Imposing authority check

Hi Experts
I want to impose an authorization check in AUT10 so that user should see all the changes particularly relevant for one plant.
Can I do so?
Regards
Soumick

Hi,
The answer is invariably yes but the ease of achieving it will vary.
From what I can see of AUT10 it would be complex to implement as there would have to be customising which looks into the details of the record behind the change log and validate on that.  Probably best to speak to a developer to see what the effort involved is.

Similar Messages

  • Authority check at field level in sales order

    Dear all, our business requirement is the following:
    only some users should be able to see the prices (including netwr, netpr,...) in the sales order depending on the authority check performed on the sales group field.
    This means that for an order of sales group 'A':
    a user of sales group 'A' can see the prices and change the order, a user of sales group 'B' cannnot see the prices but can change the order, a user of sales group 'C' can display the order but cannnot see the prices.
    I ask you if such a scenario can be realized in SAP.
    We currently run SAP ECC 5.0.
    thx all !
    bye Roberto

    Hi agree with Jan and Auke,
    To my knowledge it is object V_KONH_VKO which you are looking for. See the documentation in SU24 - SD class.
    But whether or not that will influence the visibility / editability of the screen in VA02 etc when turned the check on in SU24, I am not sure.
    If not, search the forum for topics relating to "transaction variants", "variant transactions" and "screen variants" to see whether those solutions will fulfill the requirement.
    Cheers,
    Julius

  • Authority check on Creation of Purchase order usin badi BBP_ITEM_CHECK_BADI

    hi all,
    i have to apply authority checks on creation of Purchase order and shopping cart in SRM using badi BBP_ITEM_CHECK_BADI.
    i have applied checks on creation of shopping cart   using this badi which have some filters but how to apply on purchasing order using BBP_ITEM_CHECK_BADI.

    hi,
      You can use the BBP_DOC_CHECK_BADI.
    BR,
    Disha.
    Pls rewar points for useful answers.

  • ALV GRID and AUTHORITY-CHECK

    Hi all !!! 
    I'm using the ALV Grid control with checkboxes and I want to control if the actual user have the appropriate authorization to check/uncheck them.
    In the AUTHORITY-CHECK call, I want to make the authorization test on the "DEPARTMENT" of the user (from Table USER_ADDR or SU01).
    For example :
    DEPARTMENT AA1 --> check/uncheck OK
    DEPARTMENT AA2 --> check/uncheck NOT OK
    DEPARTMENT AA3 --> check/uncheck OK
    ... etc.
    How can I do ? Create an new authorization object/field ?
    PS : it's the first time I'm using AUTHORITY-CHECK..

    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check. 
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object> 
       ID <authority field 1> FIELD <field value 1>. 
       ID <authority field 2> FIELD <field value 2>. 
       ID <authority-field n> FIELD <field value n>. 
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    Example ;
    REPORT  EXAMPLE MESSAGE-ID Z1.
    TABLES: USR02.
    PARAMETERS: LOCK AS CHECKBOX, LISTLOCK AS CHECKBOX.
    DATA: UFLAGVAL TYPE I, LOCKSTRING(8) TYPE C.
    ---- Authorization check -
    AUTHORITY-CHECK OBJECT 'ZPROG_RUN' ID 'PROGRAM' FIELD SY-CPROG.
    IF SY-SUBRC <> 0.
      IF SY-SUBRC = 4.
        MESSAGE E000 WITH SY-CPROG. "some message about authorization check failure
      ELSE.
        MESSAGE E005 WITH SY-SUBRC. "some message about authorization check failure
      ENDIF.
    ENDIF.
    IF LISTLOCK = 'X'.
      WRITE:/ 'List all locked users: '.
      SELECT * FROM USR02 WHERE UFLAG = 64.
        WRITE: / USR02-BNAME.
      ENDSELECT.
      EXIT.
    ENDIF.
    IF LOCK = 'X'.
      UFLAGVAL = 64.                       "lock all users
      LOCKSTRING = 'locked'.
    ELSE.
      UFLAGVAL = 0.                        "unlock all users
      LOCKSTRING = 'unlocked'.
    ENDIF.
    SELECT * FROM USR02 WHERE BNAME <> 'SAP*' AND BNAME <> SY-UNAME.
      IF USR02-UFLAG <> 0 AND USR02-UFLAG <> 64.
        WRITE: 'User', USR02-BNAME, 'untouched; please handle manually.'.
        CONTINUE.
      ENDIF.
    check that user has authority to make these changes
      AUTHORITY-CHECK OBJECT 'S_USER_GRP'
          ID 'CLASS' FIELD USR02-CLASS
          ID 'ACTVT' FIELD '05'.
      IF SY-SUBRC <> 0.
        IF SY-SUBRC = 4.
          WRITE: /'You are not authorized to lock/unlock user ',
            USR02-BNAME, USR02-CLASS.
        ELSE.
          WRITE: /'Authorization error checking user ',
                 USR02-BNAME, USR02-CLASS, '(return code', SY-SUBRC, ').'.
        ENDIF.
      ELSE.                                "has authority
        UPDATE USR02 SET UFLAG = UFLAGVAL WHERE BNAME = USR02-BNAME.
        WRITE: / 'User', USR02-BNAME, LOCKSTRING, '.'.
      ENDIF.

