Authorization Objects for Multiple Fields on a Screen

Hi,
I have a requirement to create authorization object on a screen with 20 fields and there are 3 users, each user for eg: User-A has rights to Display and modify a few fields and User-B has rights to diplay and modify a few fields and same is the case for the 3rd user, and there are some fields which all can modify.
what i can do is create 2 authorization objects for each user one with all fields that he can modify & Display and other with all fields which he can display only. In this way i will have to create 6 authorization objects for 3 users, is there a way to reduce to 3, one for each user or even bring it down to 1 for all.
Thanks,
Thirumal

Hi again,
1. Thanks for the transparent example.
2. Taking the same,
    it would be like this, in the program.
( u must agree that
if there are six different cases,
then there will be six different IF ENDIF
in your program, for edit/display combination of fields)
(you may also use GROUP1, GROUP2..GROUP4
concept along with authorisation concept
to group related fields )
2. suppose user2 or user 1 has logged in.
3. in the program,
   before displaying the fields,
  a) use authority-check
   with 1, 2 and check sy-subrc to know
   which VALUE (1,2) is there for rights.
   b)then, logic would be like this
      (for display/edit of all fields)
    IF value =  1.
    field1-visible = true
    field1-editable = true
    field2-visible = true
    field2-editable = true
     field3-visible = true
    field3-editable = true
   endif.
   if value = 2.
    field1-visible = true
    field1-editable = <b>false</b>
    field2-visible = true
    field2-editable = <b>false</b>
   endif.
regards,
amit m.

Similar Messages

  • Matchcode Object for ORGEH field in Selection-Screen

    Hi,
       I need to create a Matchcode Object for ORGEH field in my Selection-Screen. But, I want to have the selection Criteria as the Tcode: Po10 does. Please guide me how to do it. Is there any Standard Matchcode Object provided by SAP for this kind of functionality?. Please provide some kind of solution. I am in urgent need of this.
    Thanks in advance,
    Exertive.

    Hi,
    You can try the following are the search helps (matchcode objects) available for ORGEH (Org Unit).
    HRBAS00OBJID
    RESP_ORG_UNIT
    H_T527X                          Help View for Organizational Units                         
    H_T527X_1                        Seach help for T527X                                       
    Regards,
    Suresh Datti

  • Authorization object for delivery block

    Hi ,
    How do I check the authorization object for any field? I specifically need one for delivery block.
    Please help.
    Thanks,
    Shailaja

    Hi,
    If your looking to put a delivery level block or its removal then i guess you explore it through userexit mv45afzz
    Regards,
    Saurabh

  • How to find out Authorization Object for Plant

    Hi,
    I have to implement an Authorization check for Plant in My Report Program.
    Is there any transaction which can help me to find out Authorization Object for any field like Material and plant?
    Thanks,
    Mamta

    Using SU21 u can create Authorisation Object.
    The ABAP command AUTHORITY-CHECK is used for performing authorizaton checks in programs.
    check f1 help on AUTHORITY-CHECK for the syntax.
    check these links
    link:[http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c;jsessionid=(J2EE3417500)ID1605942050DB11298929682009193279End]

  • Authorization object for plant on selection-screen

    Hi All,
    I need to cehck the authorization object for plant on sleection screen..the palnt is select-options.
    I have written the code
    Declaration of local constants.
      CONSTANTS : lc_i(1)  TYPE c VALUE 'I',
                  lc_eq(2) TYPE c VALUE 'EQ'.
      REFRESH : r_werks.
      LOOP AT s_werks.
        IF s_werks-low IS NOT INITIAL.
          AUTHORITY-CHECK OBJECT 'M_MATE_WRK'                "Check if the user has autorization for the plant.
                               ID 'ACTVT' FIELD '03'
                               ID 'WERKS' FIELD s_werks-low.
          IF sy-subrc NE 0.
            r_werks-sign   = lc_i.
            r_werks-option = lc_eq.
            r_werks-low    = s_werks-low.
            APPEND r_werks.
          ENDIF.
        ENDIF.
      ENDLOOP.
      LOOP AT s_werks.
        IF s_werks-high IS NOT INITIAL.
          AUTHORITY-CHECK OBJECT 'M_MATE_WRK'                "Check if the user has autorization for the plant.
                               ID 'ACTVT' FIELD '03'
                               ID 'WERKS' FIELD s_werks-high.
          IF sy-subrc NE 0.
            r_werks-sign   = lc_i.
            r_werks-option = lc_eq.
            r_werks-low    = s_werks-high.
            APPEND r_werks.
          ENDIF.
        ENDIF.
      ENDLOOP.
    My doubt is will the authorization will check the plants in between 1001 and 2001..suppose i have pplants 1001,1002,1003,1004,2001..Now will the above code will check for all the plants or only 1001 and 2001 if i specify in the select-options.
    Regards,
    raj

    Hi Raj
    First no need to LOOP AT s_werks and check s_werks-high as it will always be present only once in the table s_werks.
    Do this
    SELECT werks FROM t001w INTO li_werks
    WHERE werks IN s_werks.
    LOOP AT li_werks.
    *check your authority thing here and fill the range
    ENDLOOP.
    Pushpraj

  • Authorization object for field, EBAN-ESTKZ (creation indicator)

    Dear All,
    Does anyone know if there is an authorization object for field, EBAN-ESTKZ?
    I need to control the PR's authorization at creation indicator level. i.e. we need to remove the ability for all users to change Purchase Requisitions created by MRP.
    Thanks,
    Arun.

