ASSIGN AN AUTHORIZATION GROUP TO MANY TABLE

Similar Messages

• SE54: Assigning an authorization group to table &SM31&

  Has anyone out there tried to assign an authorization group to the symbolic table &SM31& in transaction SE54?
  Any success in using it?
  Cheers,
  Julius

  Thanks Bernhard!
  > But what I did find was [SAP Note 42563|https://service.sap.com/sap/support/notes/42563] .
  > ...-->it's from 1997....!!
  Note that the SM31 refered to in the note is not the SM31 we know today. It looks like SAP renamed it to SM31_OLD and replaced by a new SM31 (and the current settings option). The alternative having been changing miles of code, this seems reasonable but can be confusing (release dependently).
  > Don't know if this is still used, as the check is in Rep.s SAPMSTBM, which is used in TX SM31_OLD, SM32, SM33 only.....
  My rule of thumb is: If something is possible, then someone out there is either already doing it, or still doing it...
  Cheers,
  Julius

• Define and assign user authorization groups in FI

  Hi All,
  In order to allow some specific group of users to post in AUGR allowed periods, how do I define and assign user authorization groups in FI?
  Thanks,
  Teo

  Hi Teo,
  Here i am giving some authorisations in fi
  F_AVIK_BUK FI Payment Advice: Authorization for Company Codes
  F_BKPF_BED FI Accounting Document: Account Authorization for Customers
  F_BKPF_BEK FI Accounting Document: Account Authorization for Vendors
  F_BKPF_BES FI Accounting Document: Account Authorization for G/L Accounts
  F_BKPF_BLA FI Accounting Document: Authorization for Document Types
  F_BKPF_BUK FI Accounting Document: Authorization for Company Codes
  F_BKPF_BUP FI Accounting Document: Authorization for Posting Periods
  F_BKPF_GSB FI Accounting Document: Authorization for Business Areas
  F_BKPF_KOA FI Accounting Document: Authorization for Account Types
  F_BKPF_VW FI Acc. Document: Change/Display Default Vals for Doc.Type/PKey
  F_BL_BANK FI Authorization for House Banks and Payment Methods
  F_BNKA_BUK FI Banks: Authorization for Company Codes
  I hope it will help.
  BR,
  Satya

• Authorization group in Z-Table and user assignment

  Hello,
  I have created Z table which stores sensitive data and have created maintenance view. I want particular users only to have change access to this table through SM30 and for that I have created my own autorization group. Now my question is: How I can assign user names to this authorization group? how does it work? Is this through Role assignment to user profile? I dont have any basis support help for me for this task and hence trying to do it myself in sandbox system.
  Since this is not my domain step by step help will be appreciated.
  Thanks.
  Agasti..

  HI,
  useful link
  http://www.richardsantos.net/2009/03/16/sap-how-to-create-and-use-the-authorization-objects-in-abap/
  Thanks
  Sudheer

• Assigning the Authorization group to particular transaction code

  Hi,
    How do we Assign the Aughorization group to particular Transaction code with authorization object. Is there any transaction code ?
  if anyone know, please let me know.
  With Regards,
  Prasad.

  The Tcode is tied to a Program & you can assign the Program to an Authorization Group via its attributes. I don't think there is an option to directly attach a Tcode to an Authn Group.
  ~Suresh

• Assigning numbers by group within a table

  ...I've found a few solutions on the internet, all of them using MYSQL specific functions though :(
  Here's my table as it stands:
  Account     Box     Outletnumber
  1234     12345          
  1234     43244                         
  1234     43543
  1235     32432
  1235     45454
  1236     23432
  1237     34535
  1237     45435
  1237      32432
  ...for each unique 'account' I need to assign a sequential number to the outlet. So I should end up with:
  Account     Box     Outletnumber
  1234     12345     1
  1234     43244     2                    
  1234     43543     3
  1235     32432     1
  1235     45454     2
  1236     23432     1
  1237     34535     1
  1237     45435     2
  1237      32432     3
  ..I'm really lost on how to achieve this, anyone got any ideas?
  Many thanks in advance!
  Adam

