Authority-check for particular comp code
Hi All,
when i'm using standard Authority Object F_BKPF_BUK for a particular standard code say 'CO01'. but it is working for all company code, but i want work for only one company code say 'CO01' ONLY.i'm using in report program (zreport prog)
I written code as
AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
ID 'BUKRS' FIELD 'BE10'
ID 'ACTVT' FIELD '03'.
Please can u advice on this .
Many Thanks in Advance for u r Answer
Naren
Hi
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Reward points if useful
Regards
Anji
Similar Messages
-
Authority Check at the T.Code level for the user in particular User Group
Hi Friends,
I have created a ZREPORT and assigned this report to a ZTRANSACTION CODE.
Need to give Authority Check at the T.Code level for the user in particular User Group.
I have searched in SCN, but not get suitable pages.
How to solve this?
Regards,
Viji.Hi Viji.
Saha way is actual way for authority tcode but user authority in TCODE:- SE38 he/she can run report(ZREPORT) wise program is run is no authority check.
Another way is you have also check authority in program level.
DATA: T_ROLE_USERS TYPE STR_AGRS OCCURS 0 WITH HEADER LINE.
INITIALIZATION.
CALL FUNCTION 'ESS_USERS_OF_ROLE_GET'
EXPORTING
ROLE = 'ZROLE'' " Role define
TABLES
ROLE_USERS = T_ROLE_USERS.
READ TABLE T_ROLE_USERS WITH KEY UNAME = SY-UNAME.
IF SY-SUBRC NE 0.
RETURN.
ENDIF.
Thanks & Regards
Rahul -
Hi,
I am new in core abap. For my report i have to do AUTHORITY-CHECK for kunnr. I am not finding any suitable object to use. kIndly suggest.
Currently i am using the following code.
UNPACK p_kunnr TO ws_werks.
AUTHORITY-CHECK OBJECT 'M_MSEG_WWE'
ID 'ACTVT' FIELD '01'
ID 'WERKS' FIELD ws_werks.
But this is giving dump in case KUNNR contains some alphabets because of type mismatch. Kindly suggest how can i achieve the same.
Regards,
Pankaj AggarwalDon't use a WERKS authorization for KUNNR, did you foresee the problems that may will arise when you will manage the user authorisations and roles, this authorization is checked in many standard programs on WERKS fields.
- SU20 - Create an authorization field with data element KUNNR and check table KNA1 (or use template KNDNR, look via SE16 at table AUTHX look for authorization fields using KNA1 as a control table)
- SU21 - Create an authorization object in a Z-customer class which use this field and the ACTVT field (template W_AUFT_RMB)
- Use the new object in your program
- Give the object name to those who manage roles via PFCG
Perform some search on subject like [Creating a Customer-Specific Authorization Object|http://help.sap.com/saphelp_ish471/helpdata/EN/9e/74ba3bd14a6a6ae10000000a114084/frameset.htm]
Look also at some authorization objects like BRGRU which were intended to manage groups of customers.
Regards,
Raymond -
Restrict the badi for particular transaction code
hi, i have implemented BADI_FDCB_SUBBAS01 and in the subscreen area 10 i attatched my own module pool program and screen number. my requirement is for FB60 only. and it is working for FB60 fine. the problem is also working for FV60.
Is there any possibility to restrict for particular transaction code say for FB60.
Please reply me soon....Hi Praveen,
Since this is a single use badi you have the option to create a new filetr of your own. You can create a filter of type sy-tcode and in your implementation assign it a value of your transaction. Thus if someone else also wants to use it for some other transaction can have a implementation of his own for some other transaction.
The other way which is though not the recommended way buy easy to use is to put a check before your code on SY_TCODE = your transaction.
revert for more clarifications if required.
<b>Always reward points to useful suggestions.</b>
regards,
Vikas
Message was edited by:
Vikas Taneja -
Authority-Check for Sales Document Type
Hi All...
I would like to incorporate Authority-Chack for the field Sales Document Type "TVAK-AURT"...
Can any one give me the sample code or exact code..?
I have written Authority-check for Sales Organization as follows...
authority-check object 'V_VBAK_VKO'
id 'VKORG' field i_sales-vkorg
id 'VTWEG' field '00'
id 'SPART' field '00'
id 'ACTVT' field '03'.
if sy-subrc ne 0.
delete i_sales.