    Hi Jay,
    Thanks for your response.
    I didnt find it there. You have any Z options?
    Thanks,
    Arun.

  • Authorization Object for data downloading from application server

    Hi friends ,
       My program downloads and uploads data from the application server .
    My requirement is  ,
    Authorization checks should be performed on the Server directories to ensure that the user has access to read and write to the directory. It should check the s_dataset authorisation object for this.. If a user does not have the s_dataset authorisation object no upload or download should be allowed.
    Can you please tell me how to deal with this ? how do we check the above condition ??
    Many thanks ,
    Hemant

    hi,
    This is not a single step process.
    First of all you have to create a field for authorization for server directories from su20 and then create authorization object from su21.then define a role from pfcg with this authorization object and assign this role to user profile from su01 with values defined.
    Then you have to call this authorization object in your program at selection screen.

  • Authorization object for Command Button

    Hi all,
    How can I create the Authorization object for command button which is on application server.
    if you do not have auth when you click on that command button, it should be say 'you dont have auth'.
    please help me in this.
    regards,
    Ajay reddy

    Hi,
    Tcode for Authorization Objects are,
    su20----> for defineing authorization field ,
    su21-----> for authorization class,
    su22------> for assignement authorization object
    To create an authorization object:
    1) Execute transaction SU21
    2) Double-click an Object Class to select a class that should contain
    your new auth object
    3) Click on CREATE (F5)
    4) (If creating custom field) - Click the 'Field Maintenance' button -->
    Click on CREATE (Shift+F1)
    5) Enter the Name for the New Authorization field and the corresponding
    Data Element and SAVE
    6) Confirm the Change Request data for the new Authorization Field
    7) Go back two screens (F3-->F3)
    8) Enter the Authorization field name and document the object:
    9) SAVE and ACTIVATE the documentation
    10) Save the new Authorization Object
    11) Confirm the change request data for the Authorization Object and
    EXIT SU21
    12) Finally, the SAP_ALL profile must be re-generated
    Regards,
    hema.

  • Authorization object  for PLANNING PLANT

    Hi all,
    My client has different Planning plant & Production plant.
    If I need to give access to GR for order (MB31), how do I know the authorization object for the Planning plant.
    User should be given access to MB31 to the Planning plant & NOT to the Production plannt.
    Any idea where we could find the authoriz. objects for a particular field?
    Pls advise.

    Goods Receipt for Production Order: Movement Type            M_MSEG_BWF
    Goods Receipt for Production Order: Plant                    M_MSEG_WWF
    these are the authorisation objects with activities as  ACTVT and WERKS
    Maintaine the values for ACTVT  as
    01 Create or generate,
    02  Change
    03 Display
    04 Print, edit messages
    and maintaine the values WERKS   (ur plants 4 which u want to give authorisations)
    and BWAR ( movement types 4 which u want to give authorisations)

  • Authorization objects for  transaction, one to view, and one to maintain

    Hi all,
    My requrement is to create two authorization objects for  transaction, one to view, and one to maintain.
    I know how to create objetcs vai sm21, but i donot know how to crate objects with activity codes.
    Please suggest how to create object where i can asign activity codes.
    regards
    manish

    The Authorization Concept
    R/3 uses authorization objects to assign authorizations to users. An authorization object is a template for an authorization. For example, authorization object F_SKA1_BUK - G/L Account: Authorization for company codes requires the specification of two field values: Company Code and Activity. To allow a General Ledger supervisor to create a general ledger master record, he/she must be assigned an authorization to create (Activity 1) accounts for a specific company code (eg. Company Code 2000). Such an authorization is created using the object F_SKA1_BUK by assigning these field values and naming the authorization following an appropriate convention (eg. Z_SCC20001).
    Authorizations may be classified as general authorizations, organizational authorizations or functional authorizations. General authorizations specify the functions a user may perform. Authorization object F_SKA1_BUK has been assigned to the function for creating general ledger master records. The system checks for the useru2019s authorization to create general ledger accounts (Activity 1) in at least one company code. The system then checks whether the user is permitted to create accounts for the specified organizational unit (company code) and has the required functional authorizations. Authorizations in this case may restrict the user to certain Charts of Accounts. In addition, an authorization group may be defined in certain authorization objects to protect individual master records.
    Profiles relating to an organizational role (eg. General Ledger Supervisor) are defined consisting of a list of authorizations and other profiles. Such profiles are then assigned to users with that role and stored in their user master record along with other data (eg. password).
    Do check this link as well.
    http://articles.techrepublic.com.com/5100-10878_11-5110893.html

