Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

what is the use of authorisation groups

Former Member

‎06-26-2007 11:05 AM

0 Kudos

Hi All,

what is the use of authorisation groups?

3 REPLIES 3

Former Member

‎06-26-2007 11:18 AM

0 Kudos

Hi,

Authorization Gropu is required to restrict access to Reports( thorugh object S_PROGRAM) and also restrict acces to Tables (through object S_TABU_DIS)

<u>For Tables:</u>

- S_TABU_DIS is checked anytime someone looks at data in a table

directly (with one of these transactions - SE16/SE16N, SE17, SM30,

SM31 - or the Implementation Guide).

- S_TABU_DIS has two fields: Activity and Authorization Group.

TheAuthorization Group field is mapped to which tables a user can

access. The mapping is performed in table TDDAT. Table TDDAT

maps the Authorization Group to a list of tables.

You can create a new Authorization Group using Transaction SE54.

<u>For Reports</u>:

You can use the authorization object S_PROGRAM to control the

authorization to execute a program. S_PROGRAM uses the following

fields:

- User Action determines if you can start the program and schedule it to

run in batch mode, and what variants you can use.

- Authorization Group determines which programs you can execute.

The Authorization Group field comes from the authorization group in the

attributes of an ABAP program.

For this authorization object to be effective, ABAP programs must have an

authorization group assigned to them in the attributes of the program. If a

program does not have an authorization group assigned, the system does

not carry our a check for S_PROGRAM. For this reason, you may want to

always assign an authorization group to programs created by customers.

With the RSCSAUTH program, you can assign an authorization group

to all executable programs or to individual programs or program groups.

This ensures effective protection.

Hope it helps.

Please award points if it is useful.

Thanks & Regards,

Santosh

Satyabrata_Basu
Contributor

‎06-26-2007 11:19 AM

0 Kudos

Hi,

User groups for authorization is maintained for distributed user maintenance tasks. For example you can make one user administrator can manage users who are assigned to group-1 and group-2 but not the users of Group-3. The authorization is controlled via Authorization object S_USER_GRP.

As per online help:

<b>User Group for Authorization Check</b>

If you assign a user to a user group for the authorization check on the Logon Data tab, you can distribute user maintenance tasks among several user administrators. The system administrator can assign the respective user administrator the right to create and change users in a group. Using the authorization object User Master Maintenance:User Groups ( <b>S_USER_GRP</b>), you can assign user groups to different administrators.

Users that are not assigned to any of the groups, can be maintained by all administrators.

Cheers !!

Satya.

PS: Pls reward points if the answer was helpful..Thx

Former Member

‎06-26-2007 11:42 AM

0 Kudos

Hi,

Check the below thread.

Thanks

R.Murali