About Authorisation checks?
Hi,
In reports ,where(in which event) u can write the code for authorization object checks?
Hi there,
U can use the function module AUTHORITY_CHECK
n this can be given anywhere in the report but u will need to
call it in selection screen.
CALL FUNCTION 'AUTHORITY_CHECK'
EXPORTING
NEW_BUFFERING = 3
USER = SY-UNAME
OBJECT =
FIELD1 =
VALUE1 = ' '
FIELD2 = ' '
VALUE2 = ' '
FIELD3 = ' '
VALUE3 = ' '
FIELD4 = ' '
VALUE4 = ' '
FIELD5 = ' '
VALUE5 = ' '
FIELD6 = ' '
VALUE6 = ' '
FIELD7 = ' '
VALUE7 = ' '
FIELD8 = ' '
VALUE8 = ' '
FIELD9 = ' '
VALUE9 = ' '
FIELD10 = ' '
VALUE10 = ' '
EXCEPTIONS
USER_DONT_EXIST = 1
USER_IS_AUTHORIZED = 2
USER_NOT_AUTHORIZED = 3
USER_IS_LOCKED = 4
OTHERS = 5
IF SY-SUBRC <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
Similar Messages
-
Info, detail about package check ?
Hi,
Does anybody have any documentation about package checks?
I would like to perform cross package checks, already went though <a href="http://help.sap.com/saphelp_47x200/helpdata/en/37/72b3392f65f530e10000000a114084/frameset.htm">Package Builder Online help</a> and found OSS Note Number: 648898 - Switching on the package check, however this area seems to have lack of documentation.
Found some info about table PAKPARAM in the mentioned OSS note, however I couldn't find any info about PAKCHEKTYP and all of the PAK* tables.
It seems checks are performed via PA_SLIN_PACKAGE_CHECK.
Any info or detail is appreciated.
Thanks in advance,
PeterHi Fabrizio,
1. This is a normal
'authorisation not there'
issue.
2. Contact your basis team
and they will help out
by assigning the values
for the particular auth object
for the required profile
for the particular user !
regards,
amit m. -
Excessive HR authorisation check (53,500) on one transaction
Hi experts,
We have a situation where one of our HR administrators runs PA20, for example, and this takes an excessive time to load. There is a timer message in the bottom of the screen (which i have never seen before) stating Authorisation Check 5% and carries on up to 100%
We turned on the PERNR authorisation check about 5 weeks ago, which should check object P_PERNR in your authorisations. However, for this one user, the only check being carruied out is P_ORGIN.
This user had 53,500 checks in the trace file from just executing PA20, not even entering a personnel number at this point!
The other user just had 30 checks - which would be regular enough.
Start of trace file for excessive user (no P_PERNR check)
21:39:32 P_ORGIN RC= 0 INFTY=0000;SUBTY= ;AUTHC=R;PERSA= ;PERSG= ;PERSK= ;VDSK1= ;
21:39:37 P_ORGIN RC= 4 INFTY=0000;SUBTY=' ';AUTHC=R;PERSA=*;PERSG=*;PERSK=*;VDSK1=*;
21:39:37 P_ORGIN RC= 0 INFTY=0000;SUBTY=' ';AUTHC=R;PERSA= ;PERSG= ;PERSK= ;VDSK1= ;
21:39:37 P_ORGIN RC= 0 INFTY=0000;SUBTY=' ';AUTHC=R;PERSA=AT02;PERSG=1;PERSK=AB;VDSK1=AT02;
Start of trace file for normal user (P_PERNR check)
21:48:54 P_PERNR RC= 0 AUTHC=W;PSIGN=*;INFTY=0001;SUBTY=' ';
21:48:54 P_ORGIN RC= 0 INFTY=0001;SUBTY=' ';AUTHC=W;PERSA=*;PERSG=*;PERSK=*;VDSK1=*;
21:48:54 P_PERNR RC= 0 AUTHC=W;PSIGN=*;INFTY=0003;SUBTY=' ';
21:48:54 P_ORGIN RC= 0 INFTY=0003;SUBTY=' ';AUTHC=W;PERSA=*;PERSG=*;PERSK=*;VDSK1=*;
21:48:54 P_PERNR RC= 0 AUTHC=W;PSIGN=*;INFTY=0002;SUBTY=' ';
Can anyone help? Surely 53,500 authorisation checks is a little too extreme! It is not happening to other HR users so it is very strange why just this one!
