Authorization object coding -problem. Pls suggest.

Similar Messages

• Authorization object coding in ABAP report

  Hi,
  I am working on a report. The output of the report is details regarding vendor based on purchasing organization. When user executes the reports, they should be only able to see details if they are authorized to (create, change and display) for the purchasing org of vendor.
  The authrorization object by SAP security team is 'M_LFM1_EKO' for standard access to vendors (via MK01, MK02 AND MK03).
  How can I use same authorization object to do check in my program for the user in ABAP so that if user is not authroized he will not be able to see details during output for those vendor.
  Regards,
  Tgshah.

  Hi ,
  Basically you need to call Authority-check using the pattern option and then pass the object name and field name .If the user has been assigned that object in his profile sy-subrc will succed otherwise fail .
  AUTHORITY-CHECK OBJECT 'M_LFM1_EKO'
           ID 'ACTVT' FIELD '1/2/3'
           ID 'EKORG' FIELD 'value of purchase organization'.
  IF sy-subrc eq 0 .
  WRITE :'authorization' .
  ELSE .
    WRITE 'no authorization' .
  ENDIF.
  The below lonk explains it more ...
  [http://help.sap.com/saphelp_40b/helpdata/fr/d4/e02c7dd435d1118b3f0060b03ca329/content.htm]
  Thank you .
  Anjaneya .

• Authorization object M_MATE_STA problem at MM17.

  Hi, experts!
  I have a problem of Mass change (T-code:MM17) authorization.
  I want to control our user that only can change data through MM17 and not allow to create new data to prevent accident.
  So, I set an authorization obj. M_MATE_STA(Material Master: Maintenance Statuses) as ACTVT:02 (Change)
  with STATM:all view(*) into user role,but it doesn`t work during Mass change test. : -(
  When I checked SU53, It shows that user doesn`t have authorization of
  M_MATE_STA, ACTVT:01 (Create) STATM : G (costing view). However, I tested changing Pur.grp through MM17 and it was not creation and Pur.grp field is located at purchaing view.
  What`s wrong with M_MATE_STA authorization setting at MM17 ?
  I cannot understand why M_MATE_STA ACTVT:01 (Create) is neccesaary when I want to CHANGE(Not create) data at MM17.
  Our system is ECC 6.0 ehp4 Support package : 05 and there is no appropriate SAP Note to apply. Plz, help~!
  Plz, help~!

  Hi,
  I suggest to post this question in the security forum.
  Regards,

• Add Authorization field to Authorization Object (BTRTL to P_ORGIN)

  Hi,
  Could anybody please let me know the steps to add authorization field to an authorization object.
  I want to add authorization field (BTRTL) to authorization object (P_ORGIN).
  Please suggest..
  Thanks is advance!

  Hai..
  Goto SU03- access Class HR -> Object P-ORIGIN-> then check/create the values for the field BTRTL.
  For checking authorization Reports, we use command 'AUTHORITY-CHECK OBJECT'.

• Problem in transporting authorization object

  Hi,
  I am facing a problem in transporting the authorization object. We have an existing cube in development and production. In production the object has 3 authorization objects checked. Now I want to change the authorization object assignment in my cube. So I changed the assignment in the development, but when I tried to transport the authorization object it collected all the cubes where the authorization object is used.
  I want to transport only the authorization object associated with that cube, not all. I understand that logically if we are transporting the authorization object from RSSM, it takes all the assignments. But I don't want to do that because there may be some inconsistencies between the system.
  Can you tell me weather we have any other way, so that the authorization object is transported only for one particular cube assignment not all.
  Thanks in advance
  Prashant

  Hi,
  I tried that but not getting anything.
  Can you please tell me the steps.
  Steps I have done are as follows.
  1. Go to RSSM and select the authorization object.
  2. We have a button which says transport authorization object. I clicked on that.
  3. I got a list of all the authorization objects there. I selected my authorization objects and clicked on Transfer Object button.
  4. Then I get the hierarchy authorization objects.
  5. After that I selected a request and everything is included in that request. I didn't got your above mentioned option.
  Do you want me to go to the table RSSTOBJDIR and delete all the other entries??
  It would be great if you can tell me the steps to do that.
  Thanks in advance
  prashant

• AUTHORIZATION OBJECT PROBLEM

  Hi,
  I had added a Authorization Object on basis of Plant in my report and it is giving the problem that instead of displaying the Plant it is displaying as IEQPlant 1. i had taken plant as a selection screen instead of parameter.
  Please tell provide me guidelines how to display the Plant name only instead of IEQPlant Name.
  AUTHORITY-CHECK OBJECT 'ZPLANT1'
  ID 'WERKS' FIELD P_WERKS.
  IF SY-SUBRC <> 0.
    MESSAGE E045(ZMSG) WITH P_WERKS.
  ENDIF.

