Authorization check for a program (Not SAP standard) from SA38(End user )
Hi All,
I have a requirement which involved in restricting the user to execute the program using SA38.Please suggest me.
I went to SU20 but could not find the right way how to do?
Thanks in advance
1) check authority object for field for whcich u want to check authority is present or not
for this use transaction su20 /su21
2)if it is not u create object by using su21.
3)after that in programm use fm AUTHORITY-CHECK OBJECT .
ex---AUTHORITY-CHECK OBJECT 'V_LIKP_VST'
ID 'VSTEL' FIELD t_sel-vstel
ID 'ACTVT' FIELD '01'
ID 'ACTVT' FIELD '02'
ID 'ACTVT' FIELD '03'
ID 'ACTVT' FIELD '04'
ID 'ACTVT' FIELD '18'
ID 'ACTVT' FIELD '24'
ID 'ACTVT' FIELD '25'
ID 'ACTVT' FIELD '85'.
IF sy-subrc <> 0.
t_authority-vstel = t_sel-vstel.
APPEND t_authority.
CLEAR t_authority.
Similar Messages
-
Authorization check for a program/table
Hi ,
Can anyone help me out in
How to do authorization check for an abap program and also a table.
I have no idea about the authorizations.
My requirement is that I need to do the authorization check in such a manner that only users having a certain profile
1. should be able to execute the program
2. View of the entries of the table.
Thanks & Regards,
KeerthiHello Keerhi ,
I got you wrong at first!
If you want to have only certain users to be able to do certain operations, then you need to assign the appropriate roles to those users!
First find the role
second add the user in the role ( PFCG T code---> USers tab)
Raj -
Authorization check For Test plan in SAP Solution Manager test management
Hi experts,
I need to allow only selected user to view their test package and the list of transaction so i need to have a authorization check by using enhancement i got struck since i am not able to find any badi for this ..kindly looking back your suggestionHi Namrata,
Yes, you can create project structure before using solar01 tcode. later once your test cases (either manual or automatic) are ready then you can upload them using solar02 on test cases tab,
refer Link Test Case to Transactions/Reports - Configuration - SAP Library
Assignments - SAP Solution Manager - SAP Library
Thanks
Jansi -
Authorization check For T code
Hi everyone,
Can anybody guide to set a authorization check for a particular Tcode.
I have ztable where users are assigned particular numbers.
I want the users who are assigned some numbers should be able to use this particular t code
Thanks in advancehi
chk this out
AUTHORITY-CHECK
Basic form
AUTHORITY-CHECK OBJECT object
ID name1 FIELD f1
ID name2 FIELD f2
ID name10 FIELD f10.
Effect
Explanation of IDs:
object
Field which contains the name of the object for which the authorization is to be checked.
name1 ...
Fields which contain the names of the
name10
authorization fields defined in the object.
f1 ...
Fields which contain the values for which the
f10
authorization is to be checked.
AUTHORITY-CHECK checks for one object whether the user has an authorization that contains all values of f (see SAP authorization concept).
You must specify all authorizations for an object and a also a value for each ID (or DUMMY).
The system checks the values for the IDs by AND-ing them together, i.e. all values must be part of an authorization assigned to the user.
If a user has several authorizations for an object, the values are OR-ed together. This means that if the CHECK finds all the specified values in one authorization, the user can proceed. Only if none of the authorizations for a user contains all the required values is the user rejected.
If the return code value in SY-SUBRC is 0, the user has the required authorization and may continue.
The return code value changes according to the different error scenarios. The return code values have the following meaning:
4
User has no authorization in the SAP System for such an action. If necessary, change the user master record.
8
Too many parameters (fields, values). Maximum allowed is 10.
12
Specified object not maintained in the user master record.
16
No profile entered in the user master record.
24
The field names of the check call do not match those of an authorization. Either the authorization or the call is incorrect.
28
Incorrect structure for user master record.
32
Incorrect structure for user master record.
36
Incorrect structure for user master record.
