Authorization object - dump on field type due to character

Hi all,
As i have created an Authorization object
AUTHORITY-CHECK OBJECT 'YINF_BYTE'
ID 'Y_BYTE_CON' FIELD lv_byte_count.
While creating the authorization field ('Y_BYTE_CON' ), the data type I defined is ABAP_MSIZE.Similarly the type of the variable('LV_BYTE_COUNT) i am passing to the authorization object
is of the same type (i.e.,ABAP_MSIZE).
I am getting an syntax error 'LV_BYTE_COUNT must be a Character type field',Please help me out in resolving this.
Thanks in advance,
Ram
Edited by: Julius Bussche on Feb 20, 2009 9:19 AM
Please use meaningfull subject titles

Hi Chinmaya,
Which data type i need to go with ABAPTYPE..? is it the variable i am passing to the authorization object or the authorization field i need to change as ABAPTYPE..?
Plz advice me.
Thanks,
Ram

Similar Messages

Authorization Object Related To Movement Type

Hi,
I meet one problem, one user want to check which user can use MB1A t-code with movement type 201 and 202, but I know there are some authorization object related to movement type and I want to use suim with mb1a t-code and authorization object to check the user, but I don't know the authorization object about movement type in MB1A t-code, does anyone can help?

Go to SU24, enter the transaction code and press execute.
Here you can see the all authorization object whose are used for the transaction code MB1C.
Regards
Dev

Authorization object for manual condition type in sale order

Hi experts
I want ask them, If exist an authorization object for manual Condition type (KOMV-KSCHL) in the sales order (VA01/VA02), that the user don' t can create neither modify the sale orden with a specific manual condition type (payment term) by stardard way.
Best regards
John Angulo

HI John,
I would be surprised to know that someone uses the Payment terms as a condition in the Pricing procedure for sales orders. The payment terms define when the customer agrees to pay, (15, 20, 45 ,....days or 5 years or 10 years....whatever it be)
this detail for what i know is in the sales order header,and ideally has nothing to do with the Item level material price conditions.
its ok, If you mean something else by payment terms.....in principle you can have a conditon type restrcited such that manual entries on the condition are not possible. this cane be done in SPRO customizing, i am sure your functional consultants would know what to do (SPRO->Sales and Distribution->Basic Function->Condition Types), in the tab "Changes that can be made" have a value that says manual Processing is not allwowed
The ABAP route mentioned above is for a different scenarion and i dont think it is necessary for your requirement

Authorization Objects for Multiple Fields on a Screen

Hi,
I have a requirement to create authorization object on a screen with 20 fields and there are 3 users, each user for eg: User-A has rights to Display and modify a few fields and User-B has rights to diplay and modify a few fields and same is the case for the 3rd user, and there are some fields which all can modify.
what i can do is create 2 authorization objects for each user one with all fields that he can modify & Display and other with all fields which he can display only. In this way i will have to create 6 authorization objects for 3 users, is there a way to reduce to 3, one for each user or even bring it down to 1 for all.
Thanks,
Thirumal

Hi again,
1. Thanks for the transparent example.
2. Taking the same,
 it would be like this, in the program.
( u must agree that
if there are six different cases,
then there will be six different IF ENDIF
in your program, for edit/display combination of fields)
(you may also use GROUP1, GROUP2..GROUP4
concept along with authorisation concept
to group related fields )
2. suppose user2 or user 1 has logged in.
3. in the program,
 before displaying the fields,
a) use authority-check
 with 1, 2 and check sy-subrc to know
 which VALUE (1,2) is there for rights.
 b)then, logic would be like this
 (for display/edit of all fields)
 IF value = 1.
 field1-visible = true
 field1-editable = true
 field2-visible = true
 field2-editable = true
 field3-visible = true
 field3-editable = true
 endif.
 if value = 2.
 field1-visible = true
 field1-editable = false
 field2-visible = true
 field2-editable = false
 endif.
regards,
amit m.

