topic Re: Autharizations in Application Development and Automation Discussions

Autharizations

Former Member — Thu, 27 Mar 2008 10:11:32 GMT

Dear All

I have main program and I called another separate programs from them

Like follows

Mail Program with T Code ZPPAB

ZPP_Main

Submit ZPP_001

Submit ZPP_002

Submit ZPP_003

Submit ZPP_004

And another special program part in main program (its run with execute button)

My problem is

I want to handle authorization for each program. Like

ZPP_001 program can run only user AB1 & AB2

ZPP_002 program can run only user AB3 – AB10

And can run that special part with another user group

How I set authorization to achieve my target

Please describe in detail

Thanks in Advance

Re: Autharizations

dhruv_shah3 — Thu, 27 Mar 2008 10:16:55 GMT

Hi,

GO to tcode pfcg in that you may have maintained the role

add this transaction ZPP_001 only in user AB1 & AB2

and ZPP_002 for users AB3 – AB10.

HTH

Regards,

Dhruv Shah

Re: Autharizations

Former Member — Thu, 27 Mar 2008 10:39:02 GMT

No Dear I want to assigning auth to separate programs (functions)

Re: Autharizations

dhruv_shah3 — Thu, 27 Mar 2008 10:43:02 GMT

Hi,

So if you want to provide the authorizations in the program only.

then use the Authority check.

HTH

Regards,

Dhruv Shah

Re: Autharizations

Former Member — Thu, 27 Mar 2008 11:27:49 GMT

Hi,

U can use the FM AUTHORITY_CHECK for this.

Regards,

vijay

Re: Autharizations

Former Member — Thu, 27 Mar 2008 11:57:13 GMT

can you please describe how can i use Authority Check

Re: Autharizations

abapdeveloper20 — Thu, 27 Mar 2008 12:04:01 GMT

Hi,

check the sample code below:

FORM AUTHORIZATION.

** AUTHORIZATION VERIFICATION
  SELECT * FROM T001 WHERE BUKRS IN SBUKRS.

    AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
                ID 'BUKRS' FIELD T001-BUKRS
                ID 'ACTVT' FIELD '03'.

    IF SY-SUBRC EQ 0.
      BUKRS-SIGN = 'I'.
      BUKRS-OPTION = 'EQ'.
      BUKRS-LOW = T001-BUKRS.
      APPEND BUKRS.
      CLEAR BUKRS.
    ELSE.
      AFLAG = 'X'.
    ENDIF.
  ENDSELECT.

  IF AFLAG = 'X'.
    MESSAGE I004(ZMSG) WITH 'Output will get strict to the'
          'Authorisation of Company Level'.
  ENDIF.

  IF BUKRS[] IS INITIAL.
    MESSAGE I004(ZMSG) WITH 'Company Code Authorization not found'.
    STOP.
  ENDIF.


ENDFORM.                    " authorization

Reward if useful

~_Lakshmiraj~

Re: Autharizations

Former Member — Thu, 27 Mar 2008 12:32:41 GMT

Thanks Dear

but this is for table check isn't it?

how i use it for program.

Re: Autharizations

Former Member — Thu, 27 Mar 2008 12:50:26 GMT

check with this code for authorization.it may help u.

In general different users will be given different authorizations based on their role in the orgn.

We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.

USe SUIM and SU21 T codes for this.

Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.

If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.

This means you have to allocate an authorization object in the definition of the transaction.

For example:

program an AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT <authorization object>

ID <authority field 1> FIELD <field value 1>.

ID <authority field 2> FIELD <field value 2>.

...

ID <authority-field n> FIELD <field value n>.

The OBJECT parameter specifies the authorization object.

The ID parameter specifies an authorization field (in the authorization object).

The FIELD parameter specifies a value for the authorization field.

The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.

http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm

To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.

Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.

You program the authorization check using the ABAP statement AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'

ID 'ACTVT' FIELD '02'

ID 'CUSTTYPE' FIELD 'B'.

IF SY-SUBRC <> 0.

MESSAGE E...

ENDIF.

'S_TRVL_BKS' is a auth. object

ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.

The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.

This Authorization concept is somewhat linked with BASIS people.

As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.

Take the help of the basis Guy and create and use.

Sy-SUBRC values

4 User has no authorization in the SAP System for

such an action. If necessary, change the user

master record.

8 Too many parameters (fields, values). Maximum

allowed is 10.

12 Specified object not maintained in the user

master record.

16 No profile entered in the user master record.

24 The field names of the check call do not match

those of an authorization. Either the

authorization or the call is incorrect.

28 Incorrect structure for user master record.

32 Incorrect structure for user master record.

36 Incorrect structure for user master record.

Thanks&regards,

Sravani.

Re: Autharizations

Former Member — Fri, 28 Mar 2008 06:43:26 GMT

Thanks Sravani & Friends

Now I can Manage.