Authority Check on DatabaseConnection for HANA

Hi,
we are setting up our configuration for HANA.
We want to make a Package within HANA for each functional domain. We also want to make separate connections to HANA (as secondary database) for each functional domain (Finance, Logistics, HR, ...) in DBCOCKPIT. But we want to control which application/user uses which connection; We don't want FI to use the HR-connection.
Am I right when I think we might use authorization object S_DBCON to accomplish this?
Thanks.
Kris

Hi,
If different packages are customized development and assigned to different DB connection name, there is a possibility you can use S_DBCON object to check though that is not the original intention as Lars mentioned.
Sample routine:
* Check authority to access the specified connection
  IF con_name IS NOT INITIAL.
    AUTHORITY-CHECK OBJECT 'S_DBCON'
             ID 'DBA_DBHOST' FIELD space
             ID 'DBA_DBSID'  FIELD con_name
             ID 'DBA_DBUSER' FIELD space
             ID 'ACTVT'      FIELD '03'.
  ENDIF.
  IF sy-subrc <> 0.
    MESSAGE
      'You are not authorized to run this program' TYPE 'I'.
    RETURN.
A user without the assigned DB connection name is unable to execute objects in a package when that connection is not assigned to him.
Regards.
YS

Similar Messages

  • Authority Check or BADI for deleting a document in SOLAR02 transaction

    Hi All,
    Could anyone tell me whether there is any authorization object or BADI to do the check before deleting any document from
    SOLAR02 transaction in Project Documentation Tab or General Documentation Tab
    Thanks a lot in Advance.

    Hi Jonathan,
    Appreciate your reply. As you know the validations kick in based on your input on the screen, kind of mostly part of PAI of the screen (0750 in this case). But my requirement is to prevent this change in the first place, not validating the user's input after a change option is given to the user.
    If you know if and how we can achieve this, please share your thoughts.
    Thanks & Regards,
    Venu

  • AUTHORITY-CHECK always Return sy-subrc 0

    Hi,
    I have created a Authorization Object  'ZAUTH_ATCH' and created Roles also. This role is assigned to only my Userid.
    When in Report program I do a check:
    AUTHORITY-CHECK OBJECT 'ZAUTH_ATCH'
             ID 'USER' FIELD l_syuname .
    But the AUTHORITY-CHECK return 0 for all User IDs.
    Pls help what could be the Issue.
    Thanks
    Mohammed

    Hi,
    May be you would need to change the auth object and add the following two fields:
    REPID        ABAP Program Name
    ACTVT      Activity
    allowed values for ACTVT :
                                 01     Create or generate
                                 02     Change
                                 03     Display
                                 16     Execute
    In the code you can check
    AUTHORITY-CHECK OBJECT   "OBJECT_NAME"
                          ID   'ACTVT'  FIELD '16'.
                          ID   'REPID'  FIELD sy-cprog.
    Hope it helps.
    Anju

  • Execute Authority Check With an different User then the logged on one

    Hello,
    is there any possibilty to make the command "AUTHORITY-CHECK" with another user then the user which is actually logged in into the system.
    For Example: my Username "USER1".
    Login with user "USER1".
    Run ABAP Pogramm to check if user "USER2" has the autority for an auth. object per command "AUTHORITY-CHECK".
    Thanks for all Ideas.
    Best Regards
    Marcus

    Try the FM AUTHORITY_CHECK!
    Cheers,
    Ramki.

  • Analize authority checks in web dynpro processing

    Hi,
    I'm facing strange things here.
    A user was reported not to be able to successfully use a function provided in our system:
    We provide a function for use of our call center agents that will reprocess and output document and send it by mail to the customer. It looks as if it worked but the mail is not sent.
    I started SE80 with my own user and put some external breakpoints in the webdynpro code for the agents username. Then I started the webdynpro application by entering the URL into the browser and logging in with the agent's credentials.
    On my first try, the debugger started ehen the external breakpoint was reached. SY-UNAME was the agent's name but everything went fine.
    Obviously the authority checks where done for my own user although there was a different sy-uname.
    I logged off completely and started a second time. I used my owner user to set the external breakpoints because the agent's user has no rights for development, just restricted to a couple of roles.
    This time I got a rabax state error - the dump was caused because the agent's user does not have authority for debug. The rabax error shoed me the call hierarchy and pointed to the method where I set the external breakpoint.
    So, is the any way to come close to the code where authorization check fails?
    Or - which we could try: What are the roles/profiles for use of SAPOFFICE? (in SU53, we can see failed checks, but it looks strange as there are failed authority-checks for ...ADMIN - dont know exactly because now I', home and don't have remote access).
    Good ideas always welcome!
    Note: Nobody knows why this function is implemented in Webdynpro but we have to live with it and get it working for this group of agents.
    Regards
    Clemens

