topic Re: authorization group in Application Development and Automation Discussions

authorization group

Former Member — Wed, 18 Jun 2008 07:59:07 GMT

Hi,

I want to know about authorization group attributes like when it is created who is created.

can anyone give me idea?

thanks

Re: authorization group

Former Member — Wed, 18 Jun 2008 09:06:57 GMT

hello,

All authorization objects stores in TPGP table.

First create a entry in the TPGP table ( for ex. zv30_320 is a entry) .

Go to se 38 -> ur report -> menu -> goto -> attributes -> authorization group -> give that created entry ( zv30_320 here).

Thus we can create the authorization objects.

2 way:

using company code activity and object id programatically we can create the authorization object.

Which method u required plz let me know.

So that i can come in detailed.

SU20 and SU21 are useful for creating FIELD and Object authorizations. i need to create authorization Group for DB Maintenance

reward me points if it is useful.

Thanks,

Sridhar.

Re: authorization group

Former Member — Wed, 18 Jun 2008 09:08:30 GMT

hi check these tables...AGR_USERS , UST04

Re: authorization group

Former Member — Wed, 18 Jun 2008 09:10:32 GMT

Authorization Gropu is required to restrict access to Reports( thorugh object S_PROGRAM) and also restrict acces to Tables (through object S_TABU_DIS)

For Tables:

- S_TABU_DIS is checked anytime someone looks at data in a table

directly (with one of these transactions - SE16/SE16N, SE17, SM30,

SM31 - or the Implementation Guide).

S_TABU_DIS has two fields: Activity and Authorization Group.

TheAuthorization Group field is mapped to which tables a user can

access. The mapping is performed in table TDDAT. Table TDDAT

maps the Authorization Group to a list of tables.

You can create a new Authorization Group using Transaction SE54.

For Reports:

You can use the authorization object S_PROGRAM to control the

authorization to execute a program. S_PROGRAM uses the following

fields:

- User Action determines if you can start the program and schedule it to

run in batch mode, and what variants you can use.

- Authorization Group determines which programs you can execute.

The Authorization Group field comes from the authorization group in the

attributes of an ABAP program.

For this authorization object to be effective, ABAP programs must have an

authorization group assigned to them in the attributes of the program. If a

program does not have an authorization group assigned, the system does

not carry our a check for S_PROGRAM. For this reason, you may want to

always assign an authorization group to programs created by customers.

With the RSCSAUTH program, you can assign an authorization group

to all executable programs or to individual programs or program groups.

This ensures effective protection.

Hope it helps.

Please award points if it is useful.

Re: authorization group

Former Member — Wed, 18 Jun 2008 09:10:52 GMT

Authorization Gropu is required to restrict access to Reports( thorugh object S_PROGRAM) and also restrict acces to Tables (through object S_TABU_DIS)

For Tables:

- S_TABU_DIS is checked anytime someone looks at data in a table

directly (with one of these transactions - SE16/SE16N, SE17, SM30,

SM31 - or the Implementation Guide).

S_TABU_DIS has two fields: Activity and Authorization Group.

TheAuthorization Group field is mapped to which tables a user can

access. The mapping is performed in table TDDAT. Table TDDAT

maps the Authorization Group to a list of tables.

You can create a new Authorization Group using Transaction SE54.

For Reports:

You can use the authorization object S_PROGRAM to control the

authorization to execute a program. S_PROGRAM uses the following

fields:

- User Action determines if you can start the program and schedule it to

run in batch mode, and what variants you can use.

- Authorization Group determines which programs you can execute.

The Authorization Group field comes from the authorization group in the

attributes of an ABAP program.

For this authorization object to be effective, ABAP programs must have an

authorization group assigned to them in the attributes of the program. If a

program does not have an authorization group assigned, the system does

not carry our a check for S_PROGRAM. For this reason, you may want to

always assign an authorization group to programs created by customers.

With the RSCSAUTH program, you can assign an authorization group

to all executable programs or to individual programs or program groups.

This ensures effective protection.

Hope it helps.

Please award points if it is useful.

Re: authorization group

Former Member — Wed, 18 Jun 2008 09:13:01 GMT

Hi,

Authorization Groups: -

Authorization groups are used to group the logically related objects.

· In the table maintenance screen, an entry for the authorization group should be created.

· While creating the program the authorization group should be specified in the attributes screen of the program.

· In the view TRDIR, we can get the list of all the objects associated to the authorization group.

for more information go through this links:

http://www.sapmaterial.com/authorization_checks.html

http://help.sap.com/saphelp_sm32/helpdata/en/6e/eb949c2d7911d4b5bf006094192fe3/content.htm

http://help.sap.com/saphelp_46c/helpdata/EN/35/26b17fafab52b9e10000009b38f974/content.htm

Regards

Adil

Re: authorization group

Former Member — Wed, 18 Jun 2008 09:13:51 GMT

Hi,

you can use transaction SE54 or simply in the program attribute you can type in a name for the group and it will get created into TPGP table.

you can also use program RSCSAUTH to assing authorization group to programs.

Eg: How to add Materials to Authorization group

Goto SPRO==>Logistics - General==> Material Master ==> Tools ==> Maintain Authorizations and Authorization Profiles

Thanks

Vikranth