Authorization Object for specific Output types maintained via MN11 & MN12

Hello,
I was looking to see if we could limit the access of users so that they can change only specific output types (see T-code NACE) when using transaction code MN12. specifically only LPH1 (standard SA output type). I'm not seeing anything within the system, and I can't seem to find anything via SNC which describes this, so I am wondering if this there is nothing like this/
Is anyone aware of something for this or a potential solution if an authorization object doesnt exist?

duplicate.. please close.

Authorization object for 351 movement type

Dear expert
Please guide me
How to restrict 351 movement type for created STO for self plant in self plant?
for eg : there are 2 plant 1001, 2001.
STO CREATED IN 1001 PLANT
IN THIS suppling plant : 2001 & Recieving plant : 1001
Now, suppling plant has to do 351 movement type & Recieving plant has to do 101 movement type.
Now my doubt is receving plant should not do 351 movement type.
but it shows that my 1001 plant (receving plant) doing 351 MOVEMENT TYP.
Logically it should not do this.
So , How to restrict 351 movement type for created STO for self plant in self plant?
Regards
SANTOSH KADAM.

M_MSEG_BMB
M_MSEG_BWA
M_MSEG_BWE
M_MSEG_BWF
M_MSEG_LGO
M_MSEG_WMB
M_MSEG_WWA
M_MSEG_WWE
M_MSEG_WWF
if your 1001 plant never needs a 351 movement, then dont assign the 351 together with 1001 in these objects for roles that are used in 1001 plant.
But if 1001 needs to perform as well a 351 to any other plant, then you cannot use authorization to restirct it.

Authorization object with no authorization field

Hi Experts,
I have created authorization object with no field checking.
This is possible? Because i want to create this auth object for conversion only, and its not needed field checking.
Please advice.

Hi
See this and do accordingly
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Regards
Anji

Regardig Authorization object

Hi All,
I would like to know the step by step creation of authorization object...
Iam able to create the authorization class and objects using SU21 for a ztable fields..
And am not getting how to use this in ABAP program.
I know using Authority-check we can do this...
Here Iam not understanding to whom we are checking the authorization..and how...
And also is this necessary to create a role in pfcg and assign it to user...
if so what is the necessary to create a role...
and what is the link between SU21 and pfcg...
how this is affecting...
can any one help me...out of this...
thanks and regards
raghu

