Cheking bw authority object

Similar Messages

• How to find out in which role an authority object is included

  Hi,
  I need to call web services by an external application. Therefore the authorization object S_SERVICE is needed to call services.
  Now I want to add this object to a specific sap user, but how can I find out in which role this object is included? I don't want to create a new role for just only this standard SAP authority object.
  Thank you!

  >
  Torben Larsen wrote:
  > Hey!
  >
  > Thank you for your answer. I have now found roles, which include this object. But I still have the authorization problems and can see that the object S_SERVICE is the problem, when tracing with ST01.
  >
  > I'm not that much into authorization stuff. So do I need also a profile? I only could call the web services by using profile SAP_ALL.
  >
  > thank you!
  Now that you have required role with you .. simple assign that role to user id from transaction SU01 (Roles tabs).
  Sap standard roles will already have profile in it. You might have to generate the profile. Goto transaction PFCG enter role name hit display button , goto Authorisation tab, hit Display Authorisation button and on next screen press generate button (Shift+f5).
  By the way you can use SUIM to find role and profile for given authority object

• Problem during creation of authority object

  Hi All,
  I am trying to do authority object of standart report RFASLDPC but when I am giving authorization object in authorization object field (Bcoz requirment is this transaction code for perticular company code)then it is following error/warning 'check object has not been maintained.'
  Could you please tell me what is the remedy for that?
  Regards,
  Amar.

  Hi,
    I think you should check if the authorty object that you are using has been created you can try to use transaction su21, i think the authority object that you are trying to use does not exist.
  Check the below link for more info
  LINK[ Auth Objects |http://help.sap.com/saphelp_nw04/helpdata/EN/80/1a6859e07211d2acb80000e829fbfe/content.htm]
  Regards,
  Himanshu

• How to use custom authority object to execute certain code?

  Hi Gurus,
  I'm trying to use an authority-check just to execute certain ABAP code for some roles only, but I don't get to make it work as every user gets to exectute the code. I'm also not sure of which field(s) I should add to my authorization object when I'm checking it.
  Does anyone know if there's a way of making it? Thanks in advance.
  Edited by: Jorge Gonzalez on Jun 25, 2010 11:42 AM

  Hi.
  If the authority object is already created then you can view in transaction SU21, Select the custom object and double click on it.
  You can see the Authorization fields that need to be passed to the authorization object while using.
  For eg: If you see BUKRS, then you need to pass the company codes relevant so the authority check is performed
  All Authority object has activity which informs the operation to be performed. for eg:
  ACTVT: Activities.
  01 = Create
  02 = Change
  03 = Display
  06 = Delete
  07 = Activate
  10 = Post
  Also check for documentation if it is available, if so it makes life easy.
  Hope this helps
  Regards
  Shiva

• Authority Objects to read HR FM BAPI_ORGUNITEXT_DATA_GET

  Hello gurus,
     i want to run only FM BAPI_ORGUNITEXT_DATA_GET  through a SAP User ID, i assigned some Authority Objects to it but its not returining anything if i run it through other user using same parameters its showing me the data. i assigned S_DEVELOP the FM and Function group of the FM, it has access to all the infotypes P_ORGIN-all, S_DEVELOP - All tables, P_PERNR - all, S_RFC-the selected FUGR and SYST function group, P_ABAP -all.
  Do you guys think i am still missing something, to view the FM output.
  In the same user I am getting output from FM BAPI_EMPLOYEE_GETDATA. using these objects.
  NOTE: the user dont have any other objects assigned to it, apart from the specified here. (Though i assigned se37 for testing purpose).
  i will really appreciate your reply on the same.
  thanks in advance
  Mani

  Sorry - meant PLOG.  I haven't checked the FM in any depths,  but you if you pass object type O to the FM, this is the object type you will need to assign. 
  The PLOG could look like this:
  Infotype               1000, 1002 (you could put * here)
  Planning status    1 (presuming this is what you use)
  Object type          O
  Plan version         01 (or whatever is your active plan version)
  Function code      DISP, LISD (assuming you only want to see)
  Subtype              *
  You may need other obejct types in the authorization object.  If you use structural authorizations, they have to be in place as well. Consider that the authorization object defines what data your are allowed to read. Structural Authorizations decides where in the org.structure you can read those data.
  Your best way forward may be to got to SE37 and test the FM.  Then directly after (if it fails to deliver) go to SU53 and check the authorizations.
  No - you should not have to assign the transaction codes.
  Hope this helps.
  I may have misunderstood the usage of the FM. I am basing my answer on the fact that it reads OM.

