2007 May 07 8:18 AM
2007 May 07 8:27 AM
https://forums.sdn.sap.com/click.jspa?searchID=2451725&messageID=1132669
Regards,
Amit
Reward all helpful replies.
2007 May 07 8:22 AM
Hi,
Authorisation objects are used to restrict certain transactions to users.Critical data must be protected from unauthorised users.For example,the head has access to certain data.But it cannot be accessed by his subordinate.For this we need to define roles.
Create an authorization object with transaction SU21.
An object usually consists of the ACTVT (activity) field and one other field,which specifies the data type to be protected.By ACTVT, we can decide if the data is accessible for change,display only etc.
Add authorization fields to the authorization object created.
Assign the authorization object to the transaction using SE93.
Attach the authorization object to the role using transaction PFCG.
Authorization Check for Transactions
You can directly link authorization objects with transaction codes. You can enter values for the fields of an authorization object in the transaction maintenance. Before the transaction is executed, the system compares these values with the values in the user master record and only starts the transaction if the appropriate authorization exists.
Authorization Check for ABAP Programs
For ABAP programs, the two objects S_DEVELOP (program development and program execution) and S_PROGRAM (program maintenance) exist. They contains a field P_GROUP that is connected with the program attribute authorization group. Thus, you can assign users program-specific authorizations for individual ABAP programs.
Authorization Check in ABAP Programs
A more sophisticated, user-programmed authorization check is possible using the Authority-Check statement. It allows you to check the entries in the user master record for specific authorization objects against any other values. Therefore, if a transaction or program is not sufficiently protected or not every user that is authorized to use the program can also execute all the actions, this statement must be used.
Please check the following
http://help.sap.com/saphelp_nw04/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/content.htm
http://www.sapsecurityonline.com/r3_security/r3_security_tips.htm
Regards,
Priyanka.
2007 May 07 8:27 AM
https://forums.sdn.sap.com/click.jspa?searchID=2451725&messageID=1132669
Regards,
Amit
Reward all helpful replies.
2007 May 07 8:30 AM
Hi,
Authorization Check in ABAP Programs
demo_authorithy_check
Regards
Sudheer