Thanks,
Bernard.I have noticed now in our Quality client that there is a P_PERNR check taking place 1st as is expected.
15:34:02:946 AUTH - - - S_TCODE RC=0 TCD=PA20;
15:34:02:985 AUTH - - - P_PERNR RC=0 AUTHC=R;PSIGN=*;INFTY= ;SUBTY= ;
where as in our production client there is a P_ORGIN check taking place 1st
21:39:31:991 AUTH - - - S_TCODE RC=0 TCD=PA20;
21:39:32:15 AUTH - - - P_ORGIN RC=0 INFTY= ;SUBTY= ;AUTHC=R;PERSA= ;PERSG= ;PERSK= ;VDSK1= ;
Or configuration of the PERNR check in table T77S0 is the same in both clients.
Are there any settings in PA20 or user defaults that would cause this. From my analysis, the trace file is showing up with one particular personnel area for the majority of the 53,500 checks!
Any help appreciated! -
How to put Authorisation Check?
Hi,
I have built a Module Program. In this there is a Save Button where information in the screen is saved to a Z table.
I need to put an Authorisation check to this save button. That is only users who have Save capability could save.
Simply there should be an authorisation check before the Save where it will check if the User has the Save option.
Please guide me on how to do this.
Thanks,
KishanHi Kishan,
1. AUTHORITY-CHECK
The above statement is required for authority checking.
Just see help on it for syntax purpose.
2. Moreover,
u will also have to know which authorisation object
is necessary for your purpose.
(or else new authorisation object may need tobe created)
Hope the above helps.
Regards,
Amit M. -
Hi ,
we have developed a z report which is fetching grade from infotype 8 .All the users here dont have authorisation for infotype 8.Is it possible somehow that the users who don have authorisation for infotype 8 can rum that report.Right now when they are trying to run the report its showing 'No Authorisation for infotype 8'.Or is there some other place from which grade can be retrieved .
Regards
SaurabhCreate an authorisation object (SU21)
Put an authorisation check for this object in your report (AUTHORITY-CHECK)
Create a role that contains this object (PFCG)
Assign this role to all the users who require access to the report (SU01).
<REMOVED BY MODERATOR>
Edited by: Alvaro Tejada Galindo on Feb 27, 2008 2:07 PM -
Skipping Authorisation checks in LDB
Hi All,
I am working on HR module and I have got to work on a report which is using LDB (Logical DataBase).LDB will do authorisation checks by default.
1) My requirement is to skip the authorisation checks and allow all the data to be retrieved.
Can this be done by calling any standard FM ? If yes , please name it.
regards,
PP//LDB will do authorisation checks by default.
in my opinion you are looking for a data retrieval process from report development point of view.
Ok say you are pulling data from infotype -08 which is sensitive information. now you need a entry for the object of this and then you are allowed to select on this table.
keep an authority-check on this table pa0008 and if you have the access then you will proceed or else dont pull the records.
Authority-object / Authority -check from program perspective will do .
ex:
AUTHORITY-CHECK OBJECT 'Z_TCODE'
ID 'ACTVT' FIELD '03' " read access
ID 'ZTCODE' FIELD p_tcode. " actual value
IF sy-subrc EQ 0. " check authorization
* fetch record
SELECT SINGLE *
FROM tstc
INTO wa_tstc
WHERE tcode EQ p_tcode.
Br,
Vijay. -
User authorisation check in ABAP-HR program
Hi,
Can anyone please help me on the following query ?
I need to check user authorisation in an ABAP report at Object level, filter only relevant records based on the user's authorisation and display appropriate messages.
The above mentioned report is purely developed by us and is not a copy of any standard report. Hence, kindly help me with your suggestions and opinions.
Thanks and Regards,
Manas MenonCreate an authorisation object (SU21)
Put an authorisation check for this object in your report (AUTHORITY-CHECK)
Create a role that contains this object (PFCG)
Assign this role to all the users who require access to the report (SU01).