  You can use merge. If you've 10g, you may not need WHEN NOT MATCHED.
  MERGE INTO <yourtable> t1 USING
  (SELECT account, box, row_number() over (partition by account order by box) rno
  FROM <yourtable>) t2
  ON (t1.account = t2.acount
      AND t1.box = t2.box)
  WHEN MATCHED THEN
       UPDATE SET outletnumber = t2.rno
  WHEN NOT MATCHED THEN
       INSERT(account) VALUES(null)

• Authorization coding in custom table

  Hi frnds,
     I want to give an authorization to a custom table. I have created a new authorization group and assigned a role and user for it.
     I had done a coding to check the authorization in Maintenance generator program.
  MODULE CHECK_AUTHORIZATION OUTPUT.
  data : w_tddat like tddat,
         viewname type tabname value 'ZTSD_IB_TRMAP',
         act_level.
  select single * from tddat into w_tddat where tabname = viewname.
    if sy-subrc <> 0  or  w_tddat-cclass = space.
      w_tddat-cclass = '&NC&'.           " 'non classified table'
    endif.
    authority-check object 'S_TABU_DIS'  "check by class
        id 'ACTVT'      field '02'
        id 'DICBERCLS'  field w_tddat-cclass.
    if sy-subrc <> 0.                    "not allowed
        authority-check object 'S_TABU_DIS' "check by class
           id 'ACTVT'      field '03'
           id 'DICBERCLS'  field w_tddat-cclass.
        if sy-subrc =  0.
         fupd  = space.
         fshow = 'X'.
         act_level = '03'.
         p_action = 'S'.
          message w106(tb) with viewname."only show allowed
        else.
          message e107(tb) with viewname."no upd auth
        endif.                           "sy-subrc from  2nd auth_check
      else.                              "act_level <> 02
        message e105(tb) with viewname . "no show auth
     endif.
    endif.
  ENDMODULE.                 " CHECK_AUTHORIZATION  OUTPUT
  But the problem is on debugging even for the unauthorized user the authorization check coding:
    authority-check object 'S_TABU_DIS'  "check by class
        id 'ACTVT'      field '02'
        id 'DICBERCLS'  field w_tddat-cclass.
  gives sy-subrc = 0.
  What is the problem with the coding.
  Also can an one explain me about
         fupd  = space.
         fshow = 'X'.
         act_level = '03'.
         p_action = 'S'.
  and what are the datatypes to be given for it on data declaration.
  Thanks in Advance

  >
  neethu wrote:
  > I have created a Z table and I need to create and assign an Authorization group to the table. The requirement is like, say, if there are 10 users who belong to this particluar Authorization group, then 5 users should be given display and change authorization. And the remaining 5 users should be given only display authorization & no change authorization.
  >
  Assuming users are accessing the table content using SM30 (or SM30 parameterised transaction) you can use authority object S_TABU_DIS to control change mode. User who are suppose to change content should have authority object S_TABU_DIS with following values in their role.
  S_TABU_DIS
  ACTVT = 02
  DICBERCLS = AUTH_GRP
  for display only
  S_TABU_DIS
  ACTVT = 03
  DICBERCLS = AUTH_GRP
  Where AUTH_RP is authorization group assigned to table
  Regards,
  Pawan.
  Edited by: Pawan Kesari on Aug 9, 2010 4:17 PM

• How to find tables contain in particular authorization group.

  hi all
          By using SE11 , i just enter a table name like "MARA"
           then i go for display
          then by clicking utilities->assign authorization group
            i can get the info. about tablename and which authorization group(MM) the table belongs and its desc.
  my question is if the Authorization group is MM, i need to know the list of tables belongs to that particular auth. group.
  regards
  pras

  Hi Pras,
  These are stoed in table TDDAT. you can use se16 for this table and enter MM in CCLASS field hit execute.
  Ravi
  [My SAP Blog|http://raviinsap.blogspot.com]

• Authorization group for table maintenance view

  I  need to create table maintenence view for a custom table, client provide name for auth. group, but no clue how to create auth. group.
  can someone provide the steps to do this?

  Hi,
  Follow below steps to create table maintenance for a table and to assign authorization group to a table:
  step1: Go to SE11 enter the table name
  step2: In the standard toolbar you will find UTILITIES
  Go to UTILITIES -> TABLE MAINTENANCE GENERATOR
  You will go to first screen of Table maint. gen.
  Here you will find to enter authorization group.
  Thanks and Regards,
  Shravan G.

