topic Re: Authorization Objects in Application Development and Automation Discussions

Authorization Objects

Former Member — Fri, 22 Feb 2008 06:28:01 GMT

Hi Friends,

In my current requirement I have to set authority for a user group.

Can somebody Pl give me some document or links for,

1. How to create authorization class

2. how to create authorization object

3. how to create authorization fields and IDs

and do the assignment.

Pl help. Thank in advance.

Regards

Re: Authorization Objects

Former Member — Fri, 22 Feb 2008 06:36:20 GMT

Hey guys.. send me at least some thing to start with.

Hardik

Re: Authorization Objects

Former Member — Fri, 22 Feb 2008 06:39:10 GMT

SU21 we can create the New Authorization Object

See this and do accordingly

In general different users will be given different authorizations based on their role in the orgn.

We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.

USe SUIM and SU21 T codes for this.

Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.

If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.

This means you have to allocate an authorization object in the definition of the transaction.

For example:

program an AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT <authorization object>

ID <authority field 1> FIELD <field value 1>.

ID <authority field 2> FIELD <field value 2>.

...

ID <authority-field n> FIELD <field value n>.

The OBJECT parameter specifies the authorization object.

The ID parameter specifies an authorization field (in the authorization object).

The FIELD parameter specifies a value for the authorization field.

The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.

http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm

To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.

Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.

You program the authorization check using the ABAP statement AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'

ID 'ACTVT' FIELD '02'

ID 'CUSTTYPE' FIELD 'B'.

IF SY-SUBRC 0.

MESSAGE E...

ENDIF.

'S_TRVL_BKS' is a auth. object

ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.

The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.

This Authorization concept is somewhat linked with BASIS people.

As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.

Take the help of the basis Guy and create and use.

Re: Authorization Objects

Former Member — Fri, 22 Feb 2008 06:39:19 GMT

refer the link

http://help.sap.com/saphelp_nw70/helpdata/en/52/671285439b11d1896f0000e8322d00/content.htm

http://www.thespot4sap.com/Articles/SAP_BC_Authorization_Concept.asp

Re: Authorization Objects

Former Member — Fri, 22 Feb 2008 06:46:30 GMT

Pls. check below useful links.

With PDF.

Check the below link,here you can see complete information about Auth checks and objects.

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c

Check the below links.

http://help.sap.com/saphelp_nw04/helpdata/en/9f/dbaccb35c111d1829f0000e829fbfe/content.htm

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/9000821b-666a-2910-499a-aaffde140a9a

http://help.sap.com/saphelp_nw04s/helpdata/en/8d/3e4e19462a11d189000000e8323d3a/frameset.htm

Check the below link for Main HR Authorization Object for Security .

http://www.sap-img.com/human/main-hr-authorization-object-for-security.htm

<REMOVED BY MODERATOR>

Edited by: Alvaro Tejada Galindo on Feb 22, 2008 4:05 PM

Re: Authorization Objects

Former Member — Fri, 22 Feb 2008 06:58:46 GMT

ABAP Authorization Concept

The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.

To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.

Check this for more.

http://help.sap.com/saphelp_nw70/helpdata/en/52/671285439b11d1896f0000e8322d00/content.htm

Re: Authorization Objects

Former Member — Fri, 22 Feb 2008 07:01:09 GMT

Check this link.

http://sap.ittoolbox.com/groups/technical-functional/sap-basis/please-how-to-create-an-authorization-object-386391

Using SU21 u can create Authorisation Object.

Re: Authorization Objects

Former Member — Fri, 22 Feb 2008 08:38:56 GMT

hi,

refer this link

how to create authorization object: