Skip to Content
avatar image
Former Member

How to know if a security field in an object, is an activity type or if it is a local value?

For Example, I have the security object CRM_BUHI, which has the fields:



I would like to know, which table in SAP identifies if the field is an activity type (such as the ACTVT is in the list before), or if it is a local value (such as the HIER_TYPE is in the list before).

There are some other activity type fields that are not called ACTVT, so I would like to know if there is a way to validate the information type in a security Field.



2.PNG (15.3 kB)
1.PNG (16.3 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Sep 09, 2013 at 04:14 PM

    Authorization fields having the semantic of an activity are not special (except for the special 'permitted activity' function for field ACTVT ) - they are just ordinary authorization fields like most others (in opposite to org.level fields which are treated in a special way within PFCG).

    Most developers at SAP had used the authorization field ACTVT for representing an activity, however, you can find many more fields in transaction SU20 which are activities as well. Filter for '*Activity*' or  '*Action*' in the short text or for '*ACT*' or '*FCT* 'in the field name or data element name to get some examples. 

    .. bad luck ..

    That means, e.g if you want to create a reald-only role you should have a look to all authorization objects in a role. (And in addition you never can know if a transaction or a report is read-only or not.)

    .. more bad luck ..

    Kind regards


    Add comment
    10|10000 characters needed characters exceeded

  • Aug 13, 2013 at 03:34 AM


    you can see all fields used in authorization objects in transaction SU20. It tells you which table is used as a source of values. In case of ACTVT it's TACT.The field ACTVT is special because it's handled differently in SU21. You will get button "Permitted Activities" when you use this field on authorization object.


    Add comment
    10|10000 characters needed characters exceeded

    • Hi,

      I don't know why some objects do not use ACTVT. One of the reasons could be that developers were not happy with activities in TACT and created separate field.

      Regarding ACO_ACT_S. It uses domain ACO_ACTIVITY_SUPER. If you open this domain in SE11 then you will see that it allows only 3 values (ADMIN, WRITE, READ). Why developers did not use activities 33,34 and 70 of field ACTVT? No idea.

      Generally, you could have a field with domain that does not restrict values and no table assigned to this field. In this case the only 2 ways how to figure out values for this field would be to tracing application or reading of code.