Skip to Content
-2

authorisation check in custom programs

hi experts,

what is the best practise to follow auth check for a custom report. Say if we have a auth object Z_PROG with fields PROGRAM ACTVT WERSK BUKRS and so on.. can we give ACTVT = 16 for users in production? What is the best way to apply authorisation check ?

Regards

Aditya

Add a comment
10|10000 characters needed characters exceeded

  • I don't get the question. If your authorization object has ACTVT field with value 16 as one of the possible values, why wouldn't you create a role with this value. You want the "best way to apply authorisation check", but there is only one way to do an authorization check, so can you clarify the context, and what are the possible options according to you?

  • What should be the possible values that can be given to ACTVT. We have to do auth check in custom programs. One approach is use program name and ACTVT along with other fields like BUKRS/VKORG/WERKS. This works fine in test environment. What should be the possible values of ACTVT for endusers in prod system ?

  • What possible values? Only you can answer: what activity (what action) do you want to check? (Display, Change, Delete, Execute/Use, etc.)

    If you are still unsure, you cannot say that it "works fine" (whatever the system is).

    I don't see the difference between test and production. The authorization check will work identically, the only difference is what authorization you define in roles/what roles you give to users.

    You probably have a little misunderstanding about what is the authority check and how to implement it, but I'm unable to see what it is, so I'm currently unable to help.

    .

Related questions

2 Answers

  • Posted on Aug 23 at 03:17 AM

    Hi Aditya,

    Yes, you can apply authorization check in custom reports also. you can use SU21 to see the object list which you can use in your program or report since Z program/Report is also using some standard object in background.

    So first develop report in DEV and QA environment based on authorization check and you can collect what objects will be required for production based on the SU53 output.

    for more information you can check below blog as well:-

    https://blogs.sap.com/2013/11/02/how-to-put-proper-authority-checks-to-your-custom-programs/

    https://answers.sap.com/questions/7056866/no-auth-checks-for-custom-transactions.html

    Regards

    Hariom

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 22 at 07:21 PM

    Hi Aditya.

    Before that with same report you have to check in the Dev & Qas systems with same roles on production system and then assign the same authorization in the production system for business users.

    In additional you can add the transaction code SU53, so that in case any missing authorization you may able to find it.

    Regards

    SS

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.