    Traditionally I would probably have used ST01 with the "Authorization check" option and general filters to log which authority checks are working / failing.
    But now I quite like using ST05 (SQL Trace) instead as drilldown to the code is available ... you can tick the "Buffer Trace" option and "Activate Trace with Filter" to log the other user's calls - this will then display lots of references to tables USOBX_C and USRBF2 - drilling to the code on these usually gives you the "authority-check object 'xyz' .." details.
    Jonathan

  • Troubleshooting through Authority check

    Hello All,
    Please let me know the procedure for troubleshooting at programming level. I understand, we have to go thru SE38 then authority check but, I want to know the correct program name for authority check at the auth.object level , the tcode level and steps after executing the program.
    Regard's
    Salman

    >
    > Can We do troubleshooting at the programming level ? If yes, then please let me know the steps to proceed.
    >
    Seems your requirement is to find out the meaning and requirement of Authority Check.
    You know each Transaction Codes consist of several screens through which we used to navigate by clicking some buttons. These screens are basically represented by separate programs called Dynpro (Dynamic Program). You know the Authorization Objects are the control point of measuring access to a user. These Objects are not checked for their values just because you see them in SU24 or in USOBT_C. They are basically checked by a typical ABAP program statement called "AUTHORITY-CHECK".
    Now if you want to see the AUTHORITY-CHECK statements involved for a specific TCode: You can do this by using the report RSABAPSC.
    Regards,
    Dipanjan

  • Authority check in for condition type

    Hi
    What do you mean by an authority check on condition type.. especially Pricing..
    There are authority check that are embedded as Reqt and AltCTy in the IMG at the pricing procedure level for different condition type.
    Could someone explain me what they are for..?
    Thanks
    Jac

    Hi,
        authority check is the std sap methodology of check the permitted authorisation values for every transaction  and every user.
    here in this example;authority object is used to maintain or change condition record for allowed condition types.
    scenario eg;if we maintain create value for user mukund for pr00 condition type ,system allows me only for creating .if we maintain change value for user sherin for condition type,system allows to change the values.
    net net i can create and u can change ,not visa-viz or any body else cannot do it.
    hope this is clear.if it helps  REWARD!!!!!!!

  • Authority-check for particular comp code

    Hi All,
    when i'm using standard Authority Object F_BKPF_BUK  for a particular standard code say 'CO01'. but it is working for all company code, but i want work for only one company code say 'CO01' ONLY.i'm using in report program (zreport prog)
    I written code as
    AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
        ID 'BUKRS' FIELD 'BE10'
        ID 'ACTVT' FIELD '03'.
    Please can u advice on this .
    Many Thanks in Advance for u r Answer
    Naren

    Hi
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    Reward points if useful
    Regards
    Anji

  • AUTHORITY-CHECK for KUNNR

    Hi,
    I am new in core abap. For my report i have to do AUTHORITY-CHECK for kunnr. I am not finding any suitable object to use. kIndly suggest.
    Currently i am using the following code.
      UNPACK p_kunnr TO ws_werks.
      AUTHORITY-CHECK OBJECT 'M_MSEG_WWE'
               ID 'ACTVT' FIELD '01'
               ID 'WERKS' FIELD ws_werks.
    But this is giving dump in case KUNNR contains some alphabets because of type mismatch. Kindly suggest how can i achieve the same.
    Regards,
    Pankaj Aggarwal

    Don't use a WERKS authorization for KUNNR, did you foresee the problems that may will arise when you will manage the user authorisations and roles, this authorization is checked in many standard programs on WERKS fields.
    - SU20 - Create an authorization field with data element KUNNR and check table KNA1 (or use template KNDNR, look via SE16 at table AUTHX look for authorization fields using KNA1 as a control table)
    - SU21 - Create an authorization object in a Z-customer class which use this field and the ACTVT field (template W_AUFT_RMB)
    - Use the new object in your program
    - Give the object name to those who manage roles via PFCG
    Perform some search on subject like [Creating a Customer-Specific Authorization Object|http://help.sap.com/saphelp_ish471/helpdata/EN/9e/74ba3bd14a6a6ae10000000a114084/frameset.htm]
    Look also at some authorization objects like BRGRU which were intended to manage groups of customers.
    Regards,
    Raymond

  • Authority-Check Object for PLANT(WERKS)?

