

Hi,

Have alook at following tables .

User administration:

USR01 User master

USR02 Logon data

USR03 User address data

USR04 User master authorizations

USR11 User Master Texts for Profiles (USR10)

UST12 User master: Authorizations

USR12 User master authorization values

USR13 Short Texts for Authorizations

USR40 Prohibited passwords

TOBJ Objects

TOBC Authorization Object Classes

TPRPROF Profile Name for Activity Group

DEVACCESS Table for development user

pls reward points if useful.

Regards,

Ameet

Re: table authorization

Former Member — Tue, 17 Jul 2007 09:47:02 GMT

Thanks for ur prompt reply.

Can you just brief me out what is the procedure to create authorization group ?

Where we can assign this authorization group in pfcg

Regards

Sanjeev.S