-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
- Autonomous Enterprise
- Artificial intelligence
- Data and analytics
- Autonomous Suite
- Technology platform
- Transformation management
- Midsize business solutions
- Financial management
- Spend management
- Supply chain management
- Human capital management
- Customer experience
- Enterprise resource planning
- Business network
- Sustainability management
- SAP Store
- Try SAP
- View all industries
- Partners
- Services
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- Autonomous Enterprise
- Artificial intelligence
- Data and analytics
- Autonomous Suite
- Technology platform
- Transformation management
- Midsize business solutions
- Financial management
- Spend management
- Supply chain management
- Human capital management
- Customer experience
- Enterprise resource planning
- Business network
- Sustainability management
- SAP Store
- Try SAP
- View all industries
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Groups
- Interest Groups
- Application Development and Automation
- Discussions
- Re: authorization objects
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
authorization objects
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Jan 24 10:50 AM
- SAP Managed Tags
- ABAP Development
hello,
can any body help me what are authorization objects and how they are use full in abap
how they can be created
how to implement in my z-prog / z-tables etc.
Thanks
Mukesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Jan 24 11:05 AM
- SAP Managed Tags
- ABAP Development
Hi,
Authorisation objects are used to restrict certain transactions to users.Critical data must be protected from unauthorised users.For example,the head has access to certain data.But it cannot be accessed by his subordinate.For this we need to define roles.
•Create an authorization object with transaction SU21.
An object usually consists of the ACTVT (activity) field and one other field,which specifies the data type to be protected.By ACTVT, we can decide if the data is accessible for change,display only etc.
•Add authorization fields to the authorization object created.
•Assign the authorization object to the transaction using SE93.
Attach the authorization object to the role using transaction PFCG.
Regards,
Beejal
**Reward if answer is helpful
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Jan 24 10:53 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Jan 24 10:53 AM
- SAP Managed Tags
- ABAP Development
Hi Mukesh,
By using this authorization objectsm we restrict the userd not to use soem transaction code. and we might restrict the users not to use some data ..
see the below documantation
<b>Authorization Check for Transactions</b>
You can directly link authorization objects with transaction codes. You can enter values for the fields of an authorization object in the transaction maintenance. Before the transaction is executed, the system compares these values with the values in the user master record and only starts the transaction if the appropriate authorization exists.
<b>Authorization Check for ABAP Programs</b>
For ABAP programs, the two objects S_DEVELOP (program development and program execution) and S_PROGRAM (program maintenance) exist. They contains a field P_GROUP that is connected with the program attribute authorization group. Thus, you can assign users program-specific authorizations for individual ABAP programs.
<b>Authorization Check in ABAP Programs</b>
A more sophisticated, user-programmed authorization check is possible using the Authority-Check statement. It allows you to check the entries in the user master record for specific authorization objects against any other values. Therefore, if a transaction or program is not sufficiently protected or not every user that is authorized to use the program can also execute all the actions, this statement must be used.
AUTHORITY-CHECK OBJECT object
ID name1 FIELD f1
ID name2 FIELD f2
...
ID namen FIELD fn.
See the Simpel Program
REPORT demo_authorithy_check.
PARAMETERS pa_carr LIKE sflight-carrid.
DATA wa_flights LIKE demo_focc.
AT SELECTION-SCREEN.
AUTHORITY-CHECK OBJECT 'S_CARRID'
ID 'CARRID' FIELD pa_carr
ID 'ACTVT' FIELD '03'.
IF sy-subrc = 4.
MESSAGE e045(sabapdocu) WITH pa_carr.
ELSEIF sy-subrc <> 0.
MESSAGE e184(sabapdocu) WITH text-010.
ENDIF.
START-OF-SELECTION.
SELECT carrid connid fldate seatsmax seatsocc
FROM sflight
INTO CORRESPONDING FIELDS OF wa_flights
WHERE carrid = pa_carr.
WRITE: / wa_flights-carrid,
wa_flights-connid,
wa_flights-fldate,
wa_flights-seatsmax,
wa_flights-seatsocc.
ENDSELECT.
Regards
Sudheer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Jan 24 11:22 AM
- SAP Managed Tags
- ABAP Development
DEAR Sudheer,
THANKS A LOT,
THAT IS FINE , BUT
1 . HOW TO CREATE IT
2. WHO / HOW AND WHERE I FEED THAT FILEDS DATA ON USERS LEVEL
FOR EXP.