Hai Phani
Go through this
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
go through report
TABLES: TOBJT.
DATA: OBJECT1 LIKE USR12-OBJCT,
OBJECT2 LIKE USR12-OBJCT,
OBJECT3 LIKE USR12-OBJCT,
AUTH1 LIKE USR12-AUTH,
AUTH2 LIKE USR12-AUTH,
AUTH3 LIKE USR12-AUTH,
IND LIKE SY-INDEX,
FLAG TYPE I.
DATA: BEGIN OF INTTAB OCCURS 30,
OBJECT LIKE USR12-OBJCT,
AUTH LIKE USR12-AUTH,
END OF INTTAB.
DATA: BEGIN OF INTTAB2 OCCURS 30,
OBJECT LIKE USR12-OBJCT,
AUTH LIKE USR12-AUTH,
EXPL LIKE TOBJT-TTEXT,
END OF INTTAB2.
DATA: BEGIN OF TABSET OCCURS 30,
SFIELD LIKE TOBJ-FIEL1,
VON(18),
BIS(18),
END OF TABSET.
*read up the authorizations from the user buffer
CALL 'ANALYSE_USERBUFFER'
ID 'AUTHS' FIELD INTTAB-SYS.
*filter out the multipy authorizatios of the same object
SORT INTTAB BY OBJECT.
DO.
IF SY-INDEX = 1.
OBJECT1 = ''. AUTH1 = ''.
READ TABLE INTTAB INDEX 1.
OBJECT2 = INTTAB-OBJECT .AUTH2 = INTTAB-AUTH.
READ TABLE INTTAB INDEX 2.
OBJECT3 = INTTAB-OBJECT.AUTH3 = INTTAB-AUTH.
ELSE.
OBJECT1 = OBJECT2. AUTH1 = AUTH2.
READ TABLE INTTAB INDEX SY-INDEX.
OBJECT2 = INTTAB-OBJECT .AUTH2 = INTTAB-AUTH.
IND = SY-INDEX + 1.
READ TABLE INTTAB INDEX IND.
IF SY-SUBRC = 0.
OBJECT3 = INTTAB-OBJECT.AUTH3 = INTTAB-AUTH.
ELSE.
OBJECT3 = ''. AUTH3 = ''.
IF OBJECT2 = OBJECT1 OR OBJECT2 = OBJECT3.
INTTAB2-OBJECT = OBJECT2.
INTTAB2-AUTH = AUTH2.
SELECT SINGLE * FROM TOBJT
WHERE LANGU = SY-LANGU
AND OBJECT = OBJECT2.
INTTAB2-EXPL = TOBJT-TTEXT.
ENDIF.
EXIT.
ENDIF.
ENDIF.
IF OBJECT2 = OBJECT1 OR OBJECT2 = OBJECT3.
INTTAB2-OBJECT = OBJECT2.
INTTAB2-AUTH = AUTH2.
SELECT SINGLE * FROM TOBJT
WHERE LANGU = SY-LANGU
AND OBJECT = OBJECT2.
INTTAB2-EXPL = TOBJT-TTEXT.
APPEND INTTAB2.
ENDIF.
ENDDO.
SORT INTTAB2 BY OBJECT AUTH.
*display the authorization and description, the objects, fields and
*field values
FLAG = 0. OBJECT1 = ''.
LOOP AT INTTAB2.
IF OBJECT1 = INTTAB2-OBJECT.
WRITE: / INTTAB2-AUTH COLOR 2.
PERFORM FIELD_VALUES.
LOOP AT TABSET.
WRITE: / TABSET-SFIELD, TABSET-VON, TABSET-BIS.
ENDLOOP.
ELSE.
SKIP.
WRITE: / INTTAB2-OBJECT COLOR 3, INTTAB2-EXPL COLOR 3.
PERFORM FIELD_VALUES.
WRITE: / INTTAB2-AUTH COLOR 2.
LOOP AT TABSET.
WRITE: / TABSET-SFIELD, TABSET-VON, TABSET-BIS.
ENDLOOP.
ENDIF.
OBJECT1 = INTTAB2-OBJECT.
ENDLOOP.
FORM FIELD_VALUES *
retrieve the field values of an authorization *
FORM FIELD_VALUES.
TABLES: USR12.
FIELD-SYMBOLS .
DATA: INTFLAG TYPE I VALUE 0, OFF TYPE I, VTYP, LNG TYPE I,
CLNG(2), GLNG(2), FLDLNG TYPE I VALUE 10, SETFILL.
SELECT SINGLE * FROM USR12
WHERE AUTH = INTTAB2-AUTH
AND OBJCT = INTTAB2-OBJECT
AND AKTPS = 'A'.
SETFILL = 0.
REFRESH TABSET.
CLEAR TABSET.
OFF = 2.
ASSIGN USR12-VALS+OFF(1) TO .
WRITE TO VTYP.
WHILE VTYP <> ' ' AND OFF < USR12-LNG.
OFF = OFF + 1.
CASE VTYP.
WHEN 'F'.
OFF = OFF + 5.
ASSIGN USR12-VALS+OFF(2) TO .
WRITE TO CLNG.
LNG = CLNG.
IF LNG <= 0.
EXIT.
ENDIF.
OFF = OFF + 2.
ASSIGN USR12-VALS+OFF(FLDLNG) TO .
WRITE TO TABSET-SFIELD.
OFF = OFF + FLDLNG.
WHEN 'E'.
ASSIGN USR12-VALS+OFF(LNG) TO .
WRITE TO TABSET-VON.
IF TABSET-VON = SPACE.
TABSET-VON = ''' '''.
ENDIF.
APPEND TABSET.
SETFILL = SETFILL + 1.
TABSET-VON = SPACE.
TABSET-BIS = SPACE.
OFF = OFF + LNG.
WHEN 'G'.
ASSIGN USR12-VALS+OFF(2) TO .
WRITE TO CLNG.
GLNG = CLNG.
OFF = OFF + 2.
ASSIGN USR12-VALS+OFF(LNG) TO .
IF INTFLAG = 0.
WRITE TO TABSET-VON.
WRITE '*' TO TABSET-VON+GLNG.
ELSE.
WRITE TO TABSET-BIS.
WRITE '*' TO TABSET-BIS+GLNG.
INTFLAG = 0.
ENDIF.
APPEND TABSET.
SETFILL = SETFILL + 1.
TABSET-VON = SPACE.
TABSET-BIS = SPACE.
OFF = OFF + LNG.
WHEN 'V'.
INTFLAG = 1.
ASSIGN USR12-VALS+OFF(LNG) TO .
WRITE TO TABSET-VON.
IF TABSET-VON = SPACE.
TABSET-VON = ''' '''.
ENDIF.
OFF = OFF + LNG.
WHEN 'B'.
INTFLAG = 0.
ASSIGN USR12-VALS+OFF(LNG) TO .
WRITE TO TABSET-BIS.
