Custom transaction authorization

Former Member · ‎05-09-2007

Hi,

I have a custom transaction which calls a custom table. And as there's no ABAP code for that, it's not possible to enter ABAP statement - AUTHORITY-CHECK to check any data before user run custom transaction.

Is it possible to restrict custom transaction in this scenario ?

Thanks..

manohar_kappala2 · ‎05-09-2007

Hi Mehta,

Custom transaction gives you access to a particular table.

After that what extra restriction are u looking at?

dhorions · ‎05-09-2007

You can create authorisation objects in transaction SU21. Then you can link it to your custom transaction in SU24.

Assign it to users by adding it to the menu of your roles and authorisation profiles.

Former Member · ‎05-09-2007

Hi Mehta,

While you create a Custom Transaction code using SE93, if you check the option "Skip Initial Screen" and assign it to user. User will only be able to access that perticular table only. So what is that Extra Security Check you are looking for?

Thanks & Regards,

Santosh

Former Member · ‎05-09-2007

If you are trying to update the table - assign the table to a seprate auth grp and restrict it via S_TABU_DIS

Former Member · ‎05-09-2007

Assuming you are using call transaction to SE16 or SM30 for you custom transactions. Your custom transaction is actually a parameter transaction, which will check whatever auth objects from the parent transactions (SE16 or SM30).

The only place that you can insert additional Auth-Check statement is within your custom table. Go to your custom table thru SE11 -> Utilities -> Table Maintenance Generator -> Environment -> Modification -> Events. If I recalled correctly, Event 25 is for Auth-Check.

Good luck.

Thanks,

Lye

Former Member · ‎05-10-2007

Thank you all for your answers. But I know what you all are talking about.

Well, let me be specific. I have 3 companies and all are using same custom table. And I have a custom transaction code which points to custom table for table display/update access.

Now, as there's no ABAP code for custom transaction, I can't insert AUTHORITY-CHECK to restrict one company's data from others.

So in this case, is there any way I can restrict custom transaction for authorization check, which would be inserted in user's profile, for specific company code value ?

I know you can do it using TSTCA table: insert authorization object and value and then check against user's profile. But would like to know what other folks are doing.

Cheers...

Former Member · ‎05-10-2007

Yes, you can insert AUTHORITY-CHECK code inside your custom table.

Go to your custom table thru SE11 -> Utilities -> Table Maintenance Generator -> Environment -> Modification -> Events.

EVENTS is where you can insert AUTHORITY-CHECK coding. For example, depending on the user's profile on Company Code, the user can only see their data or only able to update their own data in the custom table.

Thanks,

Lye

manohar_kappala2 · ‎05-10-2007

Hi Mehta,

In this case in think you can use the following object

S_TABU_LIN to obtain further control.

Hope this helps

Manohar

Message was edited by:

Manohar Kappala

Former Member · ‎05-10-2007

Mehta,

The following link explains how you can segregate access to a table - you will need to create t-codes for each of the different groups.

http://www.sap-img.com/zf011.htm

The example is for the table behind OB52, however the principles are valid for other tables.

Cheers

Alex

manohar_kappala2 · ‎05-10-2007

Hi Mehta,

The scenario you are looking at can be eachieved through the use of S_TABU_LIN

With this you can control to a particular fields in a table.

Hope this helps