BUT HOW TO WRITE FOR V_VBAK_AAT..??Please check object: <b>V_VBAK_AAT</b> for the same.
EG:
authority-check object 'V_VBAK_AAT'
id 'AUART' field L_AUART
id 'ACTVT' field '03'.
Kind Regards
Eswar
Message was edited by: Eswar Rao Boddeti -
How to block postings for particular company code ?
Hello All,
I have a scenario like FI document shouldn't generate automatically when I invoice with reference to order/delivery document.
Just I want only Invoice number but not FI document (It should park instead of creating automatically) for particular company code among all and later I will create manual FI document with reference to that Invoice.
Existing solutions:
1.Can control in document functionality but I am using single document for all company codes
2.Can control using FD02 transaction but I have many customers
Please suggest any new solution other than above.
Regards,
GangadharHi,
Please check the below thread:-
Re: VF01: Prevent document posting in FI via user exit
It should be useful in your situation.
Regards,
Gaurav -
How to assign reconcilation account to particular compant code ,
Hi ,
How to assign reconcilation account to particular compant code , pleaseHi siva
You can create the reconciliation account in FS00 there while creating you can give the company code
Another option is Copy the available reconciliation account in FS00 and change the company code.and give your own G/L account number. and save it
Regards
Srinath -
Asset Claas Activate For particular Company code in Company
Hi,
Asset class is defined at client and how can we activate asset class for particular company code in group company how can assign the asset class for particularly one company code in group company
Regards,
HarishAsset class depends on chart of depreciation , so if you have created an asset class on lets say US chart of Depreciation, it will be available to all the companies that have US Chart of Depreciation assigned to them .
Thanks -
AUTHORITY-CHECK for an defined USER
Hi,
i write a abap (protokol) which shell be started every hour. In this report i will use
an AUTHORITY-CHECK for an defined user, because i will send the protokol via email, but i have
to check if this user is allowed to see the data.
I will use this:
AUTHORITY-CHECK OBJECT 'F_LFA1_BEK'
ID 'BRGRU' FIELD '__________'
ID 'ACTVT' FIELD '__________'.
for an defined user.
Is this possible, or how can i check this in another way?
Thanks.
Regards, DieterHi Eric,
i tried it like this:
UTHORITY-CHECK OBJECT 'F_LFA1_BEK'
ID 'BRGRU' FIELD 'KRED'
ID 'ACTVT' FIELD '03'.
BREAK-POINT.
CALL FUNCTION 'AUTHORITY_CHECK'
EXPORTING
NEW_BUFFERING = 3
USER = SY-UNAME
OBJECT = 'F_LFA1_BEK'
FIELD1 = 'BRGRU'
VALUE1 = 'KRED'
FIELD2 = 'ACTVT'
VALUE2 = '03'
EXCEPTIONS
USER_DONT_EXIST = 1
USER_IS_AUTHORIZED = 2
USER_NOT_AUTHORIZED = 3
USER_IS_LOCKED = 4
OTHERS = 5.
BREAK-POINT.
at first breakt-point sy-subrc = 0 at second sy-subrc = 2. Can you tell why i get another sy-subrc?
is my FM-Call correct?
thanks.
Regards, Dieter -
How to make Authority Check for ALVGrid?!
Hey mates,
i got the problem which is mentioned in the headline. How can i make an authority check for my ALVGrid? I mean i want to restrict special functions to the matching users ( Display, Edit, Delete mode ).
Would be cool if someone can help
Regards BastiHello Bastian
A simple approach would be to define three different transactions (e.g. Z_MYALV01, Z_MYALV02, Z_MYALV03) for editing/deleting, editing only and displaying only. Add the following coding to the report displaying your ALV grid:
CASE syst-tcode.
WHEN gc_tcode_create. " 01
" Allow all grid functions
WHEN gc_tcode_change. " 02
" Suppress grid functions for deleting rows
WHEN gc_tcode_display. " 03
" Suppress grid functions for editing/deleting
WHEN others.
RETURN.
ENDCASE.
