https://community.sap.com/t5/application-development-and-automation-discussions/authorisation-objects/m-p/2860314#M670773 <HTML><HEAD></HEAD><BODY><P>Hi Sonali,</P><P></P><P>If you use the Authorisation object in the report,then whosoever executes the report,the Function module Authority Check will check the value of the Object attached with the FM which is created in the T-code SU21 against the roles or the authorisation objects assigned to that user.</P><P></P><P>If the user has the authorisation for that or if the sy-subrc equals Zero,then he can access it else an error message will be displayed.</P><P></P><P>In case you have any further clarifications,do let me know.</P><P></P><P>Regards,</P><P>Puneet Jhari.</P></BODY></HTML> Thu, 27 Sep 2007 07:22:25 GMT Former Member 2007-09-27T07:22:25Z https://community.sap.com/t5/application-development-and-automation-discussions/authorisation-objects/m-p/2860311#M670770 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I want to know if I use any authorisation object in my report, against what does it checks for the authorisation of a user.</P><P></P><P>I think it check in roles assigned to him, whether that particular object is present or not.</P><P></P><P>so is there any sense to use authorisation abject in report or it is better to assign in roles itself.</P></BODY></HTML> Thu, 27 Sep 2007 06:45:24 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorisation-objects/m-p/2860311#M670770 Former Member 2007-09-27T06:45:24Z https://community.sap.com/t5/application-development-and-automation-discussions/authorisation-objects/m-p/2860312#M670771 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>In general different users will be given different authorizations based on their role in the orgn.</P><P>We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.</P><P>USe SUIM and SU21 T codes for this.</P><P></P><P>Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction. </P><P></P><P>If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check. </P><P></P><P>This means you have to allocate an authorization object in the definition of the transaction. </P><P></P><P>For example: </P><P></P><P>program an AUTHORITY-CHECK. </P><P></P><P>AUTHORITY-CHECK OBJECT &lt;authorization object&gt; </P><P>ID &lt;authority field 1&gt; FIELD &lt;field value 1&gt;. </P><P>ID &lt;authority field 2&gt; FIELD &lt;field value 2&gt;. </P><P>... </P><P>ID &lt;authority-field n&gt; FIELD &lt;field value n&gt;. </P><P></P><P>The OBJECT parameter specifies the authorization object. </P><P></P><P>The ID parameter specifies an authorization field (in the authorization object). </P><P></P><P>The FIELD parameter specifies a value for the authorization field. </P><P></P><P>The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields. </P><P></P><P><A href="http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm" target="test_blank">http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm</A></P><P></P><P></P><P>To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks. </P><P></P><P>Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.</P><P></P><P>You program the authorization check using the ABAP statement AUTHORITY-CHECK.</P><P>AUTHORITY-CHECK OBJECT 'S_TRVL_BKS' </P><P>ID 'ACTVT' FIELD '02' </P><P>ID 'CUSTTYPE' FIELD 'B'. </P><P>IF SY-SUBRC &lt;&gt; 0. </P><P>MESSAGE E... </P><P>ENDIF. </P><P></P><P>'S_TRVL_BKS' is a auth. object</P><P>ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.</P><P></P><P></P><P>The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity. </P><P></P><P></P><P>This Authorization concept is somewhat linked with BASIS people.</P><P>As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.</P><P>Take the help of the basis Guy and create and use.</P><P></P><P></P><P>Reward if usefull</P></BODY></HTML> Thu, 27 Sep 2007 06:47:30 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorisation-objects/m-p/2860312#M670771 Former Member 2007-09-27T06:47:30Z https://community.sap.com/t5/application-development-and-automation-discussions/authorisation-objects/m-p/2860313#M670772 <HTML><HEAD></HEAD><BODY><P>hi naresh,</P><P></P><P>i know about roles and objects,</P><P></P><P>but if i use authorisation object in report, against what it will check that, will it check against any table or roles given to user like that i want.</P></BODY></HTML> Thu, 27 Sep 2007 07:13:35 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorisation-objects/m-p/2860313#M670772 Former Member 2007-09-27T07:13:35Z https://community.sap.com/t5/application-development-and-automation-discussions/authorisation-objects/m-p/2860314#M670773 <HTML><HEAD></HEAD><BODY><P>Hi Sonali,</P><P></P><P>If you use the Authorisation object in the report,then whosoever executes the report,the Function module Authority Check will check the value of the Object attached with the FM which is created in the T-code SU21 against the roles or the authorisation objects assigned to that user.</P><P></P><P>If the user has the authorisation for that or if the sy-subrc equals Zero,then he can access it else an error message will be displayed.</P><P></P><P>In case you have any further clarifications,do let me know.</P><P></P><P>Regards,</P><P>Puneet Jhari.</P></BODY></HTML> Thu, 27 Sep 2007 07:22:25 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorisation-objects/m-p/2860314#M670773 Former Member 2007-09-27T07:22:25Z https://community.sap.com/t5/application-development-and-automation-discussions/authorisation-objects/m-p/2860315#M670774 <HTML><HEAD></HEAD><BODY><P>hi puneet ,</P><P></P><P>thanks for reply,</P><P></P><P>U mean to say that it will check in the roles assigned to that user, whether that particular object with those values exists or not.</P><P></P><P>it means if even if i dont use authority-check in my report it will check in the roles assigned. is it right?</P></BODY></HTML> Thu, 27 Sep 2007 07:26:54 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorisation-objects/m-p/2860315#M670774 Former Member 2007-09-27T07:26:54Z https://community.sap.com/t5/application-development-and-automation-discussions/authorisation-objects/m-p/2860316#M670775 <HTML><HEAD></HEAD><BODY><P>hi sonali , </P><P></P><P>just press a f1 on authorization object and it will give u the full detials with example of how to use it programaticaly . </P><P></P><P>Thanks </P><P>Rohit</P><P>Reward if helpful</P></BODY></HTML> Thu, 27 Sep 2007 07:30:39 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorisation-objects/m-p/2860316#M670775 Former Member 2007-09-27T07:30:39Z