• Probem with CRM_ORD_OP authority object

  Hello friends,
  I facing a problem with CRM_ORD_OP authority object.
  I have set a pfcg profile as below, but I dont know why, CRM is not performing authority check for object CRM_ORD_OP, so user are able to create documents, but they could not find them.
  CRM_ORD_PR: PR_TYPE 'Z021',ACTVT '*'
  CRM_ACT: ACTVT u2018*u2019
  CRM_ORD_OP: ACTVT '*', PARTN_FCT 'Z0000021', PARTN_FCTT '0008'
  CRM_ORD_OP: ACTVT '*', PARTN_FCT 'Z0000022', PARTN_FCTT 'Y030'
  CRM_ORD_OP: ACTVT '*', PARTN_FCT 'Z0000023', PARTN_FCTT 'Y030'
  CRM_ORD_OP: ACTVT '*', PARTN_FCT 'Z0000024', PARTN_FCTT 'Y030'
  CRM_ORD_OP: ACTVT '*', PARTN_FCT 'Z0000025', PARTN_FCTT 'Y030'
  CRM_ORD_OP: ACTVT '*', PARTN_FCT 'Z0000027', PARTN_FCTT 'Y030'
  CRM_ORD_OP: ACTVT '*', PARTN_FCT 'Z0000028', PARTN_FCTT 'Y030'
  CRM_ORD_OP: ACTVT '*', PARTN_FCT 'Z0000029', PARTN_FCTT 'Y030'
  CRM_ORD_OE: SERVICE_OR u2018u2019, DIS_CHANNE u2018u2019, SALES_OFFI u2018u2019, SALES_GROU u2018u2019, ACTVT = u2018*u2019
  What I want to do it is simple. I want that users can access only their own documents.
  Does anybody know what going on?
  Regards,
  Lalas

  problem resolved

• Usage of AUTHORITY OBJECT

  Hi,
  Could you please help out how to create AUTHORITY OBJECT and usage in reports with sample code and transaction codes.
  Thanks,
  Madhu

  Hi Madhu,
  DATA:wa_flight TYPE t_flight,
  it_flights TYPE t_flighttab.
  SELECT-OPTIONS so_carr FOR wa_flight-carrid.
  for authority-check:
  DATA:
  allowed_carriers TYPE RANGE OF t_flight-carrid,
  wa_allowed_carr LIKE LINE OF allowed_carriers.
  START-OF-SELECTION.
  fill a range table with the allowed carriers:
  SELECT carrid
  FROM scarr
  INTO wa_allowed_carr-low
  WHERE carrid IN so_carr.
  AUTHORITY-CHECK OBJECT 'S_CARRID'
  ID 'CARRID' FIELD wa_allowed_carr-low
  ID 'ACTVT' FIELD '03'. " display
  IF sy-subrc <> 0.
  CLEAR wa_allowed_carr.
  ELSE.
  wa_allowed_carr-sign = 'I'.
  wa_allowed_carr-option = 'EQ'.
  APPEND wa_allowed_carr TO allowed_carriers.
  ENDIF.
  ENDSELECT.
  check this link
  http://techrepublic.com.com/5100-6329_11-5110893.html#
  http://www.sap-img.com/ab035.htm
  Regards,
  Sridhar

• Query in  Authority object

  Is it possible to give multiple values to the field of the Authority object.
  For example
  AUTHORITY-CHECK OBJECT 'M_MATE_WRK'
  ID 'ACTVT' FIELD '03'
  ID 'WERKS' FIELD : '0002', '1030', 2700'.
  IF SY-SUBRC <> 0.
  WRITE : 'No authorization'.
  ENDIF.
  Is it possible to give mulitple values for the field WERKS.

  hi,
  it is possible to give authority for more than on field.
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object> 
     ID <authority field 1> FIELD <field value 1>. 
     ID <authority field 2> FIELD <field value 2>. 
     ID <authority-field n> FIELD <field value n>. 
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  regards,
  satish,
  reward points.

