Authorization Fields

Dear Friends,
I have authorization object. I want to use it for my Zprogram.
my problem is i want to check plant and product group.
Plant is already added,
I want to use MVGR1 field for product catagory, how can i do this.
or is it possible for add z field as a authorization field. i mean (Z table field)
Please this is open for any suggestions.
Thanks in advance.

Hi ,
u can create a new Autho.Object from Su21 , and u can use that object in ur program, but u need to assign this objects to ur user profiles.
this is only in case if no standard objects are avail.on product grp.
Regards
Prabhu

Similar Messages

How to add authorization field to a standard authorization object

Hi All,
I'm trying to limit user to can only create & change X type of order type in PM module. This can be fullfill by creating suer with assigned role with only allow X type of order type.
But when I assigned a display role which has authorization to display all order type (maintained as authorization object), now my user can create and change all order type.
How to limit user to can only create & change X order type and only display the rest of order type?
I assume by adding authorization field: AUFART(order type) in authorization object: I_TCODE will solve the problem, is it right? and is it possible to do that?
regards,
Andre

Hi,
your assumption is incorrect. First of all, adding a new field to standard authorization object is a bad idea. You would have to modify all checks for that object. For standard SAP object it means that you would have to modify many SAP programs.
The authorization object I_TCODE is checked in PM transactions. It gives you authorization to run that transactions. That object can't be used to limit what you do in that transaction or what order type you can process. You are looking for some other authorization object(s). You need to go to SU24 which gives you what authorization objects are checked in particular transaction. It does not have to cover all objects but it's a good starting point.
Cheers

Maintain Authorization Field in SAP ECC6.0

Hello all,
Our SAP system has upgraded from SAP 4.7 to ECC6.0 recently. After upgrade, I find that the function Maintain
Authorization Field - SU20 cannot be launched.
When I run the T-code SU20, the maintain authorization fields screen does not appear and a message "Start of Application: Maintain Authorization Fields" flash one time in the message bar (bottom left corner at the SAP screen).
Can I ask how to maintain Authorization Field in SAP ECC6.0?
Thanks
Sunny

Hello,
Does anyone know how to maintain Authorization Field in SAP ECC6.0?
Many thanks
Sunny

Can we give more than one value for an Authorization field in Auth-Check.

Hi all,
Can we give more than one value for an Authorization field in Auth-Check.
Ex: AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD <Value 1> <Value 2> <Value 3>.
IF SY-SUBRC 0.
MESSAGE E...
ENDIF.
If yes, please help me with exact syntax.
Think it will be like
ID 'CUSTTYPE' FIELD: <Value 1>, <Value 2>, <Value 3>.

Hi,
yes we can give more than one field.
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
   ID <authority field 1> FIELD <field value 1>.
   ID <authority field 2> FIELD <field value 2>.
   ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
please reward points, if it is useful.
satish.

Check partner authorization field

Hello Gurus,
The check partner authorization field is used to determine which partners are authorized
to release against a contract. Should no check be performed, you may leave the field blank.
where to set this check partner authorization field ?
Many thanks
Frank

Hi
You have to specify the release partners in the Customer master record of the Sold To. If you want to include the Ship To also as the release partner, then in the partner function tab of customer master specify the partner function as AW and give the customer number of the SH. Like wise you can add any no of SH.
Thanks,
Ravi

Table for Analysis authorization along with values for authorization fields

Hi,
I am looking for table that contains the Analysis Authorization name along with values for all the authorization fields within this Analysis Authorization. Individually i can go to PFCG or Rsecadmin but since i need all the Analysis auth objects, i need to get this info into excel, so need a table.

Hi Prashanth
You can check RSECVAL that is appropriate for your requirement please let us know if any further help is needed.
Thanks & Regards
Santosh Varada

Searching for values of authorization fields

Is there a way to see the transaction codes or programs that makes use of a specific value of an authorization field?
Example: K_PRICE001 has the following authorization fields.
               BUKRS - Company Code
               WERKS - Plant
               CWPRICLABL - Price Type
               ACTVT - Activity
The permitted activities are "02" (Change) and "03" (Display).
Can I find programs/transaction codes that use "02" only? or "03" only? or "*" for all?

> What it does not do is show you what values are linked to it, that you have to do manually but atleast you would have a list to start with.
Someone already did that and left all the information behind in the system for you - both check indicators (the capability of the transaction to control something) and proposals (the intended use of the transaction).
They also update it with each support package, but it is nor 100% correct not a perfect match for all your intentions. You can use authorizations to tune it if you have set it up correctly in the first place...
--> SU24.
Cheers,
Julius

Mapping authorization field IDs to field names (description)

Hello Folks,
I am trying to map the authorization field (technical ) names to field descriptions (long names)
Backgroud: I do not have enough input from the functional team yet on restrictions at data level. I have pulled out a list of orgfield values from USORG. Now i am trying to map the other authorization fields to their descriptions.
Table AUTHX only maps the field to the data element and while table DD04V lists the long field names for a given data element, i need to drill down before i get the description and thats for each fieldname / data element.
Question: Is going through SU20 for each object the best way to map the field description or is there a better way to map the auth field IDs to their description. And i mean for multiple input as there are scores of auth fields...
Regards,
Prashant