<REMOVED BY MODERATOR>
Edited by: Alvaro Tejada Galindo on Feb 27, 2008 2:07 PM -
About authority-check object 'M_MATE_WGR'
hi all
I have a problem about authority-check object 'M_MATE_WGR'. the detail is bleow:
Read table T023 where the material group is in select option s_matkl. Then loop at the results and check for every found material group. If the user is authorized to use it with the ABAP statement AUTHORITY-CHECK with object M_MATE_WGR with parameters ACTVT = 03 (display) and BEGRU = the material group. When the user is allowed to use it, store it in an internal table and continue with the remaining materials groups from T023. When the user is not allowed to use it, set the status flag to X and dont save the current material group in the internal table.
After all checks have been done, empty the select option s_matkl. Loop over the internal table with the allowed material groups and fill up the select option s_matkl again with these records.
Thank you in advance .
NickYou are on the right track. Authorization object M_MATE_WGR checks the Authorization Group (BEGRU) not the Material Group. You read table T023 with the Material Group to get the Authorization Group.
Step 1: Read table T023 where MATKL = the Material Group you want to check authorization.
Step 2: Retreive the value in field BEGRU from the record in table T023. Use the value in T023-BEGRU to pass to the AUTHORITY-CHECK object M_MATE_WGR.
Hope that helps. -
I want to know about ATP check requirement .generally we assigned yes or no while creating sales order what it means when we give Yes or No. how pegging flows
Regards
virenderVirender,
Can you be a bit more specific about ".....generally we assigned yes or no while creating sales order....." Exactly what field(s) did you 'assign'? Screenshots would be helpful.
With respect to pegging; in general, ATP has very little to do with pegging. Pegging is more of a planning concept, and not an 'availability checking' concept. There are a few exceptions in APO, but they are not commonly implemented.
Can you elaborate about exactly what you want to know with respect to 'pegging' and ATP?
Best Regards,
DB49 -
Authorisation check for Object F_BL_BANK using transaction F110
Hi
Can you help me with transaction F110. The object F_BL_BANK has been linked on SU24 to transaction F110. It has also been set for Check/maintain.
There is no authorisation check for this object using F110.
How can we resolve the issue.Hi
We are on 4.6
I linked the object but the program is not doing an authority check The F_BL_BANK object has the following linked to it
. . . Check F_BKPF_BUP Accounting Document: Authorization for Posting Periods
. . . Check/maintain F_BL_BANK Authorization for House Banks and Payment Methods
. . . Check F_KNA1_APP Customer: Application Authorization
. . . Check F_KNA1_BED Customer: Account Authorization
. . . Check F_KNA1_BUK Customer: Authorization for Company Codes
. . . Check F_KNA1_GEN Customer: Central Data
. . . Check F_KNA1_GRP Customer: Account Group Authorization
. . . Check F_LFA1_APP Vendor: Application Authorization
. . . Check F_LFA1_BEK Vendor: Account Authorization
. . . Check F_LFA1_BUK Vendor: Authorization for Company Codes
. . . Check F_LFA1_GEN Vendor: Central Data
. . . Check F_LFA1_GRP Vendor: Account Group Authorization
. . . Check F_PAYR_BUK Check Management: Action Authorization for Company Codes
. . . Check/maintain F_REGU_BUK Automatic Payment: Activity Authorization for Company Code
. . . Check/maintain F_REGU_KOA Automatic Payment: Activity Authorization for Account Type
. . . Check PLOG Personnel Planning
. . . Check P_ABAP HR: Reporting
Ther are more objects but these are the key ones The object also has a custom object in that was build by SAP called ZLSCH Payment method We want the system to do a check on the payment method -
Mov Type - Authorisation Check
Hi Everybody
I want to control my mov types thru the Authorisation check ie Suppose there is a Log in "x" , and I dont want to give hime the Atuthorisation of mov type 551/552 under mb1a Tcode but rest all Mov types can be used by him .
Pls advice how to go ahead for the same
Rgds
ManojManoj,
This can be controlled by std authorisation object check. This will be given by basis in PFCG transaction. The setting in the relevant authorisation object example M_MSEG_BWA has to be provided.
The movement type will appear as one of the parameters while a specific authorisation for a transaction is given. The movement type could be restricted here.
Regards
Ram -
How to add authorisation check to a program?
Hi all :
Could you please tell me how to add authorisation check to a program?
Thanks a lot.Hi,
Check SAP help for authority-check. You can search on SDN on that.
AUTHORITY-CHECK
Basic form
AUTHORITY-CHECK OBJECT object
ID name1 FIELD f1
ID name2 FIELD f2
ID name10 FIELD f10.