If the return code value is 8 or 24, inform the person responsible for the program. If the return code value is 4, 12, 16 or 24, consult your system administrator if you think you should have the relevant authorization. In the case of errors 28 to 36, contact SAP because authorizations have probably been destroyed.
Individual authorizations are assigned to users in their respective user profiles, i.e. they are grouped together in profiles which are stored in the user master record.
Note
Instead of ID name FIELD f, you can also write ID name DUMMY. This means that no check is performed for the field concerned.
The check can only be performed on CHAR fields. All other field types result in 'unauthorized'.
Example
Check whether the user is authorized for a particular plant. In this case, the following authorization object applies:
Table OBJ: Definition of authorization object
M_EINF_WRK
ACTVT
WERKS
Here, M_EINF_WRK is the object name, whilst ACTVT and WERKS are authorization fields. For example, a user with the authorizations
M_EINF_WRK_BERECH1
ACTVT 01-03
WERKS 0001-0003 .
can display and change plants within the Purchasing and Materials Management areas.
Such a user would thus pass the checks
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0002'
ID 'ACTVT' FIELD '02'.
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' DUMMY
ID 'ACTVT' FIELD '01':
but would fail the check
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0005'
ID 'ACTVT' FIELD '04'.
To suppress unnecessary authorization checks or to carry out checks before the user has entered all the values, use DUMMY - as in this example. You can confirm the authorization later with another AUTHORITY-CHECK -
No ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document
In EP we are trying to access bsp
and we are getting error ,User T000209 (client 350) has no ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document
How to give authorization please help
venkateswararaoFirst Check is the ICF service is active using the SICF transaction.
Then Check for the authorization objects SAP_HR_HAP_EMPLOYEE
and SAP_HR_HAP_MANAGER.
Add the above roles to your user , it should work -
Authorization Checks in Z programs
Dear Experts,
Fist of all, thanks for your time. We're being asked to review each Functional Specification in the company to suggest to the developement team the standard objects that should be included in the code in order to restrict the access within each developement. My understanding was that, as an standard practice, developers only use bapis, standard functions or call transactions in their code, for which we should be covered, as SAP includes standard object checks in them (so when using a bapi associated to VA01, the objects in the code for VA01 are being checked). The exception for this are reports, for which we have a Z object with most of the Organizational Values like Company Code, Plant, etc to allow restrictions to take place (and developers are supposed to include this check in this code).
My first question is: is it true that bapis, standard functions and call transactions use the regular standard objects when being executed?.
If this is the case, is there any point in suggesting the objects to be checked to the developers?. It looks as if this would be redundant, as SAP is making sure they're being checked when bapis, standard functions and call transactions are executed...(exception made for reports, as mentioned)
Thanks a lot for your help!!
Best regards,
CMPTHi,
It is always a good idea for the Z transaction review to be performed by the Security consultant. After all it will be his responsibility later on to restrict access to the transaction. You can always ask for the functional consultant's help with understanding the use of the transaction
In case the custom transaction has been created similar to or is an enhancement on a standard SAP transaction, then it is always a good idea to have at least the same authorization checks for the Z txn also.
For new developments you need to ensure that the authorization checks need to be implemented based on the functionality of the txn and the data it manipulates. For eg., if you have a Z-txn to make changes to purchase orders, you need to ensure that the program checks for change activity for Purchasing Org, Purchasing Group and Plant values and any other authorization relevant data.
The auth objects to be used depends entirely on the data and the functional module the custom program belongs to. I generally prefer to use SAP standard objects where possible. Else create new auth objects as per requirement.
Regards,
Sanju -
Authorization Check For Pricing Reference Materail In VA01 & VA02
Hi Expert,
User has requested to do authorization check for pricing reference material in line item in VA01/VA02. currently SAP does not has any authorization check for pricing reference material field at line item in VA01/VA02. Is there any standard authorization object for this purpose or needs to use user exit to do this checking ie if the pricing reference material entered does not belong to the sales org as entered in sales header data then system will issue warning/error message. What will be the standard user exit routine if there is no standard authorization object for this purpose ?
Thanks.
