Authority Check on Value within standard transactions

Similar Messages

• Authority Check on Value within standard transaction

  Hi Guruus !
  Let's state that a user is allowed and has the profile/role to access a given transaction, let's say MI01, but ME21N will do to !
  Now, actually, users are supposed an that project to be authorized on certain Storage Location (LGORT). How can we set the system so that they can input Storage Location Value they're not authorized on ?
  Is there a standard way to do that ? Or do we have to use some Exit/BAdI in every transactions to check if the input value are correct ?
  I also have the same concern about report transaction, such as ME2K (for example), while executinf (F8) them.
  Thx in advance for your clue,
  N H

  Hi,
  Please get the SU53 screen shot form user when he found error any object value then you will see the su53 screen shot complete path and assign accordingly.
  Anil

• How to populate default values in standard transactions

  Hi abapers,
                  what r the different ways to populate fields with default values while entering into standard transactions
  thanks in advance.

  Hi,
  You can either create trasaction variants with Default values and then create transaction suing these Variant transaction and use this transaction instead of irignal transaction.
  SHDS-> to create Variant transaction
  SE93-> to create transaction of this Variant Transaction.
  or you can also use SAP memory statements like GET and SET PARAMETERS to set one value in one internal session and get that in another session in an External session.
  Regards,
  Sesh

• Set Default Value in Standard Transaction

  Hi all,
  Does anyone know how to set a input value into a SAP Standard Transaction ?
  That means when calling that transaction, it automatically set a value into it's input box.
  Thank you all.

  hi,
    get the parameter id of the field that has to be populated  in the transaction.
  write these lines in the program from where you call the transaction.
  set parameter id 'KUN' field '30'.
  call transaction 'FD01'.
  When you call the transaction you get the value that is set.
  Regards,
  Sailaja.
  Message was edited by: Sailaja N.L.

• Using BADI to change the field value in standard transaction ME21N

  Hello People,
  In transaction ME21N to create PO, i have a field where i want to allocate the batch ( CHARG )  NONRETG to all the PO's that are created. I have a BADI for that, however i do i implement the BADI so that the Batch 'NONRETG' is automatically allocated to all the PO's that are created. Please advise whether a USER EXIT would be better or a BADI would do the work. Right answer would be rewarded.
  regards,
  Sandeep Salaria

  Hi,
  YOU can very well implement.Use this BADi->ME_GUI_PO_CUST
  Incase you are going to implemet userexit U can use the Exit: MM06E005.
  Regards
  Kiran Sure

• Authority Check for a selection condition/Range

  I am relatively new to ABAP and still learning.
  I am trying to create an authorisation check as part of a custom badi implementation.
  i have amended the code, but i am just trying to figure out how to take the selection condition table to get the specific value to check.
  i know the parameter - p_tplnr
  this code is pulled back into the Badi..
  * Import selection result
    IMPORT sel_tab = lt_nodes selcond = t_selcond          
      FROM MEMORY ID 'DIACL_SELECTION_NEW'.
  the table is t_selcond . so i do a loop round table into structure based upon this parameter.
  it could have single or multiple objects, and i am just unsure which object needs to be auth checked....
  my code...
  *--- Defect # 96 - Add Authorisation Check to filter out all Functional Locations.
    DATA: s_selcond TYPE rsparams.
    DATA: tplnr     TYPE diacl_lbk_sel_ds-tplnr.
  *--- Read table where selection name is Functional Location
    LOOP AT t_selcond INTO s_selcond
    WHERE   selname = 'P_TPLNR'.
      IF sy-subrc = 0.
  *--- Check the authorisation object for functional location
        AUTHORITY-CHECK OBJECT 'P_TPLNR'
        ID 'TPLNR' FIELD tplnr
        ID 'ACTVT' FIELD '03'.
      ENDIF.
    ENDLOOP.
  My question is how do i Authority Check the values within s_selcond when it could have single or multiple entries and could have conditions to include/exclude and have selection options?

