Authorization check for plant

Former Member · ‎10-16-2008

Guys,

I need to creat an authorization object with field Plant

In my user exit I need to check for that particular plant , if authorized proceed else exit.

how can achive this.

Please provide me the Step by step procedure.

Appropriate answers willb e rewarded.

Thanks in advance

Former Member · ‎10-16-2008

Hi,

Create an authorisation object in su21.

Then in the code use it like:

AUTHORITY-CHECK OBJECT 'Object name'

ID 'ACTVT' FIELD <activity type> "what sort of activity like display, change etc

ID 'BEGRU' FIELD <mara-begru>. "here specify the field name

Former Member · ‎10-16-2008

Thanks,

I have created the Auth object in SU21 & in my user exit

AUTHORITY-CHECK OBJECT 'Z_PART_DEL' ID 'WERKS' FIELD p_werks .

where p_werks is my plant for which i need to check the auth.

but when I pass anythin in that i am getting sy-subrc = 0.

I have only created the Auth Obj in su21 & directly using this in my exit, should I have to do anything apart from this

Another query is where should I maintain the list of oplants

former_member181995 · ‎10-16-2008

directly using this in my exit, should I have to do anything apart from this

Yes.

Create Roles from PFCG and assign Authorization object to that role.than assign that role to perticuler user(from SU01) to whom you want to Authorize .

I want to just confirm you that did you create Authorization field first?from SU20?

and assing this Authorization field to Authorization object from SU21?please confirm all these work is done or not.

former_member188685 · ‎10-16-2008

Ask your basis to do that work. it is not part of developer. After creation of the Object , the object needs to be assigned to your profile.

Former Member · ‎10-16-2008

No I have not created custom field from SU20

The Steps which I followed are

in SU21 In Class SD I created Auth Object by name z_part_del

regenerate SAP_ALL

I am trying in my program

AUTHORITY-CHECK OBJECT 'Z_PART_DEL' ID 'WERKS' FIELD '3AA0' .

where 3AA0 is not a valid plant still I am getting sy-subrc = 0

former_member181995 · ‎10-16-2008

where 3AA0 is not a valid plant still I am getting sy-subrc = 0

reason because of you are not maitaining the Authorization field Plant(Werks) in SU20.Just maintain field from su20 and assign this to your z_part_del object.finally create one role under this you must restrict the vaulues from change PFCG>aurthorization tab>change aurthorization data>select the desired values and save and come out.

than finally you must assing this role to SAP_ALL also if you donet want to maitain this as single alone.and assing this role to all user's profile from su01(if you are maitainting as one seprate role)

don't forget to generate at last.

Former Member · ‎10-16-2008

Amith,

Thank you.

I have followed as u said

created one field in su20(ZWERKS)

created one auth object(Z_PAR_DEL) in su21 assigned the field (ZWERKS) created in

in T-Code PFCG I created a role zwerk_auth, in aurthorization tab>change aurthorization data>selected sap_all

saved generated

in my program i writing like

AUTHORITY-CHECK OBJECT 'Z_PART_DEL'

ID 'ZWERKS' FIELD '3AA0'.

where 3AA0 is not a valid plant

still getting sy-subrc eq 0

please suggest

former_member181995 · ‎10-16-2008

created one field in su20(ZWERKS)

Not ZWERKS it should be WERKS .here save your efforts.

in aurthorization tab>change aurthorization data>selected sap_all
saved generated

selected sap_all

saved generated this is wrong also from change aurthorization data here you must select all plant values except 3AA0.

and make sure in aurthorization tab green light should be there after generate.cause in this process this screen bit buggy.

Update:from SU21 you must create both Authorization object and class from create button(drop down).and make sure in Authorization object you assing the both class and field(werks which you already created in su20)