Authority-check for transaction SU3 (User Parameters)

Dear experts,
we can not give the authority for transaction SU3 for all users in our seperated HR-System, because the screen numbers of dynpros can be set with parameters and therefore, user could have access to 'wrong' data.
We are looking for a way to give the permission for some parameters only.
Has someone had the same problem and found a nice solution without or with only small modifications?
A new authority-object, ....?
Thank your very much
Johanna

Hi, thank you very much.
I tried to solve the problem with screen variants, but I can only set the whole column of parameter inputs to 'display' and not single fields.  Therfore, it doesn't works.
Johanna
Edited by: Johanna Hensler on Sep 8, 2008 12:24 PM

Similar Messages

  • AUTHORITY-CHECK for an defined USER

    Hi,
    i write a abap (protokol) which shell be started every hour. In this report i will use
    an AUTHORITY-CHECK for an defined user, because i will send the protokol via email, but i have
    to check if this user is allowed to see the data.
    I will use this:
    AUTHORITY-CHECK OBJECT 'F_LFA1_BEK'
    ID 'BRGRU' FIELD '__________'
    ID 'ACTVT' FIELD '__________'.
    for an defined user.
    Is this possible, or how can i check this in another way?
    Thanks.
    Regards, Dieter

    Hi Eric,
    i tried it like this:
    UTHORITY-CHECK OBJECT 'F_LFA1_BEK'
             ID 'BRGRU' FIELD 'KRED'
             ID 'ACTVT' FIELD '03'.
    BREAK-POINT.
    CALL FUNCTION 'AUTHORITY_CHECK'
      EXPORTING
      NEW_BUFFERING             = 3
      USER                      = SY-UNAME
        OBJECT                    = 'F_LFA1_BEK'
        FIELD1                    = 'BRGRU'
        VALUE1                    = 'KRED'
        FIELD2                    = 'ACTVT'
        VALUE2                    = '03'
    EXCEPTIONS
       USER_DONT_EXIST           = 1
       USER_IS_AUTHORIZED        = 2
       USER_NOT_AUTHORIZED       = 3
       USER_IS_LOCKED            = 4
       OTHERS                    = 5.
    BREAK-POINT.
    at first breakt-point sy-subrc = 0 at second sy-subrc = 2. Can you tell why i get another sy-subrc?
    is my FM-Call correct?
    thanks.
    Regards, Dieter

  • How to make Authority Check for ALVGrid?!

    Hey mates,
    i got the problem which is mentioned in the headline. How can i make an authority check for my ALVGrid? I mean i want to restrict special functions to the matching users ( Display, Edit, Delete mode ).
    Would be cool if someone can help
    Regards Basti

    Hello Bastian
    A simple approach would be to define three different transactions (e.g. Z_MYALV01, Z_MYALV02, Z_MYALV03) for editing/deleting, editing only and displaying only. Add the following coding to the report displaying your ALV grid:
      CASE syst-tcode.
        WHEN gc_tcode_create.    " 01
          " Allow all grid functions
        WHEN gc_tcode_change.  " 02
          " Suppress grid functions for deleting rows
        WHEN gc_tcode_display.  " 03
          " Suppress grid functions for editing/deleting
        WHEN others.
          RETURN.
       ENDCASE.
    Regards
      Uwe

  • Regarding Authority check for V_VTTK_SHT  in one exit

    Hi Experts
    1.For VT01N transaction , there is one customer exit : ZXV56U18.
    2.In this  we will get the shipment type value.
    3.I have to check the authority check for this shipment type (SHTYP) field.
    4.I have written the following statement :
       authority-check object 'V_VTTK_SHT'
                      ID 'SHTYP' field    I_XVTTK_TAB-SHTYP
                      ID 'ACTVT' field '07'.
    5. For my user id , i have check the user profile in SU01.
    6.For me this authorization object , field ACTVT does not contain 07 value.
    7.In debugging , the SY-SUBRC  giving the value 0.even the user profile does not contain the value '07' for ACTVT field
    Can u tell y it is happening like that ?
    Regards
    Ramakrishna L.

    Hi Experts
    1.For VT01N transaction , there is one customer exit : ZXV56U18.
    2.In this  we will get the shipment type value.
    3.I have to check the authority check for this shipment type (SHTYP) field.
    4.I have written the following statement :
       authority-check object 'V_VTTK_SHT'
                      ID 'SHTYP' field    I_XVTTK_TAB-SHTYP
                      ID 'ACTVT' field '07'.
    5. For my user id , i have check the user profile in SU01.
    6.For me this authorization object , field ACTVT does not contain 07 value.
    7.In debugging , the SY-SUBRC  giving the value 0.even the user profile does not contain the value '07' for ACTVT field
    Can u tell y it is happening like that ?
    Regards
    Ramakrishna L.

