https://community.sap.com/t5/application-development-and-automation-discussions/su21/m-p/3159820#M751694 <HTML><HEAD></HEAD><BODY><P>SU20---Maintain Authorization Fields</P><P>SU21---Maintain Authorization Objects</P><P></P><P>When we need to do a authority check by ourselves,we should define severial data fields we want to check,this can be done in se11 &amp;SU20, then we consolidate these fields into one authority-check object using SU21,at the same time some permitted values will be defined.</P><P></P><P>then in the Z* program, we can use the following statement to do an authority-check:</P><P></P><P> AUTHORITY-CHECK OBJECT 'S_CARRID' </P><P> ID 'CARRID' FIELD carr </P><P> ID 'ACTVT' FIELD '03'. </P><P></P><P> IF sy-subrc &lt;&gt; 0. </P><P> MESSAGE 'No authorization' TYPE 'E'. </P><P> ENDIF.</P></BODY></HTML> Mon, 10 Dec 2007 05:20:30 GMT daixiong_jiang3 2007-12-10T05:20:30Z https://community.sap.com/t5/application-development-and-automation-discussions/su21/m-p/3159819#M751693 <HTML><HEAD></HEAD><BODY><P>what is the funcion module created in SU21.</P><P></P><P>Is this funtion module is comparing checking the authorisation for the value that we pass through our program with the values of authorisation/ roles assigned to that user</P></BODY></HTML> Mon, 10 Dec 2007 04:59:41 GMT https://community.sap.com/t5/application-development-and-automation-discussions/su21/m-p/3159819#M751693 Former Member 2007-12-10T04:59:41Z https://community.sap.com/t5/application-development-and-automation-discussions/su21/m-p/3159820#M751694 <HTML><HEAD></HEAD><BODY><P>SU20---Maintain Authorization Fields</P><P>SU21---Maintain Authorization Objects</P><P></P><P>When we need to do a authority check by ourselves,we should define severial data fields we want to check,this can be done in se11 &amp;SU20, then we consolidate these fields into one authority-check object using SU21,at the same time some permitted values will be defined.</P><P></P><P>then in the Z* program, we can use the following statement to do an authority-check:</P><P></P><P> AUTHORITY-CHECK OBJECT 'S_CARRID' </P><P> ID 'CARRID' FIELD carr </P><P> ID 'ACTVT' FIELD '03'. </P><P></P><P> IF sy-subrc &lt;&gt; 0. </P><P> MESSAGE 'No authorization' TYPE 'E'. </P><P> ENDIF.</P></BODY></HTML> Mon, 10 Dec 2007 05:20:30 GMT https://community.sap.com/t5/application-development-and-automation-discussions/su21/m-p/3159820#M751694 daixiong_jiang3 2007-12-10T05:20:30Z https://community.sap.com/t5/application-development-and-automation-discussions/su21/m-p/3159821#M751695 <HTML><HEAD></HEAD><BODY><P>i dont have authorisation for accessing the SU20 and SU21 thats why i was asking the funcion module directly to see how the authority-check statement is workin comparing the values passed in the program with the user master data maintained already</P></BODY></HTML> Mon, 10 Dec 2007 05:25:17 GMT https://community.sap.com/t5/application-development-and-automation-discussions/su21/m-p/3159821#M751695 Former Member 2007-12-10T05:25:17Z https://community.sap.com/t5/application-development-and-automation-discussions/su21/m-p/3159822#M751696 <HTML><HEAD></HEAD><BODY><P>If you think an authorisation failure is happending in a transaction, run the transaction, then run transaction SU53, this will show any failures along with the authorisation object and value which failed.</P></BODY></HTML> Mon, 10 Dec 2007 08:04:39 GMT https://community.sap.com/t5/application-development-and-automation-discussions/su21/m-p/3159822#M751696 Former Member 2007-12-10T08:04:39Z