Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SM50 Authorization

Former Member
0 Kudos

Hi gurus,

We are using SAP NetWeaver 2004s. There is a new user that I need to create, I have created a role for it as well. However, in this role, I want the user to execute the transaction SM50, but the user shouldn't be able to cancel any of the work processes. How can I do it? Any help would be greatly appreciated.

Regards,

Sree

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Does the trace not work in your system?

Anyway, forget about the tcode....

What you are looking for is:

FORM AUTH_CHECK USING UCOMM AUTH_ERR.
  AUTH_ERR = 0.

  IF ( UCOMM <> 'END' ) AND
     ( UCOMM <> 'BACK' ) AND
     ( UCOMM <> 'ABBR' ) AND
     ( UCOMM <> 'WPDI' ) AND
     ( UCOMM <> 'CPU' ) AND
     ( UCOMM <> 'USER' ) AND
     ( UCOMM <> 'REFR' ).
    AUTHORITY-CHECK OBJECT 'S_ADMI_FCD'
      ID 'S_ADMI_FCD' FIELD 'PADM'.
    IF SY-SUBRC <> 0.
      MESSAGE S433.
      AUTH_ERR = 1.
    ENDIF.
  ENDIF.
ENDFORM.                    "AUTH_CHECK

Cheers,

Julius

5 REPLIES 5

Former Member
0 Kudos

Does the trace not work in your system?

Anyway, forget about the tcode....

What you are looking for is:

FORM AUTH_CHECK USING UCOMM AUTH_ERR.
  AUTH_ERR = 0.

  IF ( UCOMM <> 'END' ) AND
     ( UCOMM <> 'BACK' ) AND
     ( UCOMM <> 'ABBR' ) AND
     ( UCOMM <> 'WPDI' ) AND
     ( UCOMM <> 'CPU' ) AND
     ( UCOMM <> 'USER' ) AND
     ( UCOMM <> 'REFR' ).
    AUTHORITY-CHECK OBJECT 'S_ADMI_FCD'
      ID 'S_ADMI_FCD' FIELD 'PADM'.
    IF SY-SUBRC <> 0.
      MESSAGE S433.
      AUTH_ERR = 1.
    ENDIF.
  ENDIF.
ENDFORM.                    "AUTH_CHECK

Cheers,

Julius

0 Kudos

Dude,

Thanks for the reply, however, I didn't really get what was that all about. The code that you gave, I was not able to make out as to how am I suppose to use that code. So I figured out my own way out of this. When you create a role using PFCG transaction, do not use SAP_ALL profile. Add the transaction SM50 manually in the Auth object S_TCODE, Then Use the Authorization class AAAB which take care of all the Cross Application Authorization objects, and add an auth object S_SPI_AUTH. Add 03 in the Activity with which you can only display the Work processes.

Anyways I atleast appreciate you replying.

Thanks for you help...

Regards,

Sreekul Nair.

0 Kudos

You don't need to use that code, the system uses it when you try to perform "process administration functions" in the system.

So, by not granting authority for the object checked in the standard coding above, your user would not be able to perform this function regardless of their tcode.

Generally, it is better to use the menu and set objects to "Inactive" (or tweak SU24) than to insert manual authorization instances. This way, other people will understand what you have done and why.

Cheers,

Julius

0 Kudos

Dude,

you're name should Indeed be Genius, than Julius....

Thankz for the reply, you ought to get more points..

bye.

Take care...

Sreekul nair.

0 Kudos

Actually, I prefer "Guru"...

So how did you solve it? I thought we were just getting started...

Cheers,

Julius