• Check available authorization groups

  Hi ,
  if a custom table needs to be assigned to an authorization group in SAP.
  Which is the transaction to check users assigned to an authorization group?
  Currently i have an idea that Assigning and Creating authorization groups are dealt in SE54 but i cannot find a way to check
  whether users are assigned to an authorization group...!!!
  thanks
  kritika

  Checking Assignment of Authorization Groups to Tables:
  You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
  You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
  See also:
  ·        SAP Notes 7642, 20534, 23342, 33154, and 67766
  ·        Documentation for RSCSAUTH
  Hope this helps.... if not check the following link
  If you still don't find, search google 'table authorization groups in sap' - There are good info on web.
  You can assign the authorization group to any custom table via SE11 - table - display - utilities - assign authorization group and rest follow the sap help (where to maintain and how to assign) .This is a developer and security persons work.

• Authorization Group in se38

  Hi everybody,
  what is the use of Authorization group in se38 attribute? can we create and assign our own one?
  The actual scenerio which i am facing here is My report should not be viewed by some grop of  users. My friend is saying i can do that through the above said one. But i know i can do that using AUTHORITY-CHEK.  What i am asking here is can i accomplish this task by the above said attributes.
  Points will be awarded.
  Thanx in advance.
  Gladiator

  Hi,
  Authorization Checks
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  ·Starting SAP transactions (authorization object S_TCODE)
  Starting reports (authorization object S_PROGRAM)
  Calling RFC function modules (authorization object S_RFC)
  Table maintenance with generic tools (S_TABU_DIS)
  Checking at Program Level with AUTHORITY-CHECK
  Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
  AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
  The access protection system must ensure that only authorized individuals have access to the system and to particular data. For achieving precise application security concerning authorization and to protect confidential data against unauthorized access it is very important to focus on the use of authorization groups.
  The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. They usually occur in authorization objects together with an activity.
  The table that contains all authorization objects is TOBJ.
  The table that contains all activities is TACT.
  The table that contains definition of all authorization groups is TBRG.
  TBRG -- Contains all authorization groups and gives information about relation between authorization object and authorization group. The description of the authorization groups is defined in table TBRGT.
  The field name for authorization group -- BRGRU -- is used to make additional restrictions on authorizations /e.g. for document maintenance/. In authorization objects and authorization checks, there are fields which are checked to verify user authorizations. Customizing objects are combined in authorization groups, and the authorization group is one of the two authorization fields, for example, in authorization object S_TABU_DIS which is in the object class BC_A (Basis - Administration). This object is for displaying or maintaining tables. It controls access using the standard table maintenance tool (transaction SM31), enhanced table maintenance (SM30) or the Data Browser (SE16), including access in Customizing.
  Authorization object S_TABU_DIS has the following fields: DICBERCLS - Authorization group, maximum field length is four characters; and ACTVT - Activity (02: Add, change or delete table entries, 03: Only display table contents).
  Generally, SAP standard tables are assigned to authorization groups. These assignments can be changed. You can then assign tables manually to a suitable authorization group. To do this, start Transaction SM30 for maintenance view V_DDAT, and create an entry for each of these tables. In V_DDAT is stored the assignment of Tables/Views to Authorization Groups. V_DDAT is cross-client; therefore, it can be viewed and used in all clients.
  Note: If you don't make a selection, all tables maintained in Customizing transactions are assigned to authorization groups.
  Reward If Helpfull,
  Naresh.

• What is authorization group?

  Hi all,
  Can anyone tell me what is authorization group? I always come across this when I am inside pfcg and look into the authorization object.
  I know that authorization object groups authorization fields together. And authorization is an instance of authorization object. But how does authorization group fit into this model?
  I have read parts of the help manual that mention auth. group is used to manage Z tables, but they never mention the above relationship.
  Thanks.