Regards,
Tay
Edited by: Hung How Tay on May 13, 2010 2:48 AMHi,
Try below in MV45AFZB
USEREXIT_SOURCE_DETERMINATION
Best regards,
Anupa -
Authorization Check for Special Stock Indicator in IE02
Dear Gurus,
Would like to check with you if there is an authorization check for change in Special Stock Indicator in IE02-SerData Tab?
For example, the User will only be allowed to change the Special Stock Indicator only to "E" - Sales Order.
Would appreciate your help.
Thanks.Hi,
This cannot be done by using standard auth object. Standard SAP doesnt support control via this field.
Take help of your ABAP team and create an customized authorization object "Z_OBJECT" with field SOBKZ and which check these field value in table EQBS. Assign this auth object to role and profile you want.
Use the user exit IEQM0003 Additional checks before equipment update. Give a logic to check auth object when while using equipment change tcode. -
Extended Program check for multipl programes in single run
Hello All,
I wan to do the syntax check for multiple programs at single execution run.
SAP has provided SLIN transaction for single program, Is there any SAP standard transaction similar as SLIN for multiple program check at single execution run?
Thanks,
Feroz.>
s feroz wrote:
> I need it in R/34.6b version.
I don't think you have much option there -
ACCESS.ERROR: Authorization check for caller assignment to J2EESecurityRole
Hi
After updating our portal (NW04 SP20) this new error occurs in the default.trc log.
<i>ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [service.jms.default.authorization : administrators] referencing J2EE security role [SAP-J2EE-Engine : administrators].</i>
I have not found anything helpfull thusfar.
Thank you for your help in advanceHi,
We had the same problem after upgrading to 2004s sp13.
We applied all available patches and it went away.
Check out this thread:
<a href="https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0">https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0</a>
Best regards,
Avisahi Zamir -
Failed to activate authorization check for user SAPSYS
Hi Experts
I am trying to run the sdcc, it was throwing time_out error. i have increased the work process runtime. now
i am getting a error Failed to activate authorization check for user SAPSYS.
Please help me to solve this issue.
Regards
VenkatHi, Mr. Joe Bo.
Thanx for your reply. We are using ECC6 (HP Unix with Oracle)
Basis Patch - 15, Kernel 159
I have seen the the note but it's showing ccms method defination settings, but for my case we are yet to go live we have not made any settings from sap they are planning to run a session for the go live. When i am running sdcc i am getting a error in the system log "Failed to activate authorization check for user SAPSYS"
Thanks & Regards
Venkatesan J -
Syntax check for inactive programs(object)
I am having some program in internal table now i have to do syntax check for the programs, actually I can use SLIN but SLIN will not do Syntax check if the object is not active, is there any way that I can check for many programs one after the other.
Hi Vikram,
USe the transaction SAMT.
Please flooow the link below it will solve u r pblm.
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/40c62223-639e-2a10-dd9a-b1dd9af73aeb
Thanks -
Query - Authorization Check for Material Details
Hi Experts,
I've got a requirement where I've to put authorization check in a number of transactions (standard as well as custom) which lead to material display some way or the other for specifc matarils (checking the authorization field). Few are for reports (may be interactive) as well. The need is to stop unauthorized people from getting access to the specifc material details such as dimensions (quantity,length, width, etc.).
The first option would be to stop the user from viewing the material itself and showing some appropriate error message.
The second option would be to make the above said details invisible in the screen for the specific matarials.
The Authorization object is M_MATE_MAT.
The Authorization field is BEGRU.
The range of tcodes start from ME21, ME22, ME23, ME23N ...to MM01, MM02 etc. and a number of custom tcodes.
What is the best way to achieve this? I guess I'd need to look for exits. Please suggest
Thanks & Regards
Pritam> I've got a requirement where I've to put authorization check in a number of transactions (standard as well as custom) which lead to material display some way or the other for specifc matarils (checking the authorization field). Few are for reports (may be interactive) as well. The need is to stop unauthorized people from getting access to the specifc material details such as dimensions (quantity,length, width, etc.).
>
> The first option would be to stop the user from viewing the material itself and showing some appropriate error message.
>
You can do this with authorization at transaction level.
