Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Authorization objects - Need your valuable info

Former Member

‎2008 Feb 11 8:23 PM

0 Likes
393

Hi SAP experts,

I have created some function modules at R/3 side . The input for these function modules will be give from SAP portal. ( SAP portal is the front end ) and the output would be displayed in the SAP portal ( My function modules act as back end ).

All these function modules should be accessed by only set of users .It should not be accessed by others.So how to check the authorization and give the access to those users only?

Please tell me clearly how to create this including the concepts of roles , authorization objects, authorization groups .

Your answer is very valuable to me.

Regards,

Vishnu.

2 REPLIES 2
Read only

gautam_totekar
Active Participant

‎2008 Feb 12 5:45 AM

0 Likes
365

Try using this link to create authorization objects and assigning users.

http://help.sap.com/saphelp_nw70/helpdata/en/52/671285439b11d1896f0000e8322d00/content.htm

Read only

Former Member

‎2008 Feb 12 5:53 AM

0 Likes
365

Authorization object are created in T-Code SU21, there you mention the fields for which you have to check the authorization check. There are also standard authorization object available kike:

For plant use the authorization object 'M_MATE_WRK'

Company code use 'M_MATE_BUK'

For Sales area use V_KNA1_VKO

In at the begining of you FM you have to check whether the user has the authorization or not. Ex: 


    LOOP AT gt_oifspbl INTO gw_oifspbl.
      AUTHORITY-CHECK OBJECT 'Z:ZIFS_BL'
          ID 'PBLNR' FIELD gw_oifspbl-pblnr
          ID 'ACTVT' FIELD '03'.
      IF sy-subrc NE 0.
        DELETE gt_oifspbl.
      ENDIF.
      CLEAR: gw_oifspbl.
    ENDLOOP.

In the above example the authorization of all the buisness location involved are checked. Not by looping the table we check the authorization of each buisness location and if the sy-subrc NE 0 or authorization fails we are deleting that corresponding record from the table.

If you for the element for which you are checking the authorization, is a parameter in the selection screen and mandatory then you can show error message if authorization fails. Ex: 



      AUTHORITY-CHECK OBJECT 'Z:ZIFS_BL'
          ID 'PBLNR' FIELD P_PBLNR
          ID 'ACTVT' FIELD '03'.
      IF sy-subrc NE 0.
        MESSAGE E001(001) with 'No authorization for the BL'.
      ENDIF.