2005 Dec 08 6:05 AM
Hi All,
How do I get the list of Authorisation Objects, Fields that belongs to a Transaction. For an example ME21n, MIGO ..
Also is there a way to get a list for a given Transaction with the Users ID, Authorisation Objects, and Fields.
Thats All.
Thank you,
Kishan
2005 Dec 08 6:58 AM
Hi again,
something close.
I m just giving the selection screen
data declaration, and SQL code.
U can then check the internal table
and display in alv if u require.
Just check out the sql and the tables used in it.
The logic will get cleared.
*----
SELECTION SCREEN
*----
SELECTION-SCREEN BEGIN OF BLOCK b01 WITH FRAME TITLE text-001.
SELECT-OPTIONS agrname FOR agr_tcodes-agr_name.
SELECT-OPTIONS tcode FOR agr_tcodes-tcode.
SELECT-OPTIONS agrusers FOR agr_users-uname.
SELECTION-SCREEN END OF BLOCK b01.
*----
TABLES agr_tcodes.
TABLES agr_users.
DATA: BEGIN OF itab OCCURS 0,
uname LIKE agr_users-uname,
agr_name LIKE agr_tcodes-agr_name,
text LIKE agr_texts-text,
tcode LIKE agr_tcodes-tcode,
ttext LIKE tstct-ttext,
%alvcount type i,
END OF itab.
*----
*----
Fetch Data
SELECT *
FROM agr_users AS a
INNER JOIN agr_tcodes AS b ON aagr_name = bagr_name
INNER JOIN tstct AS c ON btcode = ctcode
INNER JOIN agr_texts AS d ON aagr_name = dagr_name
INTO CORRESPONDING FIELDS OF TABLE itab
WHERE a~agr_name IN agrname
AND a~uname IN agrusers
AND b~tcode IN tcode
AND c~sprsl = sy-langu
AND d~spras = sy-langu
AND d~line = '0'.
2005 Dec 08 6:12 AM
Run the migo or what ever transaction and then run su53 trxn.then you can find the autorizations...
2005 Dec 08 6:13 AM
First run Your Trxn and then run su53 you can see all authorizations for the user.
vijay
2005 Dec 08 6:14 AM
2005 Dec 08 6:15 AM
Hi Kishan,
1. Just use this code (Just copy paste)
Regards,
Amit M.
&----
*& Report ZAUTH *
*& *
&----
*& *
*& *
&----
REPORT ZAUTH .
tables: tstc, tobjt, usobt, tactz, tobj, sscrfields.
*
AUTH_FIELD_GET_INFO DDIF_FIELDINFO_GET AUTH_FIELDINFO_GET
SUPRN_MAINTAIN_VALUES ************
data: begin of itab occurs 0.
include structure usobt.
data: end of itab.
data: begin of i_tc occurs 0,
tcode_l like tstc-tcode,
tcode_h like tstc-tcode,
end of i_tc.
data: begin of i_file occurs 0,
tcode_low like tstc-tcode,
tcode_high like tstc-tcode,
end of i_file.
data: fld_txt like dfies-fieldtext.
data: aa type i, bb type i, cc type i, dd type i, ee type i, ff type i.
data: begin of values occurs 0.
include structure tpr01.
data: end of values.
*
data new_line.
data upload.
data obj_change.
data fld_change.
*
data fld(20).
data val(20).
data ln_o like sy-lilli.
data ln_f like sy-lilli.
data field like itab-field.
data object like itab-object.
*
ranges: i_tcode for tstc-tcode. " OPTION EQ SIGN I.
select-options: tcode for tstc-tcode memory id tcd.
selection-screen function key 1.
selection-screen function key 2.
*SELECTION-SCREEN FUNCTION KEY 4.
initialization.
move 'Create File' to sscrfields-functxt_01.
move 'Upload Transaction Codes' to sscrfields-functxt_02.
at selection-screen.
case sy-ucomm.
when 'FC01'.
loop at tcode.
i_file-tcode_high = tcode-high.
i_file-tcode_low = tcode-low.
append i_file.
endloop.
if sy-subrc <> 0.
message i000(8i) with 'Empty File will be created!'.
endif.
