10-16-2008 12:17 PM
Guys,
I need to creat an authorization object with field Plant
In my user exit I need to check for that particular plant , if authorized proceed else exit.
how can achive this.
Please provide me the Step by step procedure.
Appropriate answers willb e rewarded.
Thanks in advance
10-16-2008 12:21 PM
Hi,
Create an authorisation object in su21.
Then in the code use it like:
AUTHORITY-CHECK OBJECT 'Object name'
ID 'ACTVT' FIELD <activity type> "what sort of activity like display, change etc
ID 'BEGRU' FIELD <mara-begru>. "here specify the field name
10-16-2008 12:38 PM
Thanks,
I have created the Auth object in SU21 & in my user exit
AUTHORITY-CHECK OBJECT 'Z_PART_DEL' ID 'WERKS' FIELD p_werks .
where p_werks is my plant for which i need to check the auth.
but when I pass anythin in that i am getting sy-subrc = 0.
I have only created the Auth Obj in su21 & directly using this in my exit, should I have to do anything apart from this
Another query is where should I maintain the list of oplants
10-16-2008 12:42 PM
directly using this in my exit, should I have to do anything apart from this
Yes.
Create Roles from PFCG and assign Authorization object to that role.than assign that role to perticuler user(from SU01) to whom you want to Authorize .
I want to just confirm you that did you create Authorization field first?from SU20?
and assing this Authorization field to Authorization object from SU21?please confirm all these work is done or not.
10-16-2008 12:44 PM
Ask your basis to do that work. it is not part of developer. After creation of the Object , the object needs to be assigned to your profile.
10-16-2008 1:15 PM
No I have not created custom field from SU20
The Steps which I followed are
in SU21 In Class SD I created Auth Object by name z_part_del
regenerate SAP_ALL
I am trying in my program
AUTHORITY-CHECK OBJECT 'Z_PART_DEL' ID 'WERKS' FIELD '3AA0' .
where 3AA0 is not a valid plant still I am getting sy-subrc = 0
10-16-2008 1:25 PM
where 3AA0 is not a valid plant still I am getting sy-subrc = 0
reason because of you are not maitaining the Authorization field Plant(Werks) in SU20.Just maintain field from su20 and assign this to your z_part_del object.finally create one role under this you must restrict the vaulues from change PFCG>aurthorization tab>change aurthorization data>select the desired values and save and come out.
than finally you must assing this role to SAP_ALL also if you donet want to maitain this as single alone.and assing this role to all user's profile from su01(if you are maitainting as one seprate role)
don't forget to generate at last.
10-16-2008 1:55 PM
Amith,
Thank you.
I have followed as u said
created one field in su20(ZWERKS)
created one auth object(Z_PAR_DEL) in su21 assigned the field (ZWERKS) created in
in T-Code PFCG I created a role zwerk_auth, in aurthorization tab>change aurthorization data>selected sap_all
saved generated
in my program i writing like
AUTHORITY-CHECK OBJECT 'Z_PART_DEL'
ID 'ZWERKS' FIELD '3AA0'.
where 3AA0 is not a valid plant
still getting sy-subrc eq 0
please suggest
10-16-2008 2:03 PM
created one field in su20(ZWERKS)
Not ZWERKS it should be WERKS .here save your efforts.
in aurthorization tab>change aurthorization data>selected sap_all
saved generated
selected sap_all
saved generated this is wrong also from change aurthorization data here you must select all plant values except 3AA0.
and make sure in aurthorization tab green light should be there after generate.cause in this process this screen bit buggy.
Update:from SU21 you must create both Authorization object and class from create button(drop down).and make sure in Authorization object you assing the both class and field(werks which you already created in su20)