Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Authority check on Tcode

Go to solution
Former Member

‎2008 Apr 23 11:38 AM

0 Likes
1,665

Hello Experts,

Please can any one tell me, how does the code behave in the below situation.

AUTHORITY-CHECK OBJECT 'S_TCODE'

ID 'TCD' FIELD 'ZSCHECK'

Here am checking whether the user has access to this Tcode 'Zscheck.' what happens if the user has Z*(partial wild card) or *(wildcard char's) in his role.

Does the user is allowed to access the TCode or rejected?

Thanks In advance.

Also how to do the Authorization-check at the table level.

(table-maintenance) ??

1 ACCEPTED SOLUTION
Read only

Go to solution
ThomasZloch
Active Contributor

‎2008 Apr 23 12:03 PM

0 Likes
1,070

Hi,

I don't see a need to check S_TCODE authorization explicitely, as it is always being checked by the system whenever you start a transaction.

Yes, Z* allows any Z-transaction, whereas * allows all transactions.

The authorization on table level is checked via S_TABU_DIS for an authorization group, which can be assigned in the table maintenance generator (SE54 or via SE11).

Cheers

Thomas

5 REPLIES 5
Read only

Go to solution
Sm1tje
Active Contributor

‎2008 Apr 23 11:54 AM

0 Likes
1,070

if user has Z* than he (probably) has authorization for all Z-transactions.

At table maintenance level you can check for transaction code SM30, which means he can't do any 'customizing'. If this is not what you want, create a transaction for your maintenance table in SE93 and check for this transaction code.

Read only

Go to solution
ThomasZloch
Active Contributor

‎2008 Apr 23 12:03 PM

0 Likes
1,071

Hi,

I don't see a need to check S_TCODE authorization explicitely, as it is always being checked by the system whenever you start a transaction.

Yes, Z* allows any Z-transaction, whereas * allows all transactions.

The authorization on table level is checked via S_TABU_DIS for an authorization group, which can be assigned in the table maintenance generator (SE54 or via SE11).

Cheers

Thomas

Read only

Go to solution
Former Member
In response to ThomasZloch

‎2008 Apr 23 2:58 PM

0 Likes
1,070

Please can you be more specific, how the do the authority check on Ztable (restrict the user to maintain the data).

Read only

Go to solution
ThomasZloch
Active Contributor
In response to ThomasZloch

‎2008 Apr 23 8:42 PM

0 Likes
1,070

You assign an authorization group to a table as Venkat and I described above.

Then only users who have authorization object S_TABU_DIS with that authorization group and the respective activity (display and/or change) in their roles/profiles can access the table.

Does this clarify?

Greetings

Thomas

Read only

Go to solution
Former Member

‎2008 Apr 23 3:11 PM

0 Likes
1,070

hi this is done through the authorisation group in the z table i think..

go to se11-->utilities->table maintainace generator>aurtorisation group--> aurtorisation object..

regards,

venkat