Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Authorization Object

Go to solution
Former Member

‎2007 Nov 14 6:50 AM

0 Likes
669

Hi,

Can anyone guide me with the steps of creating an Authority Object and doing authority checks in ABAP programs as well as in Dictionary tables and Transactions.

Thanks in advance.

Regards,

Anindita

1 ACCEPTED SOLUTION
Read only

Go to solution
former_member386202
Active Contributor

‎2007 Nov 14 6:51 AM

0 Likes
510

Hi,

Refer this code.

&----

*& Form sub_check_auth_iwerk *

&----

  • This form checks authorization for plant. *

----

FORM sub_check_auth_iwerk .

--Constant for t code, no tcode hence value = '' (all)

CONSTANTS: lc_tcd LIKE tstc-tcode VALUE '*'.

*--Table for all the plants in selection screen. This

  • table will be used for authority check.

DATA: BEGIN OF li_plant OCCURS 0,

iwerk LIKE t001w-werks,

END OF li_plant.

*--Select query to pick plant from table t001w

SELECT werks "Plant

INTO TABLE li_plant

FROM t001w

WHERE werks IN s_iwerk.

LOOP AT li_plant.

AUTHORITY-CHECK OBJECT 'I_SWERK'

ID 'TCD' FIELD lc_tcd

ID 'SWERK' FIELD li_plant-iwerk.

*--Check SUBRC

IF sy-subrc NE 0.

*--No Authorization for Plant

MESSAGE e016 WITH li_plant-iwerk.

ENDIF.

ENDLOOP. "loop at li_plant

ENDFORM. "sub_check_auth_iwerk

Reagrds,

Prashant

3 REPLIES 3
Read only

Go to solution
former_member386202
Active Contributor

‎2007 Nov 14 6:51 AM

0 Likes
511

Hi,

Refer this code.

&----

*& Form sub_check_auth_iwerk *

&----

  • This form checks authorization for plant. *

----

FORM sub_check_auth_iwerk .

--Constant for t code, no tcode hence value = '' (all)

CONSTANTS: lc_tcd LIKE tstc-tcode VALUE '*'.

*--Table for all the plants in selection screen. This

  • table will be used for authority check.

DATA: BEGIN OF li_plant OCCURS 0,

iwerk LIKE t001w-werks,

END OF li_plant.

*--Select query to pick plant from table t001w

SELECT werks "Plant

INTO TABLE li_plant

FROM t001w

WHERE werks IN s_iwerk.

LOOP AT li_plant.

AUTHORITY-CHECK OBJECT 'I_SWERK'

ID 'TCD' FIELD lc_tcd

ID 'SWERK' FIELD li_plant-iwerk.

*--Check SUBRC

IF sy-subrc NE 0.

*--No Authorization for Plant

MESSAGE e016 WITH li_plant-iwerk.

ENDIF.

ENDLOOP. "loop at li_plant

ENDFORM. "sub_check_auth_iwerk

Reagrds,

Prashant

Read only

Go to solution
Former Member

‎2007 Nov 14 6:54 AM

0 Likes
510

Hi

http://help.sap.com/saphelp_47x200/helpdata/en/52/67167f439b11d1896f0000e8322d00/frameset.htm

http://help.sap.com/saphelp_erp2005/helpdata/en/ef/4aba3b3bf00152e10000000a114084/frameset.htm

Please find the following extract on Authorisation objects -

>

Using SU21 u can create Authorisation Object.

Details to give an authorisation for ABAP PROGRAMS are as follows

The smallest unit against which the check should be run is the authorization

field.

The ABAP command AUTHORITY-CHECK is used for performing authorizaton checks in programs. Before accessing the database the user should carry out an

authorization check which is implemented in the ABAP program. The

AUTHORITY-CHECK statement first checks if the user has the authorization

containing all the required values. Then the code value in the system field

SY-SUBRC is checked. If the required value is available for each

authorization field, the check is successful (SY-SUBRC = 0). If the value is

not 0, then the check is unsuccessful, which means that the user does not

possess the required authorization and an error message will be displayed.

AUTHORITY-CHECK sets SY-SUBRC to 4, 8, 12, 16, 24, 28, 32 or 36 depending on

the cause of the authorization failure, e.g. return code 4 means that the

user does not have the required authorization; SY-SUBRC = 8 means that the

check could not successfully be carried out since not all fields of the

object were specified. The field SUBRC is in the APAB Dictionary SYST. To

address the system field in an ABAP program, the form SY-<fieldname> is

used.

The ABAP syntax of the AUTHORITY-CHECK statement is:

AUTHORITY-CHECK OBJECT '<object>' (which created by you in SU21)

ID '<name1>' FIELD <f1> (fields given in Authorisation object)

???????????

ID '<name10>' FIELD <f10>.

Where <object> is the name of the authorization object that has to be

checked, <name1>,..., <name10> are the authorization fields in the object,

and <f1>,... ,<f10> are the values for which the authorization is to be

checked. If after the field name is entered DUMMY, the check for a

particular field will not be carried out.

Hope it serves your purpose

http://help.sap.com/saphelp_47x200/helpdata/en/52/67167f439b11d1896f0000e8322d00/frameset.htm

http://help.sap.com/saphelp_erp2005/helpdata/en/ef/4aba3b3bf00152e10000000a114084/frameset.htm

<b>Reward if usefull</b>

Read only

Go to solution
Former Member

‎2007 Nov 14 7:00 AM

0 Likes
510

hi

good

go through this link hope this would help you to give the idea about authorization object,

http://help.sap.com/saphelp_nw04s/helpdata/en/9f/dbaccb35c111d1829f0000e829fbfe/content.htm

http://help.sap.com/saphelp_nw04s/helpdata/en/9f/dbacbe35c111d1829f0000e829fbfe/content.htm

http://www.guidancetech.com/people/holland/sap/abap/

thanks

mrutyun^