Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to Do Authority Check

Former Member

‎01-17-2008 3:09 PM

0 Kudos

Hi All,

I am developing a report in which i have to do a Authority Check.The func spec says :

Authorization Check On:

Perform the following authority checks (or similar) on the selection screen or during data selection.

AUTHORITY-CHECK OBJECT 'V_VBAK_VKO'

ID 'VKORG' FIELD VKORG

ID 'VTWEG' FIELD VTWEG

ID 'SPART' FIELD SPART.

Can anybody giude me how to go about it?

Thanks in Advance.

5 REPLIES 5

former_member156446
Active Contributor

‎01-17-2008 3:12 PM

n general different users will be given different authorizations based on their role in the orgn.

We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.

USe SUIM and SU21 T codes for this.

Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.

If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.

This means you have to allocate an authorization object in the definition of the transaction.

For example:

program an AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT <authorization object>

ID <authority field 1> FIELD <field value 1>.

ID <authority field 2> FIELD <field value 2>.

...

ID <authority-field n> FIELD <field value n>.

The OBJECT parameter specifies the authorization object.

The ID parameter specifies an authorization field (in the authorization object).

The FIELD parameter specifies a value for the authorization field.

The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.

http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm

To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.

Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.

You program the authorization check using the ABAP statement AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'

ID 'ACTVT' FIELD '02'

ID 'CUSTTYPE' FIELD 'B'.

IF SY-SUBRC 0.

MESSAGE E...

ENDIF.

'S_TRVL_BKS' is a auth. object

ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.

The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.

This Authorization concept is somewhat linked with BASIS people.

As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.

Take the help of the basis Guy and create and use.

Former Member

‎01-17-2008 3:13 PM

0 Kudos

hi,

we can do in the hr for the authority check.... we have the f.m is hr_authority_check_infty.i hope this same f.m might be usefull to ur requirement,,...... ok.....................

former_member182354
Contributor

‎01-17-2008 3:15 PM

0 Kudos

Hi Saket,

Your question is your answer..

AUTHORITY-CHECK OBJECT 'V_VBAK_VKO'

ID 'VKORG' FIELD VKORG

ID 'VTWEG' FIELD VTWEG

ID 'SPART' FIELD SPART.

IF sy-subrc ne 0.

show an error message.

endif.

Thats it...

Just confirm if they want you to use the same authorization object or not ...This object checks user auth for three fields ...VKORG, VTWEG and SPART,.

All the best,

Raghav

Former Member
In response to former_member182354

‎01-17-2008 4:19 PM

0 Kudos

Thanks Raghav i have done the same.to be precise

Here's my code.

AUTHORITY-CHECK OBJECT 'V_VBAK_VKO'

ID 'VKORG' FIELD P_VKORG

ID 'VTWEG' DUMMY

ID 'SPART' DUMMY.

IF sy-subrc <> 0.

MESSAGE e000 WITH text-041.

ENDIF.

But this code is failin in TQA Check.It's not givin any error in syntax check.Infact o/p comin fine.But in Code Inspector a dump ic comin for this TR.Please advice.

Former Member

‎01-17-2008 3:15 PM

0 Kudos

hi

good

check this code and do accordingly.

REPORT demo_authorithy_check.

PARAMETERS pa_carr LIKE sflight-carrid.

DATA wa_flights LIKE demo_focc.

AT SELECTION-SCREEN.

AUTHORITY-CHECK OBJECT 'S_CARRID'

ID 'CARRID' FIELD pa_carr

ID 'ACTVT' FIELD '03'.

IF sy-subrc = 4.

MESSAGE e045(sabapdocu) WITH pa_carr.

ELSEIF sy-subrc <> 0.

MESSAGE e184(sabapdocu) WITH text-010.

ENDIF.

START-OF-SELECTION.

SELECT carrid connid fldate seatsmax seatsocc

FROM sflight

INTO CORRESPONDING FIELDS OF wa_flights

WHERE carrid = pa_carr.

WRITE: / wa_flights-carrid,

wa_flights-connid,

wa_flights-fldate,

wa_flights-seatsmax,

wa_flights-seatsocc.

ENDSELECT.

In this example, the system checks with the authorization object S_CARRID whether or not the user has a display authorization (03) for the airline entered on a selection screen. If this is not the case, or a different error occurs, the Selection Screen Processing goes back to the display of the selection screen.

http://help.sap.com/saphelp_nw70/helpdata/en/9f/dbaccb35c111d1829f0000e829fbfe/content.htm

thanks

mrutyun^