Authorization check - Lvel: Program/Tcode - report/SM30/odr

Similar Messages

• Include an authorization check in program

  Hello,
  I am new to SDN .
  I got a requirement where i have to include an authorization check in programs this is required for all custom programs before they are added to roles . I am not sure what i have to do it .
  These programs if i try to open in se38 , i cannot view them .
  How do i include authorisation checks .
  Please let me know step by step .
  i will be grateful.
  thanks
  sumit
  Edited by: sumit123 on Jan 20, 2010 9:52 AM

  Hi Sumit,
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67129f439b11d1896f0000e8322d00/content.htm
  Check this link.
  The following actions are authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid: .
  1.Starting SAP transactions (authorization object S_TCODE)
  2.Starting reports (authorization object S_PROGRAM)
  3.Calling RFC function modules (authorization object S_RFC)
  4.Table maintenance with generic tools (S_TABU_DIS)
  Authority check is done to restrict the execution of a report to certain users.
  Basis creates a authorisation group , includes certain roles in it, to which authorisation should be given.
  If one's id has that role then he is authorised to execute the report..
  IN the report the below code is written to do auth. check
  Authority check on plant
  AUTHORITY-CHECK OBJECT 'ZMMD_PROD'
  ID 'WERKS' FIELD wf_werks.
  Here authorisation is done on plant. and the authorisation object is ZMMD_PROD(to be created by BASIS)

• Missing authorization check on the IM Reports

  Hi,
  We use RAIMINFO reports (S_ALR_87012805, S_ALR_87012806 u2026 ) to display
  structure and values in Ferrero Spa investment program
  On the initial screen, the value types which have to be output, are
  determined by the authorization checks to be carried out .
  For example in case that an user decides to display the plan or budget
  references to program position, the user has to have the authorizations
  on the Persons responsible (A_IMPR_VER). For us this is OK because we
  define responsibilities through A_IMPR_VER. But if user decides to
  display the appropriation request or measures and he doesnu2019t indicates
  the program position it seems that anything on the A_IMPR_VER will be
  performed. We need that the check on A_IMPR_VER will be performed always(for all objects: measures, appropriation request ).
  We think this is a function missing in RAIMINFO and in all the IM
  reports.
  Could you help us to solve this problem?
  Thanks and best regards,

  Hi,
  If you want use check box in crystal., then you can do this by writing piece of code.
  please try for
  If {Table.Field} = True Then
  'Display the checkbox of your choice here
  Formula = Chr(254).
  thanks.
  Bala

• Table showing authorization checks for programs

  Can anyone tell me which table shows the list of all programs and the authorizations they are currently checking?  Thanks for your  help.

  link:[http://www.tamboly.com/SAPSecurityTable.html]

• Authorization check to users in Report

  Hi frds,
  FI- Posting document created smart form
  My customer is asking Document values greater than RS : 250000/-  restrict to view some users ..........
  How to acheive this requirement...........

  Hi Kabil,
  a third option to the suggestions Nabheet Madan mentioned is to look for a property to recognize the special users.
  This might be a common role or authority, that no other users will own.
  For checking roles you can access table AGR_USERS, for check checking special authorities you need a matching AUTHORITY-CHECK in your report.
  Regards,
  Klaus

• Command For Authorization Check

  Hii...Dudes...
  Can Any one tell me..What are the Commands and Procedure to do Authorization Check for Programs..
  Any documentation could be help ful...
  Tell me How to create ....an Z Object and tell me procedure too...
  points will be rewarded .........
  Regards,
  sg.....
  Edited by: Suneel Kumar Gopisetty on May 17, 2008 12:10 PM
  Edited by: Suneel Kumar Gopisetty on May 17, 2008 12:21 PM

  hi,
  go to this link it will be useful.
  http://help.sap.com/saphelp_nw04/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  authority-check object 'S_TCODE'
                  id     'TCD'
                  field  'SM35'.
  if sy-subrc ne 0.
    User does not have authority for transaction SM35!!!
  endif.
  Do you want for the Creation of Zoject means using oops concept.

• Authorization check on Z report

  Hello Experts,
  We had a requirement to develop a report which would combine the features of V.14 and V23 with some additional features like removing delivery blocks and billing blocks.
  We want to add some authorization checks so that some people are restricted to view information of only some sales organizations and some people like management will have a broader authorization to view details of multiple sales organizations.  How can we acheive this?
  For example in SU23 when we run our custom T code we do not see the authorization object which is used in the program. We are currently using VBAK_VKO in our program.
  Thanks and regards.
  ES.

