Authorisation Object - for specific functins to restrict access

Similar Messages

• How to create authorisation object for save button please help in abap

  how to create authorisation object for save button please help in abap

  Hi
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  Regards
  ANJI

• How  to create  authorisation object for  report

  hi
  experts..
  hw  can u  create authorisation object for  the  custom report.
  Thanks&  Regards
  Spandana

  Hi,
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  Sy-SUBRC values
  4              User has no authorization in the SAP System for
                 such an action. If necessary, change the user
                 master record.
  8              Too many parameters (fields, values). Maximum
                 allowed is 10.
  12             Specified object not maintained in the user
                 master record.
  16             No profile entered in the user master record.
  24             The field names of the check call do not match
                 those of an authorization. Either the
                 authorization or the call is incorrect.
  28             Incorrect structure for user master record.
  32             Incorrect structure for user master record.
  36             Incorrect structure for user master record.
  http://www.sap.ittoolbox.com/groups/technical-functional/sap-basis/please-how-to-create-an-authorization-object-386391 - 78k -
  http://www.sap-abaprogram.blogspot.com/2007/11/what-is-use-of-
  authorization-checks-to.html - 75k -
  www.sapworld.hpg.ig.com.br/download/ab4query.pdf
  with thanks,
  Abaper.

• Authorisation Object for Payment Block Filed(ZLSPR) in FB02

  Hi,
  I want to restrict the authorisation to modify the field Payment Block to some of the users only in FB02 Tcode.
  How can i achieve it.
  My basis team said it can help me if i can give the authorisation Object  for the same they can restrict the authorisation object to limited users.
  regards
  Jaya

  Hi Mallikarjun,
  The authorisation Object given is related to Excise invoice ? So, please let me know how this would help in restricting modification of payment block filed in FB02?
  regards
  jaya

• Authorisation object for cost center

  Hi all,
       I need to know the authorisation object for the field COST CENTER in ME21N(creation of PO) screen. How to find it? Since I am creating roles for users with help of BASIS I need to know it. I need to restrict the values for the cost center field while creating the purchase order.
  Thanks in advance.
  Regards,
  Raj

  Hello,
  Master Data:
  CO: Cost center master      (K_CSKS)
  CO: Cost center groups      (K_CSKS_SET)
  CO: Cost element master      (K_CSKB)
  CO: Cost element groups      (K_CSKA_SET)
  CO: Activity type master      (K_CSLA)
  CO: Activity type groups      (K_CSLA_SET)
  CO: Statistical key figures      (K_KA03)
  CO: Stat. key figure groups      (K_KA03_SET)
  Planning:
  CO: Version      (K_KA09_KVS)
  CO: Planner profiles      (K_TKA50)
  CO: Cost center planning      (K_CSKS_PLA)
  CO: Cost element planning      (K_CSKB_PLA)
  CO: Budgeting      (K_CSKS_BUD)
  Regards
  Mahesh Naik

• Authorisation object for "PO text in the material master"

  Hi,
  My requirement is as below:
  "All users can see the Purchase Order Text as usual, but only a few users should be allowed to create / change the PO Long Text.
  For other users, the same should appear in display mode only (both in creation & in change mode, MM01 & MM02)."
  Please let me know, How to map this.
  As per my knowledge thsi is possible only thru authorisation. But I want to know what is the authorisation object for "PO text in the material master" (Pl note that only for PO text in the material master field). we want control on "PO text of material master"
  Regards.
  Chinna

  Hi,
  The authorisation object is "M_MATE_MAT", pl check
  Regards
  Merwyn

• Authorisation object for Case Management

  Hi Gurus.
  I need to create authorisation object for Case Management,
  SCMG_T_CASE_ATTR-CATEGORY Field,SCMG_CATEGORY element,
  I use the tx SU21 and Su20, asigned this object to Role. But no WORK.
  In the Su20:
  Field Name: ZCATEGORY
  Data elelment: SCMG_CATEGORY.
  Table Name: SCMGATTR_CATEGO.
  In the SU21:
  Object: ZCASE
  Class: AAAB
  Field Name:
  ACTVT
  ZCATEGORY
  When I use tx SCASE, The condition not work.
  I use the field name ZCATEGORY because the field name CATEGORY was used by SAP. But for USC_Y_CONT_CATEGORY element
  Edited by: Alfredo on Aug 1, 2008 5:39 PM

  Hi Alfredo,
  Go to SU24 tcode and see if the transaction SCASE is being check/maintaned to the authorization object ZCASE.
  If not then you need to do that so that when you add the tcode SCASE to a role then you will see the authorzation object ZCASE which you have created. You can edit the role and change the authorizations for the field, ZCATEGORY and maintain.
  Generate the role and then assign it to the user. I think it must work.
  If it doesnot work then as Alex said, you need to go and look where the Authority check statement is  placed in the program behind the SCASE tcode.
  Hope this helps.
  Regards,
  Kiran Kandepalli.

• Authorisation object for controlling te changes to "Delivery completed indi

  hi
  I want to know the authorisation object for controlling te changes to "Delivery completed indicator" in PO.
  I want to give the authorisation to change to certain users only.
  Best regards
  Sar

  There is no authorization at field level.
  Either the user has authorization to change an order or not.

