Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Reg:AL11 Autorization Rols

Former Member

‎10-18-2013 7:26 AM

0 Kudos

Hi Experts,

I want to assign Al11 authorization roles to users through reports,if there is any way of assigning AL11 authorization roles through reports,plz reply back.

Reagards

Arpitam

8 REPLIES 8

rahul_mishra7
Active Participant

‎10-25-2013 12:29 PM

0 Kudos

Hi Arpitam,

Please clarify the business scenario, You are performing in SAP
Cloud for Travel and Expense product which needs assign Al11 authorization roles to users?

Regards,

Rahul Mishra

Former Member

‎10-25-2013 1:05 PM

0 Kudos

Dear Arpitam,

If your question meant on how to check a user's authorization to access a AL11 file, the answer to the same is below.

Please use the Function Module AUTHORITY_CHECK_DATASET which would help you to have a authorization check for AL11.

Please find the screen shot below for details.

po_upath is the name of the file path.

'READ' corresponds to the activity to be performed.

sy-cprog is the name of the program from which the authority check is being performed.

Only if the authorization is valid, then the file has to be granted access.

If you need any more details or if my understanding is incorrect, please do let me know. Thanks.

Warm Regards,

Ram

Preview file
6 KB

Former Member
In response to Former Member

‎10-25-2013 2:23 PM

0 Kudos

Dear Ram,

My requirement is to assign required AL11 Authorizations for the users from report,so that if the users execute that report required AL11 authorizations should be assigned to them.

Reagrds

Arpitam

Former Member
In response to Former Member

‎10-25-2013 3:04 PM

0 Kudos

Dear Arpitam,

I am not sure if there is any program to assign roles to users. However, i am very much aware of a BAPI which can be used in a Custom program to serve the purpose.

Please try using the BAPI 'BAPI_BUPA_ROLE_ADD'.

The other BAPI's that could be of some use to you are:

To assign roles :

BAPI_USER_ACTGROUPS_ASSIGN

To assign profiles :

BAPI_USER_PROFILES_ASSIGN

To change user's metadata (name, settings, ... other SU01 functions) :

BAPI_USER_CHANGE

This should definitely solve your issue. Please check and get back to me if your issue is resolved.

Warm Regards,

Ram

Former Member

‎10-26-2013 9:02 AM

0 Kudos

Dear Ram,

I need to assign Authorization objects like S_DATASET,S_LOG_COM,S_RZL_ADM.So how it is possible to assign through the BAPI'S you mentioned above.

Regards

Arpitam

ChrisPS
Contributor

‎11-27-2013 11:12 AM

0 Kudos

Hello Arpitam,

                     the post will be moved the security forum as it is more suitable.

Thanks,

Chris

IdM SCN Moderator

Former Member

‎11-27-2013 12:46 PM

0 Kudos

Hi Ram

As per my understanding from the above discussion.

First you need the list of users who can access reports...  You can consult with the security consultant in your project

Find the role which has AL11 tcode and below auths

S_ADMI_FCD

S_DATASET

S_RZL_ADM

Please assign the role to the users who has access to reporting

I think this will solve the problem

Cheers

Pavan M

Colleen
Advisor
Advisor

‎11-28-2013 12:17 AM

0 Kudos

Hi

What type of report are you trying to develop here? What sort of user is accessing it?

Or, are you saying you want to restrict which part of the directory they can read/write to when they use reports?

Regards

Colleen