Authority objects and tcodes

Hi!
In SAP, there is a table, called AGR_1251.
In SE16, I give the OBJECT field, the S_TCODE value.
Now I can see that there are a lot of combination, to give a transaction code to an authority object within the table's low and high columns.
I mean, if I'm interested in checking the "XD01" transaction, there could be many possible cases which makes the "XD01" transaction correct, like
- XD01
- XD00 - XD02
- XD0*
- XD*
- XD00 - XD99
All of these intervals, and * values are good for the XD01 transaction.
I would like to find a function module, which can tell me those entries, where the XD01 transaction fit. Is there one?
Thank you
Tamá

Hi Tamas,
1. One way of doing this is :
a) select the required records from this table
   with your conditions
   and OBJECT = 'S_TCODE'.
b) Here u will get some records.
c) take another RANGE variable
d) loop at the above internal table found in (a),
    and populate the range variable with LOW and HIGH,
   and also sign = 'I' and option = 'BT'.
e) then using the variable on screen,
   u can check
   If variable IN Range.
*--- means right to tcode.
endif.
regards,
amit m.

Similar Messages

Table of Authority Object and value Per User

Hi
I have created a Z authority object, is there a table that can show me all the users that have this authority object and its value
Thanks Ami

Hi,
thanks for your answer. I know the parameter: FOR USER user. But i don't whant to check
the authority, i want to know in my example which value has the user in fields ACTVT and STATM.
Thanks.
regards, Dieter

Get Authorization Object and Tcode

Hi,
I have a requirement to get a report of
Role Name, Date of Validity, Authorization Object in User Master Maintance (TCode) and Description of Tcode
I used SQVI
and joined Tables
AGR_USERS, AGR_1251, USTSTCAP
From the first two tables I get all most all fields Except the description of T-Code for that I used the table USTSTCAP but it is not working.
is there any table to get text description. please give guidence
Regards
Nausal

Hi,
From TSTCT We get TCode Description
but it is not possible to join with AGR_USERS and AGR_1251 in SQVI
Regards
Nausal

Relationship between Authorisation objects and Tcode

Dear all, 
In 4.6C 
I go to Tcode SU01-> Tcode assignment->provide MB1A for tcode->F8-> value list, then I get the list of Authorization objects associated to this tcode.
Access to Tasks in General Notifications
Authorization for document activities
CS BOM Authorizations
Authorization for Class Types
Consolidation: Authorization for subgroup
PM: Task List
PM: Transaction Code
CO-CCA: Cost Center Planning
EC-PCA: Delete transaction data
EC-PCA: Actual Data Transfer
Warehouse Number / Storage Type
Transaction Codes in the Warehouse Management System
Document Type in Purchase Requisition
Purchasing Group in Purchase Requisition
Plant in Purchase Requisition
Purchasing Organization in Purchase Order
Evaluation Structure: Application
Material Master: Maintenance Statuses
Personnel Planning
HR: Reporting
HR: Master Data
HR: Master Data - Extended Check
HR: Master Data - Personnel Number Check
Use of Group Codes
Quality Notification Types
QM Transaction Authorization
Business Process Quality Notifications
System Authorizations
ALV Standard Layout
Background Processing: Background Administrator
Background Processing: Operations on Background Jobs
Administration Functions in the Change and Transport System
C Calls in ABAP Programs
Authorization for File Access
ABAP Workbench
SE61 Documentation Maintenance Authorization
Authorization for GUI activities
IMG: Authorization to Perform Functions in IMG
Language administration
SAPoffice: Authorization for an Activity with Documents
SAPoffice: Attribute of Office User
Authorization Object for Sending
OLE Calls from ABAP Programs
ABAP: Program run checks
IMG: New Authorizations for Projects
Authorization check for RFC access
Change documents
Spool: Device authorizations
Spool: Restriction on Maximum Number of Pages
Cross-client Table Maintenance
Table Maintenance (via standard tools such as SM30)
Authorization Check for Transaction Start
Transport Organizer
SAP ArchiveLink: Authorizations for access to documents
Sales Document: Authorization for Sales Document Types
Sales Document: Authorization for Sales Areas
This information is fetched from the table USOBX where name = MB1A and type = 'TR'
When I create a role in PFCG say ZTEST_ROLE and assign the only one tcode MB1A, I get additional authorisation objects below
CO-PC: Product Costing
Material Master: Company Codes
Material Master: Warehouse Numbers
Why do I get these additional objects ? What is the logic behind this?
My requirement is to check the authorisation objects associated to a Tcode.
Thankyou.

