Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

How to create authorization objects ?

Former Member
0 Kudos
40,825

Hi All,

I want to create authorization objects for particular ZProgram to control the selection-screen parameters values.

Pl tell me the step by step procedure regarding the issue.

Thanks & Regards

Rayudu

1 ACCEPTED SOLUTION

Former Member
7,862

Hi,

Go to SU21. Select the module in which you want to craete the authorization object.

Create an object and assign the activities you require.

Thats it.

Use this authority object in your progam.

Regards

Subramanian

9 REPLIES 9

Former Member
7,863

Hi,

Go to SU21. Select the module in which you want to craete the authorization object.

Create an object and assign the activities you require.

Thats it.

Use this authority object in your progam.

Regards

Subramanian

Former Member
0 Kudos
7,862

Rayudu,

Tcode to creat authorization object is SU03.But basis guys has to create this.

To check the authorization of the user of an ABAP program, use the AUTHORITY-CHECK statement:

AUTHORITY-CHECK OBJECT '<object>'

ID '<name1>' FIELD <f1>

ID '<name2>' FIELD <f2>

.............

ID '<name10>' FIELD <f10>.

<object> is the name of the object that you want to check. You must list the names (<name1>, <name2> ...) of all authorization fields that occur in <object>. You can enter the values <f 1 >, <f 2 >.... for which the authorization is to be checked either as variables or as literals. The AUTHORITY-CHECK statement checks the user’s profile for the listed object, to see whether the user has authorization for all values of <f>. Then, and only then, is SY-SUBRC set to 0. You can avoid checking a field by replacing FIELD <f> with DUMMY. You can only evaluate the result of the authorization check by checking the contents of SY-SUBRC. For a list of the possible return values and further information, see the keyword documentation for the AUTHORITY-CHECK statement. For further general information about the SAP authorization concept, refer to Users and Authorizations.

There is an authorization object called F_SPFLI. It contains the fields ACTVT, NAME, and CITY.

SELECT * FROM SPFLI.

AUTHORITY-CHECK OBJECT 'F_SPFLI'

ID 'ACTVT' FIELD '02'

ID 'NAME' FIELD SPFLI-CARRID

ID 'CITY' DUMMY.

IF SY-SUBRC NE 0. EXIT. ENDIF.

ENDSELECT.

If the user has the following authorizations for F_SPFLI:

ACTVT 01-03, NAME AA-LH, CITY none,

and the value of SPFLI-CARRID is not between "AA" and "LH", the authorization check terminates the SELECT loop.

Pls. Mark if useful

0 Kudos
7,862

Hi,

Thanks for your reply.

Here I have followed the entire procedure what you said, but I am not getting sy-subrc value not equal to zero.The subrc always showing the value 0 even I passed the wrong entries.

I have done as following

1. Create Object ZPROD_MAST with 2 fields 'ACTVT' and 'APO_PROD'(Set the value as A* ).

2. Assigned the profie to user.

3. Written the code as follows in ZPROGRAM.

AUTHORITY-CHECK OBJECT 'ZPROD_MAST'

ID 'ACTVT' DUMMY

ID 'APO_PROD' FIELD MATNR.

Whatever value I passed in MATNR field, I am getting sy-subrc value 0 only.

Can you let me know what is wrong is going here ?

Hope you understand my problem.

Thanks

Rayudu

0 Kudos
7,862

Hi,

Thanks for your reply.

Here I have followed the entire procedure what you said, but I am not getting sy-subrc value not equal to zero.The subrc always showing the value 0 even I passed the wrong entries.

I have done as following

1. Create Object ZPROD_MAST with 2 fields 'ACTVT' and 'APO_PROD'(Set the value as A* ).

2. Assigned the profie to user.

3. Written the code as follows in ZPROGRAM.

AUTHORITY-CHECK OBJECT 'ZPROD_MAST'

ID 'ACTVT' DUMMY

ID 'APO_PROD' FIELD MATNR.

Whatever value I passed in MATNR field, I am getting sy-subrc value 0 only.

Can you let me know what is wrong is going here ?

Hope you understand my problem.

Thanks

Rayudu

0 Kudos
7,862

Hi,

once you check the authorization go to tr code su53 and check for validation of authority

there will get the list of authorization for you.

Regards

Shiva

Former Member
0 Kudos
7,862

Hi,

•Create an authorization object with transaction SU21.

An object usually consists of the ACTVT (activity) field and one other field,which specifies the data type to be protected.By ACTVT, we can decide if the data is accessible for change,display only etc.

•Add authorization fields to the authorization object created.

•Assign the authorization object to the transaction using SE93.

Attach the authorization object to the role using transaction PFCG.

To assign roles,use transaction PFCG.Create a new role.In the AUTHORIZATIONS tab,you can get a self generated profile name and a profile text by clicking on the icon next to it.Then go to the "Change Authorization data" and choose an authorization template.Then you can choose to display/change/create an activity and after the selection,click on the red and white circle.The profile will now be created.

In the user tab,you can give the user details who can use this role.

Also check this link:

http://www.sapsecurityonline.com/r3_security/r3_security_tips.htm

Regards,

Beejal

**Reward if answer is helpful

0 Kudos
7,862

Hi,

Thanks for your reply.

Here I have followed the entire procedure what you said, but I am not getting sy-subrc value not equal to zero.The subrc always showing the value 0 even I passed the wrong entries.

I have done as following

1. Create Object ZPROD_MAST with 2 fields 'ACTVT' and 'APO_PROD'(Set the value as A* ).

2. Assigned the profie to user.

3. Written the code as follows in ZPROGRAM.

AUTHORITY-CHECK OBJECT 'ZPROD_MAST'

ID 'ACTVT' DUMMY

ID 'APO_PROD' FIELD MATNR.

Whatever value I passed in MATNR field, I am getting sy-subrc value 0 only.

Can you let me know what is wrong is going here ?

Hope you understand my problem.

Thanks

Rayudu

0 Kudos
7,862

Hi,

Follow <b><a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c">this guide</a></b> about Authorization objects creation, it's fully explained. Although it says it's meant for Netweaver 2004s, it's also applicable to previous versions.

Please award points if helpful.

Former Member
0 Kudos
7,862