Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Regarding Authorization object

Former Member

‎2013 Dec 04 5:32 AM

0 Likes
1,424

Hello Every one,

I have a custom report and it needs to have authorizations. it means that only few users should be able to execute the report.

I am following the below path. Please let me know, if my approach is wrong or not a best practice.

I went to SU20 created a authorization field ztrxn with data-element as tcode.

Went to SU21 created an authorization object Z_AUTH_OBJ1, and assigned the above field to it.

In PFCG, i am trying to assign this authorization object to the user profile.

After this i am planning to use this auth-object created in the SU21  as below code snippet.

AUTHORITY-CHECK OBJECT 'Z_AUTH_OBJ1'

  ID 'ACTVT'  FIELD '02'

  ID 'CUSTTYPE' FIELD 'B'.

IF SY-SUBRC <> 0.

  MESSAGE E...

ENDIF.

1) How do i make use of the ACTVT and CUSTTYPE  fields ?

2) What is the authorization field 'ztrxn'  created above ?

Thank you.

4 REPLIES 4
Read only

koolspy_ultimate
Active Contributor

‎2013 Dec 04 5:37 AM

0 Likes
1,306

hi,

   You need to maintain the assignments of authorization objects in tcode: SU24.

ztrxn (as you mentioned above) is the field name used inside authorization objects.

Regards,

Madhumahesh.

Read only

Former Member

‎2013 Dec 04 6:09 AM

0 Likes
1,306

ACTVT field points what kind of authority you want to check for, 02 indicates that you are checking to make sure that the user has been granted the authority to change.

CUSTTYPE field is for only certain CUSTTYPE's have the ACTVT = 02 setup which means only certain user will have the authority to change.

   When the statement you have given is executed, this statement will check the configuration of authorization object 'S_TRVL_BKS' to see if the current user has the authority to change for CUSTTYPE = B. If the user does have the authority to change the sy-subrc will be zero, else it will be non-zero, in which case a message will be shown.

Read only

nabheetscn
SAP Champion
SAP Champion

‎2013 Dec 04 6:32 AM

0 Likes
1,306

Hi Chandra

Basically here you want to check whether use has change/display/create etc (ACTVT) for CUSTYPE values

Read F1 documentation for this

Nabheet

Read only

ThomasZloch
Active Contributor

‎2013 Dec 04 8:48 AM

0 Likes
1,306

You should always check first whether there is really a need for a new authorisation object. Most simpler tasks can be solved by using existing objects.

What exactly needs to be checked in your scenario? For simple may execute/may not execute scenarios, look at the authorisation groups in the program attributes, which is linked to S_PROGRAM (and S_DEVELOP) authorisation objects. Study the online documentation of these objects, also speak to your system and/or security administrator.

Thomas