hi
there would be many authorisation objects for a tcode (like create,change display).....so if user is having that particular authorisation object only then he can do a particular activity in that tcode.
Regards
Sajid

Usage of AUTHORITY OBJECT

Hi,
Could you please help out how to create AUTHORITY OBJECT and usage in reports with sample code and transaction codes.
Thanks,
Madhu

Hi Madhu,
DATA:wa_flight TYPE t_flight,
it_flights TYPE t_flighttab.
SELECT-OPTIONS so_carr FOR wa_flight-carrid.
for authority-check:
DATA:
allowed_carriers TYPE RANGE OF t_flight-carrid,
wa_allowed_carr LIKE LINE OF allowed_carriers.
START-OF-SELECTION.
fill a range table with the allowed carriers:
SELECT carrid
FROM scarr
INTO wa_allowed_carr-low
WHERE carrid IN so_carr.
AUTHORITY-CHECK OBJECT 'S_CARRID'
ID 'CARRID' FIELD wa_allowed_carr-low
ID 'ACTVT' FIELD '03'. " display
IF sy-subrc <> 0.
CLEAR wa_allowed_carr.
ELSE.
wa_allowed_carr-sign = 'I'.
wa_allowed_carr-option = 'EQ'.
APPEND wa_allowed_carr TO allowed_carriers.
ENDIF.
ENDSELECT.
check this link
http://techrepublic.com.com/5100-6329_11-5110893.html#
http://www.sap-img.com/ab035.htm
Regards,
Sridhar

Custom authority object on MRBR

Hello,
Can I create a custom authority object and assign the same to standard t.code MRBR?
Currently MRBR is offering authority check based on EKGRP. But this is not catering to our requirements. We want to restrict the authorisation based on EKORG (Purchase Organisation) also. This is particularly for Releasing of blocked invoice.
Any ides on this matter please......
Thanks in advance,
Mallik

Hello,
You need to have
M_BEST_EKO : Purchasing Organization in Purchase Order
M_RECH_EKG :Invoice Release: Purchasing Group
M_RECH_SPG: Invoices: Blocking Reasons
Please check in SU24 whether these are maintained or not,if not please main them .
In the transcation code MRBR for your requirement
Thanks,
Prasant K Paichha
Edited by: Prasant K Paichha on Aug 26, 2009 5:19 PM

How to create authority check object and assign to ztcode which is of modu

Dear ,
how to create authority check object and assign to ztcode which is of custom module pool program.its urgent kindly help points rewarded.

Manoj,
You can check with your Basis team to create authorisation object and assigining tcodes to the user profiles.
K.Kiran.

With regard to lock object and authority check

hi all
i would like to know about lock object and authority check specifically in reports. there is a coding in sap library with regard to authority check, but there is no coding to restrict user (i mean there is no user names that the object is restricting for a particular user or any user has got permission to change or display object).
further, the code mentions that you need an authorization in your user master record for the object, could any of u explain where is user master record.
below is the code for authority check.
*& Module USER_COMMAND_0100 INPUT
MODULE USER_COMMAND_0100 INPUT.
CASE OK_CODE.
 WHEN 'SHOW'.
 AUTHORITY-CHECK OBJECT 'S_CARRID'
ID 'CARRID' FIELD '*'
ID 'ACTVT' FIELD '03'.
 IF SY-SUBRC NE 0. MESSAGE E009. ENDIF.
 MODE = CON_SHOW.
 SELECT SINGLE * FROM SPFLI
 WHERE CARRID = SPFLI-CARRID
 AND CONNID = SPFLI-CONNID.
 IF SY-SUBRC NE 0.
MESSAGE E005 WITH SPFLI-CARRID SPFLI-CONNID.
 ENDIF.
 CLEAR OK_CODE.
 SET SCREEN 200.
 WHEN 'CHNG'.
 AUTHORITY-CHECK OBJECT 'S_CARRID'
ID 'CARRID' FIELD '*'
ID 'ACTVT' FIELD '02'.
 IF SY-SUBRC NE 0. MESSAGE E010. ENDIF.
 MODE = CON_CHANGE.
 SELECT SINGLE * FROM SPFLI
 WHERE CARRID = SPFLI-CARRID
 AND CONNID = SPFLI-CONNID.
 IF SY-SUBRC NE 0.
 MESSAGE E005 WITH SPFLI-CARRID SPFLI-CONNID.
 ENDIF.
 OLD_SPFLI = SPFLI.
 CLEAR OK_CODE.
 SET SCREEN 200.
ENDCASE.
ENDMODULE. " USER_COMMAND_0100 INPUT
i thank u all for the help in advance.