> The second option would be to make the above said details invisible in the screen for the specific matarials.
>
Invisible on the screen, you might need to consider the material screens user exit. I am not sure how your material master configured
> The Authorization object is M_MATE_MAT.
> The Authorization field is BEGRU.
>
> The range of tcodes start from ME21, ME22, ME23, ME23N ...to MM01, MM02 etc. and a number of custom tcodes.
>
> What is the best way to achieve this? I guess I'd need to look for exits. Please suggest
All in all, you need user exits to have field level authorization and maintain authorizations at transaction level for the one you dont want to show anyone or to few -
Error :Authorization check for caller assignment to J2EE security role whil
Hi Experts,
i m working as a portal resource .
after the deployment of standered Sap e-rec package .
i m getting some error. i have assigned the recruiter role to one test user.
Now i m getting two issue:
1)All the services are appearing in Detailed Navigation Pannel but not in Portal content area..
2) I m able to see few iview for the test user but those are also in detailed navigation view.
And few ivews are giving following error :
i)Internal error
ii)error 2011-12-19 07:59:57:315 ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterNR] referencing J2EE security role [SAP-J2EE-Engine : administrators].
/System/Security/Audit/J2EE com.sap.engine.services.security.roles.audit n/a EP-DEV-KRT Server 0 0_97989
Full Message Text
ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterNR] referencing J2EE security role [SAP-J2EE-Engine : administrators].
please suggest what can be done or what is pending from my side.Prajakta2602 wrote:
Hi Experts,
>
> the previous issue got solved..
> it was due to servies pack miss match and applying notes
> the Basis guy checked the SLD logs and accordingly found that the base components J2EECORE and JTECHS required paching as per
> notes 1445294 and 1175239 were applied.
> now the issue is:
>
>
> After implemetation and i assigning the standerd sap roles
> 1)Recruiter Administrator
> 2)Recruiter
> to the test user .
> but for few iview it is showing error as in
> 1) you are not a authorized user
> 2) internal error
>
> please help experts.
>
> i m working on portal side have i to assign any role to that test user..
>
>
> Thnaks & Regards,
> Prajakta
You can run a quick check using the below steps:
1. Check in backend whether there is any authorisation errors... you may use transactions SU53 or ST22 for any ABAP errors
2. Also check in NWA -> log viewer -> last 24 hours log for the particular user to see any java related issues.
Regards,
Mahesh -
Authorization checks for PNP LDB
question : how to validate authorization checks for pnp logical database?
2 nd question: hr report
this report is basically for salary survey. in this i had so many fields can any body let me know how
can i form the internal tables. and i have to display overall 150 fields in csv file for that
how can i take in to the final internal table.
what is the logic behind this:
T71JPR09-JOBCODE
PA0000-PERNR
HRP1000-STEXT
P0006-PSTLZ
PA0008-ANSAL * 100 / PA0008-BSGRD
PA0015-BETRG
PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-GRADT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
like that i had.
please give me the steps how can i proceed.Hi,
The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
Hope this helps.
Maybe you are looking for
-
DPM 2012 R2 Repoting Protection Status as OK but no replica exists for the volume
2012R2 server running 2012R2 DPM. I am using LeftHand SAN as my DPM disks for storing backups. Our production SAN is an EMC VNX5300. I have created a mount point of a LUN and attached it to the DPM server. I have attached a snapshot to the mount poin
-
as said in the titel any help would be very helpful thanks
-
JSF with Infragistics Dialog window problem
Hi All, First of all i would like to thank you all for your previous valuable suggestions. Currently i am working on JSF 1.1 application with Infragistics components. We implemented 'City Search' functionality where a command Link will be displayed o
-
Incremental Backup in Oracle 9i(9.2.0.1)
I have used Oracle 9i (9.2.0.1) version. How could I take incremental backup of the particular database user? Please help me.
-
Creative vision m display prob
my creative vision m has been acting wierd lately AGAIN :/ the screen is like blinging .. really fast like it gets lighter and then darker .. kind of hard to explain ..when im looking at a dark picture or a black one .. picture is a black jpg picture