Authority check ( USER - TRANSACTION )

Similar Messages

• Authority-check for transaction SU3 (User Parameters)

  Dear experts,
  we can not give the authority for transaction SU3 for all users in our seperated HR-System, because the screen numbers of dynpros can be set with parameters and therefore, user could have access to 'wrong' data.
  We are looking for a way to give the permission for some parameters only.
  Has someone had the same problem and found a nice solution without or with only small modifications?
  A new authority-object, ....?
  Thank your very much
  Johanna

  Hi, thank you very much.
  I tried to solve the problem with screen variants, but I can only set the whole column of parameter inputs to 'display' and not single fields.  Therfore, it doesn't works.
  Johanna
  Edited by: Johanna Hensler on Sep 8, 2008 12:24 PM

• Checking User Transactions

  Hi
     is there any option to check what are the transactions user has been executed., i think is there some program.,
  Regards
  Chandra

  In the VA Server Services Performance Monitor JARM tab you can get many things but not precisely this.
  The two reposnses above assume you are talking to an ABAp which is not always the case but certainly in STAD/ST03 this is available.
  What you really need is to implement CCMS collection to a CEN. There the DSR statistics are collected and you can see every transaction a user has run including whatperformance that transaction had across each server.

• Authority Check for the User

  Hi,
       In how many ways can we set authorizations? I mean, in how many levels? My requirement is, to check the Authorization for a specific user to see if he is authorized to execute a Specific Z-Transaction (Report) for a specific Plant. How do I do that? I assume I need to code the AUTHORITY-CHECK OBJECT.... in my report. If yes, in which event? Please let me know.
  Thanks and Regards,
  Venkat.

  Hi Venkat,
  You can put in the AUTHORITY-CHECK at a number of points, after initialisation, during selection, prior to output - it depends on what the program is doing and how the rest of it is coded.
  For example, doing a big select and then only outputting based on the authority check may not efficient with large volumes of data.

• Authority check - in terms of User Group

  Hi all,
  I need restrict the usage of a finnance report by order of users.the report has order grup as an input, only certain order groups should be viewed by certain users. in authority check can do the checking by using user groups instead of individual used.i.e create separate object for seperate order group and for each order group can i check against user group instead of individual users. kindly help.
  thanks.

  hi,
  Authorizationcheck can be done  for:
  1.Transactions
  2.ABAP programs
  in abap programs use the below code as reference for authorization check
  AUTHORITY-CHECK OBJECT  0.
      MESSAGE e184(sabapdocu) WITH text-010.
    ENDIF.
  rewards points if useful.
  regards
  sandhya

• User role and Authority-check ?

  Hello,
  Could you please let me know how are the differences between User role and Authority-check. In a program I do not use Authority-check , And The user is not assigned to user role which contain this transaction ( for this program), Can the user execute this transaction OR he must be assigned to user role which contain this transaction to execute it . Supposing that we do not use any Authority-check in then program.
  Thanks in advance

  Hello Martin,
  I think this answers the OP's question about user not being assigned the role which contains the trxn code. As you have explained in this case the default auth. check for S_TCODE will fail & user cannot execute the trxv. (If i remember correctly the tables for this are AGR_USERS & AGR_TCODES)
  Anyways just to add to the OP's query. Auth. objects are added to profiles which in turn assigned to roles. So if you implement the auth. object in your program the user must also subscribe to the role containing the auth. obj. profile to be able to execute it.
  @OP:
  The transactions PFCG & SUIM might interest you. Also the tables dealing with these stuffs begin with AGR*. You can check the tables for better understanding.
  BR,
  Suhas

• Tcode for see AUTHORITY-CHECK asignement for User ?

  Hi everybody
  1. Does somebody knows a TCode for see an Authorization Object directly, that is i know to see them using SU21, then selecting an Authorization Class and then i see the corresponding Auth.Objetcs.  But, is there a Tcode for see the Auth.Objects without see first the Auth.Classes ?
  2, Is there a Tcode for see the Auth.Objects and values assigned for a user , that is, a Tcode for evaluate if an AUTHORITY-CHECK is going to be passed by an specific user-object-activity ?
  For example, i have the Auth.Object  'M_MATE_WRK' wich uses the Plant (WERKS) object.  Is there a Tcode wich allow me to know if a user has asigned this Auth.Object for specified Plant (WERKS) Value, and wich activities does the user has permited ?
  Thanks..
  Frank

  Hello Frank
  Call transaction <b>SUIM</b> (User Information System) and check the available reports there. I am sure you will find a report fulfilling your requirement.
  Regards
    Uwe

• Include authority check in PM User exit

  Dear all,
  Is there any user exit for adding an authority check object in IW31 transaction program?
  Kindly advise.
  Thanks.

  Hi,
  There is a Function module AUTHORITY-CHECK to check the authrization, here you can give the trnasaction code as well as the user name .. look at the function module in SE37..
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  <b>Reward points if useful</b>
  Regards
  Ashu

• User exit for MD12 to do authority-check

  Hi,
  Is there any user exit to code the authority-check for the transaction MD12 inorder to restrict the users from editing/changing the production order plan screen(similar to CO02 screen)?
  Regards,
  P.S.Chitra

  Hi,
  For MD12 only 2 Exists are there. 
  LMDR2001            User exits restr. profiles of opt. pur.ord.-based load bldg
  LMDZU001            User exits in additional planning
  U can check in SMOD transaction.