hi
this might help
REPORT YUSRLOCK NO STANDARD PAGE HEADING.
TABLES: TRDIR, USR02.
DATA: MARK,CNTR TYPE I,
 ACCNT LIKE USR02-ACCNT, ERDAT LIKE USR02-ERDAT,
 ANAME LIKE USR02-ANAME, CLI(3) VALUE 'AAA', SZIN TYPE I,
 SYDATUM LIKE SY-DATUM, FLAG(3).
TABLES: UINFO.
DATA: OPCODE TYPE X VALUE 2.
DATA: BEGIN OF USR_TABL OCCURS 10.
 INCLUDE STRUCTURE UINFO.
DATA: END OF USR_TABL.
START-OF-SELECTION.
CALL 'ThUsrInfo' ID 'OPCODE' FIELD OPCODE
 ID 'TAB' FIELD USR_TABL-SYS.
SELECT * FROM USR02 CLIENT SPECIFIED ORDER BY MANDT BNAME.
 IF USR02-MANDT <> CLI.
 SZIN = SZIN + 1. SZIN = SZIN MOD 2.
 CLI = USR02-MANDT.
 ENDIF.
 IF USR02-UFLAG = 0.
 MARK = ' '.
 ELSE.
 MARK = 'X'.
 ENDIF.
 CLEAR FLAG.
 LOOP AT USR_TABL.
 IF USR_TABL-BNAME = USR02-BNAME AND USR_TABL-MANDT = USR02-MANDT.
 FLAG = '!!!'.
 ENDIF.
 ENDLOOP.
 SYDATUM = SY-DATUM - 30.
 IF SYDATUM < USR02-TRDAT.
 IF SZIN = 0.
 WRITE:/ ' ', MARK AS CHECKBOX,' ', USR02-BNAME COLOR 2,
 ' ',USR02-MANDT COLOR 2,
 ' ',USR02-USTYP COLOR 2,
 ' ',USR02-TRDAT COLOR 2, USR02-LTIME COLOR 2,
 ' ',FLAG COLOR 6.
 ELSE.
 WRITE:/ ' ', MARK AS CHECKBOX,' ', USR02-BNAME COLOR 3,
 ' ',USR02-MANDT COLOR 2,
 ' ',USR02-USTYP COLOR 2,
 ' ',USR02-TRDAT COLOR 2, USR02-LTIME COLOR 2,
 ' ',FLAG COLOR 6.
 ENDIF.
 ELSE.
 IF SZIN = 0.
 WRITE:/ ' ', MARK AS CHECKBOX,' ', USR02-BNAME COLOR 2,
 ' ',USR02-MANDT COLOR 2,
 ' ',USR02-USTYP COLOR 2,
 ' ',USR02-TRDAT COLOR 4, USR02-LTIME COLOR 4,
 ' ',FLAG COLOR 6.
 ELSE.
 WRITE:/ ' ', MARK AS CHECKBOX,' ', USR02-BNAME COLOR 3,
 ' ',USR02-MANDT COLOR 2,
 ' ',USR02-USTYP COLOR 2,
 ' ',USR02-TRDAT COLOR 4, USR02-LTIME COLOR 4,
 ' ',FLAG COLOR 6.
 ENDIF.
 ENDIF.
 HIDE: USR02-BNAME, USR02-MANDT.
ENDSELECT.
CLEAR USR02.
TOP-OF-PAGE.
WRITE:/ 'LOCK USER CLIENT TYPE LAST lOGIN ' COLOR 6.
SKIP.
AT USER-COMMAND.
IF SY-UCOMM = 'SEL'.
 DO.
 CLEAR MARK.
 READ LINE SY-INDEX FIELD VALUE MARK.
 IF SY-SUBRC NE 0. EXIT. ENDIF.
 IF USR02-BNAME IS INITIAL.CONTINUE.ENDIF.
 SELECT SINGLE * FROM USR02 CLIENT SPECIFIED WHERE
 MANDT = USR02-MANDT AND BNAME = USR02-BNAME.
 IF MARK = 'X' AND USR02-UFLAG = 0.
 USR02-UFLAG = 64.
 UPDATE USR02 CLIENT SPECIFIED SET: UFLAG = 64 WHERE
 MANDT = USR02-MANDT AND
 BNAME = USR02-BNAME.
 COMMIT WORK.
 ENDIF.
 IF MARK = ' ' AND USR02-UFLAG = 64.
 USR02-UFLAG = 0.
 UPDATE USR02 CLIENT SPECIFIED SET: UFLAG = 0 WHERE
 MANDT = USR02-MANDT AND
 BNAME = USR02-BNAME.
 COMMIT WORK.
 ENDIF.
 ENDDO.
 CLEAR USR02.
ENDIF.
regards
Arun

