Authority-Checks: Matching data against authorities or profiles

Hello all,
   I like to match values at runtime against authorities or profiles. But I can't find any function-module or class to perform that.
The idea is, to check values for authority-checks to a profile (authority) or role without having a certain user.
The only thing I want to know is: Would the current fields/values fulfill a authority given by a known profile or role.
Can anyone help me?
Thanks a lot in advance.
Elmar

The Point is, that we have to check authorities of Users of a web-application which are Web-Users but not SAP-Users.
The idea was to check authorities via the SAP-authority system. That is, why it is necessary to check a 'Web-user-profile' against current values sent by the web-application. If it is no possible to perform a authority-check w/o a certain user, I will be forced to implement my own authority-check. This is also possible, but that makes a big effort.

Similar Messages

  • Updating a variable based on checking expiration date against now() in each row of a table

    I’m using Coldfusion 9,0,0,251028 on Windows 7 64-bit, with a Microsoft Access 97 database.
    I’m trying to create a query which loops through all the rows in a table and checks if the current date is later or earlier than the expiration date. 
    If the expiration date column is earlier than now(), it sets the column “is_current” to 0, which is a variable that controls whether or not a message displays on a different page(breakingnews.cfm). 
    The column that has the expiration date is “exp_dat” in the table “news”. The query I have so far is:
    <cfquery name="expire" datasource="#db#">
    update news
    set is_current = 0
    where exp_dat < now()
    </cfquery>
    What this ends up doing is filtering out the expired items correctly, but once a new row is inserted, the previous items(which haven’t expired yet)
    are still having the “is_current” column set to 0.
    The query is cfincluded on the page the messages are supposed to display on (breakingnews.cfm). 
    How can I get the query to loop over each row every time to check if the now() is earlier or later than “exp_dat” without setting all the other row’s “is_current” to 0?

    Two things:
    1 - A query will never affect rows you haven't told it to. Therefore if new rows have the is_current set to 0, then it's because you're either setting it so in your insert statement or you've set a default value on the column. Just make sure you set the column to 1 when you insert the new row.
    2 - Why are you doing this at all? Say you run your update query (which is relatively intensive) a millisecond before one expires, it'll still be shown on your page. Why are you not just doing "SELECT * FROM mytable WHERE expiration_date > now()"?
    Obviously use cfqueryparams, but that's just an example. It seems at the moment all you're doing is storing out-of-date data in a database and causing yourself a lot more work and overhead.

  • Future Check -In date and not displaying images via IPM search profile

    Hi All,
    We have configured Oracle IPM and UCM to work together and UCM as the repository and we are using ODC to index data to IPM.
    We are not able to see some of the documents from the IPM search field. (only some of the documents)
    When we log in to the UCM repository manager we can see future check in date and 'Done' or 'GenWWW' as the Revision status field and 'New' as the Indexer status field.
    Is there any way to force to push to 'Release' state or can we change the Check-in date and time?
    since we are now in the stage of parallel run, it is urgent to sort this issue immediately........
    Because users are not able to see there documents and continue there works......
    Thanks for any immediate response..............
    Thank You
    Edited by: Nir on Mar 20, 2012 4:15 AM
    IS THERE ANYONE TO HELP US?????
    Edited by: Nir on Mar 21, 2012 1:22 AM

    Hi Aditya,
    Those are not releasing as you said. the indexer would not release the content until the said time is reached
    Sometimes those are releasing without meeting it's release date.
    This ODC date field going to map to a date field in IPM is it? Is it just a date field which is get populated with current date?
    Once i checkin a document, it has released as normal.
    Thank you,
    Edited by: Nir on Apr 15, 2012 8:59 PM
    Hi All,
    As i mentioned earlier post some documents has current date as the indexed date and future date as the Release date.
    Thanks
    Edited by: Nir on Apr 15, 2012 9:16 PM

  • How to create Authority check object

    Hello Gurus,
    How to create Authority-check object 'ZABC'
                                                             ID 'TABLE' FIELD 'ZTABLE'.
    Please tell me detailed procedure.
    Thanks in advance.
    Best Regards,
    zubera

