Assigning Auth group using std program

Similar Messages

• Program to assign auth group to the tables?

  Hi everyone,
  Does anyone of you know if there is a program that I can use to assign the auth group to the SAP std table(in case if I need to) and customized tables. I know I can goto Se54 and assign an auth group there but was hyst wondering if there is a program like RSCSAUTH which we can use for assigning the auth group to the programs.
  Please suggest.
  Thanks,
  Raj

  Hello Raj,
  You donot assign auth. group to tables but rather to the Maintenance Generator.
  I think SAP will not provide any std. program for this.
  Maybe other SDNers have some better ideas to share.
  BR,
  Suhas

• How to get list of Users under an Auth Group (for executable Programs)?

  Hi experts.  I have a requirement to get a list of all users under a particular Auth Group for Program Objects.
  Goal of this requirement is to identify the users allowed to use/access a program - we're doing some sort of Program Inventory and we'd like to identify the users per program, via the Auth Group. 
  So question is:  Which tables hold data about Program <-> Auth Group <-> Users, and how are they linked?
  I know this is Basis/Security stuff, but I was thinking of developing a report program to output the information needed.
  Thanks in advance.
  Edited by: George Esquerra on Nov 17, 2011 10:24 AM

  This is available in the standard via tx SUIM - user - users by complex selection criteria - by authorization values.
  If you enter auth object = S_PROGRAM and value = auth group, you will get the list of users.
  You can analyse how this program finds the information and incorporate it into your own logic.
  Thomas

• Hiding the header of a group using dynamic programming

  Hi,
  I had a requirement where we needed to place a border around the UI elements. For this purpose i had used a group UI element. But the group UI element by default has an attached header (Setting the visible property of header to "None" only disables the header text). Hence as per the suggestions in the following thread i had set the caption dynamically (in WDDOMODIFYVIEW) which removed the group header completely.
  Hiding header of a group
  Now, when i was browsing through the forum i came across the reply by Thomas in the below thread,
  Setting value in cookie using ABAP code
  //if someone does post a "hack" or "illegal" way of setting the client cookie directly from Web Dynpro; this would not be supported by SAP and could stop working at any time.//
  Truly said, it might stop working at anytime. This might apply to my case as well as i am setting the caption dynamically. I am not sure is the right allowed way or if i am using one of the "illegal" ways (which would stop working at some SP levels).
  Can someone clarify if hiding the header of a group using the above method is allowed?
  Regards,
  Prasath N

  The usage of WDDOMODIFY method for dynamically altering the view (e.g. hiding or showing UI elements) is perfectly "legal".
  The manipulation of a cookie by the developer is not intended inside the Web Dynpro framework.
  These are two completely unrelated issues, as per my understanding Thomas warned about the second.
  I think you're mixing things up.

• How do Auth Groups assigned to BOMs

  Security Folks,
  How can the auth groups used on the Bill of Material (BOM) ? I assume they need to be created by Functional folks via SPRO. Any input is appreciated.
  Thanks.

  Hi,
  Auth groups are assigned within the BOM itself.   When you create or change a BOM, you add the auth group in the header section.  Whoever is responsible for the creation / change of BOM's maintains the auth group which can then be used with C_STUE_BER.

• Auth Group vs Authority Check

  Hello -
  I am adding an Auth Group to my programs using SE38 in the Attributes screen.  Is it also necessary to have code in my program that checks for S_PROGRAM or is it sufficient to add the Auth Group to just the attributes section.
  Thank you for any insight.
  Mary Kathryn

  Adding a authorisation grp is sufficient no need to check the authorisation object within the code. The assignment of a program to an authorization group plays a role when the system checks whether the user is authorized to:
  Execute a program
  --> Authorization object S_PROGRAM
  Regards,
  JOy.