call function 'DOWNLOAD'
exporting
BIN_FILESIZE = ' '
CODEPAGE = ' '
filename = 'C:\Windows\Desktop\TCODE.txt '
filetype = 'DAT'
ITEM = ' '
MODE = ' '
WK1_N_FORMAT = ' '
WK1_N_SIZE = ' '
WK1_T_FORMAT = ' '
WK1_T_SIZE = ' '
FILEMASK_MASK = ' '
FILEMASK_TEXT = ' '
FILETYPE_NO_CHANGE = ' '
FILEMASK_ALL = ' '
FILETYPE_NO_SHOW = ' '
SILENT = 'S'
COL_SELECT = ' '
COL_SELECTMASK = ' '
NO_AUTH_CHECK = ' '
IMPORTING
ACT_FILENAME =
ACT_FILETYPE =
FILESIZE =
CANCEL =
tables
data_tab = i_file
FIELDNAMES =
EXCEPTIONS
INVALID_FILESIZE = 1
INVALID_TABLE_WIDTH = 2
INVALID_TYPE = 3
NO_BATCH = 4
UNKNOWN_ERROR = 5
GUI_REFUSE_FILETRANSFER = 6
OTHERS = 7
.
if sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
endif.
when 'FC02'.
refresh i_tc. clear i_tc. refresh tcode. clear tcode.
upload = 'X'.
call function 'UPLOAD'
exporting
CODEPAGE = ' '
filename = 'C:\Windows\Desktop\Tcode.txt'
filetype = 'DAT'
ITEM = ' '
FILEMASK_MASK = ' '
FILEMASK_TEXT = ' '
FILETYPE_NO_CHANGE = ' '
FILEMASK_ALL = ' '
FILETYPE_NO_SHOW = ' '
LINE_EXIT = ' '
USER_FORM = ' '
USER_PROG = ' '
SILENT = 'S'
IMPORTING
FILESIZE =
CANCEL =
ACT_FILENAME =
ACT_FILETYPE =
tables
data_tab = i_tc
EXCEPTIONS
CONVERSION_ERROR = 1
INVALID_TABLE_WIDTH = 2
INVALID_TYPE = 3
NO_BATCH = 4
UNKNOWN_ERROR = 5
GUI_REFUSE_FILETRANSFER = 6
OTHERS = 7
.
if sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
else.
refresh i_tcode. clear i_tcode.
loop at i_tc.
if i_tc-tcode_h is initial.
if i_tc-tcode_l ca '*'.endif.
if sy-fdpos <> 20.
i_tcode-sign = 'I'.
i_tcode-option = 'CP'.
i_tcode-low = i_tc-tcode_l.
i_tcode-high = i_tc-tcode_h.
else.
i_tcode-sign = 'I'.
i_tcode-option = 'EQ'.
i_tcode-low = i_tc-tcode_l.
i_tcode-high = i_tc-tcode_h.
endif.
else.
i_tcode-sign = 'I'.
i_tcode-option = 'BT'.
i_tcode-low = i_tc-tcode_l.
i_tcode-high = i_tc-tcode_h.
endif.
append i_tcode.
endloop.
tcode[] = i_tcode[].
endif.
endcase.
*select * from tstc where tcode in tcode.
*ENDSELECT.
*IF sy-subrc <> 0.
*ENDIF.
read table tcode.
IF tcode IS INITIAL." AND UPLOAD <> 'X'.
if sy-subrc <> 0.
message e000(8i) with 'Please enter a Transaction Code'.
endif.
start-of-selection.
2 Transaction AA Object BB Object name
CC Field DD Field Description EE Value (interval Low) FF High
aa = 18.
bb = aa + 15.
cc = bb + 50.
dd = cc + 10.
ee = dd + 30.
ff = ee + 20.
*If sy-uname <> 'BASIS'.
Write: / 'You are not authorised to use this transaction'.
exit.
Endif.
SET PF-STATUS 'DOWN'.
*IF upload = 'X'.
SELECT * FROM usobt INTO TABLE itab WHERE name IN i_tcode.
*ELSE.
select * from usobt into table itab where name in tcode.
*ENDIF.
loop at itab.
select single * from tobjt where object = itab-object
and langu = sy-langu.
clear new_line.
clear obj_change.
clear fld_change.
*
format color off.
on change of itab-name.
new_line = 'Y'.
format color 4.
write:/2 itab-name(30).
hide: itab-name.
endon.
if new_line <> 'Y'.
new-line.
endif.
*
on change of itab-object.
obj_change = 'X'.
write: at aa itab-object.
hide: itab-object.
endon.
if new_line = 'Y' and obj_change <> 'X'.
write: at aa itab-object.
hide: itab-object.
endif.
*
on change of tobjt-ttext.
write: at bb tobjt-ttext.
endon.
if new_line = 'Y' and obj_change <> 'X'.
write: at bb tobjt-ttext.
hide: tobjt-ttext.
endif.
*
on change of itab-field.
fld_change = 'X'.
write: at cc itab-field color 6 inverse on hotspot.
hide: itab-field .
call function 'AUTH_FIELD_GET_INFO'
exporting
fieldname = itab-field
LANGU = SY-LANGU
importing
DATEL =
INTTYPE =
LNG =
RC =
text = fld_txt
.
write: at dd fld_txt.
endon.
if new_line = 'Y' and fld_change <> 'X'.
write: at cc itab-field color 6 inverse on hotspot.
write: at dd fld_txt.
endif.
