Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Authorization object

Former Member

‎2010 Jun 02 11:40 PM

0 Likes
407

Hi,

My requirement is to create a authorization object such that user having this Auth Object attached to his profile can change a value of field on particular Tcode from X to y.

Please explain the different steps i need to carry out.

I tried with few steps but aftaer that i have no idea how to proceed.

1> I created a object class in SU21

2> Then i created one authorization object under this class.

3> I went to SU20 to create field name for which i want to restrict these values.

4 > Now back to SU21 i selected that field.

Afer that i am not sure wht other steps i need to carry out.....where i will assign possible values such that person can only set value.

2 REPLIES 2
Read only

former_member214857
Contributor

‎2010 Jun 03 12:00 AM

0 Likes
366

Hi Sanju

It seems that procedures were correct. However is important to check authorization check statment in your programs 

AUTHORITY-CHECK OBJECT <my_objc> 
         ID 'ACTVT' FIELD 'X'
         ID 'myfield' FIELD 'myvalue'

   IF sy-subrc NE 0.
      User does not have access to this record/area 
   ENDIF

Kind regards

Edited by: Carlos Machado on Jun 3, 2010 2:13 AM

Read only

Former Member

‎2010 Jun 03 12:29 AM

0 Likes
366

Hi Sanju,

Please read the following:

The ABAP syntax of the AUTHORITY-CHECK statement is:

AUTHORITY-CHECK OBJECT '<object>' (which created by you in SU21)

ID '<name1>' FIELD <f1> (fields given in Authorisation object)

u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026

ID '<name10>' FIELD <f10>.

Where <object> is the name of the authorization object that has to be

checked, <name1>,..., <name10> are the authorization fields in the object,

and <f1>,... ,<f10> are the values for which the authorization is to be

checked. If after the field name is entered DUMMY, the check for a

particular field will not be carried out.

FYI

AUTHORITY-CHECK statement first checks if the user has the authorization

containing all the required values. Then the code value in the system field

SY-SUBRC is checked. If the required value is available for each

authorization field, the check is successful (SY-SUBRC = 0). If the value is

not 0, then the check is unsuccessful, which means that the user does not

possess the required authorization and an error message will be displayed.

AUTHORITY-CHECK sets SY-SUBRC to 4, 8, 12, 16, 24, 28, 32 or 36 depending on

the cause of the authorization failure, e.g. return code 4 means that the

user does not have the required authorization; SY-SUBRC = 8 means that the

check could not successfully be carried out since not all fields of the

object were specified.

May this helps you.

Regards.

Deepak Sharma.