Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AUTHORITY-CHECK doesnu00B4t work

Go to solution
Former Member

‎04-15-2009 6:24 PM

0 Kudos

I have created an authority object. I have assigned this object to a role.

When I call "authority-check object", it always returns the value 12.

Why? I call the authority-check with parameters that should return 0 value.

Thanks

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎04-15-2009 6:34 PM

0 Kudos

Hi Oscar,

check the below table ..




The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. They usually occur in authorization objects together with an activity. 
The table that contains all authorization objects is TOBJ.
The table that contains all activities is TACT.
The table that contains definition of all authorization groups is TBRG.
TBRG -- Contains all authorization groups and gives information about relation between authorization object and authorization group. The description of the authorization groups is defined in table TBRGT.

If you create AUTHORITY-CHECK for report or t-code..


* Checking Authorization
  AUTHORITY-CHECK OBJECT 'S_TCODE'     "S_PROGRAM for program
           ID 'TCD' FIELD 'ZC7B1UM'.                "ZC7B1UM is t-code
  IF sy-subrc <> 0. 
    MESSAGE e544.
  ENDIF.

if you check for t-code check by above syntax.

regards,

Prabhuda

Edited by: Prabhu Das on Apr 15, 2009 11:04 PM

3 REPLIES 3

Go to solution
Former Member

‎04-15-2009 6:34 PM

0 Kudos

Hi Oscar,

check the below table ..




The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. They usually occur in authorization objects together with an activity. 
The table that contains all authorization objects is TOBJ.
The table that contains all activities is TACT.
The table that contains definition of all authorization groups is TBRG.
TBRG -- Contains all authorization groups and gives information about relation between authorization object and authorization group. The description of the authorization groups is defined in table TBRGT.

If you create AUTHORITY-CHECK for report or t-code..


* Checking Authorization
  AUTHORITY-CHECK OBJECT 'S_TCODE'     "S_PROGRAM for program
           ID 'TCD' FIELD 'ZC7B1UM'.                "ZC7B1UM is t-code
  IF sy-subrc <> 0. 
    MESSAGE e544.
  ENDIF.

if you check for t-code check by above syntax.

regards,

Prabhuda

Edited by: Prabhu Das on Apr 15, 2009 11:04 PM

Go to solution
Former Member

‎04-15-2009 6:43 PM

0 Kudos

Hi

That means the user u're using to check your authority object hasn't that object.

Are u sure that user has the rule where the object is assigned?

Max

Go to solution
Former Member

‎04-15-2009 7:18 PM

0 Kudos

Hi Oscar,

To add to what Max said, often you assign the user to the role in PFCG however, you forget to Activate the new role assignment (a traffic light on the tab).

Normally theres a batch job to activate all user assignments, but that might be scehduled for the "quite time" hence check it, if not done, do it manually from PFCG.

To be a little more specific - ensure the "User Comparison" button in the User tab of your role in PFCG has a green traffic light.

Cheers,

Aditya

Edited by: Aditya Laud on Apr 15, 2009 8:19 PM