  • AUTHORITY-CHECK for KUNNR

    Hi,
    I am new in core abap. For my report i have to do AUTHORITY-CHECK for kunnr. I am not finding any suitable object to use. kIndly suggest.
    Currently i am using the following code.
      UNPACK p_kunnr TO ws_werks.
      AUTHORITY-CHECK OBJECT 'M_MSEG_WWE'
               ID 'ACTVT' FIELD '01'
               ID 'WERKS' FIELD ws_werks.
    But this is giving dump in case KUNNR contains some alphabets because of type mismatch. Kindly suggest how can i achieve the same.
    Regards,
    Pankaj Aggarwal

    Don't use a WERKS authorization for KUNNR, did you foresee the problems that may will arise when you will manage the user authorisations and roles, this authorization is checked in many standard programs on WERKS fields.
    - SU20 - Create an authorization field with data element KUNNR and check table KNA1 (or use template KNDNR, look via SE16 at table AUTHX look for authorization fields using KNA1 as a control table)
    - SU21 - Create an authorization object in a Z-customer class which use this field and the ACTVT field (template W_AUFT_RMB)
    - Use the new object in your program
    - Give the object name to those who manage roles via PFCG
    Perform some search on subject like [Creating a Customer-Specific Authorization Object|http://help.sap.com/saphelp_ish471/helpdata/EN/9e/74ba3bd14a6a6ae10000000a114084/frameset.htm]
    Look also at some authorization objects like BRGRU which were intended to manage groups of customers.
    Regards,
    Raymond

  • Disabling authorizations checks for transactions SU53 and/or SU56.

    Greetings.
    I seem to remember reading that there was either a system profile parameter or a table entry that can be used to disable all authorizations checks for transactions SU53 and/or SU56.
    Any truth in this or is my mind playing tricks on me?

    Hi,
    I guess theres is profile param auth/tcodes_not_checked(I guess thats right), this will exclude SU53/SU56 from checks on transaction code.
    This can be done using RZ10 and need to restart the system.
    Rakesh

  • Authority-Check for Sales Document Type

    Hi All...
    I would like to incorporate Authority-Chack for the field Sales Document Type "TVAK-AURT"...
    Can any one give me the sample code or exact code..?
    I have written Authority-check for Sales Organization as follows...
    authority-check object 'V_VBAK_VKO'
                     id 'VKORG' field i_sales-vkorg
                     id 'VTWEG' field '00'
                     id 'SPART' field '00'
                     id 'ACTVT' field '03'.
            if sy-subrc ne 0.
            delete i_sales.
    BUT HOW TO WRITE FOR V_VBAK_AAT..??

    Please check object: <b>V_VBAK_AAT</b> for the same.
    EG:
    authority-check object 'V_VBAK_AAT'
    id 'AUART' field L_AUART
    id 'ACTVT' field '03'.
    Kind Regards
    Eswar
    Message was edited by: Eswar Rao  Boddeti

  • How to check for cookies on user machine?

    Hi there,
    what is the correct method to check for cookies on user machine?
    I've tried the following:
    Cookie[] cookies;
    boolean cookiesFound = false;
    if (request.getCookies() != null) {
    cookiesFound = true;
    String name=null, birthMonth=null, birthDay=null;
    cookies = request.getCookies();
    However, the problem is that the if statement will pass to be true even when there is no cookies on my machine. How come?
    Pls advice.
    thanks.

    cuz if there are any cookies, you're setting it to true. getCookies will return a list of cookies, you have to loop thru to find the one you want.

  • Authority Check for the User

    Hi,
         In how many ways can we set authorizations? I mean, in how many levels? My requirement is, to check the Authorization for a specific user to see if he is authorized to execute a Specific Z-Transaction (Report) for a specific Plant. How do I do that? I assume I need to code the AUTHORITY-CHECK OBJECT.... in my report. If yes, in which event? Please let me know.
    Thanks and Regards,
    Venkat.

    Hi Venkat,
    You can put in the AUTHORITY-CHECK at a number of points, after initialisation, during selection, prior to output - it depends on what the program is doing and how the rest of it is coded.
    For example, doing a big select and then only outputting based on the authority check may not efficient with large volumes of data.

  • Authority-check for particular comp code

    Hi All,
    when i'm using standard Authority Object F_BKPF_BUK  for a particular standard code say 'CO01'. but it is working for all company code, but i want work for only one company code say 'CO01' ONLY.i'm using in report program (zreport prog)
    I written code as
    AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
        ID 'BUKRS' FIELD 'BE10'
        ID 'ACTVT' FIELD '03'.
    Please can u advice on this .
    Many Thanks in Advance for u r Answer
    Naren

    Hi
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    Reward points if useful
    Regards
    Anji

  • Authority check - in terms of User Group

    Hi all,
    I need restrict the usage of a finnance report by order of users.the report has order grup as an input, only certain order groups should be viewed by certain users. in authority check can do the checking by using user groups instead of individual used.i.e create separate object for seperate order group and for each order group can i check against user group instead of individual users. kindly help.
    thanks.