IF TABSET-BIS = SPACE.
TABSET-BIS = ''' '''.
ENDIF.
APPEND TABSET.
SETFILL = SETFILL + 1.
TABSET-VON = SPACE.
TABSET-BIS = SPACE.
OFF = OFF + LNG.
ENDCASE.
ASSIGN USR12-VALS+OFF(1) TO .
WRITE TO VTYP.
ENDWHILE.
ENDFORM.
go through this link
http://www.thespot4sap.com/Articles/SAP_ABAP_Queries_Authorizations.asp
also go through this Document
AUTHORITY-CHECK OBJECT object
ID name1 FIELD f1
ID name2 FIELD f2
ID name10 FIELD f10.
Effect
Explanation of IDs:
object Field which contains the name of the object for which the authorization is to be checked.
name1 ... Fields which contain the names of the name10 authorization fields defined in the object.
f1 ... Fields which contain the values for which the f10 authorization is to be checked.
AUTHORITY-CHECK checks for one object whether the user has an authorization that contains all values of f (see SAP authorization concept).
You must specify all authorizations for an object and a also a value for each ID (or DUMMY ).
The system checks the values for the ID s by AND-ing them together, i.e. all values must be part of an authorization assigned to the user.
If a user has several authorizations for an object, the values are OR-ed together. This means that if the CHECK finds all the specified values in one authorization, the user can proceed. Only if none of the authorizations for a user contains all the required values is the user rejected.
If the return code SY-SUBRC = 0, the user has the required authorization and may continue.
The return code is modified to suit the different error scenarios. The return code values have the following meaning:
4 User has no authorization in the SAP System for such an action. If necessary, change the user master record.
8 Too many parameters (fields, values). Maximum allowed is 10.
12 Specified object not maintained in the user master record.
16 No profile entered in the user master record.
24 The field names of the check call do not match those of an authorization. Either the authorization or the call is incorrect.
28 Incorrect structure for user master record.
32 Incorrect structure for user master record.
36 Incorrect structure for user master record.
If the return code value is 8 or possibly 24, inform the person responsible for the program. If the return code value is 4, 12, 15 or 24, consult your system administrator if you think you should have the relevant authorization. In the case of errors 28 to 36, contact SAP, since authorizations have probably been destroyed.
Individual authorizations are assigned to users in their respective user profiles, i.e. they are grouped together in profiles which are stored in the user master record.
Note
Instead of ID name FIELD f , you can also write ID name DUMMY . This means that no check is performed for the field concerned.
The check can only be performed on CHAR fields. All other field types result in 'unauthorized'.
Example
Check whether the user is authorized for a particular plant. In this case, the following authorization object applies:
Table OBJ : Definition of authorization object
M_EINF_WRK
ACTVT
WERKS
Here, M_EINF_WRK is the object name, whilst ACTVT and WERKS are authorization fields. For example, a user with the authorizations
M_EINF_WRK_BERECH1
ACTVT 01-03
WERKS 0001-0003 .
can display and change plants within the Purchasing and Materials Management areas.
Such a user would thus pass the checks
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0002'
ID 'ACTVT' FIELD '02'.
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' DUMMY
ID 'ACTVT' FIELD '01':
but would fail the check
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0005'
ID 'ACTVT' FIELD '04'.
Thanks & regards
Sreenivasulu P