  Hi ,
  LOOP AT t_selcond INTO s_selcond
    WHERE   selname = 'P_TPLNR'.
  endloop.
  -----------------This code can be replaced by
  READ TABLE T_SELCOND INTO S_SELCOND WITH KEY SELNAME = 'P_TPLNR'. "binary search after sort ..
  CHECK SY-SUBRC EQ 0
  auth-check  object...
  some basic code to get an idea ...
  tables /BIC/SPLANTGRP.
  select-options: so_basin for /bic/splantgrp-/bic/plantgrp no-display.
  so_basin-low = '1'. append so_basin.
  so_basin-low = '2'. append so_basin.
  so_basin-low = '3'. append so_basin.
  so_basin-low = '4'. append so_basin.
  loop at so_basin.
    write:/ so_basin-low.
  endloop.
  read table so_basin with key low = '4'.
  if sy-subrc eq 0 .
    write:/ 'found hit', so_basin-low.
  else.
    write:/ 'found NO hit'.
  endif.
  read table so_basin with key low = '5'.
  if sy-subrc eq 0 .
    write:/ 'found hit', so_basin-low.
  else.
    write:/ 'found NO hit'.
  endif.
  vijay

• LB13 add authority check

  Hi,
  I want to add an authority check on movement type using transaction LB13 and then create TO (both background as foreground) .
  Are there any user-exits / BADI's avaibalbe to build in an extra check, which allow error messages and will be passed using LB13?
  It seems that the only user-exit that is passed is EXIT_SAPML03T_002 but if I add an error message in this exit, it will end in an internal error, which of course I don't want to.
  kind regards
  Maarten

  Hi ,
  I don't know that you already resolved this issue. Any way try creating custome Authorization for plant and use it
  Create  Z_IS_WERKS with following authorization fields and assign permited value '03' for field ACTVT.
  ACTVT     Activity
  WERKS     Plant
  Use this code.
  AUTHORITY-CHECK OBJECT 'Z_IS_WERKS'
                 ID 'ACTVT' FIELD lv_display
                 ID 'WERKS' FIELD zmapw-werks.
  Regards,
  Babu

• Troubleshooting through Authority check

  Hello All,
  Please let me know the procedure for troubleshooting at programming level. I understand, we have to go thru SE38 then authority check but, I want to know the correct program name for authority check at the auth.object level , the tcode level and steps after executing the program.
  Regard's
  Salman

  >
  > Can We do troubleshooting at the programming level ? If yes, then please let me know the steps to proceed.
  >
  Seems your requirement is to find out the meaning and requirement of Authority Check.
  You know each Transaction Codes consist of several screens through which we used to navigate by clicking some buttons. These screens are basically represented by separate programs called Dynpro (Dynamic Program). You know the Authorization Objects are the control point of measuring access to a user. These Objects are not checked for their values just because you see them in SU24 or in USOBT_C. They are basically checked by a typical ABAP program statement called "AUTHORITY-CHECK".
  Now if you want to see the AUTHORITY-CHECK statements involved for a specific TCode: You can do this by using the report RSABAPSC.
  Regards,
  Dipanjan

• Urgent(Authority-check)

  HI Gurus..
  I have used PNP L.database.
  But i have used few select statements to read data from infotypes.
  do i need to do authority check separately
  or L database will take care of it.
  Please provide me with the acurate answers.. as its an urgent issue..

  To create authority check object you can use transaction SU21. Here you can decide if you only want to create a new object and assign it to an existing class or if you can to create both object and class.
  While defining the object you will have to provide what fields will be in this object. For example if i am creating a custom object to be used in SD based on customer and plant, i would include fields such as KUNNR and WERKS in my authority object. In addition to that if i also want to check for display/change/create access, i would also add a field called ACTVT (activity).
  Once the object is defined, the authorization team will assign it to different authorization profiles with relevant values like for display only access for customer XYZ and plant 0001, these values will be provided in the authorization profile to this object. (As a developer this is not your headache )
  You would be using it in your reports or transactions using Authority-check statements. You will be calling the specific object in your authority-check statement and passing it some values(say Actvt 03 customer ASD, plant 0002) and checking the value of sy-subrc. If subrc is 0 means the authority check is OK, the user has the authorization.
  I think this will give you an idea on how to proceed.
  Cheers

• Authority Check issue

  Hi Experts,
      I am facing an issue in an authority-check statement in a standard program.
  The role corresponding to the authorization object has been assigned to a user. But the user is getting the authorization error message that he does have the authorization.
  However if the user gets into debugging mode, the program is executed Successfully. The authorization error message is not triggered in debug mode.
  Please provide your valuable suggestions and solution to fix up this issue.
  Thanks in Advance.
  Regards,
  K Arasu

  Hi,
  You may need to contact your basis and get more information on how they have setup the authorization for the role.
  In general, if this scenario is in production, it should not be the case as you have described. No User is given debug rights except those from the prodn.support dev.team. Maybe the role is not assigned properly to the user.
  This is what I can think of right now.
  Regards,
  Subramanian

• Is it possible to bypass authority check in standard program?

