topic Re: abap in Application Development and Automation Discussions

abap

Former Member — Tue, 30 Oct 2007 07:45:08 GMT

What is the authority object

Re: abap

Former Member — Tue, 30 Oct 2007 07:48:48 GMT

Using SU21 u can create Authorisation Object.

Details to give an authorisation for ABAP PROGRAMS are as follows

The smallest unit against which the check should be run is the authorization

field.

The ABAP command AUTHORITY-CHECK is used for performing authorizaton checks in programs. Before accessing the database the user should carry out an

authorization check which is implemented in the ABAP program. The

AUTHORITY-CHECK statement first checks if the user has the authorization

containing all the required values. Then the code value in the system field

SY-SUBRC is checked. If the required value is available for each

authorization field, the check is successful (SY-SUBRC = 0). If the value is

not 0, then the check is unsuccessful, which means that the user does not

possess the required authorization and an error message will be displayed.

AUTHORITY-CHECK sets SY-SUBRC to 4, 8, 12, 16, 24, 28, 32 or 36 depending on

the cause of the authorization failure, e.g. return code 4 means that the

user does not have the required authorization; SY-SUBRC = 8 means that the

check could not successfully be carried out since not all fields of the

object were specified. The field SUBRC is in the APAB Dictionary SYST. To

address the system field in an ABAP program, the form SY-<fieldname> is

used.

The ABAP syntax of the AUTHORITY-CHECK statement is:

AUTHORITY-CHECK OBJECT '<object>' (which created by you in SU21)

ID '<name1>' FIELD <f1> (fields given in Authorisation object)

???????????

ID '<name10>' FIELD <f10>.

Where <object> is the name of the authorization object that has to be

checked, <name1>,..., <name10> are the authorization fields in the object,

and <f1>,... ,<f10> are the values for which the authorization is to be

checked. If after the field name is entered DUMMY, the check for a

particular field will not be carried out.

Tcode for Authority object are

SU20 -

> for authorization field

SU21----

> Authorization Object

SU22----

> Assign Authorization Object

Go to su21 to create the Authority object

Implementing in code

AUTHORITY-CHECK OBJECT 'YTM1SD001'

ID 'ACTVT' FIELD '16'.

IF sy-subrc <> 0.

MESSAGE i003 WITH sy-uname.

STOP.

ENDIF.

call function 'AUTHORITY_CHECK_TCODE'

exporting

tcode = 'YSCC'

exceptions

ok = 0

not_ok = 2.

if sy-subrc eq 2.

message e077(s#) with 'YSCC'. " No authorization to transaction

endif.

Rewards if useful......

Minal Nampalliwar

Re: abap

Former Member — Tue, 30 Oct 2007 08:09:32 GMT

Refer to this link for Authorization Checks in Your Own Developments

1. Create an Authorization Field

2. Create an Authorization Object

3. Programming Authorization Checks

http://help.sap.com/saphelp_47x200/helpdata/en/52/67167f439b11d1896f0000e8322d00/frameset.htm

sample program.....

DATA:wa_flight TYPE t_flight,

it_flights TYPE t_flighttab.

SELECT-OPTIONS so_carr FOR wa_flight-carrid.

for authority-check:

**********************

DATA:

allowed_carriers TYPE RANGE OF t_flight-carrid,

wa_allowed_carr LIKE LINE OF allowed_carriers.

START-OF-SELECTION.

fill a range table with the allowed carriers:

***********************************************

SELECT carrid

FROM scarr

INTO wa_allowed_carr-low

WHERE carrid IN so_carr.

AUTHORITY-CHECK OBJECT 'S_CARRID'

ID 'CARRID' FIELD wa_allowed_carr-low

ID 'ACTVT' FIELD '03'. " display

IF sy-subrc <> 0.

CLEAR wa_allowed_carr.

ELSE.

wa_allowed_carr-sign = 'I'.

wa_allowed_carr-option = 'EQ'.

APPEND wa_allowed_carr TO allowed_carriers.

ENDIF.

ENDSELECT.

check this link

http://techrepublic.com.com/5100-6329_11-5110893.html#

http://www.sap-img.com/ab035.htm

check these posts:

(all operations). * includes all authorization levels simultaneously, that is it has the same meaning as R, M, W, E, D and S.

From SAP HELP

...........................

AUTHORITY-CHECK checks for one object whether the user has an authorization that contains all values of f (see SAP authorization concept).

You must specify all authorizations for an object and a also a value for each ID (or DUMMY).

The system checks the values for the IDs by AND-ing them together, i.e. all values must be part of an authorization assigned to the user.

............................

So I suppose your solution is working NOW, but tommorow?: if you use a solution not supported by SAP, you can't be sure it'll still work in the future.

http://help.sap.com/saphelp_erp2005/helpdata/en/ef/4aba3b3bf00152e10000000a114084/frameset.htm

Regards

Vasu