Skip to Content
P D

Authorization Objects and Custom Program

Hi Experts,

I have created  a custom report which is showing Account Balances, Stock and Invoice. All these reports come under one Tcode. Below are the autho     rization fields which are required for my each report.

Invoice Accounts              Stock 

Sales Office               Sales office Company Code

Sales Division Plant

Here I have created my own authorization class, authorization objects and authorization fields.

 

       ZAUTH      (AUTH CLASS)

 

ZINVOICE(AutOb)

ZVKBUR

ZSPART

ZACCOUNT(AutOb) 

ZVKBUR

 

ZSTOCK(AutOb) 

ZBUKRS

ZWERKS

I did this much with tcodes SU20 SU21. What has to be done after this?

There are many levels of authorization to be achieved. First for the TCODE and then for the individual selections in the list box item. (Invoice, Stock and Accounts- All in the same tcode ). How to achieve this?

NB: Moreover SE93 transaction we can give only one authorization object. So how to assign multiple authorization objects to the same transaction code.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Sep 27, 2013 at 12:43 PM

    Is it really necessary to create new authorisation objects? For example, for G/L account balances in a company code there is alread object F_BKPF_BUK, which is checked for ACTVT = 03 in standard reporting for account balances and line items.

    You can use the same logic in your custom reports.

    Check first for existing objects that can be used, also speak to a security/roles expert in your team, often there is an overall authorisation concept in effect that you should align with in your developments.


    Thomas

    Add comment
    10|10000 characters needed characters exceeded

    • OK, but I still strongly suggest using standard authorisation objects as much as possible, and according to the logic as implemented in SAP standard programs (check where-used lists).

      Then, if your code doesn't work as expected, post the relevant snippet here for further investigation.

      Some of the activities you are listing belong to the Security area, please have look in this space as well.

      Thomas

  • Sep 27, 2013 at 11:55 AM
    • There is always S_TCODE (will be checked with the transaction code)
    • you can give an authorization object in SE93 (with initial values for fields to be checked at start of transaction)
    • you can add other authorization objects in SU24, but you have to code the AUTHORIZATION-CHECK statements in your program

    Regards,

    Raymond

    Add comment
    10|10000 characters needed characters exceeded

  • Sep 27, 2013 at 12:03 PM
    Add comment
    10|10000 characters needed characters exceeded

  • Sep 27, 2013 at 12:48 PM

    Hi,

    Basis team is responsible to create Authorisation object and assigning the precision value such as *,2,3.

    And you have to give the following:

    AUTHORITY-CHECK OBJECT 'zinvoice'

    ID ACTVT FIELD '3'

    Here,Precision value '3' stands for Edit.

    Regards,

    Santhosh Kumar.K

    Add comment
    10|10000 characters needed characters exceeded