on 04-24-2006 4:42 AM
Hi,
I have to add a custom auth obj to a custom txn code. I am trying to do this through SU24 but i get an error saying object not maintained in TOBJ table. There is entry in the TOBJ for the auth obj. Any idea what this error means .
Your help would be useful.
Thanks.
Hi Reshmi,
1. Thru SU21 first of all create your Z authorisation object.
2. Then in abap code,
use AUTHORITY-CHECK
3. Then for rights,
ask the basis team.
Thru tcode PFCG, they will assign
the object to a particular role,
and they will give the Field values also,
which u say.
regards,
amit m.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hai Rashmi
Try with this code
In PAI-100
Write Module MOD1.
AUTHORITY-CHECK OBJECT <Object-Name>
ID 'BUKRS' Field V_BUKRS.
ID 'ACTVT' Field '02' '02'--> for Change.
if sy-subrc <> 0.
Message E001 'Your Not Authorized to Enter this Code'.
endif.
Example :
Object Class : FI Field --> F_BKPF_BUK.
AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
ID 'BUKRS' Field V_BUKRS.
ID 'ACTVT' Field '02'.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
...
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
-
go through report
-
TABLES: TOBJT.
DATA: OBJECT1 LIKE USR12-OBJCT,
OBJECT2 LIKE USR12-OBJCT,
OBJECT3 LIKE USR12-OBJCT,
AUTH1 LIKE USR12-AUTH,
AUTH2 LIKE USR12-AUTH,
AUTH3 LIKE USR12-AUTH,
IND LIKE SY-INDEX,
FLAG TYPE I.
DATA: BEGIN OF INTTAB OCCURS 30,
OBJECT LIKE USR12-OBJCT,
AUTH LIKE USR12-AUTH,
END OF INTTAB.
DATA: BEGIN OF INTTAB2 OCCURS 30,
OBJECT LIKE USR12-OBJCT,
AUTH LIKE USR12-AUTH,
EXPL LIKE TOBJT-TTEXT,
END OF INTTAB2.
DATA: BEGIN OF TABSET OCCURS 30,
SFIELD LIKE TOBJ-FIEL1,
VON(18),
BIS(18),
END OF TABSET.
*read up the authorizations from the user buffer
CALL 'ANALYSE_USERBUFFER'
ID 'AUTHS' FIELD INTTAB-SYS.
*filter out the multipy authorizatios of the same object
SORT INTTAB BY OBJECT.
DO.
IF SY-INDEX = 1.
OBJECT1 = ''. AUTH1 = ''.
READ TABLE INTTAB INDEX 1.
OBJECT2 = INTTAB-OBJECT .AUTH2 = INTTAB-AUTH.
READ TABLE INTTAB INDEX 2.
OBJECT3 = INTTAB-OBJECT.AUTH3 = INTTAB-AUTH.
ELSE.
OBJECT1 = OBJECT2. AUTH1 = AUTH2.
READ TABLE INTTAB INDEX SY-INDEX.
OBJECT2 = INTTAB-OBJECT .AUTH2 = INTTAB-AUTH.
IND = SY-INDEX + 1.
READ TABLE INTTAB INDEX IND.
IF SY-SUBRC = 0.
OBJECT3 = INTTAB-OBJECT.AUTH3 = INTTAB-AUTH.
ELSE.
OBJECT3 = ''. AUTH3 = ''.
IF OBJECT2 = OBJECT1 OR OBJECT2 = OBJECT3.
INTTAB2-OBJECT = OBJECT2.
INTTAB2-AUTH = AUTH2.
SELECT SINGLE * FROM TOBJT
WHERE LANGU = SY-LANGU
AND OBJECT = OBJECT2.
INTTAB2-EXPL = TOBJT-TTEXT.
ENDIF.
EXIT.
ENDIF.
ENDIF.
IF OBJECT2 = OBJECT1 OR OBJECT2 = OBJECT3.
INTTAB2-OBJECT = OBJECT2.
INTTAB2-AUTH = AUTH2.
SELECT SINGLE * FROM TOBJT
WHERE LANGU = SY-LANGU
AND OBJECT = OBJECT2.
INTTAB2-EXPL = TOBJT-TTEXT.
APPEND INTTAB2.
ENDIF.
ENDDO.
SORT INTTAB2 BY OBJECT AUTH.
*display the authorization and description, the objects, fields and
*field values
FLAG = 0. OBJECT1 = ''.
LOOP AT INTTAB2.
IF OBJECT1 = INTTAB2-OBJECT.
WRITE: / INTTAB2-AUTH COLOR 2.
PERFORM FIELD_VALUES.
LOOP AT TABSET.
WRITE: / TABSET-SFIELD, TABSET-VON, TABSET-BIS.
ENDLOOP.
ELSE.
SKIP.
WRITE: / INTTAB2-OBJECT COLOR 3, INTTAB2-EXPL COLOR 3.
PERFORM FIELD_VALUES.
WRITE: / INTTAB2-AUTH COLOR 2.
LOOP AT TABSET.
WRITE: / TABSET-SFIELD, TABSET-VON, TABSET-BIS.
