Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

authorization issue

Former Member

‎2006 Sep 14 10:40 AM

0 Likes
756

Hi,

I have a confusion. Actually i have been given an authorization group and i have been told to keep it in the attributes of the program.

Actually this authorization is for checking who can execute this program and who cant.

Now my issue is Do i also need an authorization object or only giving the authorization group in the attributes is enough. I have not been given any authorization object so i believe it is not needed but in the function module we have to specify an object. i am confused. Can someone help

6 REPLIES 6
Read only

Former Member

‎2006 Sep 14 10:41 AM

0 Likes
709

Hi pavan,

1. Its enough.

2. from help (F1 on authorisation group - attributes)

Authorization group to which the program is assigned.

The assignment of a program to an authorization group plays a role when the system checks whether the user is authorized to:

Execute a program

--> Authorization object S_PROGRAM

Edit a program (-Include) in the ABAP Workbench

--> Authorization object S_DEVELOP

Programs that are not assigned to an authorization group are not protected against display and execution.

Security-related programs should, therefore, always be assigned to an authorization group.

Report RSCSAUTH can also be used to assign programs to authorization groups. This report is documented in detail.

regards,

amit m.

Read only

Former Member
In response to Former Member

‎2006 Sep 14 11:00 AM

0 Likes
709

Hi Amit,

So does that mean that i have to give

CALL function 'AUTHORITY_CHECK'

exporting

  • NEW_BUFFERING = 3

USER = SY-UNAME

object = S_PROGRAM (this is what is given in the F1 help)

field1 = 'ACTVT'

VALUE1 = '16' “ for Execution

Read only

Former Member
In response to Former Member

‎2006 Sep 14 11:02 AM

0 Likes
709

Hi again,

1. of course not.

2. These all things will be taken care

by the R/3 system,

whenver that program is executed.

3. We don't have to write any such

check in our abap code.

regards,

amit m.

Read only

Former Member
In response to Former Member

‎2006 Sep 14 11:06 AM

0 Likes
709

thanks Amit,

One more thing... How can i see if i am authorized to run the program.. is there any way to check it i have been included in the authorization group

Read only

Former Member

‎2006 Sep 14 11:33 AM

0 Likes
709

AUTHORITY-CHECK OBJECT object

ID name1 FIELD f1

ID name2 FIELD f2

...

ID name10 FIELD f10.

http://www.geocities.com/siliconvalley/campus/6345/authorit.htm

http://help.sap.com/saphelp_banking463/helpdata/en/5c/deaa74d3d411d3970a0000e82de14a/content.htm

http://help.sap.com/saphelp_nw2004s/helpdata/en/9f/dbaccb35c111d1829f0000e829fbfe/content.htm

Please reward for the same.

Read only

Former Member
In response to Former Member

‎2006 Sep 14 11:35 AM

0 Likes
709

check this example

Example

Check whether the user is authorized for a particular plant. In this case, the following authorization object applies:

Table OBJ : Definition of authorization object

M_EINF_WRK

ACTVT

WERKS

Here, M_EINF_WRK is the object name, whilst ACTVT and WERKS are authorization fields. For example, a user with the authorizations

M_EINF_WRK_BERECH1

ACTVT 01-03

WERKS 0001-0003 .

can display and change plants within the Purchasing and Materials Management areas.

Such a user would thus pass the checks

AUTHORITY-CHECK OBJECT 'M_EINF_WRK'

ID 'WERKS' FIELD '0002'

ID 'ACTVT' FIELD '02'.

AUTHORITY-CHECK OBJECT 'M_EINF_WRK'

ID 'WERKS' DUMMY

ID 'ACTVT' FIELD '01':

but would fail the check

AUTHORITY-CHECK OBJECT 'M_EINF_WRK'

ID 'WERKS' FIELD '0005'

ID 'ACTVT' FIELD '04'.

Please reward points.