• Query regarding Authority object

  Hello Friends;
  I just wanna know why we check authorization on selection screen and What do u mean by authority objects?, Who creates It? What is the purpose behind creating it?? What transactions are there relating authority objects in SAP??
  And one more query is there
  See when we call any function module there are several parameters that it contains such as importing ,exporting, tables and exceptions ?? What is the exact use of exception parameters in that? How to handle those exception ...Is it before calling that function module or after ?? What is the syntax for it??
  Regards;
  Parag

  Exception are like errors so to use that in the FM we use raise command .
  Authorization is required ,assume u in Quality department and you are trying to execute a SD dept report which is as per rules not allowed so for that in abap we use Authorization object .
  Use this program for understanding DEMO_AUTHORITY_CHECK
  Transaction SU21 .
  PLease reward if useful.

• Custom authority object on MRBR

  Hello,
  Can I create a custom authority object and assign the same to standard t.code MRBR?
  Currently MRBR is offering authority check based on EKGRP.  But this is not catering to our requirements.  We want to restrict the authorisation based on EKORG (Purchase Organisation) also.  This is particularly for Releasing of blocked invoice.
  Any ides on this matter please......   
  Thanks in advance,
  Mallik

  Hello,
  You need to have 
  M_BEST_EKO : Purchasing Organization in Purchase Order
  M_RECH_EKG :Invoice Release: Purchasing Group
  M_RECH_SPG: Invoices: Blocking Reasons
  Please check in SU24 whether these are maintained or not,if not please main them .
  In the transcation code MRBR for your requirement
  Thanks,
  Prasant K Paichha
  Edited by: Prasant K Paichha on Aug 26, 2009 5:19 PM

• View all the available authority object in any system!!

  Hi,
  Is tere any way i can see all the avaiable authority object in any system?
  Regards
  Gunjan

  Hi,
  Try transaction su21 .it should give you list.
  Thanks.
  Mark points if helpful.

• BDC to PFCG (Delete Authority Objects from Roles.)

  When we try to change an authority object it gives an error message saying that 'This authority object is used in roles XXX'.
  To remove Authority Ojects from roles, transaction PFCG is used. But the problem is that BDC is almost impossible to PFCG.
  Is there any way you can suggest us to change an authority object when it is assigned to a role or how we can BDC delete authority object from a role or a function/badi we can call to achieve this.
  This is a very high level question.

  Hi
  U should consider PFCG trx is enjoy trx so it's not suitable for BDC, what doesn't mean you can't do a BDC program for that trx but it won't be easy.
  Anyway you can know the users assigned to certain profile reading table AGR_USERS. I believe PFCG shows them sorted alphabetical, so you can know the position where an user should be, after u should use PAGE UP and PAGE DOWN command to scroll the table control.
  Max

• Custom authority object

  Hallo guys,
  have you ever used a custom authority object within a standard transaction code?
  I need to use a custom authority check in VA01/02/03, is that possible?
  Thanx!

  Hi mike,
  1. Thats not directly possible.
  2. we have to Modify the original source code,
     (by taking access key)
  3. Only then its possible.
  regards,
  amit m.

• Authority object in sap

  hai,  i create a authority object, with fields etc for program. it has got activity '03', means DISPLAY.
  in SU01, Profile SAP_ALL is taken.(SAP_ALL means all authorization granted, i think).
  now, does it mean inspite of having DISPLAY activity,because of SAP_ALL i have activity to CHANGE the program?

  Dear Shiva,
  SAP_ALL will grant you complete authorization. Hence, you should be able to change as well if SAP_ALL is assigned to your user id.
  Hope this will help.
  Regards,
  Naveen.

• Authority Object

  If One Authority Object used in the Z report and that Authority object added in the role. This Role assigned to Two user.
  But one of the user not required authorization for the Z report.
  How actually this situation ideally handle ? New authority object need to create for that Z report or using the existing object we can solve the problem.
  Regards
  Nilesh Shete

  then dont give authorization for this report(tcode) itself, and in ur program u have to check for the same.
  <b>      call function 'AUTHORITY_CHECK_TCODE'
          exporting
            tcode  = 'YSCC'
          exceptions
            ok     = 0
            not_ok = 2.
        if sy-subrc eq 2.
          message e077(s#) with 'YSCC'. " No authorization to transaction
       endif.</b>
  if u want to create one more role,then no nedd to change ur program.
  Regards
  Prabhu