    hi,
    Authorizationcheck can be done  for:
    1.Transactions
    2.ABAP programs
    in abap programs use the below code as reference for authorization check
    AUTHORITY-CHECK OBJECT  0.
        MESSAGE e184(sabapdocu) WITH text-010.
      ENDIF.
    rewards points if useful.
    regards
    sandhya

  • Authority-check for a particular company code

    Hi,
       I need to check authorization for a particular company code.In my bdc call transaction program i'm fetching mass data from excel file and for every record i've to check the company code field.If the company code is not the required one then that record should not be processed.
      So before filling the bdc data i wrote like
    LOOP AT gt_inrec INTO gs_inrec.
         AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
                   ID 'ACTVT' field '02'
                   ID 'BUKRS' field '2800'.
        IF NOT sy-subrc = 0.
          MESSAGE e058(zz) WITH gs_inrec-bukrs.
          EXIT.
        ENDIF.
         PERFORM fill_bdc.
      ENDLOOP.
    but it is not exiting for different company codes and is allowing records with all company codes.
    can anybody pls tell me how to rectify this?
    thanks in advance,
    poornima

    I need to perform authority check on the field NAME1 present in the standard screen - customer master ( T.Code-XD02). Only certain users should be allowed to edit the field and others should be restricted.
    I have created a field exit FIELD_EXIT_AD_NAME1 for the ADRC-NAME1 field.
    Now inside this field exit i need to write the authority-check code.
    I have created the authorisation object Z_KNA1_NAM for the field NAME1 using the SU20 and SU21.
    For this scenario how do i write the authority-check code in my field exit?
    Below is my field exit code,is that correct?
    FUNCTION FIELD_EXIT_AD_NAME1.
    ""Local Interface:
    *" IMPORTING
    *" REFERENCE(INPUT)
    *" EXPORTING
    *" REFERENCE(OUTPUT)
    AUTHORITY-CHECK OBJECT 'Z_KNA1_NAM'
    ID 'NAME1' FIELD SY-UNAME
    ID 'ACTVT' FIELD '03'.
    IF SY-SUBRC = 0.
    MESSAGE 'Not Allowed to Edit the Name 1 Field' TYPE 'E'.
    ENDIF.
    ENDFUNCTION.
    In the above code i have given SY-UNAME in the code line 2 - ID 'NAME1' FIELD SY-UNAME ,is that correct? what should i give there?
    Please help me on this issue.
    Cheers,
    P.S.Chitra

  • Execute Authority Check With an different User then the logged on one

    Hello,
    is there any possibilty to make the command "AUTHORITY-CHECK" with another user then the user which is actually logged in into the system.
    For Example: my Username "USER1".
    Login with user "USER1".
    Run ABAP Pogramm to check if user "USER2" has the autority for an auth. object per command "AUTHORITY-CHECK".
    Thanks for all Ideas.
    Best Regards
    Marcus

    Try the FM AUTHORITY_CHECK!
    Cheers,
    Ramki.

  • Do I need to do authority check for Logical Database?

    Hi,
    Just to check, do I need to code authority check into a Logical Database or Logical Database will do the check by itself without me coding?
    This is because I have a user which does not have rights to infotypes 2000 and above and the logical database still show the user data which belongs to the infotypes 2000 and above.
    If I have to code it, how do I go about to do the coding of authority check?
    Thanks in advance.  Will reward points for good solutions.
    Lawrence

    Let me give an example
    Tables : pernr.
    infotypes: 0000, 0001, 2001.
    Get pernr.
    Do you mean that the 'get pernr' command will not return any data for users who do not have authorisation for infotype 2001?

  • Check for transaction interface failure from POS to POSDM

    Dear experts,
    Would like to see if in your experience, you have encountered any report or functions that allow users in POSDM to check if sales transaction from a particular store has failed to do the inbound interface from POS to POSDM?
    I am personally not aware of this, so if there is no such report based on your knowledge, would you have any workaround solution that you can suggest me?
    Thanks so much.
    Dominic

    Link for Duplication Check process: http://scn.sap.com/docs/DOC-47529
    Link for info on POS DM: http://help.sap.com/saphelp_posdm/helpdata/en/4e/9617be3aec6ea9e10000000a42189b/content.htm
    Hi Dominic,
    There are certain validation checks we have in POS DM to validate the transaction data when it comes to POS DM. These validations are like Master Data check, Duplication check, Sequence check for missing transactions and so on.
    You can find more about the same in the given link. I don't know my editor is behaving strangely so the link is on the top. I am not able to paste the links in editor links are coming on top. Might be my IE issue.
    Regarding implementing such validation in POSDM for incoming transaction you can refer my posted document for Duplication check in POSDM. From this document you will get an idea about how to implement the validation check.
    Let me know if you need any other information.
    Regards,
    Amit

Maybe you are looking for