Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

About Authorization Objects.

Former Member

‎2007 Oct 15 12:26 PM

0 Likes
451

Hi,

Who is responsible for creation of Authorization objects.

And let me know how would I restrict particular user at a particular plant accessing others plant data.

eg. a user 'XYZ' at '1234' plant should see only his/her data. He/she should not see the other plant data.

Please help ASAP.

3 REPLIES 3
Read only

Former Member

‎2007 Oct 15 12:30 PM

0 Likes
429

Hi,

First create object class in su21.. Then create authorization object in su22...

check the link..

Authorization Object Creation

http://www.sap-img.com/basis/useful-sap-system-administration-transactions.htm

http://sap.ittoolbox.com/groups/technical-functional/sap-r3-basis/please-how-to-create-an-authorizat...

check following Threads :

Regards,

Padmam.

Read only

Former Member

‎2007 Oct 15 12:32 PM

0 Likes
429

<b>Check with below link about auth objects and it is very good document.

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c</b>

Read only

Former Member

‎2007 Oct 15 12:39 PM

0 Likes
429

hI

Authorisation objects are used to restrict certain transactions to users.Critical data must be protected from unauthorised users.For example,the head has access to certain data.But it cannot be accessed by his subordinate.For this we need to define roles.

•Create an authorization object with transaction SU21.

An object usually consists of the ACTVT (activity) field and one other field,which specifies the data type to be protected.By ACTVT, we can decide if the data is accessible for change,display only etc.

•Add authorization fields to the authorization object created.

•Assign the authorization object to the transaction using SE93.

Attach the authorization object to the role using transaction PFCG.

Authorization Check for Transactions

You can directly link authorization objects with transaction codes. You can enter values for the fields of an authorization object in the transaction maintenance. Before the transaction is executed, the system compares these values with the values in the user master record and only starts the transaction if the appropriate authorization exists.

Authorization Check for ABAP Programs

For ABAP programs, the two objects S_DEVELOP (program development and program execution) and S_PROGRAM (program maintenance) exist. They contains a field P_GROUP that is connected with the program attribute authorization group. Thus, you can assign users program-specific authorizations for individual ABAP programs.

Authorization Check in ABAP Programs

A more sophisticated, user-programmed authorization check is possible using the Authority-Check statement. It allows you to check the entries in the user master record for specific authorization objects against any other values. Therefore, if a transaction or program is not sufficiently protected or not every user that is authorized to use the program can also execute all the actions, this statement must be used.

Please check the following

http://help.sap.com/saphelp_nw04/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/content.htm

http://www.sapsecurityonline.com/r3_security/r3_security_tips.htm