topic Re: authorization check objects in Application Development and Automation Discussions

authorization check objects

Former Member — Wed, 23 Jan 2008 08:30:57 GMT

hi friends,

i am stuck up at this code.

IF PERMISSION_CHECK = TRUE.

(AUTHORITY-CHECK OBJECT 'S_LOG_COM'

ID 'COMMAND' FIELD COMMANDNAME

ID 'OPSYSTEM' FIELD OPERATINGSYSTEM

ID 'HOST' FIELD HELP_TARGETSYSTEM)

and the sy-subrc value is becoming 12 after executing this code. can you please help me undersatnd this and where can i get information about this.

Thanks and Regards,

Sakshi

Re: authorization check objects

Former Member — Wed, 23 Jan 2008 08:36:32 GMT

Hi,

Check the below links.

http://help.sap.com/saphelp_nw04/helpdata/en/9f/dbaccb35c111d1829f0000e829fbfe/content.htm

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/9000821b-666a-2910-499a-aaffde140a9a

http://help.sap.com/saphelp_nw04s/helpdata/en/8d/3e4e19462a11d189000000e8323d3a/frameset.htm

Check the below link for Main HR Authorization Object for Security .

http://www.sap-img.com/human/main-hr-authorization-object-for-security.htm

reward if useful

Regards,

vivek

Re: authorization check objects

Former Member — Wed, 23 Jan 2008 08:36:41 GMT

If the value of SY-SUBRC is 12 means the user hasn't that authorization obejct (S_LOG_COM) in his profile.

U shoul check in which profile S_LOG_COM is used, and check if the user has that profile.

Max

Re: authorization check objects

Former Member — Wed, 23 Jan 2008 08:40:16 GMT

Hi Sakshi

have u put all these in parenthesis?

i hope COMMANDNAME , OPERATINGSYSTEM and HELP_TARGETSYSTEM are variables.

then this should work:

AUTHORITY-CHECK OBJECT 'S_LOG_COM'

ID 'COMMAND' FIELD COMMANDNAME

ID 'OPSYSTEM' FIELD OPERATINGSYSTEM

ID 'HOST' FIELD HELP_TARGETSYSTEM.

If the user has no authorization for the authorization object then sy-subrc value will be 12.

cheers

shivika

Re: authorization check objects

Former Member — Wed, 23 Jan 2008 08:40:51 GMT

Hello Sakshi Rai,

Here you are checking the authorization for the object S_LOG_COM.

COMMAND, OPSYSTEM and HOST are the fields which contain the names of the authorization fields defined in the object.

COMMANDNAME, OPERATINGSYSTEM and HELP_TARGETSYSTEM are the fields which contain the values for which the authorization is to be checked.

You are geeting sy-subrc value 12 means: Specified object not maintained in the user master record.

Information about AUTHORITY-CHECK:

In general different users will be given different authorizations based on their role in the orgn.

We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.

USe SUIM and SU21 T codes for this.

Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.

If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.

This means you have to allocate an authorization object in the definition of the transaction.

For example:

program an AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT <authorization object>

ID <authority field 1> FIELD <field value 1>.

ID <authority field 2> FIELD <field value 2>.

...

ID <authority-field n> FIELD <field value n>.

The OBJECT parameter specifies the authorization object.

The ID parameter specifies an authorization field (in the authorization object).

The FIELD parameter specifies a value for the authorization field.

The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.

http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm

To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.

Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.

Reward If Helpful.

Regards

Sasidhar Reddy Matli.

Edited by: Sasidhar Reddy Matli on Jan 23, 2008 2:11 PM

Re: authorization check objects

Former Member — Wed, 23 Jan 2008 08:42:21 GMT

Hope it will help you.

In general different users will be given different authorizations based on their role in the orgn.

We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.

USe SUIM and SU21 T codes for this.

If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.

This means you have to allocate an authorization object in the definition of the transaction.

For example:

program an AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT <authorization object>

ID <authority field 1> FIELD <field value 1>.

ID <authority field 2> FIELD <field value 2>.

...

ID <authority-field n> FIELD <field value n>.

The OBJECT parameter specifies the authorization object.

The ID parameter specifies an authorization field (in the authorization object).

The FIELD parameter specifies a value for the authorization field.

http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm

To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.

Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.

You program the authorization check using the ABAP statement AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'

ID 'ACTVT' FIELD '02'

ID 'CUSTTYPE' FIELD 'B'.

IF SY-SUBRC <> 0.

MESSAGE E...

ENDIF.

'S_TRVL_BKS' is a auth. object

ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.

The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.

This Authorization concept is somewhat linked with BASIS people.

As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.

Take the help of the basis Guy and create and use.

Sy-SUBRC values

4 User has no authorization in the SAP System for

such an action. If necessary, change the user

master record.

8 Too many parameters (fields, values). Maximum

allowed is 10.

12 Specified object not maintained in the user

master record.

16 No profile entered in the user master record.

24 The field names of the check call do not match

those of an authorization. Either the

authorization or the call is incorrect.

28 Incorrect structure for user master record.

32 Incorrect structure for user master record.

36 Incorrect structure for user master record.