Authorization Objects and Custom Program

former_member207873 · ‎09-27-2013

Hi Experts,

I have created a custom report which is showing Account Balances, Stock and Invoice. All these reports come under one Tcode. Below are the autho rization fields which are required for my each report.

Invoice Accounts Stock

Sales Office Sales office Company Code

Sales Division Plant

Here I have created my own authorization class, authorization objects and authorization fields.

ZAUTH (AUTH CLASS)

ZINVOICE(AutOb)

ZVKBUR

ZSPART

ZACCOUNT(AutOb)

ZVKBUR

ZSTOCK(AutOb)

ZBUKRS

ZWERKS

I did this much with tcodes SU20 SU21. What has to be done after this?

There are many levels of authorization to be achieved. First for the TCODE and then for the individual selections in the list box item. (Invoice, Stock and Accounts- All in the same tcode ). How to achieve this?

NB: Moreover SE93 transaction we can give only one authorization object. So how to assign multiple authorization objects to the same transaction code.

raymond_giuseppi · ‎09-27-2013

There is always S_TCODE (will be checked with the transaction code)
you can give an authorization object in SE93 (with initial values for fields to be checked at start of transaction)
you can add other authorization objects in SU24, but you have to code the AUTHORIZATION-CHECK statements in your program

Regards,

Raymond

mayur_priyan · ‎09-27-2013

Hi,

Check the following link for the complete

process on Authorization objects

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a5...

ThomasZloch · ‎09-27-2013

Is it really necessary to create new authorisation objects? For example, for G/L account balances in a company code there is alread object F_BKPF_BUK, which is checked for ACTVT = 03 in standard reporting for account balances and line items.

You can use the same logic in your custom reports.

Check first for existing objects that can be used, also speak to a security/roles expert in your team, often there is an overall authorisation concept in effect that you should align with in your developments.

Thomas

former_member207873 · ‎09-27-2013

Hi Thomas,

There is no overall authorization concept existing in the organization now. That is why I am going ahead with custom authorization concept. But I am confused with the steps to follow.

Here is the precise of what I have done so far.

1) Created custom Authorization fields with the existing data elements, (SU20)

2) Created Authorization objects and class (SU21)

3) Created a role in PFCG. (Added values say for sales office 2000 and activity '03').

4) Assigned TCode to Authorization Object in SU24.

5) Checked in my custom program with 'Authority check' for sales office with '2000'. But it is running for all sales office.

BR,

ThomasZloch · ‎09-27-2013

OK, but I still strongly suggest using standard authorisation objects as much as possible, and according to the logic as implemented in SAP standard programs (check where-used lists).

Then, if your code doesn't work as expected, post the relevant snippet here for further investigation.

Some of the activities you are listing belong to the area, please have look in this space as well.

Thomas

former_member612950 · ‎09-27-2013

Hi,

Basis team is responsible to create Authorisation object and assigning the precision value such as *,2,3.

And you have to give the following:

AUTHORITY-CHECK OBJECT 'zinvoice'

ID ACTVT FIELD '3'

Here,Precision value '3' stands for Edit.

Regards,

Santhosh Kumar.K