10-16-2008 6:31 PM
Evening All,
Our Dev team have built a new custom report with the output fields " Business Partner( FKKVKP-GPART) and Payment Method( FKK_INSTPLN_HEAD-EZAWE)."
Im trying to follow best practice and secure the transaction code with an AUTHORITY-CHECK check statement in the code, followed by an SU24 entry so that I can add the new tcode via the menu in PFCG. We normally advise the Dev teams as to what authorisation objects and values we want authority checking (based on what it can see do, if its a copy of a regular transaction code etc).
In this case I do not seem to be able to track down the authorisation objects associated with these fields can anyone help ?
We're running with R/3 4.7.
Thanks
Steve
10-16-2008 6:45 PM
Maybe if you navigate to the data fields in SE80 and pull the where-used list for these fields in standard transactions you can get a hint about suitable objects.
10-16-2008 6:45 PM
Maybe if you navigate to the data fields in SE80 and pull the where-used list for these fields in standard transactions you can get a hint about suitable objects.
10-16-2008 8:58 PM
Hi Steve,
May be, you can follow the same steps to configure the ABAP authority check statement in custom report as is followed for customized programs.
Define and create authorization fields for the new authorization test. The authorization fields contain values which will be tested by the program.
Define the authorization object containing newly defined authorization fields. Once this is done, the authorization object needs to be assigned to an object class. SAP recommends to assign custom authorization objects to custom authorization object classes. This is normally done by using the letters "Y" or "Z" to distinguish SAP pre-defined classes.
Then program the checking of the authorization using the ABAP AUTHORITY-CHECK standard statement.
Thanks,
Saby..
10-17-2008 10:15 AM
Thanks Jurjen, SE80 - the realm of the ABAPER - not entirely sure how to navigate through to the fields ?
Thanks Saby, trying to avoid custom authority checks if I can and was hoping there wouild be a quick and easy way to track down these fields, I guess if I knew more about SE80 I might be able to do that. You are right though in that custom authorising it is one way to go and that may well be what I end up doing.
10-17-2008 10:44 AM
Doesn't the transactions' functional design give a clue about the fields needing protection?
It's design must have been initiated because some standard transaction wasn't good enough for the job. Maybe that can give you clues....
Navigating through SE80 is not simple to explain. I've learnt it at the BC400 course. You could sit alongside your ABAP-er and have a look together.