  • Maintain assignments of authorization objects for Z Webdynpros in SU24

    Hello experts,
    When we display the assignments of authorization objects for External Services -   Webdynpros in transaction SU24,  Z_webdynpros are not shown in the screen.
    We need to add more webdynpros in that table.
    I suposse that there must exist a way for updating that table with the Z webdynpros developed or some configuration is needed.
    Thanks in advance...
    Hector Longarte

    The Zwebdynpros I am talking about are Java Webdynpros in the SAP Portals, and the SAP ERP is onlyan ABAP stack.
    Is this configuration posible??

  • Custom Authorization Object for HR

    Hi,
    As per our Company's internal needs I have created a Custom Authorization Object for HR named ZP_ORGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORGIN) and made it Check/Maintain for transaction PA30 in SU24.
    I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
    Everything looks fine, but when I execute the transaction & do a trace on it, the object ZP_ORGIN is never checked (for a user having this object in his/her User Master). Only P_ORGIN object is checked instead.
    I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell  which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked.
    Your help will be appreciated.
    Thanks,
    Mandeep Virk

    Hi,
    I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
    I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
    Everything looks fine, but when I execute the transaction  the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
    We've ran the report RPUACG00 also which is mentioned in this thread.
    We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
    I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked
    but still it is taking the P_ORGIN object.

  • HR Authorization : Custom Authorization Object  for P_ORGIN

    Hi,
    I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
    I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
    Everything looks fine, but when I execute the transaction the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
    We've ran the report RPUACG00 also which is mentioned in this thread.
    We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
    but still it is taking the P_ORGIN object

    Online Help
    <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/d9/64141c0774194593da29f3cb813f1b/frameset.htm">P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context)</a>

  • Adding authorization object for "Function Group"s ?

    Is it possible to add any authorization object for any function group ?
    We have an issue i.e. whenever user "XYZ" is getting some Windows Excel related error whenever trying call an excel report from BW server. System log related to "XYZ" user shows that -> User "XYZ" has no RFC authorization for the function group "ABCD". The RFC authorization object is S_RFC.
    Function Group you can check through SE37->GoTO->Display Function Group
    Now is it possible to add authorization for any "Function Group" ?

    You give authorisation for all function groups by giving auth object S_RFC a * value in field RFC_NAME
    However I do not recommend this as giving wide access to RFC's can bypass a lot of the security you have implemented for the users.
    In this case, add only the function group that the user requires in this instance into S_RFC

  • Authorization object for vL02N

    Hi,
    I need the Authorization object for the VL02N.
    My requirement is i need to give authorization for doing PGI in VL02N screen,but the user can only generate the VL02N(no change or modification). How can i control this?
    pls advice

    Hi,
    The authorisation object is:V_LIKP_VST
    First Goto T.Code:SUIM
    Check the role used for this T.Code:VL02N.I identified the role as "SAP_LE_GOODS_ISSUE_DELIVERY".
    Next goto T.Code:PFCG.
    Enter this role here.Click on Display.
    Goto Authorisations tab.
    Click on Display Authorisation data.
    Goto Utilities-->Technical names on(if it is available else leave it).
    Regrads,
    Krishna.

Maybe you are looking for

  • MSI Gaming GTX 970 4GD5 OC BIOS request

    Hello, my S/N: 602-V317-01SB1409073268 Current BIOS according to MSI Live Update : NV317MH.210 Is there any later versions for my card? Thanks

  • How to erase background in a customize control

    Hello, Does anyone know how to modified a date and time indicators to show just the letters and numbers on top of a picture and not the indicator´s background see picture Solved! Go to Solution. Attachments: hora.jpg ‏64 KB

  • Change Title "SRM - Enterprise Buyer" of SRM Webpages

    Hi all, does anyone of you know, how to change the Title of the SRM Webpage? I would like to change the Title of the Webpage from "SRM - Enterprise Buyer Welcome! - ", later the title is "SRM  - Enterprise Buyer -" into something client specific. Any

  • Let's try again

    My previous posting "How to load member for "sales same date last year"?" wasn't clear enough in stating my objective so I'll try again.My outline contains a dimension with each day of the month for this year and prior years. (It isn't and can't be t

  • Will this idea fix uploaded songs to matched status?

    Hello, According to Apple's own documentation about how different song formats are matched to the iCloud, is it true that if you: Encode all songs that remain in "uploaded" status to either the: 1. WAV 2. ALAC 3. AIFF formats that you will then be ab