  HI Jockey,
  The access protection system must ensure that only authorized individuals have access to the system and to particular data. For achieving precise application security concerning authorization and to protect confidential data against unauthorized access it is very important to focus on the use of authorization groups.
  The authorization group allows extended authorization protection for particular objects. The authorization groups are freely definable. They usually occur in authorization objects together with an activity.
  The table that contains all authorization objects is TOBJ.
  The table that contains all activities is TACT.
  The table that contains definition of all authorization groups is TBRG.
  TBRG -- Contains all authorization groups and gives information about relation between authorization object and authorization group. The description of the authorization groups is defined in table TBRGT.
  The field name for authorization group -- BRGRU -- is used to make additional restrictions on authorizations /e.g. for document maintenance/. In authorization objects and authorization checks, there are fields which are checked to verify user authorizations. Customizing objects are combined in authorization groups, and the authorization group is one of the two authorization fields, for example, in authorization object S_TABU_DIS which is in the object class BC_A (Basis - Administration). This object is for displaying or maintaining tables. It controls access using the standard table maintenance tool (transaction SM31), enhanced table maintenance (SM30) or the Data Browser (SE16), including access in Customizing.
  Authorization object S_TABU_DIS has the following fields: DICBERCLS - Authorization group, maximum field length is four characters; and ACTVT - Activity (02: Add, change or delete table entries, 03: Only display table contents).
  Generally, SAP standard tables are assigned to authorization groups. These assignments can be changed. You can then assign tables manually to a suitable authorization group. To do this, start Transaction SM30 for maintenance view V_DDAT, and create an entry for each of these tables. In V_DDAT is stored the assignment of Tables/Views to Authorization Groups. V_DDAT is cross-client; therefore, it can be viewed and used in all clients.
  Note: If you don't make a selection, all tables maintained in Customizing transactions are assigned to authorization groups.
  Check these links too..
  http://help.sap.com/saphelp_crm50/helpdata/en/52/671285439b11d1896f0000e8322d00/frameset.htm
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67129f439b11d1896f0000e8322d00/frameset.htm
  http://www.sap4.com/contentid-39.html
  Thanks,
  Susmitha
  Dont forget to reward points for useful answers.
  Message was edited by: Susmitha Thomas

• Authorization group restriction

  Hi ,
  I would like to know how to restrict authorization group FCAR and FCAP.We could see it is related to F_BKPF_BES object .It seems the same authorization object should be given the following access
  --display access for documents asigned to authorization group FCAP
  --should not allow display for documents assigned to authorization group FCAR
  If we restrict using FCAP (displays access)the second condition works fine but the first one it displays line items only for G/L accounts.Vendor line items does not get displayed.
  Please let me know your thoughts on this.

  Hi Mekha,
  You can add another object F_BKPF_BES manually and in the first one give
  display access for documents asigned to authorization group FCAP  and in another no display for documents assigned to Auth group FCAR
  **Reward points accordingly
  Junaid

• Abap report attributes : Authorization group

  Hello,
  I would like to know if there is an enhancement to force the developer to assign an authorization group to the new created abap report, when filling the attributes
  Thank you by advance
  Philippe

  Hello,
  Thank you all for your answers.
  In both FUNCTIONs , EXIT_SAPDSAHD_010 (include ZXSEUU09) and
  EXIT_SAPLSEDTATTR_010 (include ZXSEUU20), I inserted a break <sy-uname>.
  When creating a new abap report (i.e. a local object), I reach only the
  break in include ZXSEUU20, and never after having filled up the program
  attributes popup, always before.
  My initial goal was to force the developer to enter a value in the authorization
  group.
  Do you have an idea of what is going wrong or is it the normal behaviour?
  Thank you,
  Philippe

• AUTHORIZATION GROUP IN BP

  Hi All,
  Morning I posted this question. I wanted to know what is the use of the field authorization group in control tab of BP.
  I knw how to give value but what is the importance
  Thanx
  SARAVANA

  Hi Redek,
  Thanx for ur answer. I hv created the role and in that screen there is a tab like menu if i go to that menu there I can assign to that rle what will be the functionality by clicking on sap menu. second thing if I go to the authorization tab of role screen there I can choose the manual data by clicking on change authorization data and assign the user.
  Lets say I had created an role as sales manager. If I create an bp as a person and role how can I assign the role to that bp and what is the use of that field authorization group in control tab of bp.
  If I supposed to assign the authorization group in that how can I do this?
  Thanx
  Saravana