  • Company code authority check

    Hi
    we have created ZTTL01 table maintenance view. Should not allow unauthorized company code to update/create or display.
    I searched thru forums and collected below points. but could not test it successfully.
    Authorization object (Z_XXX_BUK) was created.But <Permitted activities> Button is not available in display authorization object(SU21) to see what are the activities are permitted.
    In su01 for my user no roles or profiles are defined.
    To do
    Trying to write  below code in PBO and PAI flow logic of ZCHECK_BUK table for screen 01
    PBO & PAI
    *First statement
    Module Authorictycheck.
    module Authoritycheck
      LOOP AT EXTRACT.
        AUTHORITY-CHECK OBJECT 'ZCHECK_BUK'
                            ID 'ACTVT' FIELD '01,02,03'
                            ID 'BUKRS' FIELD ZTTL01-BUKRS.
        IF sy-subrc <> 0.
          MESSAGE e000(zrpt) WITH 'You do not have the authorization to'
        EXIT.                          'access Bukrs'extract-bukrs.
        ENDIF.
      ENDLOOP.
    endmodule
    Can i use above code in PBO and PAI to check change of company code?
    I am sharing role and profile created by other user, which allows only company code 'A10'.
    How to test this now?
    se11->Utilities->table contents create should not allow me to input A11 or other company codes? pls confirm.
    Regards
    Chandra

    Hi Suhas
    Regarding 1) It works when i remove the FORM routine assinged for EVENTS.
    Thanks for ur input.
    Regarding 2)When the user displays record in SM30 for a table, he must not be able to see the company code AD01.
    To achieve this can i use EVENT AA?
    I create FORM routine <hide_cocode> in EVENT AA and store at include LZXXXXF01.
    FORM ZHIDE_COCODE.
    DATA: F_INDEX LIKE SY-TABIX."Index to note the lines found"
    LOOP AT TOTAL.
    READ TABLE EXTRACT WITH KEY <vim_xtotal_key>.
    IF SY-SUBRC EQ 0.
    F_INDEX = SY-TABIX.
    ELSE.
    CLEAR F_INDEX.
    ENDIF. "(make desired changes to the line TOTAL)
    MODIFY TOTAL.
    CHECK F_INDEX GT 0.
    EXTRACT = TOTAL.
    MODIFY EXTRACT INDEX F_INDEX.
    *ENDIF.
    ENDLOOP.
    SY-SUBRC = 0.
    ENDFORM.
    I made break point at line LOOP at Total. and executed SM30 and clicked Display button.
    Sorry Code stops here and table TOTAL has flat line structure of empty.Loop at total is skipping
    what should be done now?
    Regards
    Chandra

  • Authority check on company code

    Hi ,
          How i need to check whether the company codes in an internal table is having creation access to the particular user or not ?.
         In authority check what is  ACTVT - 01,02,03  signifies ??
    Thanks in adv.
    varma

    LOOP ...
    AUTHORITY-CHECK OBJECT 'F_LFA1_BUK'
    ID 'BUKRS' FIELD T_COMP_CODES-BUKRS
    ID 'ACTVT' FIELD '01'.
    IF SY-SUBRC <> 0.
    move  w_COMP_CODES-bukrs to (itab1).
    ENDIF.
    AUTHORITY-CHECK OBJECT 'F_LFA1_BUK'
    ID 'BUKRS' FIELD T_COMP_CODES-BUKRS
    ID 'ACTVT' FIELD '02'.
    IF SY-SUBRC <> 0.
    move  w_COMP_CODES-bukrs to (itab2).
    ENDIF.
    ENDLOOP.
    Hence segregating all the Company codes as per the authorization.

