Skip to Content
avatar image
Former Member

Which authorization should be given to an abaper?

Hello,

Which authorization should be defined in a role for an Abaper?

Regards,

Rachel

Edited by: Rachel on Feb 10, 2009 6:53 AM

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    avatar image
    Former Member
    Feb 10, 2009 at 08:37 AM

    We follow the below steps for giving authorization to an abaper.

    Kindly suggest other ways of giving authorization.

    If we have to assign authorization for new user,

    Step 1 : For the user,create a new role.

    step 2 : Under authorization tab, manually assign object class BC_C,AAAB,BC_A,BC_Z to the role.

    Also we would like to know,how to do the above using su21 trasnsaction.

    Regards,

    Rachel

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      > Step 1 : For the user,create a new role.

      > step 2 : Under authorization tab, manually assign object class BC_C,AAAB,BC_A,BC_Z to the role.

      >

      >

      > Also we would like to know,how to do the above using su21 trasnsaction.

      You don't. PFCG is the transaction to create roles.

      In the start screen of PFCG you can also search for existing SAP_* roles which you can copy and modify to your needs. The role SAP_BC_DWB_ABAPDEVELOPER looks promising to me.

      I found it searching for single roles namend SAPDEVEL

      Jurjen

  • avatar image
    Former Member
    Feb 10, 2009 at 08:41 AM

    Hello Rachel,

    First, An Abaper should get access to all the role irrespective of modules - Display only

    You can extract the authorization object list for these t-codes. These t-codes are mainly used by ABAPers.

    For General ABAP Bench in Development Environment:

    SE38, SE11, SE80, SE37, SE36, SM37, SM35, SPO1, SE14, SE93, SE91, SE49, SE84, SE81 (For Transports - SE01, SE10, SE09) LSMW, SE30, SQ01, SQ02, SQ03, ST22, ST05 etc...

    For Application Enabling:

    SM59 (for RFC in development), BD87, BD64, WE20, WE21, WE41, WE42, WE30, WE31, WE60, WE81, WE82, BD57, SM58 (Reprocessing of Field RFC) and SALE

    Hope it helps you!

    Regards,

    Geetha

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 10, 2009 at 06:07 AM

    Hi Rachel,

    Basically there is an auth class called BC_C which contains the development environment authorisation objects a user(ABAPer) requires from the BASIS layer.

    May be you can go through it in SU21 and customize it according to your business needs.

    Also, you need to add some more authorisation objects from the object classes AAAB, BC_A and BC_Z.

    But these are all just BASIS level authorisaions reuired by an ABAPer.In the meantime, he/she may require access to Application authorisations also...(which you can find again in the transaction SU21 mentioning the application area).

    Customize it according to your needs.

    Hope it helps!

    Thanks and Regards,

    Pradeep

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 10, 2009 at 08:54 AM

    I agree with Jurjen's comment, and also search for [argument clinic|https://forums.sdn.sap.com/search.jspa?threadID=&q=argumentANDclinic&objID=f208&dateRange=all&numResults=15&rankBy=10001] for a previous discussion about the same.

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 11, 2009 at 04:27 AM

    Hello,

    We followed Jurijen's steps,copied role from SAP_BC_DWB_ABAPDEVELOPER .

    When we were creating request for making changes in existing abap reports,threw an error "No authorization to create or change request or task"

    When tried to check missing authorization in su53,it says

    "You are not authorizedto use transaction in SU53"

    what needs to be done ?

    Thanks & Regards,

    Rachel

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      > Nice to know in this particular case is that SU53 only requires S_TCODE SU53 to work.

      That is only true for starting the transaction on the user side and displaying the authorization values which were missing in the last check.

      To explore further (e.g. display the authorization values which were found in the buffer, or display someone else's last failed authority-check for which they ran an SU53, etc) there are more checks.

      This way you can give the user the possibility to display what they don't have, without letting them know what they do have....

      Cheers,

      Julius