Solved: Authentication or Security Checks for ABAP program...

Former Member · ‎2007 Apr 24

Dear experts,

Please tell me where do we give the authentication or security checks to our ABAP programs and how do we do that. ( Do not allow all to execute our developed programs).

Regards,

Maanasa

Former Member · ‎2007 Apr 24

It depends on what exactly you want to control. However, most important is that access to SE38, SA38 etc should be taken away from all business users and all programs should be assigned to transaction code. The object S_TCODE controls automatically access to transaction codes. There is a parameter "Authorization Group" in the program attributes. In this field, you can enter the name of a program group. This allows you to group different programs together for authorization checks. The group name is a field of the two authorization objects S_DEVELOP (program development and program execution) and S_PROGRAM (program maintenance). Thus, you can assign authorizations to users according to program groups.

If want to control access to business data in your program you must code it using 'AUTHORITY-CHECK' statement specifing an appropriate object.

Former Member · ‎2007 Apr 24

simple way is :

create ztable in which u can maintain user id list.

so in every program u have to add ths validations like this

select * from zuserid where userid = sy-uname.

if sy-subrc ne 0.

message " not authorizaed to execute this report.

endif.

Regards

Prabhu

Former Member · ‎2007 Apr 24

If you know the authorization group u can use the following ways.

1. In the Attributes u can specify the authorization gourp name

2. AT SELECTION-SCREEN

AUTHORITY-CHECK OBJECT 'Z_TABU_DIS'

ID 'ACTVT' FIELD '03'

ID 'CUSTTYPE' FIELD v_class

ID 'TABLENAME' FIELD p_dbtble.

CASE SY-SUBRC.

WHEN 0.

WHEN OTHERS.

Error message

message I419(MO).

STOP.

ENDCASE.

Former Member · ‎2007 Apr 24

Hai Maaasa,

Before executing the program,u can give authentication so that particular user can execute it.

before executing it, u can check the user by,

if SY-UNAME = 'SMITH'.

<Execute Program>.

Else.

WRITE : 'U Don't have the Rights to Execute this Program'.

Endif.

Former Member · ‎2007 Apr 24

Hi Maanasa,

You can write a piece of code in your program which first checks the user ID (SY-UNAME) of the person executing the code and then allows further processing. For this you can create an authorization object (SU21) and assign the users you want to allow access to this object.

Hope this helps!

Regards,

Saurabh

Former Member · ‎2007 Apr 24

It depends on what exactly you want to control. However, most important is that access to SE38, SA38 etc should be taken away from all business users and all programs should be assigned to transaction code. The object S_TCODE controls automatically access to transaction codes. There is a parameter "Authorization Group" in the program attributes. In this field, you can enter the name of a program group. This allows you to group different programs together for authorization checks. The group name is a field of the two authorization objects S_DEVELOP (program development and program execution) and S_PROGRAM (program maintenance). Thus, you can assign authorizations to users according to program groups.

If want to control access to business data in your program you must code it using 'AUTHORITY-CHECK' statement specifing an appropriate object.

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

Authentication or Security Checks for ABAP programs