  • Authority check in hr payroll infotype report

    Hi all,
    We have developed a report which gives infotypewise employee details.here we are checking authority for reading employee data.we are applying authority check at selection-screen and while reading the data from database tables.following is the sample code.
    do .
    if  s_abkrs-high < s_abkrs-low.
        authority-check object 'P_PCR'
                  id 'ABRKS' field s_abkrs-high
                  id 'ACTVT' field '01'
                  id 'ACTVT' field '02'.
        if sy-subrc <> 0.
          message id 'ZHR_ERRMSGS' type 'E' number '292' with s_abkrs-low.
        endif.
    exit.
    endif.
        authority-check object 'P_PCR'
                  id 'ABRKS' field s_abkrs-low
                  id 'ACTVT' field '01'
                  id 'ACTVT' field '02'.
        if sy-subrc <> 0.
          message id 'ZHR_ERRMSGS' type 'E' number '292' with s_abkrs-low.
        endif.
      s_abkrs-low = s_abkrs-low + 1.
    enddo.
    my senior says this code is right but it is not checking authority for all infotypes.can anyone suggest what changes are required in this code so that it will check authority for all infotypes.
    Thanks in advance.
    Regards,
    Harshada

    Hi ,
          A select-option will have a structure with four fields (sign , option , low , high) .
          So if you want to use your below code : you cannot check authority.
    loop at s_abkrs.
    authority-check object 'P_PCR'
    id 'ABRKS' field s_abkrs  <-- is an internal table
    id 'ACTVT' field '01'
    id 'ACTVT' field '02'.
    if sy-subrc 0.
    message id 'ZHR_ERRMSGS' type 'E' number '292' with s_abkrs-low.
    endif.
    endloop.
    The other option is :
    If your select option has values only in low ... then you can loop thru it ...
    loop at s_abkrs.
    authority-check object 'P_PCR'
    id 'ABRKS' field s_abkrs-low
    endloop.
    Regards,
    Srini.

  • Web Service Homepage: Authority check failed

    Dear Colleagues,
    I have created a Web Service and now I want to test it via its Web Service Homepage (TA WSADMIN). The Homepage is displayed correctly, but testing leads to an error:
    Authority check failed
    Are there any prerequisites I maybe do not accomplish?
    (I tested a very similar web service in another system, and there it works)
    Here are some more information about my service:
    - Service was build with Web Service Wizzard out of a function module
    - Here you can see the conversation resulting of the test:
    POST /sap/bc/srt/rfc/sap/Z_TEST_Q73_CONFIG_WS?sap-client=003 HTTP/1.1
    Host: bsl8011.wdf.sap.corp:50073
    Content-Type: text/xml; charset=UTF-8
    Connection: close
    Cookie: <value is hidden>
    Cookie: <value is hidden>
    Authorization: <value is hidden>
    Content-Length: 381
    SOAPAction: ""
    <?xml version="1.0" encoding="UTF-8" ?>
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">
    <SOAP-ENV:Body>
    <ns1:Z_TEST_WS_CONFIG xmlns:ns1='urn:sap-com:document:sap:rfc:functions'>
    <INPUT>TEST</INPUT>
    </ns1:Z_TEST_WS_CONFIG>
    </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>
    HTTP/1.1 500 Internal Server Error
    content-type: text/xml; charset=utf-8
    content-length: 363
    sap-srt_id: 20060404/125124/v1.00_final_6.40/1B0831447838C429E10000000A424016
    server: SAP Web Application Server (1.0;700)
    <soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
    <soap-env:Body>
    <soap-env:Fault>
    <faultcode xmlns:n0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">n0:FailedAuthentication</faultcode>
    <faultstring xml:lang="e">Authority check failed</faultstring>
    </soap-env:Fault>
    </soap-env:Body>
    </soap-env:Envelope>
    The WSDL-Document looks as follows:
    <?xml version="1.0" encoding="utf-8"?><wsdl:definitions targetNamespace="urn:sap-com:document:sap:rfc:functions" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="urn:sap-com:document:sap:rfc:functions" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><wsdl:types><xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns="urn:sap-com:document:sap:rfc:functions" targetNamespace="urn:sap-com:document:sap:rfc:functions" elementFormDefault="unqualified" attributeFormDefault="qualified"><xsd:simpleType name="char60"><xsd:restriction base="xsd:string"><xsd:maxLength value="60"/></xsd:restriction></xsd:simpleType><xsd:element name="Z_TEST_WS_CONFIG"><xsd:complexType><xsd:sequence><xsd:element name="INPUT" minOccurs="0" type="tns:char60"/></xsd:sequence></xsd:complexType></xsd:element><xsd:element name="Z_TEST_WS_CONFIGResponse"><xsd:complexType><xsd:sequence><xsd:element name="OUTPUT" type="tns:char60"/></xsd:sequence></xsd:complexType></xsd:element></xsd:schema></wsdl:types><wsdl:message name="Z_TEST_WS_CONFIG"><wsdl:part name="parameters" element="tns:Z_TEST_WS_CONFIG"/></wsdl:message><wsdl:message name="Z_TEST_WS_CONFIGResponse"><wsdl:part name="parameters" element="tns:Z_TEST_WS_CONFIGResponse"/></wsdl:message><wsdl:portType name="Z_TEST_Q73_CONFIG_WS"><wsdl:operation name="Z_TEST_WS_CONFIG"><wsdl:input message="tns:Z_TEST_WS_CONFIG"/><wsdl:output message="tns:Z_TEST_WS_CONFIGResponse"/></wsdl:operation></wsdl:portType><wsdl:binding name="Z_TEST_Q73_CONFIG_WSSoapBinding" type="tns:Z_TEST_Q73_CONFIG_WS"><soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/><wsdl:operation name="Z_TEST_WS_CONFIG"><soap:operation soapAction=""/><wsdl:input><soap:body use="literal"/></wsdl:input><wsdl:output><soap:body use="literal"/></wsdl:output></wsdl:operation></wsdl:binding><wsdl:service name="Z_TEST_Q73_CONFIG_WSService"><wsdl:port name="Z_TEST_Q73_CONFIG_WSSoapBinding" binding="tns:Z_TEST_Q73_CONFIG_WSSoapBinding"><soap:address location="http://bsl8011.wdf.sap.corp:50073/sap/bc/srt/rfc/sap/Z_TEST_Q73_CONFIG_WS?sap-client=003"/></wsdl:port></wsdl:service></wsdl:definitions>
    Can anyone help me, I have no Idea
    Message was edited by: Hans-Peter Bauer