  Hi,
  Adding to above replies, are you calling V.14 and V23 in your custom program or you created your own login in Z program? If standard tcodes are being called, make sure that appropriate restrictions are placed in SE97 tcode for the Z tcode.
  In SU24, you will have to add the object to the Z tcode. You will not see it automatically. But make sure that the authority check is there in program (can verify by a ST01 trace).
  As Anika said, you can create separate roles for each required sales organization.
  Thanks

• Create authorization check for a report

  Hi,
  I need to create an authorization check for a report. It means that I need to restrict the usage of the report to couple of users ( 'USER1' and 'USER2' ). How can I do that? I did read through a lot of threads regarding this piece got a bit confused and stuck while creating the authorization object.
  Say the report name is ZHR_TIMEABC.
  Can anyone explain how to create an authorization object and how are they tied to the object and call them in the abap code?
  Thanks in advance,
  VG

  Hi,
  Thanks. Here is my understanding, S_C_FUNCT calls a system generated function module to make an authority check. So, if different users say USER1 and USER2 have different authroization levels, defined in their user profile, just adding this piece code will take care of authroization check for the program OR do I need to take care of something else?
  If so, when do we need to create the authorization objects using SU20 and assign the group and follo this process? When do we use this approach ( lot of threads on authority check have mentioned this procedure)?
  Your inputs will be helpful to understand this concept.
  Thanks,
  VG

• Abap programe 'AUTHORIZATION-CHECK'

  What is abap programe 'AUTHORIZATION-CHECK' how can i navigate there

  Hi,
  You can navigate to the Code this way
  1)
  SE93> Display>Double click in the Entry corresponding to Program-->then you enter the Source Code here select find and give the search string as
  "Authority-Check" this displays you whatever entries are there in the code.
  This method is useful if you know the Tcode and want to see what check statemetns are there in ABAP code corresponding to it.
  2)On the other hand if you know the program then go to
  SE38> enter the program name> Select Source Code> Press Display>
  and from there search with the string mentioned above justlike the case mentioned above...
  Hope this helps
  Regards,
  Manohar

• Re: Setting Authorization Check in Report Writer

  Hi,
  In ABAP Query or ABAP customized program, it is possible to set authorization object checking.
  In Report Writer, how can I do it?
  <REMOVED BY MODERATOR - REQUEST OR OFFER POINTS ARE FORBIDDEN>
  Thanks
  Edited by: Alvaro Tejada Galindo on Dec 26, 2008 10:59 AM

  Hi Colin,
  I would like to suggest,
  Creating an Authorization object & then using it in the report program is the preffered way.
  I would like to suggest a couple of references, quite similar to your issue,
  [SDN - Reference for using authorization checks at the report level|User authorisation check in ABAP-HR program;
  [SAP HELP - Standard Reference for Programming Autorization checks|http://help.sap.com/saphelp_nw04/helpdata/en/52/6712ac439b11d1896f0000e8322d00/frameset.htm]
  [SAP HELP - Standard Reference for Authorization checks|http://help.sap.com/saphelp_nw04s/helpdata/en/fc/eb3ba5358411d1829f0000e829fbfe/frameset.htm]
  Hope that's usefull.
  Good Luck & Regards.
  Harsh Dave

• Authorization Checks in Z programs

  Dear Experts,
  Fist of all, thanks for your time. We're being asked to review each Functional Specification in the company to suggest to the developement team the standard objects that should be included in the code in order to restrict the access within each developement. My understanding was that, as an standard practice, developers only use bapis, standard functions or call transactions in their code, for which we should be covered, as SAP includes standard object checks in them (so when using a bapi associated to VA01, the objects in the code for VA01 are being checked). The exception for this are reports, for which we have a Z object with most of the Organizational Values like Company Code, Plant, etc to allow restrictions to take place (and developers are supposed to include this check in this code).
  My first question is: is it true that bapis, standard functions and call transactions use the regular standard objects when being executed?.
  If this is the case, is there any point in suggesting the objects to be checked to the developers?. It looks as if this would be redundant, as SAP is making sure they're being checked when bapis, standard functions and call transactions are executed...(exception made for reports, as mentioned)
  Thanks a lot for your help!!
  Best regards,
  CMPT