• Auth group to a table

  Hi All,
  We need to assign an auth group to one of our custom table,,,can you please tell me how can I do that ??
  The only way that I know is to go to se11->utilities->table maintenance generator and there we can assign the auth group. but when I tried doing this I found that Auth group can be of only 4 character long.... but when we created the auth groups for our program we could able to create upto 8 character long.. is the auth grp for the program and table are the same? and if not is there a way where we can see what auth groups are assgined to table (as for a program we can go to table trdir)
  Thanks,
  Rajeev

  Hello
  You can use se54 to create an auth group for a custom table.
  Search the forum for more details
  Regards
  Greg Kern

• Application area for the Auth Group

  Hi All,
  I want to create an authorization group, and make sure that this should work for every program where I will put it ir-respective of the application of the program...i.e I should have an ability to assign to the FI,HR and all other programs. So can you please tell me under which application should I create this Auth Group using table TPGP.
  Thanks,
  Rajeev

  Hi Rajeev,
  It is not required that you assign the authorization group to any application. The application has a documentary purpose only. However, if you still want to assign your authorization group to a program, just ignore the warning message when editing the attributes of the program and save your entry.
  Cheers,
  Shahram

• Assigning Authorization group to ZTcode

  Hi All,
  I have created one Authorization group to one Zprogram by running the program RSCSAUTH and want to assign it to custom ZTcode.
  But if we go to SE93 there it asking Authorization object, wt is Auth.object and how can i assign Auth.group to ZTcode.
  Anybody help me in this....
  Balu.
  Edited by: Bala Chandar on Sep 2, 2008 4:46 PM
  Edited by: Bala Chandar on Sep 2, 2008 5:01 PM

  How can i create a role and assign Auth.object to it using PFCG tcode, can u explain in detail plz..
  We can create Auth.object from SU21.than assign Auth.object  to specific role which can be maintain with PFCG.Often we need not to create many roles as SAP already provide Roles we just need to use them and assign to our Authorization obj which created by SU21
  For more help just go thru SAP help which is already there for PFCG just press Ctrl+F3 in PFCG.
  Amit.

• Auth grp for custom program

  Hi,
  I have an custom program which i need to secure by auth group so i went to RSCSAUTH then i kept some auth grp...eg;- say "FI" under auth grp column....before this i did not create any auth grp named: FI any where in the system......
  so my question is by doing this is considered as creation and assignment of auth grp to this custom program ???
  and if i do this in dev then how come this piece carried to production.
  Thanks,
  Lisa Pl

  The field is however not limited to 4 characters, RSCSAUTH is protected by 7.
  As you would hopefully develop and assign Auth Groups to programs in your development system, it does not make sense (to me) that the defined Auth Groups of the concept are necesarily known to the Prod system, as the role(s) for the report / transaction should be created / changed from the same source, ideally. So transporting the Groups themselves is only usefull if you are, for example, protecting programs or queries or report trees in production which are also maintained there. Transporting the program itself with the assigned TRDIR-SECU entry is not hindered (unless there is some feature of the STMS which does this - for example the production system is the domain controller).
  You can assign the auth group in Production as well with RSCSAUTH, subject to having the correct authorization for it. But you should restrict that very carefully and take care with your client settings...
  Other similar topics are changing menus in production.
  Cheers,
  Julius
  PS: If the reason for your question is because of protecting the prgram to run online, then perhaps a simple SY-BATCH... check in the program is another (additional) option. S_PROGRAM P_ACTION = 'BTCSUMBIT' as well.
  Edited by: Julius Bussche on Apr 20, 2008 8:58 PM

• List of Auth Group Sorted By Modules needed.

  All
  I have been trying to create the Display Roles for
  FI
  SC
  HR
  modules
  I need to add the Auth Group for S TABU DIS.
  Can someone please tell me if there is any link out there
  that has the Auth Group SORTED by Modules (FI SC HR etc)
  Thanks,
  From
  PT.