    Hi Experts,
    By using "V_VBAK_VKO" Authority Object am checking the user Authentication against the sales area(Sales OrgDistr. ChannelDivision) in my custom report. Below is the code,
    AUTHORITY-CHECK OBJECT 'V_VBAK_VKO'
        ID 'VKORG' FIELD s_vkorg
        ID 'VTWEG' FIELD s_vtweg
        ID 'SPART' FIELD s_spart
        ID 'ACTVT' FIELD '01'
        ID 'ACTVT' FIELD '02'.
    (Note: My report is for SD/OTC module)
    I also need to check the authenmtication of user against entered PLANT (WERKS) in selection screen, so, pls. let me know that  What is the Authority-Check Object for PLANT(WERKS)
    Thank you

    Hi,
    Transaction SU20, search for WERKS.
    When you find it, double click on the row, in the bottom half of the resulting screen there is a list of authorisation objects that contain the field.
    Unfortunately, you can't navigate from this list into the definition of the objects, so you'll need to cross-reference against transaction SU21.
    Regards,
    Nick

  • AUTHORITY-CHECK for an defined USER

    Hi,
    i write a abap (protokol) which shell be started every hour. In this report i will use
    an AUTHORITY-CHECK for an defined user, because i will send the protokol via email, but i have
    to check if this user is allowed to see the data.
    I will use this:
    AUTHORITY-CHECK OBJECT 'F_LFA1_BEK'
    ID 'BRGRU' FIELD '__________'
    ID 'ACTVT' FIELD '__________'.
    for an defined user.
    Is this possible, or how can i check this in another way?
    Thanks.
    Regards, Dieter

    Hi Eric,
    i tried it like this:
    UTHORITY-CHECK OBJECT 'F_LFA1_BEK'
             ID 'BRGRU' FIELD 'KRED'
             ID 'ACTVT' FIELD '03'.
    BREAK-POINT.
    CALL FUNCTION 'AUTHORITY_CHECK'
      EXPORTING
      NEW_BUFFERING             = 3
      USER                      = SY-UNAME
        OBJECT                    = 'F_LFA1_BEK'
        FIELD1                    = 'BRGRU'
        VALUE1                    = 'KRED'
        FIELD2                    = 'ACTVT'
        VALUE2                    = '03'
    EXCEPTIONS
       USER_DONT_EXIST           = 1
       USER_IS_AUTHORIZED        = 2
       USER_NOT_AUTHORIZED       = 3
       USER_IS_LOCKED            = 4
       OTHERS                    = 5.
    BREAK-POINT.
    at first breakt-point sy-subrc = 0 at second sy-subrc = 2. Can you tell why i get another sy-subrc?
    is my FM-Call correct?
    thanks.
    Regards, Dieter

  • Authority Check for the User

    Hi,
         In how many ways can we set authorizations? I mean, in how many levels? My requirement is, to check the Authorization for a specific user to see if he is authorized to execute a Specific Z-Transaction (Report) for a specific Plant. How do I do that? I assume I need to code the AUTHORITY-CHECK OBJECT.... in my report. If yes, in which event? Please let me know.
    Thanks and Regards,
    Venkat.

    Hi Venkat,
    You can put in the AUTHORITY-CHECK at a number of points, after initialisation, during selection, prior to output - it depends on what the program is doing and how the rest of it is coded.
    For example, doing a big select and then only outputting based on the authority check may not efficient with large volumes of data.

  • Authority Check at the T.Code level for the user in particular User Group

    Hi Friends,
    I have created a ZREPORT and assigned this report to a ZTRANSACTION CODE.
    Need to give Authority Check at the T.Code level for the user in particular User Group.
    I have searched in SCN, but not get suitable pages.
    How to solve this?
    Regards,
    Viji.

    Hi Viji.
    Saha way is actual way for authority tcode but user authority in TCODE:- SE38 he/she can run report(ZREPORT) wise program is run is no authority check.
    Another way is you have also check authority in program level.
    DATA: T_ROLE_USERS TYPE STR_AGRS OCCURS 0 WITH HEADER LINE.
       INITIALIZATION.
      CALL FUNCTION 'ESS_USERS_OF_ROLE_GET'
        EXPORTING
          ROLE       = 'ZROLE''  " Role define
        TABLES
          ROLE_USERS = T_ROLE_USERS.
      READ TABLE T_ROLE_USERS WITH KEY UNAME = SY-UNAME.
       IF SY-SUBRC NE 0.
       RETURN.
       ENDIF.
    Thanks & Regards
    Rahul