• User not authorized for particular Transaction.

  While running a Custom Transaction I m getting error that user is not authorized for that transaction.
  how to solve this?

  Hi,
  Try using FM C160_TRANSACTION_CALL. Let's see if this works.
  OR
  Create a custom program that calls your custom transaction code.
  Hope this helps.
  Benedict

• AUTHORITY-CHECK for an defined USER

  Hi,
  i write a abap (protokol) which shell be started every hour. In this report i will use
  an AUTHORITY-CHECK for an defined user, because i will send the protokol via email, but i have
  to check if this user is allowed to see the data.
  I will use this:
  AUTHORITY-CHECK OBJECT 'F_LFA1_BEK'
  ID 'BRGRU' FIELD '__________'
  ID 'ACTVT' FIELD '__________'.
  for an defined user.
  Is this possible, or how can i check this in another way?
  Thanks.
  Regards, Dieter

  Hi Eric,
  i tried it like this:
  UTHORITY-CHECK OBJECT 'F_LFA1_BEK'
           ID 'BRGRU' FIELD 'KRED'
           ID 'ACTVT' FIELD '03'.
  BREAK-POINT.
  CALL FUNCTION 'AUTHORITY_CHECK'
    EXPORTING
    NEW_BUFFERING             = 3
    USER                      = SY-UNAME
      OBJECT                    = 'F_LFA1_BEK'
      FIELD1                    = 'BRGRU'
      VALUE1                    = 'KRED'
      FIELD2                    = 'ACTVT'
      VALUE2                    = '03'
  EXCEPTIONS
     USER_DONT_EXIST           = 1
     USER_IS_AUTHORIZED        = 2
     USER_NOT_AUTHORIZED       = 3
     USER_IS_LOCKED            = 4
     OTHERS                    = 5.
  BREAK-POINT.
  at first breakt-point sy-subrc = 0 at second sy-subrc = 2. Can you tell why i get another sy-subrc?
  is my FM-Call correct?
  thanks.
  Regards, Dieter

• Authority Check at the T.Code level for the user in particular User Group

  Hi Friends,
  I have created a ZREPORT and assigned this report to a ZTRANSACTION CODE.
  Need to give Authority Check at the T.Code level for the user in particular User Group.
  I have searched in SCN, but not get suitable pages.
  How to solve this?
  Regards,
  Viji.

  Hi Viji.
  Saha way is actual way for authority tcode but user authority in TCODE:- SE38 he/she can run report(ZREPORT) wise program is run is no authority check.
  Another way is you have also check authority in program level.
  DATA: T_ROLE_USERS TYPE STR_AGRS OCCURS 0 WITH HEADER LINE.
     INITIALIZATION.
    CALL FUNCTION 'ESS_USERS_OF_ROLE_GET'
      EXPORTING
        ROLE       = 'ZROLE''  " Role define
      TABLES
        ROLE_USERS = T_ROLE_USERS.
    READ TABLE T_ROLE_USERS WITH KEY UNAME = SY-UNAME.
     IF SY-SUBRC NE 0.
     RETURN.
     ENDIF.
  Thanks & Regards
  Rahul

• Execute Authority Check With an different User then the logged on one

  Hello,
  is there any possibilty to make the command "AUTHORITY-CHECK" with another user then the user which is actually logged in into the system.
  For Example: my Username "USER1".
  Login with user "USER1".
  Run ABAP Pogramm to check if user "USER2" has the autority for an auth. object per command "AUTHORITY-CHECK".
  Thanks for all Ideas.
  Best Regards
  Marcus

  Try the FM AUTHORITY_CHECK!
  Cheers,
  Ramki.

• User Exit for Cost Center authority check in reservation & service entry sh

  Hi,
  We want to have cost center authority check in reservation & SES. Whcih exit should we use for this purpose.
  BTW, we tried the same in SES via the user exit  “SRVREL” componet “EXIT_SAPLEBND_003 for Change to Comm. Structure for Release Strategy Determination” in the include “ZXMLUU10” . Since then the Release strategy for SES is not effecting . Even after blocking the entire code by commenting it, the strategy is not effective. We are able to accept the SES using the Flag Button but without any strategy. How to revive the release strategy.
  Thanks & regards,
  KT Varkey

  Hi Ramki,
  Thanks for the advice. The problem is solved except that for Cost Centre authority check for SES. Tried SRVESLL but it doesn't work. Any other exit or any specific advice to make SRVESLL work for KOSTL check.
  Best regards,
  KT Varkey

• Authority check at field level in sales order

  Dear all, our business requirement is the following:
  only some users should be able to see the prices (including netwr, netpr,...) in the sales order depending on the authority check performed on the sales group field.
  This means that for an order of sales group 'A':
  a user of sales group 'A' can see the prices and change the order, a user of sales group 'B' cannnot see the prices but can change the order, a user of sales group 'C' can display the order but cannnot see the prices.
  I ask you if such a scenario can be realized in SAP.
  We currently run SAP ECC 5.0.
  thx all !
  bye Roberto

  Hi agree with Jan and Auke,
  To my knowledge it is object V_KONH_VKO which you are looking for. See the documentation in SU24 - SD class.
  But whether or not that will influence the visibility / editability of the screen in VA02 etc when turned the check on in SU24, I am not sure.
  If not, search the forum for topics relating to "transaction variants", "variant transactions" and "screen variants" to see whether those solutions will fulfill the requirement.
  Cheers,
  Julius