    Dear Zubera,
    Creating Authorization Fields
    In authorization objects, authorization fields represent the values to be tested during authorization checks.
    To create authorization fields, choose Tools --> ABAP Workbench --> Development --> Other tools --> Authorization objects ® Fields.
    To create a authorization field:
    1. Choose Create authorization field.
    2. On the next screen, enter the name of the field. Field names    must be unique and must begin with the letter Y or Z.
    3. Assign a data element from the ABAP Dictionary to the field.
    4. If desired, enter a check table for the possible entries. For    more information about check tables.
    For more information about AUTHORITY-CHECK, see the keyword documentation of the ABAP Editor.
    You can often use the fields defined by SAP in your own authorization objects. If you create a new authorization object, you do not need to define your own fields. For example, you can use the SAP field ACTVT in your own authorization objects to represent a wide variety of actions in the system.
    Assigning an Authorization Object to an Object Class
    Each authorization object must be assigned to an object class when it is created.
    Choose Tools --> ABAP Workbench --> Development --> Other tools --> Authorization objects --> Objects.
    You can also create authorization objects in the Object Navigator (SE80).
    Creating / Choosing Object Classes
    The system displays a list of existing object classes.
    Object classes are organized according to the components of the system.
    Before you can create a new object, you must define the object class for the component in which you are working. The objects are not overwritten when you install new releases.
    You can also define your own object classes. If you do so, select class names that begin with Y or Z to avoid conflicts with SAP names.
    Creating an Object
    Enter a unique object name and the fields that belong to the object. Object names must begin with the letter Y or Z in accordance with the naming convention for customer-specific objects.
    You can enter up to ten authorization fields in an object definition. You must also enter a description of the object and create documentation for it.
    Ensure that the object definition matches the AUTHORITY-CHECK calls that refer to the object.
    Do not change or delete authorization objects defined by SAP. This disables SAP programs that use the objects.
    You can regenerate the profile SAP_ALL after creating an authorization object.
    Best Regards,
    Rajesh
    Please reward points if found helpful.

  • Using AUTHORITY-CHECK

    I would like to add a checking whether the user allow access va02 or not. I've created an authorization object. And i know i have to program using AUTHORITY-CHECK. But i don't know where should I place the code. Thanks!

    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    Sy-SUBRC values
    4 User has no authorization in the SAP System for
    such an action. If necessary, change the user
    master record.
    8 Too many parameters (fields, values). Maximum
    allowed is 10.
    12 Specified object not maintained in the user
    master record.
    16 No profile entered in the user master record.
    24 The field names of the check call do not match
    those of an authorization. Either the
    authorization or the call is incorrect.
    28 Incorrect structure for user master record.
    32 Incorrect structure for user master record.
    36 Incorrect structure for user master record.
    Pls reward pts if help.

  • Company code authority check

    Hi
    we have created ZTTL01 table maintenance view. Should not allow unauthorized company code to update/create or display.
    I searched thru forums and collected below points. but could not test it successfully.
    Authorization object (Z_XXX_BUK) was created.But <Permitted activities> Button is not available in display authorization object(SU21) to see what are the activities are permitted.
    In su01 for my user no roles or profiles are defined.
    To do
    Trying to write  below code in PBO and PAI flow logic of ZCHECK_BUK table for screen 01
    PBO & PAI
    *First statement
    Module Authorictycheck.
    module Authoritycheck
      LOOP AT EXTRACT.
        AUTHORITY-CHECK OBJECT 'ZCHECK_BUK'
                            ID 'ACTVT' FIELD '01,02,03'
                            ID 'BUKRS' FIELD ZTTL01-BUKRS.
        IF sy-subrc <> 0.
          MESSAGE e000(zrpt) WITH 'You do not have the authorization to'
        EXIT.                          'access Bukrs'extract-bukrs.
        ENDIF.
      ENDLOOP.
    endmodule
    Can i use above code in PBO and PAI to check change of company code?
    I am sharing role and profile created by other user, which allows only company code 'A10'.
    How to test this now?
    se11->Utilities->table contents create should not allow me to input A11 or other company codes? pls confirm.
    Regards
    Chandra

    Hi Suhas
    Regarding 1) It works when i remove the FORM routine assinged for EVENTS.
    Thanks for ur input.
    Regarding 2)When the user displays record in SM30 for a table, he must not be able to see the company code AD01.
    To achieve this can i use EVENT AA?
    I create FORM routine <hide_cocode> in EVENT AA and store at include LZXXXXF01.
    FORM ZHIDE_COCODE.
    DATA: F_INDEX LIKE SY-TABIX."Index to note the lines found"
    LOOP AT TOTAL.
    READ TABLE EXTRACT WITH KEY <vim_xtotal_key>.
    IF SY-SUBRC EQ 0.
    F_INDEX = SY-TABIX.
    ELSE.
    CLEAR F_INDEX.
    ENDIF. "(make desired changes to the line TOTAL)
    MODIFY TOTAL.
    CHECK F_INDEX GT 0.
    EXTRACT = TOTAL.
    MODIFY EXTRACT INDEX F_INDEX.
    *ENDIF.
    ENDLOOP.
    SY-SUBRC = 0.
    ENDFORM.
    I made break point at line LOOP at Total. and executed SM30 and clicked Display button.
    Sorry Code stops here and table TOTAL has flat line structure of empty.Loop at total is skipping
    what should be done now?
    Regards
    Chandra

