09-27-2013 12:45 PM
Hi Experts,
I have created a custom report which is showing Account Balances, Stock and Invoice. All these reports come under one Tcode. Below are the autho rization fields which are required for my each report.
Invoice Accounts Stock
Sales Office Sales office Company Code
Sales Division Plant
Here I have created my own authorization class, authorization objects and authorization fields.
ZAUTH (AUTH CLASS) |
ZINVOICE(AutOb) |
ZVKBUR ZSPART |
ZACCOUNT(AutOb) |
ZVKBUR |
ZSTOCK(AutOb) |
ZBUKRS ZWERKS |
I did this much with tcodes SU20 SU21. What has to be done after this?
There are many levels of authorization to be achieved. First for the TCODE and then for the individual selections in the list box item. (Invoice, Stock and Accounts- All in the same tcode ). How to achieve this?
NB: Moreover SE93 transaction we can give only one authorization object. So how to assign multiple authorization objects to the same transaction code.
09-27-2013 12:55 PM
Regards,
Raymond
09-27-2013 1:03 PM
Hi,
Check the following link for the complete
process on Authorization objects
09-27-2013 1:43 PM
Is it really necessary to create new authorisation objects? For example, for G/L account balances in a company code there is alread object F_BKPF_BUK, which is checked for ACTVT = 03 in standard reporting for account balances and line items.
You can use the same logic in your custom reports.
Check first for existing objects that can be used, also speak to a security/roles expert in your team, often there is an overall authorisation concept in effect that you should align with in your developments.
Thomas
09-27-2013 2:03 PM
Hi Thomas,
There is no overall authorization concept existing in the organization now. That is why I am going ahead with custom authorization concept. But I am confused with the steps to follow.
Here is the precise of what I have done so far.
1) Created custom Authorization fields with the existing data elements, (SU20)
2) Created Authorization objects and class (SU21)
3) Created a role in PFCG. (Added values say for sales office 2000 and activity '03').
4) Assigned TCode to Authorization Object in SU24.
5) Checked in my custom program with 'Authority check' for sales office with '2000'. But it is running for all sales office.
BR,
09-27-2013 2:27 PM
OK, but I still strongly suggest using standard authorisation objects as much as possible, and according to the logic as implemented in SAP standard programs (check where-used lists).
Then, if your code doesn't work as expected, post the relevant snippet here for further investigation.
Some of the activities you are listing belong to the area, please have look in this space as well.
Thomas
09-27-2013 1:48 PM
Hi,
Basis team is responsible to create Authorisation object and assigning the precision value such as *,2,3.
And you have to give the following:
AUTHORITY-CHECK OBJECT 'zinvoice'
ID ACTVT FIELD '3'
Here,Precision value '3' stands for Edit.
Regards,
Santhosh Kumar.K