Regards
Uwe -
PO Number range diffrent for diffrent comp code(backend system is same)
Hi Experts,
I have a requirement that
Define PO number range (Diffrent) for diffrent company code
In our SRM system we have three company codes and currently we have only one "number range"
now our requirement is to define diffrent no range for individual comp code
I can difine diffrent no range, but when i am going to define those no range in "Number Range Number for Purchase Orders in Backend System"
System is not allowing
Any idea
Thx
JaiThanks Padhi:)
Great Job...I have tested it in development and is working fine..but not sure how effectvely it will work in production system
as many people talking about some Badi and coding.etc even sap also saying that
"Unfortunately, I cannot give you a more positive answer about ECS"
Any comments will be appreciated
Rgds,
Jai -
Regarding Authority check for V_VTTK_SHT in one exit
Hi Experts
1.For VT01N transaction , there is one customer exit : ZXV56U18.
2.In this we will get the shipment type value.
3.I have to check the authority check for this shipment type (SHTYP) field.
4.I have written the following statement :
authority-check object 'V_VTTK_SHT'
ID 'SHTYP' field I_XVTTK_TAB-SHTYP
ID 'ACTVT' field '07'.
5. For my user id , i have check the user profile in SU01.
6.For me this authorization object , field ACTVT does not contain 07 value.
7.In debugging , the SY-SUBRC giving the value 0.even the user profile does not contain the value '07' for ACTVT field
Can u tell y it is happening like that ?
Regards
Ramakrishna L.Hi Experts
1.For VT01N transaction , there is one customer exit : ZXV56U18.
2.In this we will get the shipment type value.
3.I have to check the authority check for this shipment type (SHTYP) field.
4.I have written the following statement :
authority-check object 'V_VTTK_SHT'
ID 'SHTYP' field I_XVTTK_TAB-SHTYP
ID 'ACTVT' field '07'.
5. For my user id , i have check the user profile in SU01.
6.For me this authorization object , field ACTVT does not contain 07 value.
7.In debugging , the SY-SUBRC giving the value 0.even the user profile does not contain the value '07' for ACTVT field
Can u tell y it is happening like that ?
Regards
Ramakrishna L. -
Authority-check for a particular company code
Hi,
I need to check authorization for a particular company code.In my bdc call transaction program i'm fetching mass data from excel file and for every record i've to check the company code field.If the company code is not the required one then that record should not be processed.
So before filling the bdc data i wrote like
LOOP AT gt_inrec INTO gs_inrec.
AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
ID 'ACTVT' field '02'
ID 'BUKRS' field '2800'.
IF NOT sy-subrc = 0.
MESSAGE e058(zz) WITH gs_inrec-bukrs.
EXIT.
ENDIF.
PERFORM fill_bdc.
ENDLOOP.
but it is not exiting for different company codes and is allowing records with all company codes.
can anybody pls tell me how to rectify this?
thanks in advance,
poornimaI need to perform authority check on the field NAME1 present in the standard screen - customer master ( T.Code-XD02). Only certain users should be allowed to edit the field and others should be restricted.
I have created a field exit FIELD_EXIT_AD_NAME1 for the ADRC-NAME1 field.
Now inside this field exit i need to write the authority-check code.
I have created the authorisation object Z_KNA1_NAM for the field NAME1 using the SU20 and SU21.
For this scenario how do i write the authority-check code in my field exit?
Below is my field exit code,is that correct?
FUNCTION FIELD_EXIT_AD_NAME1.
""Local Interface:
*" IMPORTING
*" REFERENCE(INPUT)
*" EXPORTING
*" REFERENCE(OUTPUT)
AUTHORITY-CHECK OBJECT 'Z_KNA1_NAM'
ID 'NAME1' FIELD SY-UNAME
ID 'ACTVT' FIELD '03'.
IF SY-SUBRC = 0.
MESSAGE 'Not Allowed to Edit the Name 1 Field' TYPE 'E'.
ENDIF.
ENDFUNCTION.
In the above code i have given SY-UNAME in the code line 2 - ID 'NAME1' FIELD SY-UNAME ,is that correct? what should i give there?
Please help me on this issue.
Cheers,
P.S.Chitra -
Hi,
In how many ways can we set authorizations? I mean, in how many levels? My requirement is, to check the Authorization for a specific user to see if he is authorized to execute a Specific Z-Transaction (Report) for a specific Plant. How do I do that? I assume I need to code the AUTHORITY-CHECK OBJECT.... in my report. If yes, in which event? Please let me know.
