Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Link between end-user field and authorization object

Former Member

‎09-10-2013 3:07 PM

0 Kudos

Hi experts,

I am having a hard time finding the information below, so if anyone can help me that will be great.

I am trying to link the field an end-user handles and the associated authorization object.

Here are the details :

My starting point is specific fields of a transaction and my end point is the users associated to them.

For example I want to find out which users can create or modify the Bank Key and Bank accounts (BANKL and BANKN of LFKB table) you can find in the payment transaction section of the vendor master record.

I need to know which authorization objects are behind as well as which Tcodes, this way I will be able to identify the roles using the authorization object/tcode and in the end the users who can access them.

Surfing on the discussions I found a lot of information on different Tcodes and tables (SU24, SUIM, PFCG, TOBJ, TACTZ, AUSOBT, TSTCA, etc.) but nothing that can bring me from the field technical name to the list of roles and therefore end users.

Thank you all for your help.

Sanddie

4 REPLIES 4

martin_voros
Active Contributor

‎09-10-2013 11:51 PM

0 Kudos

Hi,

there is is no such a link. The fields of authorization objects can't be directly mapped to the database fields. The logic is built into applications. For example object M_BEST_BSA. It controls access to PO based on document type. Just giving authorization for this object is not going to give access to all POs. There are additional checks performs such as if user has access for a site and so on. There might be some more objects that control access on more granular level (e.g. access to pricing on PO).

In your case we are talking about vendor which can be modified in transaction XK02. So you can see a list of all proposed object for this transaction in SU24. The object F_LFA1_AEN might be interesting for you. You can get more info about this object in SU21.

Cheers

Former Member

‎09-11-2013 5:41 AM

0 Kudos

Hi Sanddie,

Sanddie wrote:

"I need to know which authorization objects are behind as well as which Tcodes,this way I will be able to identify the roles using the authorization object/tcode and in the end the users who can access them."

Have you approached your functional consultants to get the list of Master Data related tcodes?

They are the right point of contact to give you the List of all Master Data tcodes.

E.g (XK,XD,FD,VD,MM,OX,FS) 01,02, VK11,VK12, FS00, etc...list goes on...

Then your task starts with SUIM.

Cheers,

Rama

Former Member

‎09-11-2013 7:32 AM

0 Kudos

Next best would be the F1 key and navigate to the technical field object to be able to where-used-list it. But that is not scalable.

It is easier to get to know the authorization objects more intimately. All 4000 of them will however keep you busy for a while. Having funky consultants who also understand authorizations for their modules helps a lot..

Cheers,

Julius

Former Member

‎09-11-2013 6:17 PM

0 Kudos

For the table restriction you can search the table authorization group to which the specific table is assigned and restrict all your roles to this authorization group.

Regarding the transactions that give access to this functionality, it is best to restrict the authorization objects below instead on focussing on the transaction codes. In tis case, if you are missing the one or more transactions, it will not be a real problem because the required authorization objects are restricted properly.