• Authorisation object for field level

  Hi all,
  In support desk ,Is there any authorisation object for controlling field level changes such as category or priority by message processors.
  Balamurugan

  Hi.
  Not that I know of. I was also looking for something like this and could not find anything.
  I think there is even no logging if someone makes any changes to those fields.

• Basic authorisation objects for display/execute

  Hi  Team,
     For a  start .....I need  to  create  a  basic  user  role for BEX (7.0)with  Display and execution of the queries .
  Down the  lane  another  role  with  restricted access  to  only certain  cubes
  What  is  the  authorisation  objects  needed  to be  given in that  role?
  Is  there  a std  role  which  solves  my  purpose.?
  I  was  playing  with  auth  objects like S_RS_COMP, S_RS_COMP1,S_RFC....but  coudn't get much  farther.
  Thanks  for  your time.
  /Andy

  Hi Nicco,
  we evaluated ACE for two projects now and always found that customers are not very excited about administration of a)EP-roles b) CRM-roles and additonally c)ACE user groups which is furthermore a very new topic for all of us and therefore it seems there is little know-how existing. We are also not sure about the future of ACE if there are new development with BP-roles in 6.40? But for my personal opinion in the field of CRM and sensible data there is no way around ACE or something similar ...
  Regarding performance we always had the felling that response time of PCUI-apps decreases when we activated ACE - maybe because there is some overhead with collecting ACE-data in different tables additionally to the other process of controllers and subcontrollers ... but this was only a personal experience, we never did any measurements which confirmed this "feeling".
  Regards
  Michael

• Authorisation object for inspection type

  Dear QM consultants,
  We are developing one Z program where plant, inspection lot origin and inspection type are main input fields. We want to add authorisation object based on these inputs. I checked for M_BEST_WRK for plant and Q_INSPTYPE for inspection type. Object for plant is working fine but we are unable to restrict based on inspection type since Q_INSPTYPE does not have any activity field associated with it.
  Has anybody come across such issue? Whether objects taken by me are correct, if not can anybody guide me what are the authorisation objects to be taken.
  Thanks in advance.
  Best Regards,
  Anand Rao

  Hi
  Create your own autherization group with SU21
  This will bring better control
  Regards
  Sujit

• Disable an Authorisation object for Multiple roles.

  Hi ,
  I need to Disable an authorisation object F_BKPF_BUP for about 345 roles.Is there any way by which we can make mass changes.Doing it for individual role would take a lot of time.kindly advice.
  Thanks in advance

  Hi,
  1. Go to SE16 --> table  USOBT_C --> put object F_BKPF_BUP in the field "Object" --> execute without restriction. Download the list of TCodes.
  Now go to Table AGR_TCODES --> put the list of TCodes (found with above method) in the field "Extended name" as multiple selection --> execute and download the list of roles.
  Look up your list of 345 roles with this list. After matching, you need to sort out the TCodes present in this list of roles which is checking the object F_BKPF_BUP.
  2. Now go to SU24.. go to option "Authorization Object" and NOT in the Transaction section.
  Put the Object and execute.... go to change mode.... check the proposals for the TCodes you sorted at last step of point 1. Make the proposal Do Not Check where ever it is not so.
  Move the Workbench Transport through Landscape. Your purpose will be done. But you should also keep in mind if the TCodes are present in other roles besides of your 345, those will become vulnerable.
  Regards,
  Dipanjan

• Authorisation object for Supplier field in Shopping Cart

  Hi Team,
  In Shopping Cart Source of Supply tab field Supplier is not getting displayed as it in hidden for some users, sor those users an authorisation object has to be provided to display the Supplier field.
  Can you please Suggest me the authorisation object to be used to display Supplier field in Source of Supply tab of Shopping Cart.
  Thanks & Regards,
  Goutam Kolluru.

  Question is solved.
  Answer can be find in bellow link
  Field Supplier is not displaying in Shopping Cart with Std Roles SRM 7.0

• Authorisation object for Purchase order release codes

  Hi,
  Can anyone let me know the authorisation object to be used for the PO release codes to be assigned in the ME28 and ME29N for the users.

  Hi,
  Release code and groups detials for the PO authorisation is as follows.
  M_EINK_FRG Release Code and Group (Purchasing)
  FRGCO      Release code
  M_EINK_FRG Release Code and Group (Purchasing)
  FRGGR      Release group
  Regards,
  Sakthi

• Authorisation Object: for database table

  Hi .
  I have a custom Z table which contains data for different plants.We have craeted a maintenence generator so that user can change data. Now I want to  user should able to change data a particulat plant.
  i already have authority object 'ZPLANT' with roles.
  In se11 when i am trying to use authorization object, it is coming as " S_TABU_DIS " even in change mode.
  How can I restrict user at table level.

  Hi
  Following links show some relevant info for authorizations.
  http://www.sapdb.org/7.4/htmhelp/ee/1c5bcdeba711d4aa2800a0c9430730/content.htm
  Also check the following links.
  http://help.sap.com/saphelp_46c/helpdata/EN/d2/cb43cc455611d189710000e8322d00/content.htm
  http://www.sap-img.com/human/main-hr-authorization-object-for-security.htm
  http://www.sapdb.org/7.4/htmhelp/ee/1c5bcdeba711d4aa2800a0c9430730/content.htm
  Please reward if it helps.