Plz tell me how to create authority check objects and how to usein prg

dear sir,
plz tell me how to create authority check objects and how to usein prg

http://help.sap.com/saphelp_46c/helpdata/en/5c/deaa74d3d411d3970a0000e82de14a/content.htm
http://help.sap.com/saphelp_nw70/helpdata/en/52/6716a6439b11d1896f0000e8322d00/content.ht
Create custom authorization Customer specific object
If you have requirements that cannot be met using the P_ORGIN and P_ORGXX authorization objects (for example, because you want to build your authorization checks on additional fields of the Organizational Assignment infotype (0001) that are customer-specific), you can include an authorization object in the authorization checks yourself.
Create the authorization object using transaction SU21. Make sure you keep to the customer name range (Z/Y). To be able to use the new authorization object you have created in the master data authorization check, the object must contain the INFTY, SUBTY, and AUTHC fields. You can use any of the fields of the Organizational Assignment infotype (0001) for the other fields. You can also use customer-specific additional fields provided they are CHAR or NUMC type fields.
After you have created the object, you must start the RPUACG00 report. This report overwrites the MPPAUTZZ standard include with the code that is needed to evaluate the authorization object you created. Note: Technically speaking, this involves a modification. However, SAP fully supports this procedure. And you should not have more maintenance work as a result of this modification.
          Note: that if you use customer-specific authorization objects, you must maintain these objects in transaction SU24 (Maintain Assignment of Authorization Objects to Transactions) in the same way as you maintain the authorization objects P_ORGIN, P_ORGXX, and P_PERNR
AUTHORITY CHECK OBJECT Object_name
            ID fieldname1 FIELD fieldvalue1
            ID fieldname2 FIELD fieldvalue2
            ID fieldname3 FIELD fieldvalue3.
             If sy-subrc eq 0.   "Authorization exists
             Endif.
http://articles.techrepublic.com.com/5100-6329_11-5110893.html
Edited by: JackandJay on Jan 16, 2008 10:21 AM

How to get the Title and Tcode of a Program during run time

Hello,
I am new to abap and I have this question please. Is the a way to get the title, Tcode and Author of a program during run time? I would like to get the name and title of a program or a view or an include during run time.
Using table TADIR, you can only get the object_name and the author. Is the a way for me to get the Title of the repository object and any Tcode if any is available for the case of a program?
I loop forward for your respond.
Thank you.
Sabina

You can get it by accessing SYST.
SY-TITLE for Title
SY-TCODE for Tcode
I don't think there is any field in SYST for the Author.
To get the author name you can use the TRDIR table.
Regards,
Naimesh Patel

Table contain user name and tcode

Dear Experts,
Can you tell me which Table contained user name and tcode field?
Thanks and Best regards,
wilson

You need to be even more carefull with parameter transactions.
If SU24 is not maintained for them, PFCG will pull the proposals from the core transaction (via which the parameters are used in the skip screen feature...). If the core transaction has authority proposals for S_TCODE, then you will get those tcodes and their proposals as well.
A carefull choice of menu objects (not only limited to Tcodes), taking heed of SU24 defaults and tuning it to meet your needs is the key. But it requires organizational discipline and good training, otherwise rather dont use it for anything other than important objects which you want to control manually only, even if your business roles are a mess.
You can also restrict the authorizations of the security admins for example (as unpopular as that may sound... to segregate authorization concept development (SU24 etc), role building development (PFCG etc) and user administration (SU01 etc). Object S_USER_TCD also has a field called TCD...
There are also other objects (as Dipanjan has pointed out) which have TCD as a field of an object which is not S_TCODE. In addition to I_TCODE, Q_TCODE, P_TCODE, see also S_IDOCMONI for example.
To be honest I have given up on trying to find them all
The easiest solution is to use the menu and maintain SU24 when the transaction is configured or the application is developed and tested. That is what SAP does as well in SU22. It is more work upfront, but more sustainable in the long run.
If your users (and auditors) only see the menu (and use the SUIM --> Executable transactions) options, then you can get away with it in the short or even medium term. Latest when someone else need to maintain the roles they will hate it...
My 2 cents,
Julius

