Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

User role and Authority-check ?

Former Member
0 Kudos
1,488

Hello,

Could you please let me know how are the differences between User role and Authority-check. In a program I do not use Authority-check , And The user is not assigned to user role which contain this transaction ( for this program), Can the user execute this transaction OR he must be assigned to user role which contain this transaction to execute it . Supposing that we do not use any Authority-check in then program.

Thanks in advance

1 ACCEPTED SOLUTION

mvoros
Active Contributor
0 Kudos
128

Hi,

by default SAP executes authorization check for the authorization object S_TCODE. So if user wants to run transaction then he needs to have assigned role or profile which gives him an authorization for this object for your transaction.

Cheers

6 REPLIES 6

Former Member
0 Kudos
128

Hi,

You have to assign the user to that user role which contain that transaction then only it execute the report.

mvoros
Active Contributor
0 Kudos
129

Hi,

by default SAP executes authorization check for the authorization object S_TCODE. So if user wants to run transaction then he needs to have assigned role or profile which gives him an authorization for this object for your transaction.

Cheers

0 Kudos
128

Hello Martin,

I think this answers the OP's question about user not being assigned the role which contains the trxn code. As you have explained in this case the default auth. check for S_TCODE will fail & user cannot execute the trxv. (If i remember correctly the tables for this are AGR_USERS & AGR_TCODES)

Anyways just to add to the OP's query. Auth. objects are added to profiles which in turn assigned to roles. So if you implement the auth. object in your program the user must also subscribe to the role containing the auth. obj. profile to be able to execute it.

@OP:

The transactions PFCG & SUIM might interest you. Also the tables dealing with these stuffs begin with AGR*. You can check the tables for better understanding.

BR,

Suhas

mvoros
Active Contributor
0 Kudos
128

>

> Anyways just to add to the OP's query. Auth. objects are added to profiles which in turn assigned to roles. So if you implement the auth. object in your program the user must also subscribe to the role containing the auth. obj. profile to be able to execute it.

This is not exactly true. In PFCG you define roles by assigning authorizations (authorization = authorization object + values).The transaction PFCG generates profile(s). By assigning role to user you indirectly assign generated profile(s) the user.

Cheers

0 Kudos
128

Hey Martin,

Stupid me !!! PFCG is the trxn for role maintenance. I was not infront of the SAP system & gave a crappy answer.

BR,

Suhas

Former Member
0 Kudos
128

Hi,

You insert authorization check for particular object. So, user must be assigned to role which will have authorization for that object. The object will include tcode. So, if user is not assigned to role having authorization to this object, then he will not be able to execute it using tcode.

Thansk,

Archana