Customized Authorization Object Not Working

Former Member · ‎07-31-2007

Hi ppl,

I created an authorization object (SU21), and including the "control key" field (STEUS) into the authorization object. But after I maintained the profile (PFCG), I found out this authorization object is not checked, while I've maintained the check indicator at (SU24).

Did I miss out any step? Or could anyone guide me what are the procedures when creating an authorization object?

Thanks for your constructive opinions (points will be rewarded to any one who contributes an idea)

Former Member · ‎07-31-2007

Ty,

You need to include an AUTHORITY-CHECK statement in the appropriate program code. If the auth check is not in the code, it won't be performed & adding objects to transactions via SU24 & PFCG won't make any difference.

Former Member · ‎07-31-2007

Hi Alex,

Thanks so much.

I'm not sure where shall I include the authority-check statement... is it transaction-specific? That transaction which i'm supposed to control is IW31 and IW32, do you have any idea which program shall i modify or how shall it be done?

Thanks a bunch...

Former Member · ‎07-31-2007

This is the difficult bit, the best bet is to talk to your ABAP team to see if there are any appropriate User-Exits for IW31 and IW32. If there are, then it may be possible to include the additional check in the code, if not then another control solution may be required.

Former Member · ‎07-31-2007

Thanks Alex, but my team is kinda busy at the moment

May I know if anyone here knows which User-Exits would be appropriate for me to include authority-check for the control key?? (perhaps I should post it at PM-related forum..)

Thanks..