  I am not aware of any specific table which holds the table group : module link, other than the naming convention of the table groups and of course correct assignment to tables. So, you could try by sorting TDDAT on field CLASS.
  Take note that the transaction and master data tables (indexes) of the modules typically do not have auth groups assigned, and are therefore replaced by a symbolic group '&NC&'. I don't think it is possible or desirable to assign auth groups to all tables for display purposes, and then still split them into modules. Basis folks can become irritated when people browse VERY large indexes. Business owners as well when they realize that these roles can bypass all their application and org controls to protect their data.
  Cheers,
  Julius
  PS: I see 41 unresolved questions. 9 are no longer outstanding.

• How assign ABAP programs & T codes to auth groups R3 4.71, oracle 9.2.0.7

  Hi Experts,
  How to assign ABAP programs and customized transactions to authorization groups. R3 4.71, oracle 9.2.0.7, Sun Solaris.
  Can some one help me...
  Thanks in advance. . .

  Hi Jalli,
  Take a look at how SAP uses tcode S_ALR_87101286 to control the start of a report either via SE38 or via the tcode itself.
  In that transaction you can also read the documentation on protecting and restoring ABAP reports using the program authorization group concept. Click on the "information" icon or start "transaction" .HE from the first screen S_ALR_87101286 for more detailed infos, or select "Documentation" in SE38.
  Cheers,
  Julius

• How to Assign Event to Auth Group

  Hello All,
             Please suggest is there any way to assign Event to Auth Group.
  Scenario is:-
  Add event ZHCM*  to its own authorization group.These changes to SM64 are needed in order to assign the transaction (restricted to the custom program only) to Payroll for kicking off their interfaces after each payroll run. Please create custom auth group say ZPAY and assign the ZHCM* event to this new auth group.
  Thanks in Advance !!
  Best Regards,
  CB

  i hope you are assigning to the radio group not to a radio button. i mean u could have radio group xx with buttons butt1,butt2 , butt3 etc. u cant have
  xx.butt1 := 100
  Besides that it's perfectly acceptable by oracle to assign to a radio group unless of course the variable is badly spelt
  Hope this helps
  Lewis

• Restrict posting period only a limited set of users using Auth Group

  Hi all,
  Can someone help me in restricting posting period to only a limited number of users?
  Currently OB52 settings look like below:
  From Per.1  Year  To Period           From per.2   Year    To Period
      7                 2009         8                          8              2008            8
  My requirement is:
  I want to only few users to post in the 7th period and all others to post in the 8th period.
  I know this can be done via authorization group: Can someone please help me with the steps invloved in solving the same?
  Thanks in advance
  Sidharth
  Basis Administration

  Hi Alex,
  Thanks for your response!
  I have added F_BKPF_BUP object manually in the test role and assigned 0002 auth group in it.
  I have created auth group 0002 and assigned table T001B in SE54.
  Auth group 0002 is then assigned in the OB52 at the last column. This should restrict the posting for period 1 which i need to restrict for some users.
  Now as per the logic, if we dont assign any auth group, users should not be able to post for that period. But in my case user is able to post successfully via F-02.
  Please help me as we need to implement this before month end.
  Many thanks for your valuable help!
  Thanks
  Sidharth

• Assign user external dir to group using MaxL

  Hi
  I have my essbase security sync with Shared services.
  Now i want to assign user to groups using Maxl
  Groups exist as Essbase native Groups
  Users exist as corporate directory and are NOT native users
  Now when i try to execute the following statement i get error saying 'user does not exist'
  Alter user 'username@corporatedir' add to group 'nativegroup';
  Is it not possible to assign users from external directory to native groups using Maxl?

  Not specifed your version.
  For 9.3.1 refer to page 103 for details. http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/hyp_security_guide.pdf
  The file looks like
  #group_children          
  id,user_id,user_provider
  myNativeGroup,User1,myProvider
  myNativeGroup,USer2,myProvider
  myNativeGroup,nativeUser3,Native Directory
  For better understanding, add one external user to a native group manually in shared services and then export using the utility.
  Then the exported file format can be used for your import.
  Hope it helps.