Thanks Jurjen, that helped a lot.
I downloaded the authorizations into an excel tough, (did not use uncoverted format).
Solution in Excel: Since there are a lot of blank cell values
-- name the columns clearly
create a pivot table
In the pivot select only the field technical name and field description columns
For some reason when the other columns are selected, everything is going blank for values
I am sure others are better with Excel than i am
Regards,
Prashant

Changing Package for Authorization fields

HI ,
I assigned my Authorization fields to $temp while creating them , now i want to change the package and transport them can any one have an idea how to change the package for Authorization Fields.
Regards,
Abraham

HI Arun,
I think u r getting me wrong, Authorizatin object have Authorization fields associated with them , we create them in SU20 , when i created them i assigned them to $temp now i want to chage the package it is not allowing me to do that can any one help me on this..
Regards,
Abraham

Add Authorization field to Authorization Object (BTRTL to P_ORGIN)

Hi,
Could anybody please let me know the steps to add authorization field to an authorization object.
I want to add authorization field (BTRTL) to authorization object (P_ORGIN).
Please suggest..
Thanks is advance!

Hai..
Goto SU03- access Class HR -> Object P-ORIGIN-> then check/create the values for the field BTRTL.
For checking authorization Reports, we use command 'AUTHORITY-CHECK OBJECT'.

Authorization object with no authorization field

Hi Experts,
I have created authorization object with no field checking.
This is possible? Because i want to create this auth object for conversion only, and its not needed field checking.
Please advice.

Hi
See this and do accordingly
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Regards
Anji

MAximum number of authorization fields in an authority object

What is the maximum number of authorization object in an authority object ?

An authorization object comprises up to 10 authorization fields.
Read [AUTHORITY-CHECK|http://help.sap.com/abapdocu_70/en/ABAPAUTHORITY-CHECK.htm], look also at [SU21|http://help.sap.com/abapdocu_70/en/ABENBC_AUTHORITY_CHECK.htm] transaction screen.
Regards,
Raymond

Authorization Field

Hi All,
I have a problem regarding Authorization Field in Role assignment.I need to know whether if we add a Authorization Field to a Authorization Object will affect the standard customization of the object.Next one is that how can we add a authorization field? i am not able to add the field to a Profit center accounting object K_KA_RPT.I want to make a authorization check with the controlling area for these reports so tried to add controlling area(KOKRS) to this object.i have a manual version for this object created and trying to add it in that.will it affect the standard customization of that object K_KA_RPT??
very urgent.
Regards
Andrew

Hi Andrew,
Using transaction SU21 (List of authorization fields) you can display the details for AUTH field PPFCODE. If you push the button Input Help (Shift+F4) you will get all 33 possible values (Note: my system is ECC 5.0).
A very handy function module for your purpose is SUSR_AUTF_GET_F4_HELP. Simply call the function module with your AUTH field and it displays all search help values. There you should find a programmatic way to determine AUTH field values.
Go through this to understand the authorization concept completely
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Reward if helpful.
Regards,
Harini.S

Creating Authorization Field as Local Object

Hello All,
I was creating new Authorization field and while saving, i was asked to save it as "Local Object"....
Can someone tell me what is meant by "Local Object" and what will be the benefits by doing so?
Adance Many thanks,
Regards
Geetha.

Hi,
Local Object means these Enhancement / Modification / Customization are not going to be included into any Package. Any change requests are of two types: Transportable or Local. If you decide not include your changes in any packages and thus not make this Transportable, i.e. the release and export phenomena will not be applicable there and you won't be able to create any task for a Local object.
Of course the authorization class, object and fields need to be moved through the Landscape and thus you need to include them into a Package. Preferably you should create a new Custom package (or may be already available) to move your changes though that package.
Let me know if you have any further query.
Regards,
Dipanjan

Authorization field value

Hi Experts,
Basis team has created one authorization object and created one authorization field for warehouse number. They will assign value to that field.
My question is:
Is there any table to get the authorization field value for that object? or How could I get the value for this authorization field value?
Because I should use that value in my select statement.
Any possible solution will be gratefully accepted.
Thanks & Regards,
Arindam Samanta.

Hi Arindam,
You shall get the warehouse number using SELECT query from it's master or transaction table and pass it to the AUTHORITY-CHECK statement.
Example:
SELECT SINGLE pernr
        INTO   l_pernr
        FROM   pa0105
        WHERE uname EQ sy-uname AND
               usrty EQ '0001'   AND
               begda LE sy-datum AND
               endda GE sy-datum.
AUTHORITY-CHECK OBJECT 'ZAUTH_HRT' ID 'PERNR' FIELD l_pernr.
IF sy-subrc <> 0.
   MESSAGE 'No authorization' TYPE 'E'.
ELSE.
   MESSAGE 'Congrats! You are authorized' TYPE 'I'.
ENDIF.
Hence, it will automatically check the values in l_pernr with the values in Authorization field.
You can check the values passed to authorization field using the T.code - PFCG
With Regards,
Gurulakshmi

Authorization Fields

Similar Messages

Maybe you are looking for