Thanks
Nidhi -
I've used Project Web App on Sharepoint 2013. After clear job queue about force check-in then I've got this error. This made me can't access some pages in PWA anymore e.g. Project center, Resoure center, PWA setting, etc. Who have ever found this problem,
pls. help.
The pop up error msg. is "Sorry, you don't have access to this page"Hi,
According to your description, after you cleared job queue about force check-in then you can't access some pages in PWA.
Maybe you need to check in the pages which has been checked out.
If you have administrative rights, it is possible to override the check-out via the View All Site Content page:
Site Actions->View All Site Content->Pages->Hover the item you want to check in, and from the context-menu (arrow-down next to the filename), choose "Discard Check Out"
Besides, to troubleshooting the error “Sorry, you don't have access to this page”, refer to the following articles:
http://sharepoint.rackspace.com/sharepoint-2013-troubleshooting-an-access-issue-with-a-custom-master-page
http://technet.microsoft.com/en-us/library/ff758656(v=office.15).aspx
In addition, as this issue is related to project server, I suggest you create a new thread on project server, more experts will assist you:
https://social.technet.microsoft.com/Forums/projectserver/en-US/home?category=project
Best Regards,
Lisa Chen
Lisa Chen
TechNet Community Support -
Dear All,
Is there a way, other than testing and tracing, we can get to know the list of authorization objects which get checked for various NWBC functionalities?
Or if I move from one Service pack of GRC to another, is some list of new authorization object checks for webdynpro, available?
ThanksHi Paramjit
You will not get an exact list of what is needed. You can look at the SAP_GRAC* roles as a base of what is needed and refine the access. You can also look at the GRAC authorisation objects.
Security does not appear to change much between a support pack unless SAP identified a missing or incorrect authorisation check. Looking at the notes for the SP may help you identify these changes
Ultimately, trial/error and testing/investigation. SAP standard roles are a starting point but then you will need to determine if you need to restrict access further.
Regards
Colleen -
Hi all:
In my client's appraisal form, only the employee can fill in the form. They will also have to specify their manager's name as the appraiser.
I tried to use "Default Manager" BADI for my appraisal form. However, this is not a complete functionality because the appraisee can simply change the appraiser's name, after system defaults. There is no control on the appraiser chosen. I can even choose my subordinate as my appraiser, which is not correct.
I know that in "Processing" tab, we can de-select "No Authorisation Check for Appraiser". This feature will check if the user (in my case, the appraisee) has authorisation for the appraiser etc. A few questions I would like to find out:
1) Will this functionality meet my requirement?
2) To use this functionality, do I need structural authorisation or just non-structural authorisation?
3) Should i use BADI "Authority Check" instead, to cater to my requirement?
Many thanks for your advice in advance.
Thank you,
AshWhat is an authorisation checks?
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
· Starting SAP transactions (authorization object S_TCODE)
· Starting reports (authorization object S_PROGRAM)
· Calling RFC function modules (authorization object S_RFC)
· Table maintenance with generic tools (S_TABU_DIS)
How do we provide a basic authorisation check read for a employee? Could anyone help me with the path?
Go to transaction PFCG and provide the role based authorization.
Maybe you are looking for
-
Priority of message has not effect on delivery order
Hi, I'm sending messages into a JMS queue with two different priorities and a property for use with a JMS selector. Then via a JMS message recievers that have a selector I recieve the messages. But the order is always the same First in, First Out. Ex
-
Cover Flow; Won't Work On My Computer. Why?
Everytime I try to use iTunes' Cover Flow I get the message "iTunes is unable to browse album covers on this computer." and it freezes. Would anyone know why?
-
How to see the peak values in a chart?
I have the following situation: I am applying the FFt to an acceleration signal. In the FFT-peak graph I see different peak frequencies. However I would like to know how much are those peak values and either display them in the chart on top of the pe
-
I just started using DO NOT DISTURB at night but needed to send out an email. Was surprised that wi-fi had shut off. Couldn't re-connect until I turned DND off. Then wi-fi connected immediately. I hope this was just a temporary glitch.
-
Connection problems since my activation date
Hi all, My activation date was on the 21st May, I set up my equipment but the broadband light flashed orange, so i left it overnight to see if it would turn blue but it didnt. So i logged the fault with the technical help. After various lengthy cal