07-31-2007 8:41 AM
Hi ppl,
I created an authorization object (SU21), and including the "control key" field (STEUS) into the authorization object. But after I maintained the profile (PFCG), I found out this authorization object is not checked, while I've maintained the check indicator at (SU24).
Did I miss out any step? Or could anyone guide me what are the procedures when creating an authorization object?
Thanks for your constructive opinions (points will be rewarded to any one who contributes an idea)
07-31-2007 9:12 AM
Ty,
You need to include an AUTHORITY-CHECK statement in the appropriate program code. If the auth check is not in the code, it won't be performed & adding objects to transactions via SU24 & PFCG won't make any difference.
07-31-2007 9:18 AM
Hi Alex,
Thanks so much.
I'm not sure where shall I include the authority-check statement... is it transaction-specific? That transaction which i'm supposed to control is IW31 and IW32, do you have any idea which program shall i modify or how shall it be done?
Thanks a bunch...
07-31-2007 9:26 AM
This is the difficult bit, the best bet is to talk to your ABAP team to see if there are any appropriate User-Exits for IW31 and IW32. If there are, then it may be possible to include the additional check in the code, if not then another control solution may be required.
07-31-2007 10:13 AM
Thanks Alex, but my team is kinda busy at the moment
May I know if anyone here knows which User-Exits would be appropriate for me to include authority-check for the control key?? (perhaps I should post it at PM-related forum..)
Thanks..