IF I WANT TO RESTRICT REPORT FOR A USER NOT TO RUN FOR PERTICULAR PLANT
tHANKS
MUKESH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Jan 24 11:53 AM
- SAP Managed Tags
- ABAP Development
Creation of authorisation objects can be done in se80.
If you open a package and right click you can choose create. Then select others, then authorization object.
You can create authorisation objects there and also add fields .
If you assign these authorisation objects to profiles in your roles (and limit these to certain values), users who have these roles have authorisation for these objects will have this authorisation, others won't.
In your report you can do the check for the authorisation object as shown in other replies in this thread.
AUTHORITY-CHECK OBJECT '<authotiry object name>'
ID '<field name>' FIELD '<field value>'.
I hope this helps,
Dries
Message was edited by:
Dries Horions
I see Beejal replied while I was typing this, transaction SU21 can indeed also be used to create authorisation objects.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Jan 24 10:56 AM
- SAP Managed Tags
- ABAP Development
authorization objects are ones which are used to check whether an user has access to an object or not. If the user has access he can use the object else he will be exited.
Now, the user needs to be assigned a role with the authorization object and associated fields.
in program u need to write as...
AUTHORITY-CHECK OBJECT '<authotiry object name>'
ID '<field name>' FIELD '<field value>'.
say authority object created as F_BKPF_BUP & field for T001B-BRGRU has 0001 & 0002.
the user has access to T001B-BRGRU = 0002.
now,
AUTHORITY-CHECK OBJECT 'F_BKPF_BUP'
ID 'BRGRU' VALUE '0001'.
User can't access object.
AUTHORITY-CHECK OBJECT 'F_BKPF_BUP'
ID 'BRGRU' VALUE '0002'.
User can access object.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Jan 24 11:05 AM
- SAP Managed Tags
- ABAP Development
Hi,
Authorisation objects are used to restrict certain transactions to users.Critical data must be protected from unauthorised users.For example,the head has access to certain data.But it cannot be accessed by his subordinate.For this we need to define roles.
•Create an authorization object with transaction SU21.
An object usually consists of the ACTVT (activity) field and one other field,which specifies the data type to be protected.By ACTVT, we can decide if the data is accessible for change,display only etc.
•Add authorization fields to the authorization object created.
•Assign the authorization object to the transaction using SE93.
Attach the authorization object to the role using transaction PFCG.
Regards,
Beejal
**Reward if answer is helpful
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Jan 24 11:50 AM
- SAP Managed Tags
- ABAP Development
thanks,
now if i create it and put it in t-code & in prog. and then what happen when
1. object not assign to user
2. object assign to user but revelant fileds data not assign to user
mukesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2007 Mar 21 10:53 AM
- SAP Managed Tags
- ABAP Development
Hello Mukesh,
Use the following code.
TABLES t001w.
SELECT-OPTIONS s_werks FOR t001w-werks.
PARAMETERS p_werks type t001w-werks.
data s_werk TYPE SD_WERKS_RANGES.
AT SELECTION-SCREEN.
APPEND LINES OF s_werks TO s_werk.
CALL METHOD zkltest=>validate_plant
CHANGING
so_werks = s_werk
p_werks = p_werks.
START-OF-SELECTION.
WRITE 'SUCCESSFUL'.
METHOD validate_plant.
DATA : l_flag TYPE c,
l_message TYPE string VALUE 'You are not Authorized to use the following Plants ',
wa_werks TYPE ty_werks,
i_werks TYPE STANDARD TABLE OF ty_werks.
IF so_werks IS NOT INITIAL.
SELECT werks FROM t001w "Do this only if Select-options is passes
INTO TABLE i_werks
WHERE werks IN so_werks.
elseif p_werks IS NOT INITIAL.
SELECT werks FROM t001w "Do this if Parameter is passed
INTO TABLE i_werks
WHERE werks = p_werks.
ENDIF.
LOOP AT i_werks INTO wa_werks.
AUTHORITY-CHECK OBJECT 'M_MATE_WRK'
ID 'ACTVT' FIELD '03'
ID 'WERKS' FIELD wa_werks-werks.
IF sy-subrc <> 0.
l_flag = '1'.
CONCATENATE l_message ', ' wa_werks INTO l_message.
ENDIF.
ENDLOOP.
IF l_flag EQ '1'.
CLEAR : so_werks,
p_werks.
MESSAGE l_message TYPE 'W'.
ENDIF.
ENDMETHOD.
Bluesky