*
write: at ee itab-low.
*
itab-high = 'Me'.
write: at ff itab-high.
endloop.
end-of-selection.
clear itab.
at line-selection.
clear object. clear field.
ln_o = sy-lilli.
ln_f = sy-lilli.
field = itab-field.
get cursor field fld value val.
if itab-object is initial.
do.
ln_o = ln_o - 1.
read line ln_o.
if sy-subrc <> 0.
exit.
endif.
if not itab-object is initial.
exit.
endif.
enddo.
object = itab-object.
else.
object = itab-object.
endif.
if field is initial.
do.
ln_f = ln_f - 1.
read line ln_f.
if sy-subrc <> 0.
exit.
endif.
if not itab-field is initial.
exit.
endif.
enddo.
field = itab-field.
endif.
call function 'SUPRN_MAINTAIN_VALUES'
exporting
object = object
field = field
SHOW_ONLY =
WITH_VARIABLES =
CHECK_MODE =
AUTHORITY_CHECK_TCODE = ' '
CONVERT_IF_ALLOWED = 'X'
SHOW_ALL_ACTIVITIES = ' '
NO_COMPLETE_AUTHORITY = ' '
AUTH_FOR_S_TABU_LIN = ' '
AUTH_CALL_MODE_S_TABU_LIN = ' '
IMPORTING
SAVE =
tables
f_values = values
FULL_VALUE_TAB =
.
2005 Dec 08 6:49 AM
Thanks All Points Awarded,
Amit solution was very close. The SU53 does not work for me because I have full Aurthorisation.
Is there a way we could list the Users, Authorisation Objects, Activities ....ect for a Given Transaction.
Thanks All,
Kishan
2005 Dec 08 6:56 AM
2005 Dec 08 9:04 AM
for a given tcode u can easily find auth object, and field from su24, enter tcode for maintain check indicator, F8,
then click display check indicator then click field values button.
Object Field Value (interval)
M_BEST_BSA ACTVT 01
02
03
08
09
BSART
M_BEST_EKG ACTVT 01
02
03
08
09
EKGRP $EKGRP
M_BEST_EKO ACTVT 01
02
03
08
09
EKORG $EKORG
M_BEST_WRK ACTVT 01
02
03
08
09
WERKS $WERKS
thanks
surjit
Message was edited by: surjit sandhu
2007 Nov 02 11:39 AM
2005 Dec 08 6:58 AM
Hi again,
something close.
I m just giving the selection screen
data declaration, and SQL code.
U can then check the internal table
and display in alv if u require.
Just check out the sql and the tables used in it.
The logic will get cleared.
*----
SELECTION SCREEN
*----
SELECTION-SCREEN BEGIN OF BLOCK b01 WITH FRAME TITLE text-001.
SELECT-OPTIONS agrname FOR agr_tcodes-agr_name.
SELECT-OPTIONS tcode FOR agr_tcodes-tcode.
SELECT-OPTIONS agrusers FOR agr_users-uname.
SELECTION-SCREEN END OF BLOCK b01.
*----
TABLES agr_tcodes.
TABLES agr_users.
DATA: BEGIN OF itab OCCURS 0,
uname LIKE agr_users-uname,
agr_name LIKE agr_tcodes-agr_name,
text LIKE agr_texts-text,
tcode LIKE agr_tcodes-tcode,
ttext LIKE tstct-ttext,
%alvcount type i,
END OF itab.
*----
*----
Fetch Data
SELECT *
FROM agr_users AS a
INNER JOIN agr_tcodes AS b ON aagr_name = bagr_name
INNER JOIN tstct AS c ON btcode = ctcode
INNER JOIN agr_texts AS d ON aagr_name = dagr_name
INTO CORRESPONDING FIELDS OF TABLE itab
WHERE a~agr_name IN agrname
AND a~uname IN agrusers
AND b~tcode IN tcode
AND c~sprsl = sy-langu
AND d~spras = sy-langu
AND d~line = '0'.
2007 May 29 4:32 PM
Hi Kishan,
I did this some weeks ago: you have to do a trace of the required transaction, which means:
1. Set trace through transaction ST01, flag "authority check". I think you have to introduce the user for which you are going to check authority, but I cannot find how right now.
2. Run transaction, for example, goods reception (including saving document).
3 Set trace off and check results.
Good luck,
F
2007 May 29 4:35 PM
Hi
If you are speaking about Creating a new Authorization Object, you can use transaction SU21.
Or if you want customize an existing Authorization object, you can do so using Transaction SU24.
Award points if useful, please
Regards
Ravi