topic Re: Authorization objects and Roles in Application Development and Automation Discussions

Authorization objects and Roles

Former Member — Tue, 22 Jul 2008 09:54:48 GMT

Please let me know, how authorization objects created in SU21 gets linked to a role a user, I did search before posting but didn't find any relevant answer.

Re: Authorization objects and Roles

Former Member — Tue, 22 Jul 2008 10:03:52 GMT

Hi Ratan,

AUthory check is nothing but the authorization created for specific user or restrictions for users to particular transactions etc.....e.g. I can not access SU21 trasanction on client SAP system because I am not authorizaed to view the same.

Ok....For this you need to -->

1. GO to SU21.

2. Create Object Class first.

3. Create Authorization Object and assign the class to the same.

4. While creating the Object you need to provide the fields for which you need authorization.

5. First provide field ACTVT and then your fieldname.

6. Save and Activate....

In your Program call FM 'AUTHORITY_CHECK' ...

*Authority check for Pur Org and Plant

CALL FUNCTION 'AUTHORITY_CHECK'

EXPORTING

USER = SY-UNAME

OBJECT = 'ZM02'

FIELD1 = 'EKORG' "Provided while creating Auth Objects

field2 = 'WERKS' ""Provided while creating Auth Objects

EXCEPTIONS

USER_DONT_EXIST = 1

USER_IS_AUTHORIZED = 2

USER_NOT_AUTHORIZED = 3

USER_IS_LOCKED = 4

OTHERS = 5.

Roles

SAP Security will create the roles. This is not related to ABAP people....They will define the roles according to the requirement.

Thanks and Regards,

CoolDeep.

Re: Authorization objects and Roles

Former Member — Tue, 22 Jul 2008 10:06:46 GMT

Hi ,

in SU21 u will creat Autho.Objects on the required Fields , and activity as well ,

ex.

Au.Object for Comany COde .

Z_BUKRS_XXXX

fields ->BUKRS

-->Activity.

and u will add this authorization Objects in the User Profiles , with values.

Regards

Prabhu

Re: Authorization objects and Roles

Former Member — Tue, 22 Jul 2008 10:07:07 GMT

Hi Ratan,

You can try the following links for that.

http://www.thespot4sap.com/Articles/SAP_BC_Authorization_Concept.asp

and also SAP online help.

Authorization objects.

http://help.sap.com/saphelp_nw70/helpdata/en/52/671285439b11d1896f0000e8322d00/content.htm

Role administration.

http://help.sap.com/saphelp_nw70/helpdata/en/52/6714a9439b11d1896f0000e8322d00/content.htm

Re: Authorization objects and Roles

Former Member — Tue, 22 Jul 2008 10:13:09 GMT

good

Check the below link.

http://help.sap.com/saphelp_45b/helpdata/en/c4/3a7f6d505211d189550000e829fbbd/content.htm

Thanks

mrutyun^

Re: Authorization objects and Roles

Former Member — Tue, 22 Jul 2008 10:19:36 GMT

Hi Ratan,

Creating Authorization Roles

Use

You can create a new authorization role in the SAP system with the Create/Convert Role function.

Prerequisites

To monitor and maintain the data transferred from the portal to the SAP system you need role administration authorization (see Authorizations).

Procedure To create a new authorization role:

... 1. Start transaction WP3R.

The initial screen for role administration, Follow-Up Processes for Portal Roles, appears.

2. On the initial screen, select Maintain Authorization Roles and run the program.

A report is displayed containing all portal roles and the authorization roles associated with them. Roles transferred from the portal are highlighted in blue. The warning icon allows you to identify that there are no authorization roles for these roles.

If a role is highlighted in red, it has been deleted in the portal.

3. To find out which services there are for a role, expand the structure of the relevant role, select a logical system, and choose Goto ® Service list or .

If SAP Enterprise Portal has transferred services that are not supported in the current system, these are displayed in a separate section of the service list and ignored when the services are transferred to the authorization role.

4. To close the window with the service list, choose Continue.

5. Click the logical system and choose Authorization role ® Create/Convert or choose the icon next to the logical system.

The system asks for the name of the new role. If you enter a name for which there is no role to date, the system creates a new one. You can also create more than one authorization role per logical system, depending on how many authorization versions you require.

If you enter the name of an existing role, the system informs you that you can convert this role to an authorization role. The conversion can only take place if you enter the name of a root single role (not a derived role or a composite role).

When converting an existing role to an authorization role, the system assumes that the structure of the role is defined forthwith through the enterprise portal and role assignment is only assigned through the enterprise portal. During conversion, a dialog box points out the consequences.

The services of the portal role are immediately transferred to the menu structure of the new role. You can also use the Create/Convert function for authorization roles. It can be used to create derived authorization roles.

A warning is given if no authorization roles were yet created for the services of a portal role for a logical system.

You Can follow the below links it would be halpfull for you

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c

http://help.sap.com/saphelp_nw04/helpdata/en/c1/db3fc2fd3111d5997a00508b6b8b11/frameset.htm