Authorization Object Documentation

Dear Colleagues,
in earlier SAP versions there was on opportunity to download the documentation for all authorization objects in one docuemtn via
execute transaction SU03 -> Information -> Object List with Documentation -> Download
Does anyone know, where this function has gone to?
Help is appreciated
Helmut

With the help of a collegue I followed your advice.
The feature was availbale in SAP-Release 4.7, however got deprecated in ECC6.0. It was based on function module LIST_USER_DATA .
A workaround is as follows:
In order to obtain the documentation for all authorization objects (e.g. fields, activity codes and the corresponding explanations)
select from table DOKTL (Documentation: Text Lines) where ID (Documentation Class) = u201EUOu201C and LANGU (Language) = u201EENu201C and TYP (Document Type) = u201EEu201C fields OBJECT (Docu. Object), VERSION (Version of Document Modul) , DOKTEXT (Text line in documentation)
In a second step select all records from the resulkt set, where VERSION is highest.
If specific versions are required, refer to table DOKHL (Documentation: Headers).
Regards
Helmut

The scope of the customer-specific authorization object

Dears,
Could someone please feedback about the scope of the customer-specific authorization object; e.g. if we are to create a customer-specific authorization object to replace authorization object P_ORGIN in the HR module, to be able to add an extra authorization field to the newly created authorization object, the scope of the newly create authorization object (which will have a new validation code generated by report RPUACG00) will be the whole ERP system ?
The worry is caused by the fact that P_ORGIN is already used in several authorization roles granted to users in the different ERP modules (i.e. FI, SD, MM, CS), so the replacement would affect these modules.
Thanks.
Reda

Hello Reddy,
We are about to implement the HCM module (We are now in the testing
phase), on the same client as that of our SAP ERP implementation.
We need to authorize on the personnel number grouped by 'Payroll Area'
in transactions PA30, PA40
In authorization object P_ORGIN, the field VDSK1 is already used to
authorize on an attribute : cost center (organizational key) for each
organizational unit, so we can't configure it to authorize on other
fields from info type 0001 (e.g. Payroll Area).
We need to continue using the conventional / general authorization and
not the structural authorization, to stay in compliance with our
authorization schema already implemented in our FI, MM, SD & CS modules.
( Also, as per thread : Steps for creating structural authorization profile using trans. OOSP
the structural authorization cannot be used to authorize on Payroll Area.)
We need to go through the HR module implementation without any changes
in the ABAP code.
So, the last way out is the custom-specific authorization object, and as I mentioned before, the authorization object P_ORGIN was already used in other ERP modules; e.g. FI, MM, SD & CS,
( Note : I haven't started yet implementing this solution.)
Thanks.
Reda

