Authorization Check

former_member207873 · ‎2013 Sep 26

Hi Experts,

I have to do authority check for fields sales office, sales division (For 1st report) sales office (2nd Report) company code and plant (3rd Report) [All Custom Reports ].

I am aware of the existing authorization objects for this. V_VBKA_VKO, M_MATE_BUK, M_MATE_WRK. But the BASIS team havent given any authorization so far. (Or the existing configuration is like a particular sales office data visible by other sales office users). So from the ABAP side how to create one authorization object for these fields. In which class this have to be saved and which package. I already had a look on to http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a5...

BR.

former_member207873 · ‎2013 Sep 26

Any Help

former_member183069 · ‎2013 Sep 26

Hi,

Your question is now which package and which class...

It differs based on the client,

You have to discuss with the team lead or Basis team..

If they ok to create in new class you can create a new class..with the naming convention..

or if they asking to create in existing class then create your object under that.

You had also mentioned that you want to do authorization check for three reports.

so here you have to create three authorization object...

Former Member · ‎2013 Sep 26

You can create custom authorization object.

Arun_Prabhu_K · ‎2013 Sep 26

Whether you want to check if authorisation is available for a user to access a report?

If it is the case and if you have tcode for individual reports, then you can make use of

AUTHORITY-CHECK OBJECT 'S_TCODE' ID 'TCD' FIELD TCODE.

Then based on the sy-subrc value (0-Authorization available and 4-Authorization unavailable), you can proceed further.

tamil_arasan · ‎2013 Sep 26

Hi,

Refer this link to create custom authorization objects

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60d70376-712c-2e10-61ab-c1f3700ef...

Best regards,

Pradeep

former_member207873 · ‎2013 Sep 26

Any more help...

Former Member · ‎2013 Sep 26

Which other help you need?

Max

former_member207873 · ‎2013 Sep 26

In which package can i save the authorization objects. Can i save it in the same package where I created the custom programs.

Former Member · ‎2013 Sep 26

Hi

Yes of course....why not?

You can use the custom package you want...it can only depends on the development rules of your company or customer

Max

former_member207873 · ‎2013 Sep 27

Thanks Max for your reply.

Can you please explain me how can we proceed if we need one-to-one relationship with username and the field. What I mean is.

username1 - sales office1.

username2 - sales office2..

etc.

So do we have to create as many roles in PFCG?

RaymondGiuseppi · ‎2013 Sep 26

Well, creating customer objects because standard objects were not correctly managed, is some kind of bad practices, no ?

Else create you own objects in SU21 in you own class, use a customer namespace like Z* or Y*, but use standard fields in the object definition, use also a customer package. As all those objects are local to your system, don't expect answer in the forum.

Regards,

Raymond

tamil_arasan · ‎2013 Sep 27

Hi,

Do you mean, you want to restrict the users by Organizational Unit ?

If yes you can do it by derived roles. you have to create derived roles and assign to users.

There are two possible reasons for deriving a role from an existing role:

● The role menus are identical but the authorizations for the menu actions are different in the derived role.

● The menu and authorizations of the derived role are identical, but the organizational levels are different in the derived role.

Thanks,

Pradeep

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

Authorization Check