cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization

Former Member

on ‎04-17-2006 7:39 AM

0 Kudos

Hi all,

The report needs to check against the authority object iwerk and this should check against the user and the input selection plant parameter. Please clarify how to handle the authorization object

Please help me out in this ASAP as we are in a critical stage .

Thanks

Jayasree

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎04-17-2006 10:08 AM
0 Kudos

Hai

In Screen 0100

V_BUKRS : 0100 transaction is Allowed

After that the programmer will take care of the Authorization.

In PAI-100

Write Module MOD1.

AUTHORITY-CHECK OBJECT <Object-Name>

ID 'BUKRS' Field V_BUKRS.

ID 'ACTVT' Field '02' '02'--> for Change.

if sy-subrc <> 0.

Message E001 'Your Not Authorized to Enter this Code'.

endif.

Example :

Object Class : FI Field --> F_BKPF_BUK.

AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'

ID 'BUKRS' Field V_BUKRS.

ID 'ACTVT' Field '02'.

Thanks & Regards

Sreenivas

Show replies
Show replies
Former Member
‎04-17-2006 8:00 AM
0 Kudos

hi

good

go through the below details

How to set Authorization to an ABAP Programs?

Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.

If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.

This means you have to allocate an authorization object in the definition of the transaction.

For example:

program an AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT <authorization object>

ID <authority field 1> FIELD <field value 1>.

ID <authority field 2> FIELD <field value 2>.

...

ID <authority-field n> FIELD <field value n>.

The OBJECT parameter specifies the authorization object.

The ID parameter specifies an authorization field (in the authorization object).

The FIELD parameter specifies a value for the authorization field.

The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.

-

go through report

-

TABLES: TOBJT.

DATA: OBJECT1 LIKE USR12-OBJCT,

OBJECT2 LIKE USR12-OBJCT,

OBJECT3 LIKE USR12-OBJCT,

AUTH1 LIKE USR12-AUTH,

AUTH2 LIKE USR12-AUTH,

AUTH3 LIKE USR12-AUTH,

IND LIKE SY-INDEX,

FLAG TYPE I.

DATA: BEGIN OF INTTAB OCCURS 30,

OBJECT LIKE USR12-OBJCT,

AUTH LIKE USR12-AUTH,

END OF INTTAB.

DATA: BEGIN OF INTTAB2 OCCURS 30,

OBJECT LIKE USR12-OBJCT,

AUTH LIKE USR12-AUTH,

EXPL LIKE TOBJT-TTEXT,

END OF INTTAB2.

DATA: BEGIN OF TABSET OCCURS 30,

SFIELD LIKE TOBJ-FIEL1,

VON(18),

BIS(18),

END OF TABSET.

*read up the authorizations from the user buffer

CALL 'ANALYSE_USERBUFFER'

ID 'AUTHS' FIELD INTTAB-SYS.

*filter out the multipy authorizatios of the same object

SORT INTTAB BY OBJECT.

DO.

IF SY-INDEX = 1.

OBJECT1 = ''. AUTH1 = ''.

READ TABLE INTTAB INDEX 1.

OBJECT2 = INTTAB-OBJECT .AUTH2 = INTTAB-AUTH.

READ TABLE INTTAB INDEX 2.

OBJECT3 = INTTAB-OBJECT.AUTH3 = INTTAB-AUTH.

ELSE.

OBJECT1 = OBJECT2. AUTH1 = AUTH2.

READ TABLE INTTAB INDEX SY-INDEX.

OBJECT2 = INTTAB-OBJECT .AUTH2 = INTTAB-AUTH.

IND = SY-INDEX + 1.

READ TABLE INTTAB INDEX IND.

IF SY-SUBRC = 0.

OBJECT3 = INTTAB-OBJECT.AUTH3 = INTTAB-AUTH.

ELSE.

OBJECT3 = ''. AUTH3 = ''.

IF OBJECT2 = OBJECT1 OR OBJECT2 = OBJECT3.

INTTAB2-OBJECT = OBJECT2.

INTTAB2-AUTH = AUTH2.

SELECT SINGLE * FROM TOBJT

WHERE LANGU = SY-LANGU

AND OBJECT = OBJECT2.

INTTAB2-EXPL = TOBJT-TTEXT.

ENDIF.

EXIT.

ENDIF.

ENDIF.

IF OBJECT2 = OBJECT1 OR OBJECT2 = OBJECT3.

INTTAB2-OBJECT = OBJECT2.

INTTAB2-AUTH = AUTH2.

SELECT SINGLE * FROM TOBJT

WHERE LANGU = SY-LANGU

AND OBJECT = OBJECT2.

INTTAB2-EXPL = TOBJT-TTEXT.

APPEND INTTAB2.

ENDIF.

ENDDO.

SORT INTTAB2 BY OBJECT AUTH.

*display the authorization and description, the objects, fields and

*field values

FLAG = 0. OBJECT1 = ''.

LOOP AT INTTAB2.

IF OBJECT1 = INTTAB2-OBJECT.

