topic Re: Authorization Field Values in Application Development and Automation Discussions

Authorization Field Values

Former Member — Wed, 26 Sep 2007 21:08:46 GMT

Does anyone know if there is a table in SAP ECC that provides all possible entry values for an authorization field? For example, I want to see what values I can select from for field PPFCODE.

Thanks.

Re: Authorization Field Values

Former Member — Wed, 26 Sep 2007 21:13:07 GMT

Check the following tables

AGR_1252

AGR_1250

AGR_DEFINE

UST12

all above related to authorizations

Check the Tcodes

PFCG,

SU21,

SUIM

Regards

Anji

Re: Authorization Field Values

uwe_schieferstein — Wed, 26 Sep 2007 21:48:05 GMT

Hello Michael

Using transaction SU21 (List of authorization fields) you can display the details for AUTH field PPFCODE. If you push the button Input Help (Shift+F4) you will get all 33 possible values (Note: my system is ECC 5.0).

A very handy function module for your purpose is SUSR_AUTF_GET_F4_HELP. Simply call the function module with your AUTH field and it displays all search help values. There you should find a programmatic way to determine AUTH field values.

Regards

Uwe

Re: Authorization Field Values

Former Member — Thu, 27 Sep 2007 18:24:21 GMT

Uwe -

Thank you for the insight you provided. I think this gets me to some views that are helpful.

However, what I really need is to be able to get to a table (or set of tables) that will provide me with the following linkage: authorization object --> associated fields --> available values.

For example, if I have object F_BKPF_BUK I know that it has fields of ACTVT and BUKRS assigned to it. What I'd like to be able to do is to determine what field values would be available for ACTVT and BUKRS when they are assigned to F_BKPF_BUK.

Thanks.

Re: Authorization Field Values

Former Member — Thu, 27 Sep 2007 20:01:01 GMT

Go to transaction SE80. Click on the "Edit Object" button. Now go to the "More..." tab. Next to "Authorization Object", enter F_BKPF_BUK and click on the display button. You now see a list of the fields for the authorization object. Click on the "Permitted Activities" button to see the activity values. You can also click on "Object Documentation" for more information about the fields. I hope this helps.

- April King

Re: Authorization Field Values

Former Member — Thu, 27 Sep 2007 20:58:36 GMT

Go through this to understand the authorization concept completely

In general different users will be given different authorizations based on their role in the orgn.

We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.

USe SUIM and SU21 T codes for this.

Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.

If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.

This means you have to allocate an authorization object in the definition of the transaction.

For example:

program an AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT <authorization object>

ID <authority field 1> FIELD <field value 1>.

ID <authority field 2> FIELD <field value 2>.

...

ID <authority-field n> FIELD <field value n>.

The OBJECT parameter specifies the authorization object.

The ID parameter specifies an authorization field (in the authorization object).

The FIELD parameter specifies a value for the authorization field.

The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.

http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm

To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.

Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.

You program the authorization check using the ABAP statement AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'

ID 'ACTVT' FIELD '02'

ID 'CUSTTYPE' FIELD 'B'.

IF SY-SUBRC <> 0.

MESSAGE E...

ENDIF.

'S_TRVL_BKS' is a auth. object

ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.

The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.

This Authorization concept is somewhat linked with BASIS people.

As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.

Take the help of the basis Guy and create and use.

Regards

Anji

Re: Authorization Field Values

Former Member — Fri, 28 Sep 2007 06:05:27 GMT

In general different users will be given different authorizations based on their role in the orgn.

We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.

USe SUIM and SU21 T codes for this.

If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.

This means you have to allocate an authorization object in the definition of the transaction.

For example:

program an AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT <authorization object>

ID <authority field 1> FIELD <field value 1>.

ID <authority field 2> FIELD <field value 2>.

...

ID <authority-field n> FIELD <field value n>.

The OBJECT parameter specifies the authorization object.

The ID parameter specifies an authorization field (in the authorization object).

The FIELD parameter specifies a value for the authorization field.

http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm

To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.

Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.

You program the authorization check using the ABAP statement AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'

ID 'ACTVT' FIELD '02'

ID 'CUSTTYPE' FIELD 'B'.

IF SY-SUBRC <> 0.

MESSAGE E...

ENDIF.

'S_TRVL_BKS' is a auth. object

ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.

The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.

This Authorization concept is somewhat linked with BASIS people.

Take the help of the basis Guy and create and use.

Reward if usefull

Re: Authorization Field Values

uwe_schieferstein — Fri, 28 Sep 2007 08:44:29 GMT

Hello Michael

Table TACT contains all possible activities.

Table TACTZ contains the valid activities for each AUTH object.

The values allowed for non-activity fields depends on the type of AUTH fields:

- checktable (e.g. T001 for BUKRS)

- fixed values in domain of AUTH field

Regards

Uwe