To create authority check object you can use transaction SU21. Here you can decide if you only want to create a new object and assign it to an existing class or if you can to create both object and class.
While defining the object you will have to provide what fields will be in this object. For example if i am creating a custom object to be used in SD based on customer and plant, i would include fields such as KUNNR and WERKS in my authority object. In addition to that if i also want to check for display/change/create access, i would also add a field called ACTVT (activity).
Once the object is defined, the authorization team will assign it to different authorization profiles with relevant values like for display only access for customer XYZ and plant 0001, these values will be provided in the authorization profile to this object. (As a developer this is not your headache 😊 )
You would be using it in your reports or transactions using Authority-check statements. You will be calling the specific object in your authority-check statement and passing it some values(say Actvt 03 customer ASD, plant 0002) and checking the value of sy-subrc. If subrc is 0 means the authority check is OK, the user has the authorization.
I think this will give you an idea on how to proceed.
Cheers
HI Uma,
Check the syntax.
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0002'
ID 'ACTVT' FIELD '02'.
For details do F1 on AUTHORITY-CHECK in se38.
YOu will get the concept.
Reward points if this helps.
Manish
Message was edited by: Manish Kumar
Add a comment