WRITE: / INTTAB2-AUTH COLOR 2.

PERFORM FIELD_VALUES.

LOOP AT TABSET.

WRITE: / TABSET-SFIELD, TABSET-VON, TABSET-BIS.

ENDLOOP.

ELSE.

SKIP.

WRITE: / INTTAB2-OBJECT COLOR 3, INTTAB2-EXPL COLOR 3.

PERFORM FIELD_VALUES.

WRITE: / INTTAB2-AUTH COLOR 2.

LOOP AT TABSET.

WRITE: / TABSET-SFIELD, TABSET-VON, TABSET-BIS.

ENDLOOP.

ENDIF.

OBJECT1 = INTTAB2-OBJECT.

ENDLOOP.

----

  • FORM FIELD_VALUES *

----

  • retrieve the field values of an authorization *

----

FORM FIELD_VALUES.

TABLES: USR12.

FIELD-SYMBOLS .

DATA: INTFLAG TYPE I VALUE 0, OFF TYPE I, VTYP, LNG TYPE I,

CLNG(2), GLNG(2), FLDLNG TYPE I VALUE 10, SETFILL.

SELECT SINGLE * FROM USR12

WHERE AUTH = INTTAB2-AUTH

AND OBJCT = INTTAB2-OBJECT

AND AKTPS = 'A'.

SETFILL = 0.

REFRESH TABSET.

CLEAR TABSET.

OFF = 2.

ASSIGN USR12-VALS+OFF(1) TO .

WRITE TO VTYP.

WHILE VTYP <> ' ' AND OFF < USR12-LNG.

OFF = OFF + 1.

CASE VTYP.

WHEN 'F'.

OFF = OFF + 5.

ASSIGN USR12-VALS+OFF(2) TO .

WRITE TO CLNG.

LNG = CLNG.

IF LNG <= 0.

EXIT.

ENDIF.

OFF = OFF + 2.

ASSIGN USR12-VALS+OFF(FLDLNG) TO .

WRITE TO TABSET-SFIELD.

OFF = OFF + FLDLNG.

WHEN 'E'.

ASSIGN USR12-VALS+OFF(LNG) TO .

WRITE TO TABSET-VON.

IF TABSET-VON = SPACE.

TABSET-VON = ''' '''.

ENDIF.

APPEND TABSET.

SETFILL = SETFILL + 1.

TABSET-VON = SPACE.

TABSET-BIS = SPACE.

OFF = OFF + LNG.

WHEN 'G'.

ASSIGN USR12-VALS+OFF(2) TO .

WRITE TO CLNG.

GLNG = CLNG.

OFF = OFF + 2.

ASSIGN USR12-VALS+OFF(LNG) TO .

IF INTFLAG = 0.

WRITE TO TABSET-VON.

WRITE '*' TO TABSET-VON+GLNG.

ELSE.

WRITE TO TABSET-BIS.

WRITE '*' TO TABSET-BIS+GLNG.

INTFLAG = 0.

ENDIF.

APPEND TABSET.

SETFILL = SETFILL + 1.

TABSET-VON = SPACE.

TABSET-BIS = SPACE.

OFF = OFF + LNG.

WHEN 'V'.

INTFLAG = 1.

ASSIGN USR12-VALS+OFF(LNG) TO .

WRITE TO TABSET-VON.

IF TABSET-VON = SPACE.

TABSET-VON = ''' '''.

ENDIF.

OFF = OFF + LNG.

WHEN 'B'.

INTFLAG = 0.

ASSIGN USR12-VALS+OFF(LNG) TO .

WRITE TO TABSET-BIS.

IF TABSET-BIS = SPACE.

TABSET-BIS = ''' '''.

ENDIF.

APPEND TABSET.

SETFILL = SETFILL + 1.

TABSET-VON = SPACE.

TABSET-BIS = SPACE.

OFF = OFF + LNG.

ENDCASE.

ASSIGN USR12-VALS+OFF(1) TO .

WRITE TO VTYP.

ENDWHILE.

ENDFORM.

-

go through this link

http://www.thespot4sap.com/Articles/SAP_ABAP_Queries_Authorizations.asp

thanks

mrutyun

Show replies
Show replies
Former Member
‎04-17-2006 7:46 AM
0 Kudos

Hi,

AUTHORITY-CHECK OBJECT <authorization object>

ID <authority field 1> FIELD <field value 1>.

ID <authority field 2> FIELD <field value 2>.

...

ID <authority-field n> FIELD <field value n>.

The OBJECT parameter specifies the authorization object.

The ID parameter specifies an authorization field (in the authorization object).

The FIELD parameter specifies a value for the authorization field.

The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.

Thanks

Sudheer

Show replies
Show replies
Former Member
‎04-17-2006 7:45 AM
0 Kudos

Hi Jayasree,

Use the AUTHORIY-CHECK command to call the relevant object and pass the values from the selection screen.

Hope this helps.

Cheers

VJ

Show replies
Show replies
Ask a Question