Creation of Authorization Object

Dear All,
Can anyone of you guide me on how to create Authorization Object?
My Knowledge on this concept:-
1) Mark required object as Authorization Relevant
2) Use of T-code RSSM
3) Select marked Authorization Object
4) Assign fields to it, for authorization.
thats all i know.
There are few more additional settings we need to do for it.
Request you to provide with step by step procedure for the same.
Thanks & Rgds,
Anup

hi
To create an authorization object:
1) Execute transaction SU21
2) Double-click an Object Class to select a class that should contain
your new auth object
3) Click on CREATE (F5)
4) (If creating custom field) - Click the 'Field Maintenance' button -->
Click on CREATE (Shift+F1)
5) Enter the Name for the New Authorization field and the corresponding
Data Element and SAVE
6) Confirm the Change Request data for the new Authorization Field
7) Go back two screens (F3-->F3)
8) Enter the Authorization field name and document the object:
9) SAVE and ACTIVATE the documentation
10) Save the new Authorization Object
11) Confirm the change request data for the Authorization Object and
EXIT SU21
12) Finally, the SAP_ALL profile must be re-generated
the following link will be helpful
http://209.85.175.104/search?q=cache:BigTSV4_olEJ:www.gingle.com/glenaccess%255CsdnAuthorizationObjectsimple.docHowtocreatauthorisation+object&hl=en&ct=clnk&cd=10&gl=in
http://aroundsap.blogspot.com/2008/02/sap-bw-70bi-70-new-authorization.html
Use of T-code RSSM
Through BIW Authorizations (TCode RSSM)
Authorization check log. This gives information on
missing authorizations for reading data.

Authorization object for delivery block

Hi ,
How do I check the authorization object for any field? I specifically need one for delivery block.
Please help.
Thanks,
Shailaja

Hi,
If your looking to put a delivery level block or its removal then i guess you explore it through userexit mv45afzz
Regards,
Saurabh

Query on authorization object

Hi,
I need to create one authorization object which contain only one field as sy-uname.
I carry out the following stapes:
1. I went to SU21
2. Create a class
3. create a authorization object
4. Add a field sy-uname in the field
Now , my query is that,
1. is it allowed to add sy-uname in there in the field or i have to put just 'uname' there. or what??
2. Is there any other steps required after adding the field in the authorization object
3. Do any one has some document on how these authorization object work execpt the F1 help on the 'AUTHORITY-CHECK' in the editor???

Hi
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Reward points if useful
Regards
Anji

Authorization Object - ME21N

I'm making some and user's profile but i'm having a problem with this.
I need to find the authorization object for the field vendor when i make a standard order. i need to restrain this field to make a good end user profile.
I've tried to make trace with ST01, and i've tried to use SU22 to find the authorization object but i didn't find it!
I really need help on this...thx

S_BCE_68001413 (T code) - Authorization Objects by Complex Selection Criteria ,
Enter the following object class to get all the authorization objects for mm.
MM_B       Materials Management: Inventory Management/Phys.Inventory
MM_D       MM: Material Requirements Planning
MM_E        Materials Management: Purchasing
MM_G      Materials Management: Master Data
MM_L       Materials Management - Whse Management (-> split into LE_L)
MM_P      Materials Management - Returnable Packaging Logistics
MM_R      Materials Management - Invoice Verification
MM_S         Materials Management: External Services
MM_W       Materials Management - Valuation and Account Determination
as well check SU24
here enter the transaction code name for which you want authorize and execute..
Edited by: Jayakumar Raju A.S on Aug 10, 2009 7:18 PM

Authorization Object Values

Hi All,
There's an authorization object called P_ORGINCON. It has 8 different fields and respective values. Now, one of the fields has '' as a value (two continuous single quotes, without space between them) and another field has ' ' as a value (continuous single quotes, with space between them).
What is the difference between both the values i.e., the two different quotes with and without spaces.
It would be 'rewarding' if someone can help me on this
Cheers,
Ravi

Hi
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Reward points for useful Answers
Regards
Anji

Authorization object - dump on field type due to character

Similar Messages

Maybe you are looking for