2008 Dec 03 7:01 AM
Hi Experts,
I need to create an authorization object for a Z-Report where i need that the employee who has logged in, should be able to see the data for Only his Personnel Area.
Eg. I have 18 Personnel Areas, but i fall in 1 of them so i want that when i open a Z-Tcode, the F4 help for the Personnel Areas should only show the PA under which i fall.
How should i do that? and plz tell me whether it is a job of ABAP person or BASIS person?
thanks in advance
Prateek
2008 Dec 03 7:05 AM
hi,
you have to create a authorization object and put it in at selection-screen event in report
and ask your basis people to maintain that authorization objectwith respective values
in the role or profiles of the users.
2008 Dec 03 7:14 AM
thanx for replying but i need to know how do i create an authorization object & basis people are asking that its not their job, it cud be done only with ABAP coding... so please tell me the correct way to tell the basis people.
thanx
2008 Dec 03 7:16 AM
u can do like this
AUTHORITY-CHECK OBJECT u2019S_TRVL_BKSu2019
ID u2019ACTVTu2019 FIELD u201902u2019
ID u2019CUSTTYPEu2019 FIELD u2019Bu2019.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
the authority object assigned in above code is to be created by basis person
Edited by: amit kumar on Dec 3, 2008 12:46 PM
2008 Dec 03 7:16 AM
Hi
Creation of authorization object and calling it in the program is the job of the developer. Assigning of authorization is the job of basis guy. You can use the transaction SU21 to create the authroization objects.
Cheers,
Hakim
2008 Dec 03 7:22 AM
hi,
there are so many posts on how to create authorization object so search for them.
after creating it you have to code like this.
AT SELECTION-SCREEN.
DATA: h_werks LIKE t500p OCCURS 0 WITH HEADER LINE ,
h_funkt LIKE t591a OCCURS 0 WITH HEADER LINE .
REFRESH :h_werks[] , h_funkt .
CLEAR :h_werks , h_funkt .
SELECT * FROM t500p INTO TABLE h_werks WHERE persa IN s_werks .
SELECT * FROM t591a INTO TABLE h_funkt WHERE infty = '0034' AND subty IN s_funkt.
LOOP AT h_werks .
LOOP AT h_funkt .
AUTHORITY-CHECK OBJECT 'Z_HR_AUTH'
ID 'PERSA' FIELD h_werks-persa
ID 'FUNKT' FIELD h_funkt-subty.
IF sy-subrc NE 0.
MESSAGE e001(zhrrep) WITH h_werks-persa h_funkt-subty .
ENDIF.
ENDLOOP.
ENDLOOP.
after this tell basis people to maintain that object
in roles or profiles of users with the values you give them.
for ex: here in this case 'Z_HR_AUTH' is the auth object.
2008 Dec 03 7:24 AM
Goto SU21--> you will find create button below application toolbar --> click create Object Class (you may use existing Object class to hold your Authorization Object, in that case no need to follow this step) --> Select Object class from left side, right click and select Create Authorization Object --> Open another session and create one Z data element and Z domain in it, assign possible values you want to use in Authorization in Values of domain --> Double click on Authorization Object and mention field name as data element name you have created and activated in last step.
Now your Authorization Object is ready for use in program.
In your Z program you can check Authorization by
AUTHORITY-CHECK OBJECT <Authorization Object>
ID <field name> FIELD <value>.
IF sy-subrc <> 0.
Take action for no Authorization
ENDIF.
Regards,
Mohaiyuddin
2008 Dec 03 7:25 AM