Thanks and Regards,
Venkat.Hi Venkat,
You can put in the AUTHORITY-CHECK at a number of points, after initialisation, during selection, prior to output - it depends on what the program is doing and how the rest of it is coded.
For example, doing a big select and then only outputting based on the authority check may not efficient with large volumes of data. -
Authority Check for a selection condition/Range
I am relatively new to ABAP and still learning.
I am trying to create an authorisation check as part of a custom badi implementation.
i have amended the code, but i am just trying to figure out how to take the selection condition table to get the specific value to check.
i know the parameter - p_tplnr
this code is pulled back into the Badi..
* Import selection result
IMPORT sel_tab = lt_nodes selcond = t_selcond
FROM MEMORY ID 'DIACL_SELECTION_NEW'.
the table is t_selcond . so i do a loop round table into structure based upon this parameter.
it could have single or multiple objects, and i am just unsure which object needs to be auth checked....
my code...
*--- Defect # 96 - Add Authorisation Check to filter out all Functional Locations.
DATA: s_selcond TYPE rsparams.
DATA: tplnr TYPE diacl_lbk_sel_ds-tplnr.
*--- Read table where selection name is Functional Location
LOOP AT t_selcond INTO s_selcond
WHERE selname = 'P_TPLNR'.
IF sy-subrc = 0.
*--- Check the authorisation object for functional location
AUTHORITY-CHECK OBJECT 'P_TPLNR'
ID 'TPLNR' FIELD tplnr
ID 'ACTVT' FIELD '03'.
ENDIF.
ENDLOOP.
My question is how do i Authority Check the values within s_selcond when it could have single or multiple entries and could have conditions to include/exclude and have selection options?Hi ,
LOOP AT t_selcond INTO s_selcond
WHERE selname = 'P_TPLNR'.
endloop.
-----------------This code can be replaced by
READ TABLE T_SELCOND INTO S_SELCOND WITH KEY SELNAME = 'P_TPLNR'. "binary search after sort ..
CHECK SY-SUBRC EQ 0
auth-check object...
some basic code to get an idea ...
tables /BIC/SPLANTGRP.
select-options: so_basin for /bic/splantgrp-/bic/plantgrp no-display.
so_basin-low = '1'. append so_basin.
so_basin-low = '2'. append so_basin.
so_basin-low = '3'. append so_basin.
so_basin-low = '4'. append so_basin.
loop at so_basin.
write:/ so_basin-low.
endloop.
read table so_basin with key low = '4'.
if sy-subrc eq 0 .
write:/ 'found hit', so_basin-low.
else.
write:/ 'found NO hit'.
endif.
read table so_basin with key low = '5'.
if sy-subrc eq 0 .
write:/ 'found hit', so_basin-low.
else.
write:/ 'found NO hit'.
endif.
vijay
Maybe you are looking for
-
Oracle 8i installation problem on Win XP pro, Pentium 4
I am trying to install oracle 8i on Pentium 4 PC, Win XP professional Operating system, 512MB RAM. When I run setup.exe then it is silent, no response. I installed java J2SDk1.4.0 standard edition, and Java runtime environment. It is still the same p
-
How can I get my equalizer settings to work??
Since installation of vs 7. and 7.01, I find that my eq settings that I have meticulously and painstakingly set on almost all songs are not always working. Specifically: 1) When playing songs, if you were to select "show equalizer", you would find th
-
mixed bag 1. I have a security app on my computer, Flashbrief. I have it checked in the hide column but whenever I turn on the computerit appears in the top menu line. 2. Whenever Iturn on the computer, a new blank document window in
-
I am trying to OPEN multiple SESSION for same application and unable to do this using FIREFOX 7.01 R 12(Oracle E-Business Suite), we are using FIREFOX for several clients to open the applciation. But i cannot open different session of same applcaitio
-
Help required about InsertHTML function
Hello i want to use this function to add HTML in documnet of JEditor pane public void insertHTML(HTMLDocument�doc, int�offset, String�html, int�popDepth, int�pushDepth, HTML.Tag�insertTag) it is a function HTMLEditorKit.But i dont understnad what int