Solved: Authorization object

former_member1330001 · ‎08-01-2005

Hi Friends,

Do anyone here worked on SU21?. I need to create a report program and provide read-only access to a particular user. How to go about it?. Will this SU21 be of any use?. If yes how to create one?.

Prompt replies would be rewarded.

Thanks,

Tamilarasan.

Former Member · ‎08-01-2005

Check this program

RSCSAUTH

Maintain/Restore Authorization Groups

Also check this table

OBJT

Authorisation objetc table

http://www.sapdevelopment.co.uk/tables/tables.htm

Can create authorisation object using this program

http://www.guidancetech.com/people/holland/sap/abap/zzaut002.htm

Add. Info: http://www.sapdevelopment.co.uk/security/authority/authority_tcode.htm

Message was edited by: Judith Jessie Selvi

Former Member · ‎08-01-2005

Check this program

RSCSAUTH

Maintain/Restore Authorization Groups

Also check this table

OBJT

Authorisation objetc table

http://www.sapdevelopment.co.uk/tables/tables.htm

Can create authorisation object using this program

http://www.guidancetech.com/people/holland/sap/abap/zzaut002.htm

Add. Info: http://www.sapdevelopment.co.uk/security/authority/authority_tcode.htm

Message was edited by: Judith Jessie Selvi

Former Member · ‎08-01-2005

Hi Tamil,

There is another way of doing this. Goto transaction PFCG. Create a role with the read access right for the TCode of the report. Then activate this profile.

Goto SU01 and add this role to that user-id who must have this authorization and transport this to PRD. Bingo!! It'll work perfectly.

Cheers,

Sam.

Former Member · ‎08-01-2005

AUTHORITY CHECK is the key word used to check the authorisation the user have.

So you use it for your purpose. goto F1 for more detail.

If still you are not clear tell me.

I will surely post some more information.

AT SELECTION-SCREEN.

CASE SY-UCOMM.

when 'EXEC'.

AUTHORITY-CHECK OBJECT 'ASD_0001' ID 'ACTVT' FIELD '03'.

if sy-subrc <> 0.

MESSAGE E626.

exit.

endif.

Former Member · ‎08-01-2005

Hi,

If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.

This means you have to allocate an authorization object in the definition of the transaction.

For example:

program an AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT <authorization object>

ID <authority field 1> FIELD <field value 1>.

ID <authority field 2> FIELD <field value 2>.

...

ID <authority-field n> FIELD <field value n>.

The OBJECT parameter specifies the authorization object.

The ID parameter specifies an authorization field (in the authorization object).

The FIELD parameter specifies a value for the authorization field.

The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.

Regs,

Venkat

athavanraja · ‎08-01-2005

I need to create a report program and provide read-only access to a particular user.

what do you mean by read only access? is it just reading the code? if yes this can be handled with Authorization group (which you see in attributes tab of the program) coupled with S_PROGRAM object .

OR

is it that withthin the report program you have some user entry screen and you wanted to restrict , who can enter values in the screens. then using authorization objects (explained by others) you can achieve the same.

Regards

Raja