  • Authority-check for particular comp code

    Hi All,
    when i'm using standard Authority Object F_BKPF_BUK  for a particular standard code say 'CO01'. but it is working for all company code, but i want work for only one company code say 'CO01' ONLY.i'm using in report program (zreport prog)
    I written code as
    AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
        ID 'BUKRS' FIELD 'BE10'
        ID 'ACTVT' FIELD '03'.
    Please can u advice on this .
    Many Thanks in Advance for u r Answer
    Naren

    Hi
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    Reward points if useful
    Regards
    Anji

  • AUTHORITY-CHECK on cost center

    We have set the authorisation (using object cost center) to time admin such that they can maintain leave for certain group of the user.
    The question is now how to program the abap code so that my customised leave report can validate the authorisation to ensure that when he generate the leave report, other those employees who are in the cost center that he is authorise to view is listed?
    Appreciate if you can share the code.

    Hi,
    see the help link also.
    [http://help.sap.com/saphelp_nw70/helpdata/en/9f/dbaccb35c111d1829f0000e829fbfe/content.htm]
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.

  • Securing the HR data against unauthorized ABAP program access

    Dears,
    Is there a way to secure HR data against unauthorized user-defined ABAP program access; in other words is there a way to prevent a the HR tables access from within a newly created ABAP program (SELECT statement) ?
    Thanks.
    Reda

    Hi, there's no way to prevent programs from accessing db-tables. Instead, you'll have to limit access on programs.
    Especially, do not allow abap developers to run programs in your productive system. Encourage developers to implement authority-checks in their code. Consider well, who and who not, is to be allowed to run which program.
    regards
    Jörg

  • Authority check at field level in the sales order

    Dear all, our business requirement is the following:
    only some users should be able to see the prices (including netwr, netpr,...) in the sales order depending on the authority check performed on the sales group field.
    This means that for an order of sales group 'A':
    a user of sales group 'A' can see the prices and change the order, a user of sales group 'B' cannnot see the prices but can change the order, a user of sales group 'C' can display the order but cannnot see the prices.
    I ask you if such a scenario can be realized in SAP.
    We currently run SAP ECC 5.0.
    thx all !
    bye Roberto

    Hi
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    <b><REMOVED BY MODERATOR></b>
    regards
    Anji
    Message was edited by:
            Alvaro Tejada Galindo

  • Check XML file against XSD? Via XSLT?

    Hello,
    we´re using a 6.20 system (XI not available) and want to check XML files against a XML-schema definition file (xsd).
    Is there a function in 6.20 available for this? Is it possible to use "CALL TRANSFORMATION" for it? I´ve seen other XSLT parser in the internet which are able to check a source XML against an XSD before transforming it to the result XML.
    But is this possible with an 6.20 system?
    Thank you for your help,
    best regards,
    Stefan

    Here is the sample XML and the schema.
    XML:
    <?xml version="1.0" encoding="UTF-8"?>
    <book isbn="0836217462">
    <title>
      Being a Dog Is a Full-Time Job
    </title>
    <author>Charles M. Schulz</author>
    <character>
      <name>Snoopy</name>
      <friend-of>Peppermint Patty</friend-of>
      <since>1950-10-04</since>
      <qualification>
        extroverted beagle
      </qualification>
    </character>
    <character>
      <name>Peppermint Patty</name>
      <since>1966-08-22</since>
      <qualification>bold, brash and tomboyish</qualification>
    </character>
    </book>
    XSD:
    <?xml version="1.0" encoding="utf-8"?>
    <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
      <xs:element name="book">
        <xs:complexType>
          <xs:sequence>
            <xs:element name="title" type="xs:string"/>
            <xs:element name="author" type="xs:string"/>
            <xs:element name="character" minOccurs="0" maxOccurs="unbounded">
              <xs:complexType>
                <xs:sequence>
                  <xs:element name="name" type="xs:string"/>
                  <xs:element name="friend-of" type="xs:string" minOccurs="0"
                          maxOccurs="unbounded"/>
                  <xs:element name="since" type="xs:date"/>
                  <xs:element name="qualification" type="xs:string"/>
                </xs:sequence>
              </xs:complexType>
            </xs:element>
          </xs:sequence>
          <xs:attribute name="isbn" type="xs:string"/>
        </xs:complexType>
      </xs:element>
    </xs:schema>
    - Suman