  Hi,
  It is always a good idea for the Z transaction review to be performed by the Security consultant. After all it will be his responsibility later on to restrict access to the transaction. You can always ask for the functional consultant's help with understanding the use of the transaction
  In case the custom transaction has been created similar to or is an enhancement on a standard SAP transaction, then it is always a good idea to have at least the same authorization checks for the Z txn also.
  For new developments you need to ensure that the authorization checks need to be implemented based on the functionality of the txn and the data it manipulates. For eg., if you have a Z-txn to make changes to purchase orders, you need to ensure that the program checks for change activity for Purchasing Org, Purchasing Group and Plant values and any other authorization relevant data.
  The auth objects to be used depends entirely on the data and the functional module the custom program belongs to. I generally prefer to use SAP standard objects where possible. Else create new auth objects as per requirement.
  Regards,
  Sanju

• How to find which custom program uses authorization checks

  Hi all,
  I have been asked to find out which custom ABAP program in our organization is using Authorizations checks and which is not.
  Since there are thousands of custom programs I will need to automatize this process somehow.  But I am not an ABAP expert and I will need some help.
  Could any of you give me an idea of what would be the best strategy to find out if authorization objects/checks exist in a number of ABAP programs?  (would a simple text search do?).
  Many thanks,
  Aldo

  If you are looking out for Authorization related to Execution of any program, then look for entries in table TRDIR where field SECU (Authorization Group) is not blank.
  Below SAP documentation may help you:
  Authorization Group
  Authorization group to which the program is assigned.
  The assignment of a program to an authorization group plays a role when the system checks whether the user is authorized to:
  Execute a program
  --> Authorization object S_PROGRAM
  Edit a program (-Include) in the ABAP Workbench
  --> Authorization object S_DEVELOP
  Programs that are not assigned to an authorization group are not protected against display and execution.
  Security-related programs should, therefore, always be assigned to an authorization group.
  Report RSCSAUTH can also be used to assign programs to authorization groups. This report is documented in detail.

• Authorization check of Tcode FCH7 (reprint check) / FCHN (display check)

  Hello to you all,
  Does any of you know of an option of extended the authorization check of Tcode FCH7 (reprint check) / FCHN (display check) using authorization object F_BKPF_BEK / F_LFA1_BEK?
  Regards,
  yoav Bernstain

  Hi,
  Authroization: User need authroization to post Financial Accounting Document for Vendor
  Object: F_BKPF_BEK
  Activities: 01-Creat, 02-Change and 06-Deleter
  Authroization: User need authroization for vendor Master Data (03-Display activity can also work)
  Object: F_LFA1_BEK
  Activities: 01-Creat, 02-Change, 03-Display and 06-Deleter
  Regards,
  Prashant Rane

• Authorization check for a program/table

  Hi ,
  Can anyone help me out in
     How to do authorization check for an abap program and also a table.
     I have no idea about the authorizations.
  My requirement is that I need to do the authorization check in such a manner that only users having a certain profile
  1. should be able to execute the program
  2. View of the entries of the table.
  Thanks & Regards,
  Keerthi

  Hello Keerhi ,
  I got you wrong at first!
  If you want to have only certain users to be able to do certain operations, then you need to assign the appropriate roles to those users!
  First find the role
  second add the user in the role ( PFCG T code---> USers tab)
  Raj

• User authorization check in report

  Hi All,
  I want check user name in report while event (at user-command) trigger.
  Have 2 buttons in report A.Process B. Display.
  any user can press display button. but some of the user only can press Process button.
  how can I do this using authorization objetcs.
  I donot want to check by sy-uname, because I donot want to hardcode user names.
  Thanks & Regards
  Gupta......

  Hi,
  You need to ask to BASIS guy to create the authorization object.
  Whenever user clicks the button PROCESS in PAI of that screen you need to write the authority check statement.
  For example if i need to validate the country for the particular user :
  MODULE user_command_9000 INPUT.
  *Authority Check for Country*
  AUTHORITY-CHECK OBJECT 'ZO9_CNTRY'
      ID 'COUNTRY' FIELD g_soldto_country.
  if sy-subrc ne 0.
       clear g_ok_code.
       message E001(ZMESSAGE_AS) with g_soldto_country.
  endif.
  I hope this will be useful to you.
  Plz reward if useful.
  Thanks,
  Dhanashri