Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Authorization Check

Go to solution
Former Member

‎2007 Feb 16 1:54 AM

0 Likes
1,391

Hi SDN's,

I am asked to do some authorisation checks on one of the Z Tcode. I am given the Auth Object Name and am asked to implement in my ABAP Code for the ZTcode.

What am i supposed to do?

Since that i have never done this before, Plz help me.

Thanks

Pratyusha

1 ACCEPTED SOLUTION
Read only

Go to solution
Former Member

‎2007 Feb 16 2:14 AM

0 Likes
1,259

Hi,

You need to add code similar to the below one in your Z report:

authority-check object 'Z_PLNT_AUT'

id 'ACTVT' field '03'

id 'WERKS' field i_auth_werks-werks.

if sy-subrc ne 0 .

message e398(00) with

'User' sy-uname 'not authorised for Plant : ' i_auth_werks-werks.

endif.

Thanks.

13 REPLIES 13
Read only

Go to solution
Former Member

‎2007 Feb 16 2:14 AM

0 Likes
1,260

Hi,

You need to add code similar to the below one in your Z report:

authority-check object 'Z_PLNT_AUT'

id 'ACTVT' field '03'

id 'WERKS' field i_auth_werks-werks.

if sy-subrc ne 0 .

message e398(00) with

'User' sy-uname 'not authorised for Plant : ' i_auth_werks-werks.

endif.

Thanks.

Read only

Go to solution
Former Member
In response to Former Member

‎2007 Feb 16 2:29 AM

0 Likes
1,259

Hi Rahul,

Thnk u for the reply,

lets consider my example. my Z tcode is not allowed for few users with diff company codes. so the auth obj given to me is doing that.

but i am doing another thing similar in my module pool PBO

i select the same from USR05 table and validate it against the PARID value having BUK ie the comp code

if sy-subrc ne 0 then i am giving an error msg

is this similar to the auth obj which i am asked to do

Regards

Pratyusha

Read only

Go to solution
Former Member
In response to Former Member

‎2007 Feb 16 2:37 AM

0 Likes
1,259

Usha,

Both the validations are different...

The one you have used in the Module Pool checks the Parameter Value Set for an User. If users have authorization for setting the parameters in their USER Profile, they can change this value.

Best would be to you AUTHORITY-CHECK command.

Thanks.

Read only

Go to solution
Former Member
In response to Former Member

‎2007 Feb 16 2:44 AM

0 Likes
1,259

Thnx Rahul,

one last thing the auth check which i am supposed to do shud be done in the PBO of the screen right?

Plz correct me if i am wrong

Regards

Pratyusha

Read only

Go to solution
Former Member
In response to Former Member

‎2007 Feb 16 2:46 AM

0 Likes
1,259

No Usha,

This should be in the PAI, as in the PBO event you won't have the Company Code for which user is executing the transaction.

Right?

Thanks.

Read only

Go to solution
Former Member
In response to Former Member

‎2007 Feb 16 2:49 AM

0 Likes
1,259

I default the Comp Code in the PBO itself.

So shud be OK right?

Regards

Pratyusha

Read only

Go to solution
Former Member
In response to Former Member

‎2007 Feb 16 2:51 AM

0 Likes
1,259

You mean user can not change this Company Code? If so, it will work. But am surprised as how are you defaulting the CO code?

I mean, how are you getting (selecting) this default Company code?

Message was edited by:

Rahul Patni

Read only

Go to solution
Former Member
In response to Former Member

‎2007 Feb 16 2:53 AM

0 Likes
1,259

Based on the SAP User ID i get if from USR05 and default it and the user can not change it.

Regards

Pratyusha

Read only

Go to solution
Former Member
In response to Former Member

‎2007 Feb 16 2:57 AM

0 Likes
1,259

Have you given authorization to the user to set parameter values in User Profiles?

If yes, then this check is fine. Or else I doubt how is this going to help.......?

Thanks

Read only

Go to solution
Former Member

‎2007 Feb 16 2:34 AM

0 Likes
1,259

When you create the Z-tcode there is a field to enter the authorization object.

Display your z-transaction (SE93) and look for the field below your program name/selection screen/variant/.

Read only

Go to solution
Former Member
In response to Former Member

‎2007 Feb 16 2:43 AM

0 Likes
1,259

Hi Sam,

Does this mean that we need nothing to do in our ABAP even after assigning the Auth Obj in SE93

I suppose not, as we need to give an error msg to the user.

So i had a check on the auth obj using auth check statemtn in the PBO. this shud be correct right?

Regards

Pratyusha

Read only

Go to solution
Former Member
In response to Former Member

‎2007 Feb 16 2:58 AM

0 Likes
1,259

I dont understand. if you are given an auth object and asked to restrict your t-code against it then why do you need to make additional check in your code? if there user does not have the authorization object in his/her role, then it will restricted automatically.

Read only

Go to solution
Former Member

‎2007 Feb 16 3:08 AM

0 Likes
1,259

HI,

Write code like this,

data: tcode like sy-tcode.

tcode = sy-tcode.

AUTHORITY-CHECK OBJECT 'P_TCODE'

ID 'TCD' FIELD TCODE.

if sy-subrc <> 0.

message error.

exit.

endif.

Regards

Subramanian