  Dear gurus,
  I met a problem, i am trying to build a costom program, which will call a sap standard function module, but the problem is:
  in the standard function module , there is a check against authorization object p_tcode, i dont want to give user this authorization in pfcg, so i want to bypass this check in the standard module , is that possible?
  I mean, in my program , before calling the sap fm, do something to trick the system that the curent user have the required authorization, after execute the fm , restore everything.
  is that possisible?
  thanks and best regards.
  netz

  Hi,
  What is the problem with giving them maintain authority for the transaction code that is being checked against ?
  Surely your program is allowing them to do the same functionality as the standard transaction or is there a lot more functional stuff you don't want them to have ?
  If it is an ESS function you are developing then surely they are accessing SAP via the portal and therefore cannot login to SAP directly and run the transaction anyway .....
  Kind regards
  Colin

• Standard Report to check consumption values for multiple materials

  Hi,
  Is there any standard report to check "consumption" values for multiple materials? The user needs to check the consumption values over a period of time for multiple materials (VERP, ROH) before deciding the re-order and safety stock values for them. Any help on this will be greatly appreciated.
  Thanks,
  Swapnil

  Dear Swapnil,
  Report MCRE is widely used for the material cosnumption than checking in COOIS.
  Also these reports can help you.
  MCPF                 Material analysis: Dates                
  MCPO                 Material analysis: Quantities           
  MCPW                 Material analysis: Lead time            
  Regards
  Mangalraj.S

• Authority check ( USER - TRANSACTION )

  Hi guys .
  I have to check if a SAP user is autorized to some transaction .
  So i have to do an Authority-check  for that transaction .
  I don't know wich parameter i have to pass in the authority check .
  Can someone help me please ???
  ragards.
  Dario

  This help would be very useful for you :
  http://help.sap.com/saphelp_46c/helpdata/en/d3/2e974d35c511d1829f0000e829fbfe/frameset.htm
  ABAP Programming Language --> Special Techniques --> Checking Authorisations
  All information is very nicely explained, here with screen shots. So how well, I try to explain , you will miss the screenshots.
  Regards,
  Subramanian V.

• How to add custom authorization object to a SAP standard transaction

  Hi All,
  I have a standard tcode IW22 (change PM Notification) and I would lock changing when some users modify the field Functional Location (field TPLNR).
  Since this field does not have an authorization object associated, I've tried to solve this problem with the following steps:
  - tcode SU20 - creation of new authorization field TPLNR with data element TPLNR
  - tcode SU21 - creation of  a new auth object in transaction SU21 with name ZPM and field (TPLNR, ACTVT and TCOD)
  - tcode SU24 - insert of new authorization field e check indicator (green)
  - tcode SU22 - check indicator - check (green)
  After this we have created a new role with PFCG and add transaction IW22; the new auth.ZPM was added manually.
  We have try to analyze log (ST01 trace) but it seems no check was made in the trace file.
  It seems new authorization object was not checked.
  My question is: "Is it possible to add a custom authorization object into standard transaction and implementing authorization check without writing abap code in exit or badi ?"
  Thanks
  Maurizio

  > My question is: "Is it possible to add a custom authorization object into standard transaction and implementing authorization check without writing abap code in exit or badi ?"
  >
  No .. not possible. The list of Auth. objects SAP proposed in SU24 for each Stnd. SAP TCodes are basically documentation of the Authority-Checks in the program for that TCode. The extra advantage of SU24 is to set the object status (means the proposal for availability in PFCG) among any of the four check indicators. So that we can provide our own value (customer specific values which are basically defined and separate from sap provided values) and reinforce the authorization concept of the organization.
  So you need to provide a Authority-Check for ZPM in the program of IW22 to make sure that the fields you want to be checked are really being checked during execution of the tcode.
  Regards,
  Dipanjan

• Authority-check for particular comp code

  Hi All,
  when i'm using standard Authority Object F_BKPF_BUK  for a particular standard code say 'CO01'. but it is working for all company code, but i want work for only one company code say 'CO01' ONLY.i'm using in report program (zreport prog)
  I written code as
  AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
      ID 'BUKRS' FIELD 'BE10'
      ID 'ACTVT' FIELD '03'.
  Please can u advice on this .
  Many Thanks in Advance for u r Answer
  Naren

  Hi
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  Reward points if useful
  Regards
  Anji