Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization Object for Z-Report

Former Member
0 Kudos
979

Hi Experts,

I need to create an authorization object for a Z-Report where i need that the employee who has logged in, should be able to see the data for Only his Personnel Area.

Eg. I have 18 Personnel Areas, but i fall in 1 of them so i want that when i open a Z-Tcode, the F4 help for the Personnel Areas should only show the PA under which i fall.

How should i do that? and plz tell me whether it is a job of ABAP person or BASIS person?

thanks in advance

Prateek

7 REPLIES 7

GauthamV
Active Contributor
0 Kudos
150

hi,

you have to create a authorization object and put it in at selection-screen event in report

and ask your basis people to maintain that authorization objectwith respective values

in the role or profiles of the users.

Former Member
0 Kudos
150

thanx for replying but i need to know how do i create an authorization object & basis people are asking that its not their job, it cud be done only with ABAP coding... so please tell me the correct way to tell the basis people.

thanx

Former Member
0 Kudos
150

u can do like this

AUTHORITY-CHECK OBJECT u2019S_TRVL_BKSu2019

ID u2019ACTVTu2019 FIELD u201902u2019

ID u2019CUSTTYPEu2019 FIELD u2019Bu2019.

IF SY-SUBRC <> 0.

MESSAGE E...

ENDIF.

the authority object assigned in above code is to be created by basis person

Edited by: amit kumar on Dec 3, 2008 12:46 PM

0 Kudos
150

Hi

Creation of authorization object and calling it in the program is the job of the developer. Assigning of authorization is the job of basis guy. You can use the transaction SU21 to create the authroization objects.

Cheers,

Hakim

GauthamV
Active Contributor
0 Kudos
150

hi,

there are so many posts on how to create authorization object so search for them.

after creating it you have to code like this.


AT SELECTION-SCREEN.
  DATA: h_werks LIKE t500p OCCURS 0 WITH HEADER LINE ,
        h_funkt LIKE t591a OCCURS 0 WITH HEADER LINE .
  REFRESH :h_werks[] , h_funkt .
  CLEAR :h_werks , h_funkt .
  SELECT * FROM t500p INTO TABLE h_werks WHERE persa IN s_werks .
  SELECT * FROM t591a INTO TABLE h_funkt WHERE infty = '0034' AND subty IN s_funkt.

  LOOP AT h_werks .
    LOOP AT h_funkt .
      AUTHORITY-CHECK OBJECT 'Z_HR_AUTH'
               ID 'PERSA' FIELD h_werks-persa
               ID 'FUNKT' FIELD h_funkt-subty.
      IF sy-subrc NE 0.
        MESSAGE e001(zhrrep) WITH h_werks-persa h_funkt-subty .
      ENDIF.
    ENDLOOP.
  ENDLOOP.

after this tell basis people to maintain that object

in roles or profiles of users with the values you give them.

for ex: here in this case 'Z_HR_AUTH' is the auth object.

Former Member
0 Kudos
150

Goto SU21--> you will find create button below application toolbar --> click create Object Class (you may use existing Object class to hold your Authorization Object, in that case no need to follow this step) --> Select Object class from left side, right click and select Create Authorization Object --> Open another session and create one Z data element and Z domain in it, assign possible values you want to use in Authorization in Values of domain --> Double click on Authorization Object and mention field name as data element name you have created and activated in last step.

Now your Authorization Object is ready for use in program.

In your Z program you can check Authorization by

AUTHORITY-CHECK OBJECT <Authorization Object>

ID <field name> FIELD <value>.

IF sy-subrc <> 0.

  • Take action for no Authorization

ENDIF.

Regards,

Mohaiyuddin

Former Member
0 Kudos
150

thanx for the reply.