09-02-2010 2:57 PM
I am in need of 'controlling' the AUSBK (Source Company Code), along with BUKRS (Company Code).
When a GL accountant executes FBV3 (Display Parked Document), I would like to filter out documents with certain values of ASUBK data element (field), on top of the entered BUKRS value.
I have looked into SU20 & SU21, but I haven't found any authorization relating to AUSBK.
Best regards,
Tom
09-02-2010 4:39 PM
Hello,
there are no authorization objects containing the authorization field AUSBK. The only way to achieve your requirement is troughout the creation of a custom authorization object, with transaction SU21, using the authorization fields that you want to test, and then adding in the ABAP code, in the proper part of the code, using the statement AUTHORITY-CHECK.
Hope to be useful.
Best regards,
Andrea
09-02-2010 4:58 PM
Hi Andrea, thank you for your response !
I have never created a customize Authorization Object, before.
Do you have any links, notes, docs explaining.showing how to do it ?
It seems SU21 is straightforward, but the code using the statement AUTHORITY-CHECK is a gray area.
Do I have to have my ABAPer to do it ?
09-02-2010 6:09 PM
Yes this is generally and normally done by ABAPER.
please use SU24 create an custom authorization object and then the custom authority field and ask the ABAPER to do his magic.
09-02-2010 7:29 PM
Hi Franklin, thanks for your help !
Is it SU24 or SU21 to create a custom Authorization Object ?
My ABAPer has a very tight schedule, can I do it myself ?
Are there any docs, links where it shows to do it ...
Best regards,
Tom
09-02-2010 7:47 PM
Hi,
You can create custom authority field using SU20
Maintain or create custom authority object using SU21
Adding the authority object and field in a custom transaction will be using Su24
ABAPER should know this very well
09-02-2010 8:16 PM
Franklin, thanks again !!
How can I do it myself,since the ABAPer is npt available.
Are there any links, docs showing howit is done.
Best regards,
Tom
09-02-2010 8:55 PM
But if the check is not in the code then adding it to SU20, SU21 and Su24 is not going anywhere...
You need to add it to an apprpriate source code location and react to the check --> you need an ABAPer for this, preferably a good one because there are also easy ways to hang yourself in UI exits.
Cheers,
Julius
09-02-2010 8:59 PM
If I remember correctly
execute SU20 transaction, it will have a paper rectangular button on the left corner which is create
start with letter Z.......... to creat a field
execute Su21 transaction, on the application menu bar you will a paper button with paper clip(down arrow)
you will have option to create custom authority field and authority field object.
Remember unless ABAPER enables these objects in the code he creates you cannot make this functional( based on what I know)
ABAPER in my case gave me CUSTOM TRANSACTION NAME and I added the custom object and field in SU24
09-03-2010 12:19 AM
> ( based on what I know)
There is a lot of empirical evidence to support what you suspect.
The first path of least resistance should be to look in config. You can actually achieve alot that way without modifying or copying the system.
Out of curiosity, try run a trace on your custom object and even if found check to see whether the code even reacts to the check (same module pool used might use navigation back into the original transaction).
I suspect the ABAPer copied the module pool. Solutions like this in exits are a real pest and they are not secure unless the ABAPer is very security aware.
Few are. They generally just want to make it work in unit tests of their copied code at your current release level.
Not a good idea, normally.
Cheers,
Julius
09-07-2010 7:52 PM
When, I create a Z* authorization field (SU20), I get a screen that asks for a 'Package' name.
What do I put in there ??
Best regards,
Tom
09-07-2010 10:05 PM
Hi,
you are lacking basic knowledge about how development is organized in SAP system. The development package is an important thing which determines transport path. Usually, there is only one path but your landscape might be more complex. You need to know what you do and what to select. As it was already written just defining new custom authorization object won't do the job. I quickly checked FBV3 and it does not have a really nice structure. So you really need a developer to implement additional checks. Don't forget that you need to restrict Document list as well.
Cheers
09-08-2010 2:52 PM
Hi Martin, thank you for your reply !
Yes, I don't have ABAP basic knowledge, I would like to learn though
Do you recommend any docs, links, notes where I can read from ?
Also any info about the complete steps for creating a custom authorization object, it would be greatly appreciated.
Regards,
Tom
08-16-2011 5:15 PM
08-16-2011 8:50 PM