10-18-2013 7:26 AM
Hi Experts,
I want to assign Al11 authorization roles to users through reports,if there is any way of assigning AL11 authorization roles through reports,plz reply back.
Reagards
Arpitam
10-25-2013 12:29 PM
Hi Arpitam,
Please clarify the business scenario, You are performing in SAP
Cloud for Travel and Expense product which needs assign Al11 authorization roles to users?
Regards,
Rahul Mishra
10-25-2013 1:05 PM
Dear Arpitam,
If your question meant on how to check a user's authorization to access a AL11 file, the answer to the same is below.
Please use the Function Module AUTHORITY_CHECK_DATASET which would help you to have a authorization check for AL11.
Please find the screen shot below for details.
po_upath is the name of the file path.
'READ' corresponds to the activity to be performed.
sy-cprog is the name of the program from which the authority check is being performed.
Only if the authorization is valid, then the file has to be granted access.
If you need any more details or if my understanding is incorrect, please do let me know. Thanks.
Warm Regards,
Ram
10-25-2013 2:23 PM
Dear Ram,
My requirement is to assign required AL11 Authorizations for the users from report,so that if the users execute that report required AL11 authorizations should be assigned to them.
Reagrds
Arpitam
10-25-2013 3:04 PM
Dear Arpitam,
I am not sure if there is any program to assign roles to users. However, i am very much aware of a BAPI which can be used in a Custom program to serve the purpose.
Please try using the BAPI 'BAPI_BUPA_ROLE_ADD'.
The other BAPI's that could be of some use to you are:
To assign roles :
BAPI_USER_ACTGROUPS_ASSIGN
To assign profiles :
BAPI_USER_PROFILES_ASSIGN
To change user's metadata (name, settings, ... other SU01 functions) :
BAPI_USER_CHANGE
This should definitely solve your issue. Please check and get back to me if your issue is resolved.
Warm Regards,
Ram
10-26-2013 9:02 AM
Dear Ram,
I need to assign Authorization objects like S_DATASET,S_LOG_COM,S_RZL_ADM.So how it is possible to assign through the BAPI'S you mentioned above.
Regards
Arpitam
11-27-2013 11:12 AM
Hello Arpitam,
the post will be moved the security forum as it is more suitable.
Thanks,
Chris
IdM SCN Moderator
11-27-2013 12:46 PM
Hi Ram
As per my understanding from the above discussion.
First you need the list of users who can access reports... You can consult with the security consultant in your project
Find the role which has AL11 tcode and below auths
S_ADMI_FCD
S_DATASET
S_RZL_ADM
Please assign the role to the users who has access to reporting
I think this will solve the problem
Cheers
Pavan M
11-28-2013 12:17 AM
Hi
What type of report are you trying to develop here? What sort of user is accessing it?
Or, are you saying you want to restrict which part of the directory they can read/write to when they use reports?
Regards
Colleen