ENDLOOP.
ENDIF.
OBJECT1 = INTTAB2-OBJECT.
ENDLOOP.
----
FORM FIELD_VALUES *
----
retrieve the field values of an authorization *
----
FORM FIELD_VALUES.
TABLES: USR12.
FIELD-SYMBOLS .
DATA: INTFLAG TYPE I VALUE 0, OFF TYPE I, VTYP, LNG TYPE I,
CLNG(2), GLNG(2), FLDLNG TYPE I VALUE 10, SETFILL.
SELECT SINGLE * FROM USR12
WHERE AUTH = INTTAB2-AUTH
AND OBJCT = INTTAB2-OBJECT
AND AKTPS = 'A'.
SETFILL = 0.
REFRESH TABSET.
CLEAR TABSET.
OFF = 2.
ASSIGN USR12-VALS+OFF(1) TO .
WRITE TO VTYP.
WHILE VTYP <> ' ' AND OFF < USR12-LNG.
OFF = OFF + 1.
CASE VTYP.
WHEN 'F'.
OFF = OFF + 5.
ASSIGN USR12-VALS+OFF(2) TO .
WRITE TO CLNG.
LNG = CLNG.
IF LNG <= 0.
EXIT.
ENDIF.
OFF = OFF + 2.
ASSIGN USR12-VALS+OFF(FLDLNG) TO .
WRITE TO TABSET-SFIELD.
OFF = OFF + FLDLNG.
WHEN 'E'.
ASSIGN USR12-VALS+OFF(LNG) TO .
WRITE TO TABSET-VON.
IF TABSET-VON = SPACE.
TABSET-VON = ''' '''.
ENDIF.
APPEND TABSET.
SETFILL = SETFILL + 1.
TABSET-VON = SPACE.
TABSET-BIS = SPACE.
OFF = OFF + LNG.
WHEN 'G'.
ASSIGN USR12-VALS+OFF(2) TO .
WRITE TO CLNG.
GLNG = CLNG.
OFF = OFF + 2.
ASSIGN USR12-VALS+OFF(LNG) TO .
IF INTFLAG = 0.
WRITE TO TABSET-VON.
WRITE '*' TO TABSET-VON+GLNG.
ELSE.
WRITE TO TABSET-BIS.
WRITE '*' TO TABSET-BIS+GLNG.
INTFLAG = 0.
ENDIF.
APPEND TABSET.
SETFILL = SETFILL + 1.
TABSET-VON = SPACE.
TABSET-BIS = SPACE.
OFF = OFF + LNG.
WHEN 'V'.
INTFLAG = 1.
ASSIGN USR12-VALS+OFF(LNG) TO .
WRITE TO TABSET-VON.
IF TABSET-VON = SPACE.
TABSET-VON = ''' '''.
ENDIF.
OFF = OFF + LNG.
WHEN 'B'.
INTFLAG = 0.
ASSIGN USR12-VALS+OFF(LNG) TO .
WRITE TO TABSET-BIS.
IF TABSET-BIS = SPACE.
TABSET-BIS = ''' '''.
ENDIF.
APPEND TABSET.
SETFILL = SETFILL + 1.
TABSET-VON = SPACE.
TABSET-BIS = SPACE.
OFF = OFF + LNG.
ENDCASE.
ASSIGN USR12-VALS+OFF(1) TO .
WRITE TO VTYP.
ENDWHILE.
ENDFORM.
-
go through this link
http://www.thespot4sap.com/Articles/SAP_ABAP_Queries_Authorizations.asp
Thanks & Regards
Sreenivasulu P
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI
GOOD
YOU HAVE NOT MENTIONED THE OBJECET NAME THAT YOU HAVE CREATED, ANYWAY IF THERE IS A ENTRY IN THE TOBJ TABLE THAN THERE MUST BE SOME PROBLEM IN THE SU24 WHERE YOU R MAPPING THAT PARTICULAR OBJECT TO THE EXTN CODE.
THANKS
MRUTYUN
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI
GOOD
HEREWITH I AM SENIDNG SOME OF THE LINKS RELATIED TO ROLES AND AUTHORIZATION OBJECT.GO THROUGH THIS .
http://help.sap.com/saphelp_46c/helpdata/en/1c/c38028816c11d396bc0000e82de14a/content.htm
http://www.thespot4sap.com/Articles/SAP_BC_Authorization_Concept.asp
ABOUT ROLE
-
http://www.sapdb.org/7.4/htmhelp/48/8af5b0a54f11d2a97100a0c9449261/content.htm
THANKS
MRUTYUN
Hi Reshmi,
The auth obj that you have created should be assigned to all those peoples profile. The BASIS team does that.
e.g i have the auth to change code as that auth obj S_XXXX is assigned to my profile.
The tester cannot edit the code as the auth obj S_XXX has not been assigned to him.
To check whether the person is authorized you can do the following check:-
AUTHORITY-CHECK OBJECT 'S_XXX'
if SY_SUBRC = 0
The user is auth
endif.
if SY_SUBRC = 12
The user is not auth
endif.
Hope this is helpful.
Regards,
Sameena
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.