  Hi,
  Please see the sample code below that I used to have the same functionality in one of my programs.
  *---Authorization for Company code entered by the users.
  *---This code will restrict users to see data for company
  *---codes which they are not authorized to.
  *---Select all the company codes based upon selection entered by the
  *---user
  DATA: li_bukrs TYPE TABLE OF bukrs,
         lwa_bukrs TYPE bukrs,
         lv_flag TYPE c.
  SELECT bukrs
     FROM t001
     INTO TABLE li_bukrs
    WHERE bukrs IN bukrs.
  IF sy-subrc EQ 0.
  *---Clear Screen variable for Company code
     CLEAR bukrs.
     REFRESH bukrs.
  *---Filter and prepare Select options for Company code table to be
  *---passed to query. Table will only have values of company codes he is
  *---authorized to for display.
     LOOP AT li_bukrs INTO lwa_bukrs.
       AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
                         ID 'BUKRS' FIELD lwa_bukrs
                         ID 'ACTVT' FIELD '03'.
       IF sy-subrc = 0.
         bukrs-sign = 'I'.
         bukrs-option = 'EQ'.
         bukrs-low = lwa_bukrs.
         bukrs-high = space.
         APPEND bukrs.
       ELSE.
         lv_flag = 'X'.
       ENDIF.
     ENDLOOP.
  *---Give warning message to the user in case he is not authorized to see
  *---data for all the company codes that he has entered.
     IF lv_flag = 'X'.
       MESSAGE ID 'ZF_MSS_FNG' TYPE 'W' NUMBER '015'.
     ENDIF.
  ENDIF.
  KR Jaideep,

• Hi I am using iphone 4, since last few days i am facing problem in touch screen at times it doesn't work at all for 5-10 mins and then it works out itself. Can anyone pls suggest what the problem is and how it can be sorted out?

  Hi I am using iphone 4, since last few days i am facing problem in touch screen at times it doesn’t work at all for 5-10 mins and then it works out itself. Can anyone pls suggest what the problem is and how it can be sorted out?

  Did you recently updated to 7.0.4? Even for me same also issues.

• Authorization objects problem , unable to delete

  hi all,
  i hv created authorization object via SU21. ZZ_program, I am trying to modify but it prompts warning:
  <b>Field assignment for object ZZ_PROGRAM cannot be changed as auth. for it exist
  Message no. 01221
  Diagnosis
  You attempted to change an object for which authorizations exist. Authorization fields for the object cannot be changed here.
  Procedure
  If you want to change the object anyway, you must first delete all authorization belonging to this object.  Consider that other systems may also be affected.</b>
  after i enter the message, it prompts the whereuse list
  <b>Where-Used List                  
  Authorization Object             
  ZZ_PROGRAM                       
  Berechtigungen                   
  AA________00                     
  Rollen                           
  ZZPROGRAM   </b>      
  after that, the  fields are all greyed off, i am unable to change the authorizatiion fields  and i do not understand the where use list result, can anybody pls help ?
  i am working on sap 4.7

  There  is one particular check with Table <b>USR12</b> (User Master Authorization Values) and also with table <b>AGR_1251</b> (Authorization data for the activity group).
    SELECT distinct AUTH FROM USR12     
         appending table list              
         WHERE OBJCT =  OBJECT             
           and AUTH  ne '&_SAP_ALL'        
           and AUTH  ne '&_SAP_APP'        
         order by auth.
    if sy-subrc = 0.                                       
      insert 'Berechtigungen' into list index 1.           
      RC = 1.                                              
    endif.                                                 
    append 'Rollen' to list.                               
    index = sy-tabix.                                      
         SELECT distinct agr_name FROM AGR_1251            
           appending table list                            
           WHERE OBJECT =  OBJECT                          
           order by agr_name.   
  If that is sucessful , you cannot change the authorization object.
  See the content of <b>AGR_1251</b> table using your authorization object name. Then you will Role name from field AGR_1251-AGR_NAME
  with this role name, go to Tcode: <b>PFCG</b>
  and give the Role name and click on change button
  In authorization tab.Chick on Change Authorization Data.
  And find and remove this authorization object from there.
  And then proceed with changing the Authorization object.
  Hope this will solve ur issue.

• Problem while loading texts and authorization objects file in RAR

  Hi all,
         i am getting internet explorer error while loading the texts and authorization objects text files in RAR .actually we uploaded rule file before this,does this step causes any error ?if so how to resolve this error.do i need to remove all rules/risks and then load text and authorization files? is there any shortcut to renove all risks generated in one shot? please reply me soon to resolve this.
  Thanks,
  Joseph.