  • Authority check in infoset query for field with multiple entries

    how can i perform the authority check in sq02 "at selection screen" for a multiple entry field
    e.g. EKORG low  0001 - high  0005
    or EKORG 0001, 0004, 0005
    I already added the following statements
    How the field for EKORG check must be filled
    if EKORG is initial.
      message 'Bitte Einkaufsorganisation wählen' TYPE 'E'.
    endif.
    AUTHORITY-CHECK OBJECT 'M_BEST_EKO'
             ID 'ACTVT' FIELD '03'
             ID 'EKORG' FIELD ?????.
    IF sy-subrc = 4.
      MESSAGE 'Keine Berechtigung für EKORG  sy-subrc 4'  TYPE 'E'.
    ENDIF.

    hi,
    which event do you use for your coding ?
    it must be AT SELECTION-SCREEN
    A.

  • Authority Check for a selection condition/Range

    I am relatively new to ABAP and still learning.
    I am trying to create an authorisation check as part of a custom badi implementation.
    i have amended the code, but i am just trying to figure out how to take the selection condition table to get the specific value to check.
    i know the parameter - p_tplnr
    this code is pulled back into the Badi..
    * Import selection result
      IMPORT sel_tab = lt_nodes selcond = t_selcond          
        FROM MEMORY ID 'DIACL_SELECTION_NEW'.
    the table is t_selcond . so i do a loop round table into structure based upon this parameter.
    it could have single or multiple objects, and i am just unsure which object needs to be auth checked....
    my code...
    *--- Defect # 96 - Add Authorisation Check to filter out all Functional Locations.
      DATA: s_selcond TYPE rsparams.
      DATA: tplnr     TYPE diacl_lbk_sel_ds-tplnr.
    *--- Read table where selection name is Functional Location
      LOOP AT t_selcond INTO s_selcond
      WHERE   selname = 'P_TPLNR'.
        IF sy-subrc = 0.
    *--- Check the authorisation object for functional location
          AUTHORITY-CHECK OBJECT 'P_TPLNR'
          ID 'TPLNR' FIELD tplnr
          ID 'ACTVT' FIELD '03'.
        ENDIF.
      ENDLOOP.
    My question is how do i Authority Check the values within s_selcond when it could have single or multiple entries and could have conditions to include/exclude and have selection options?

    Hi ,
    LOOP AT t_selcond INTO s_selcond
      WHERE   selname = 'P_TPLNR'.
    endloop.
    -----------------This code can be replaced by
    READ TABLE T_SELCOND INTO S_SELCOND WITH KEY SELNAME = 'P_TPLNR'. "binary search after sort ..
    CHECK SY-SUBRC EQ 0
    auth-check  object...
    some basic code to get an idea ...
    tables /BIC/SPLANTGRP.
    select-options: so_basin for /bic/splantgrp-/bic/plantgrp no-display.
    so_basin-low = '1'. append so_basin.
    so_basin-low = '2'. append so_basin.
    so_basin-low = '3'. append so_basin.
    so_basin-low = '4'. append so_basin.
    loop at so_basin.
      write:/ so_basin-low.
    endloop.
    read table so_basin with key low = '4'.
    if sy-subrc eq 0 .
      write:/ 'found hit', so_basin-low.
    else.
      write:/ 'found NO hit'.
    endif.
    read table so_basin with key low = '5'.
    if sy-subrc eq 0 .
      write:/ 'found hit', so_basin-low.
    else.
      write:/ 'found NO hit'.
    endif.
    vijay

Maybe you are looking for

  • Adobe Premiere Elements 11 problems

    I was just downloading this program, and went online to get my serial number. I received the number and went to type it in to install it. It kept telling me that my serial number was invalid. I tried the chat on Adobe.com, and I called customer servi

  • ITunes for windows 7 (64 bit)

    I wanna install iTune for my ipod shuffle 2 GB.The operating system is windows 7 (64 bit)

  • Profit cente wise profit&loss account

    Plz tell me profit center wise profit &loss account tell me TC for this Very urgent

  • IDE drives not being detected

    Yesturday I built a computer from all brand new parts listed in my sig. However, the motherboard can't seem to detect any IDE drives. It is not crashing, it just says 'None' on the 4 IDE devices. I even tried connecting just the one DVD drive as the

  • Connect my MAC OS X 10.6.7 with CANON LIDE 25?

    apparently there is a not so obvious problem ..i tried many times to download the driver from canon but there is a file that appears in my screen just before the installation finish that says "system/library/extensions.kext"   is improperly installed