    The message server defined in the SAP-Logon is us4278.wdf.sap.corp
    But the url of the web service starts with  http://us4185:58500/wsnavigator/jsps/explorer.jsp?description=WebServiceZ_TEST_Q73_CONFIG_WS
    But I think that's not the problem, is it? As I mentioned above the test page can be shown, but the after filling in the input parameters an pressing send, there appears the authorisation error.
    For better illustration I made some screenshots for you:
    1) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_OVERVIEW.gif
    2) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_TEST_INPUT_FORM.gif
    3) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_TEST_reqest_response.gif
    What can be wrong, if the error "n0:FailedAuthentication" appears?
    Regards,
    Peter
    Message was edited by: Hans-Peter Bauer

  • How to use the AUTHORITY-CHECK in ABAP

    I am a security guy but am trying to understand how the AUTHORITY-CHECK works. I have read the help on it but it doesn't answer to my understanding. I want a check in a report so that no matter what the user selects the program goes out and checks the authorization in the users master record and only displays what he has access to. I am sure this is basic but I am not a programmer.
    Thanks

    Hi Greg,
      Basically a AUTHORITY-CHECK is a programmatic way to check a auth object a user has.  This is only as good as the person writing the code makes is.
    Here is a basic example of how it could work.  Lets say you have auth objects for users that limit them to see company code. User A can see cc 10, User B can see cc 20 and user C can see both.
    In the code the programmer would have to first do the authcheck to see what CC the user has access to.  Then they would have to limit his reporting based on the results of the authority check.  So they might do it by saying SELECT * FROM XYZTAB WHERE COMPANY CODE = AUTHCC
    This is what I think you are looking for.  There are other ways to use the auth check.  You can do a check and end the program with a message if they don't have authorization. 
    If you need more info, let me know
    John

  • Authority check in for condition type

    Hi
    What do you mean by an authority check on condition type.. especially Pricing..
    There are authority check that are embedded as Reqt and AltCTy in the IMG at the pricing procedure level for different condition type.
    Could someone explain me what they are for..?
    Thanks
    Jac

    Hi,
        authority check is the std sap methodology of check the permitted authorisation values for every transaction  and every user.
    here in this example;authority object is used to maintain or change condition record for allowed condition types.
    scenario eg;if we maintain create value for user mukund for pr00 condition type ,system allows me only for creating .if we maintain change value for user sherin for condition type,system allows to change the values.
    net net i can create and u can change ,not visa-viz or any body else cannot do it.
    hope this is clear.if it helps  REWARD!!!!!!!