Authority Object

If One Authority Object used in the Z report and that Authority object added in the role. This Role assigned to Two user.
But one of the user not required authorization for the Z report.
How actually this situation ideally handle ? New authority object need to create for that Z report or using the existing object we can solve the problem.
Regards
Nilesh Shete

then dont give authorization for this report(tcode) itself, and in ur program u have to check for the same.
 call function 'AUTHORITY_CHECK_TCODE'
 exporting
 tcode = 'YSCC'
 exceptions
 ok = 0
 not_ok = 2.
 if sy-subrc eq 2.
 message e077(s#) with 'YSCC'. " No authorization to transaction
 endif.
if u want to create one more role,then no nedd to change ur program.
Regards
Prabhu

How do I set up the "Objects and Attachments"

Hi .... I'm new at WorkFlow (and SAP for that matter) and have inherited a WF that is already built. In several of the steps I can see "Objects and Attachments" on the work item screen where a User can click to be directed to a transaction. For example, on one screen the User can click on "Incoming Invoice: 5105601690" to be directed to the Invoice Display Screen that is populated with information for that particular invoice (5105601690).
I am looking at the WF using TCode SWDD and cannot figure our how the original developer set this up. So my question is ..... for a particular WF step, how do you set up the "Objects and Attachments: area so that the User will be directed to a particular transaction when he/she clicks on it.
Thanks in advance, and sorry for such a "juvenile" question.
Dan A

Thanks for your reply Rajkumar,
I am looking at the screen you have directed me to. Business object is BUS2081 (actually it is ZMMWBS2081 which is a customized version BUS2081) Method is "Display" and Attribute is "InvoiceDocNumber". How do I know by looking at this that "Display" means Display Invoice? What if I wanted to display the PO instead?
Thanks for the "spoon feeding".
Dan A

How to find out in which role an authority object is included

Hi,
I need to call web services by an external application. Therefore the authorization object S_SERVICE is needed to call services.
Now I want to add this object to a specific sap user, but how can I find out in which role this object is included? I don't want to create a new role for just only this standard SAP authority object.
Thank you!

>
Torben Larsen wrote:
> Hey!
>
> Thank you for your answer. I have now found roles, which include this object. But I still have the authorization problems and can see that the object S_SERVICE is the problem, when tracing with ST01.
>
> I'm not that much into authorization stuff. So do I need also a profile? I only could call the web services by using profile SAP_ALL.
>
> thank you!
Now that you have required role with you .. simple assign that role to user id from transaction SU01 (Roles tabs).
Sap standard roles will already have profile in it. You might have to generate the profile. Goto transaction PFCG enter role name hit display button , goto Authorisation tab, hit Display Authorisation button and on next screen press generate button (Shift+f5).
By the way you can use SUIM to find role and profile for given authority object

How to use custom authority object to execute certain code?

Hi Gurus,
I'm trying to use an authority-check just to execute certain ABAP code for some roles only, but I don't get to make it work as every user gets to exectute the code. I'm also not sure of which field(s) I should add to my authorization object when I'm checking it.
Does anyone know if there's a way of making it? Thanks in advance.
Edited by: Jorge Gonzalez on Jun 25, 2010 11:42 AM

Hi.
If the authority object is already created then you can view in transaction SU21, Select the custom object and double click on it.
You can see the Authorization fields that need to be passed to the authorization object while using.
For eg: If you see BUKRS, then you need to pass the company codes relevant so the authority check is performed
All Authority object has activity which informs the operation to be performed. for eg:
ACTVT: Activities.
01 = Create
02 = Change
03 = Display
06 = Delete
07 = Activate
10 = Post
Also check for documentation if it is available, if so it makes life easy.
Hope this helps
Regards
Shiva

Authority objects and tcodes

Similar Messages

Maybe you are looking for