  Hi Joseph,
  Please make sure to convert both the files in UTF-8 encoding format and then try to upload the files again. This should resolve the issue and if not then please paste the logs here.
  Regards
  Harleen

• Need authorization object for relaese of Invoice to accounting

  Dear Folks,
  Could you please let me know the authorization object which is available in standard SAP which restricts users from release of invoice to accounting and should have authorization to change the invoice....Pls don't forward  generic reply's...tried with available authorization objects using tcode SU24...for tcode VF02.
  Regards,
  Kishore

  Hi,
  See the program :   MV60AF0V_VBRK_BEARBEITEN
  Freigabe für Buchhaltung ( Accounting for release)
  ENHANCEMENT 65  OIC_SDP_SAPMV60A.    "active version
  *Coding for Invoice Approval Process.             "SDP-BILLING
      IF TVFK-OIINVAPP EQ CHARX.
        PERFORM RELE_AUTH_CHECK.
      ENDIF.
  ENDENHANCEMENT.
  Here incorporate your Z authorisation object or you can use any of the standard one.
  So that it will check the authorisation object before posting the same.
  Hope this will resolve your problem.
  regards,

• Assign Authorization Object dynamically

  Hi,
  I just want to know through coding is it possible to assign authorization object to user based on some condition dynamically.
  Its related to BP and in CRM 6.0
  Pls provide some approach if its possible.
  Thanks a lot.
  Regards,
  Shobhit

  Shobhit,
  Displaying authorization details would not be much of a problem. We can add a flag in the customer master and fetch the customers with the flag in the search result. I believe there is BADI to do that.
  Once the customers are retrieved navigating to the account details should be standard procedure. It should make use of standard events to go to the BPHeadOverview screen.
  But, the concern is whether or not there is authorization failure when we are trying to save the activity created using these flagged customers.
  Regards
  Prasenjit

• About authorization object

  Hi basis guys........
  i am not able to give print request.its showing authorization error
  "no authorization for LOCAL PRINTER" and "output could not be issued"
  i checked su53 screen. and i assigned that activity in authorization object.
  even then its showing authorization problem.
  Is there any object to add to get printing ?
  and what is "s_gui" object ? is that works?
  Please tell me your suggestions
  Regards........nagendra.

  Hi
  Check whether for the user a printer is assigned or not. Only the printer which is assigned to the user in SU01 can be used by the user.
  What u can try is assign the Local Printer in default printer for that particular user.
  Also if you have assigned the authorization object that was missing then there should not be a problem.
  Regards
  Sumit Jain
  [reward with points if the answer is useful]

• Authorization object for terms of payment in VA01

  Dear Gurus,
  we want that term of payment field on sale order should be in display mode for all user except authorised user, who has /have authority to change terms of payment.
  Requirement
  Authorization object (display, change) for terms of payment field at sale order creation and change level
  whether object is available in stadard or ABAP solution, please advice
  BR
  sajida

  Hi
  Two suggestions:
  1. In customizing, for credit managament, in tcode OVA8 you can lock the document in you change this field (see the helps for the flag 'critical fields')
  2. Manage it with user-exits becuase if you run SU24 for tcode VA01, I cannot find any auth.object related with this field. See SAP Note 178328 - Problems due to incorrect user exits in SD for further information
  I hope this helps you
  Regards
  Eduardo

• Creation of an authorization object

  Hi,
  I want to create an authorization object, in which I can add my own selection of fields.
  Hence, if I include this object in a role, I can restrict the user as per my requirements.
  I found SU21 in one of the forums, however I'm not sure if this is possible thru' SU21.
  Pls. help.
  Thanks a lot,
  Saba.

  Hi,
  Thanks for the reply...I was able to create the authorization objetc, however now I'm facing amother problem.
  In my role , I've removed the std. object (since it has insufficient fileds) 7 added the new "z" objetc, howver the T-code still checks for the std. object & does'nt pick up values from my Zobject...Is there some way I can embed my Z objetc into the std. one??
  Pls. help.
  Thanks a lot,
  Saba.

• P_ORIGIN authorization object.

  Hi
  We are encountering one problem in production.We  have one role giving Authorization to PA51 and PA61 tcodes it is working fine and the user assigned to that role is able to execute those tcodes with the help of that role upto last month. Now  he is not able to execute PA61 and even PA51 also . There is no changes transported to production for that role.
  User is trying to create IT2005 records
  SU53 screen is telling for P_ ORIGIN object
  AUTHC = u2018Eu2019
  INFTY = 2005
  PERSA = <Dummy>
  PERSG = <Dummy>
  PERSK = <Dummy>
  SUBTY = u2018u2019
  VDSK1 = <Dummy>
  Current authorization he is having for P_ORIGIN
  AUTHC = M, R,W
  INFTY = 2005
  PERSA = JTCW
  PERSG = *
  PERSK = *
  SUBTY = *
  VDSK1 = ESS.
  I am not even able to simulate in QA or in DEV the same error. In QA and DEV the role if working fine when assigned to some test ID. According to AUTHC he is having authorization for writing the record, but why system is looking for E.
  I did usercomapre again, reset user buffer through SU53, still he is not able to execute.
  Any idea on what to do? Any suggestions

  Hi Bernhard,
  Thanks for the input and sorry for not responding fast. Even I dont have access to production system as I am HR consultant. I will  work according to your sugegstion with our Basis.
  Just want to be clear, The role is working fine even last month also and user is able to enter overtime records of his staff . But this month When he tried to key in overtime records, system didnt allow him to do so.Even the header information of the staff when execute the PA61 tcode is missing. But when he keyed in his employee number he is able to see all the header information. But when trying to view his staff he is not able to see header information this month only. But Personnel number check authorization object is not included in the role. Any suggestions?
  Thanks
  Sasi.