  • About authority check~

    Hi!
    Let me ask something.
    As usual, when we call a program using T-CODE in command field, R3 checks the authority. even BDC prog.
    But, in program text, I programed like this. "CALL TRANSACTION XXX".
    the system doesn't check authority.
    for example, A user type 'XD01' in command field, system denyed. but, A user call 'XD01' through my progam. system admitted it. and in my program, I coded like this "CALL TRANSACTION 'XD01'.
    I don't know why... Have you ever seen like this?
    If sb know this, please let me know! what shold I do for it!
    sorry for my poor english, I need your help~~

    Hi Kyung Woo,
    When the user enters the transaction code, let's say XD01, the R/3 system would get the authorization information as defined in the user's profile and check if the authority object required to execute the transaction exists in the user's profile. This is just a preliminary check. It prevents the non-technical users from accessing the transaction.
    But when it comes to a technical user like an ABAP Programmer, almost anything can be done within the R/3 system. For example, you can just write a small program of about a few lines and cause serious damage to the entire R/3 System.
    The point is that when you use the CALL TRANSACTION statement, it means that you are writing the program to accomplish some functionality. The preliminary check is bypassed in this case. But if there's an authority check coded into the transaction, then even the CALL TRANSACTION method won't work.
    But remember one thing - so long as you are an ABAPer, with the authorization to create a program in SE38 and execute it, along with the authorization for Debugging, you can do almost anything within the R/3 system.
    It is upto the programmer and the company to take care of any such mishaps happening. Anyways, when it comes to the Production system, your hands are all tied up. you would never have the authorization to do any development directly in there. If you do, then somebody is in very deep trouble !!:-).
    As far as the Development system is concerned, nobody really bothers too much about them, because they do not affect any real-time data.
    Regards,
    Anand Mandalika.

  • How to debug a authority check in program and a authorisation object in tco

    Can anyone tell me how to debug a authority check in program and a authorisation object in tcode
    i just want to know the flow of authorisation object in debugging how user is assocaited with authorisation object and roles.
    i know if sy-subrc ne 0 is authorisation failed ,so please help me anyone on this.
    every time when i put breakpoint ,if its program level only, i am able to decide only through sy-subrc but iam unable o view the flow .

    flow cannot be seen, we have to be based on sy-subrc only...
    you cannot see the flow in read table... describe table... transfer...
    the authorization object will be assigned to the data element, that data element has some realtion to the roles given to the users. So if the role of the user and data element value doesnt match the sy-subrc NE 0.

  • Include authority check in PM User exit

    Dear all,
    Is there any user exit for adding an authority check object in IW31 transaction program?
    Kindly advise.
    Thanks.

    Hi,
    There is a Function module AUTHORITY-CHECK to check the authrization, here you can give the trnasaction code as well as the user name .. look at the function module in SE37..
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    <b>Reward points if useful</b>
    Regards
    Ashu

  • Info about AUTHORITY-CHECK

    Hi all.
    in CJ02 I have this autorization check:
    AUTHORITY-CHECK OBJECT 'C_DRAD_OBJ'
                 ID 'ACTVT' FIELD lt_display-mode        
                 ID 'DOKOB' FIELD object
                 ID 'STATUS' FIELD ls_draw-dokst
                 ID 'DOKAR'  FIELD ls_draw-dokar.
        IF sy-subrc <> 0 .
    no AUTHORITY
    the sy-subrc is <> 0. how can I see the data into this object? can i add data into?

    Hi Fabrizio,
    1. This is a normal
       'authorisation not there'
      issue.
    2. Contact your basis team
       and they will help out
       by assigning the values
       for the particular auth object
       for the required profile
       for the particular user !
    regards,
    amit m.

Maybe you are looking for

  • Why i can compare two string

    * @(#)Assignment.java 1.0 03/12/12 * You can modify the template of this file in the * directory ..\JCreator\Templates\Template_1\Project_Name.java * You can also create your own project template by making a new * folder in the directory ..\JCreator\

  • How to change the battery in my bluetooth

    i got the new one but don't want to harm the case to change it.a little help please.

  • Photoshop CS6 Help Me

    Hi I Installed The Trial For Photoshop CS6 But It Keeps Appearin Up With An Configuration Error Sayin I Need To Contact Adobe Help And Support With Tis Error Code 213:10

  • Hook up Two Monitors

    I would like to know how to hook up two monitors on a mid 2009 MacBook Pro with a NVIDIA GeForce 9400M Graphics setup?  I currently have one external hooked up. Thanks. Margaret

  • Dynamic Tables (insertrow/deleterow)

    I have a rqmt to accept a variable number of data points using a form. I want to use dynamic tables to allow the user to add or delete table rows as needed (via Javascript). Example - View Rendered with: <tr> <td><input type="text" name="dataARow1" s