Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to add anuthorization Object

Former Member

‎06-08-2009 8:38 AM

0 Kudos

Hi to all,

Dear All i want to know that we are having some Ztcode or Zrport.

when ever i am creating any role for the same then its not ask me to add any company code for the particular authorization object.

suppose i am adding a Z report for age wise purchase for that we have to add maunally F_BKPF_BUK and assign company code because we donot want that user from one company code should not be authorized to view the data for another company code.

that's why i add some authorization object maunally like

F_BKPF_BUK (accounting Document: Authorization for Company Codes) & F_FAGL_LDR (General Ledger: Authorization for Ledger for company codes) and assign particular company code.

its working fine.

but when i am entering another account no that is belong to another G/L then it is saying that you are not authorized. but when i am pressing back button it is showing me the report.

what can be the reason for that.......

as when i am checkinhg through se93 that there is not any authorization object in that zreport please suggest me how can i add it.

i am going to add any authorization object then i want to copy that zreport and then i want to go for

R & D so please tell me how can i copy that and what will be the further steps.

regards

Dik

9 REPLIES 9

Former Member

‎06-08-2009 8:49 AM

0 Kudos

Hi Dik,

Paraphrasing your query, "there is no auth check in the Z report and you still want to restrict access (based on company code) by adding manual authorization objects in the role"

Since there is no AUTHORITY CHECK to checks for the authorization objects (F_BKPF_BUK & F_FAGL_LDR), you should have a/the ABAP programmer understand your security restriction requirements and re-write/update the custom program to include the required relevant auth checks.

Unless there is a check, adding the auth object in the role is just like putting a lock on the door, which is not even attached to any house !!

Cheers !!

Zaheer

Former Member
In response to Former Member

‎06-08-2009 9:44 AM

0 Kudos

Thanks to all,

that report having customer no and g/L account so for that also i add some more auth object like

F_KNA1_BUK for customer and F_BKPF_KOA for which account type.....

but....it is showing me that you are not authorize and after that if i am going for back then it is showing me report.....

suggest...

and what about second part how to make copy of that Z tcode or Zreport ....

so that i can do R&D with the same.

Regards

Dik

Former Member

‎06-08-2009 8:57 AM

0 Kudos

Hi Dik,

If you want a particular auth. object to be always checked when executing a tcode ,you can add that to the Z tcode in SU24.

Peeyush.

Former Member
In response to Former Member

‎06-08-2009 9:01 AM

0 Kudos

@ Peeyush sharma : Refer to the SU24 help... maintaining SU24 doesn;t mean check will be performed, SU24 is mainly for profile generator (PFCG), it proposed values...

So, if the program doesn't check for auth objects then adding auth object in SU24 or role will not force system to check it.....

Former Member
In response to Former Member

‎06-08-2009 9:58 AM

0 Kudos

Agree Zaheer.............

It was an extension to ur answer........Missed stating it in my answer

Peeyush.

Former Member

‎06-08-2009 9:40 AM

0 Kudos

Hi Dik

From what I can see, there is an authorisation check in place (giving the initial No Authorization message). When the user presses the back button they can see the full data list.

In this case you need to go back to the developer as it looks like there is a problem with the way that they AUTHORITY-CHECK is implemented. It may be that they perform their selection on all data and only write to the screen what is allowed via the Auth check. When you back out of the screen you can access that full list. This is a code issue which needs to be fixed by the developer. It may be that the SELECT can be performed after the auth check so the only data which is retrieved is data which the user is allowed to see. Alternatively they need to fix the screen logic.

Former Member
In response to Former Member

‎06-08-2009 9:47 AM

0 Kudos

Dear Alex,

You are saying correct but right now we don't have devloper then through BASIS can we do something for the same......

by adding some auth object through se 93......

please rectify me

Regards

Dik

Former Member
In response to Former Member

‎06-08-2009 9:52 AM

0 Kudos

Hi dik,

Since it is a program error, that it takes users back to the main screen when they press back button, you need to ahve a ABAP programmer fix it for you or learn ABAP programming.

Cheers !!

Zaheer

Former Member

‎06-08-2009 1:32 PM

0 Kudos

> but when i am entering another account no that is belong to another G/L then it is saying that you are not authorized. but when i am pressing back button it is showing me the report.

Coding an AUTHORITY-CHECK, adding the object to SU24 and using it in a role is not enough, you need to react to the result of a correctly located AUTHORITY-CHECK - otherwise it is a mime in a forest.

At other times the checks are already there, but you need to activate them or define them in configuration (transaction SPRO, etc...).

Cheers,

Julius