06-12-2012 12:51 PM
HI Experts, I have Developed a ZReport. In that Report i Need to give the authorization to particular User's Only.
Can any tell how to write an authorization for a zreports.
<<Moderator message - please do more research before asking >>
Locked
Message was edited by: Rob Burbank
06-12-2012 12:58 PM
Hi Sankar,
AUTHORITY-CHECK OBJECT object
ID name1 FIELD f1
ID name2 FIELD f2
...
ID name10 FIELD f10.
Please try F1 SAP help. you will get all the details. Thx
06-12-2012 1:04 PM
CAN YOU GIVE A SMALL EXAMPLE
I NEED COMPANY CODE WISE AUTHORIZATIONS
I HAVE 1000,3000 AND 7000 COMPANY CODES
06-12-2012 1:13 PM
There are lots of company-code related authorisation objects. What data are you trying to control access to?
06-12-2012 1:03 PM
Hi Sankar,
Please create an Authority Check object and ask authorization Team to assign different Roles to it based on User profile.
Search SCN for authority-check object .
06-12-2012 1:04 PM
Hi Sankar,
Ask Basis team to create roll for your ZREPORT program TCODE.(authorization group)
And check the table entries in the agr_users table with roll name (AGR_NAME), user id (UNAME).
Check the sy-subrc. If through the 0. access the tcode. Else display the error message.
Thanks & Regards,
Suresh M
06-12-2012 1:06 PM
If all you are trying to control is the ability to run the report or not, then the simplest way is to assign a transaction code to the report (using transaction SE93) and give access to that tcode to the users that should have it. Assuming users generally don't have access to run all ABAPs with SE38 or SA38 (they shouldn't) then this should work fine and doesn't require any changes to the report itself.
If you need finer control, over what data the report should allow access to, then you'll need to add authority-check statements in the report using appropriate authorisation objects. Whether standard SAP objects are appropriate or you need to create new ones is a discussion you'll need to have with your functional and security teams.
Steve.
06-12-2012 1:10 PM
One way is, when you will assign the transaction to the z report ask the basis person to set the authorisations of that transactio to the desired users.
The other way is to check the desired users in your report using the system field sy-uname,.
The first way is what we use normally.
06-12-2012 1:27 PM
The second way is wrong for so many reasons. Just don't even contemplate it. In fact, piyush, please consider editing your reply to remove all mention of it!
06-12-2012 1:13 PM
Hi Sankar,
Please follow the below step.
1) create Authorization Object using Tcode SU21.
2) call FM
CALL FUNCTION 'AUTHORITY_CHECK' in Zreport.
Regards,
Ashwath.
06-12-2012 1:13 PM
Hi Sankar,
Please follow the below step.
1) create Authorization Object using Tcode SU21.
2) call FM
CALL FUNCTION 'AUTHORITY_CHECK' in Zreport.
Regards,
Ashwath.
06-12-2012 1:19 PM
Hi Sankar,
Go to SU21 and search the correct authorization object.
Use the code like this.
AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
ID 'BUKRS' FIELD '1000'
ID 'ACTVT' FIELD '01'.
you can also do looping instead of hard coding the company code values.
Thanks!
06-12-2012 1:39 PM
In that Report i Need to give the authorization to particular User's Only.
Suggest that you want to manage authorization in the report, not calling the report.
- So think about kind of authorization you want to perform : only "activity" or related to some "object"
- Look via SU20 to fields already available (eg. company, order BUKRS) and via SU21 to already existing authorization object (e.g F_BNKA_BUK bank activity per company code)
- If not already existing, create missing fields then objects. (Speak also with Basis/Security managers)
- In your program add statement AUTHORITY-CHECK
(Exception: to test for transaction before a CALL TRANSACTION, use FM AUTHORITY_CHECK_TCODE)
- Then authorization managers will create/maintain (PFCG) roles associated to user/group
Regards,
Raymond