  • PNP authority check

    Hi all,
    I have a problem with authority check in a report.
    I have to access to a field in an infotype and subtype.
    I have all authorizations for this subtype and infotype.
    I'm trying to retrieve this data from an employee, but this employee has informed another subtype in this infotype where I haven't permisions.
    As in the source code there aren't access to this subtype where I haven't permisions, I found that the systems make it's authority check before the START-OF-SELECTION in class CL_HRPAD00AUTH_CHECK_STD, method IF_EX_HRPAD00AUTH_CHECK~CHECK_AUTHORIZATION.
    The system takes the employee number, gets all its informed infotypes and subtypes and perform the authority check for my user, so I can't access to this employee information.
    I think this authority check is made by the use of PNP logical database.
    Is there any way to avoid this authority check?
    Regards,
    Angel Cepa

    Hi Angel Cepa,
    first of all: maybe you can use logical database PNPCE, because PNP is obsolet.
    Anyway, please refer to the documentation of PNPCE (transaction SE36), that may solve your problem.
    PNP/PNPCE knows two ways to check authority:
    1. If no authorization exists for even one individual data record of one of the infotypes used, processing of the personnel numbers is terminated by default (switch "PNP_SW_SKIP_PERNR" = Y)
    2. If you set this switch (at the INITIALIZATION or START-OF-SELECTION events) to N, no more personnel numbers (without authorization) are skipped. Only the data records for which no authorization exists are rejected (that is, not made available).
    So, simply set the switch, mentioned above, to "N" and you will have access to this employee (except the infotype-records, you don't have authority for).
    Regards
    CHRIS

  • HR PNP LDB and authority check

    Hello All,
                  Can someone plzz tell me if there is any major difference between CODE1 and CODE2 below? I understand if we use LDB we dont need to do authority check but is there is any exceptional case where we do this kind of codeing...
    CODE1:
    Start-of-selection
    GET pernr.
      CALL FUNCTION 'HR_CHECK_AUTHORITY_INFTY'
            EXPORTING
                 tclas            = w_tclas
                 pernr            = pernr-pernr
                 infty            = '0001'
                 subty            = space
                 begda            = pn-begda
                 endda            = pn-endda
                 level            = w_level
            EXCEPTIONS
                 no_authorization = 1
                 internal_error   = 2
                 OTHERS           = 3.
      if not sy-subrc is initial.
        reject.
      endif.
      PERFORM list_data.
    END-OF-SELECTION.
    CODE2:
    Start-of-selection
    GET pernr.
      PERFORM list_data.
    END-OF-SELECTION.
    Thanks in advance...
    -Muktar

    Hi Muktar,
    In my opinion, certain infotypes hold certain level of access by different user who is using that report to view HR information. Particularly sensitive infotype like 0008 (basic pay) and other pay involving infotypes can be use to check for authority before it is display or modify by users. So HR_CHECK_AUTHORITY_INFTY is used.
    Get PERNR does not validate the authority because PERNR itself is just a structure that contains a few PA Keys and several of other infotype structure that doesn't tell the authority to read by any specific users. Get PERNR contains the PROVIDE macro and in it does not do any authorization, if i am not mistaken.
    This is my understanding. I hope my explanation is correct and have help you in a way.
    Thanks
    William Wilstroth

  • Authority check in ABAP program

    Hello All
    I am having some trouble with authority object in ABAP programming
    This is the situation.
    I have a field "plant" which is a select options in the selection screen.
    I have to write an authority-check for this "plant" field in the program and display the report for only the plants for which the user is authorised. There is a select statement in the program which selects all the plants entered. If it is single plant entry and the user is not authorised or the user is not authorised to none of the plants entered for multiple plant entries, an error message should be displayed saying "no authority to display plants x, y, z"
    How can I incorporate this logic in the report.
    This the current coding
    AT SELECTION-SCREEN.
    AUTHORITY-CHECK OBJECT 'C_ROUT'
              ID 'ACTVT' FIELD '03'
              ID 'PLNTY' FIELD 'DUMMY'
              ID 'WERKS' FIELD s_werks
              ID 'STATU' FIELD 'DUMMY'
              ID 'VERWE' FIELD 'DUMMY'.
    START-OF-SELECTION.
      SELECT amatnr  aplnnr aplnal awerks aplnty bstlnr b~stlal INTO TABLE t_mapl FROM mapl AS a INNER JOIN mast AS b
                               ON amatnr = bmatnr
                                AND awerks = bwerks
                             WHERE a~matnr IN s_matnr
                                   AND a~plnnr IN s_plnnr
                              AND a~plnal IN s_plnal
                            AND a~werks IN s_werks
                           AND a~plnty IN s_plnty
                           AND b~stlnr IN s_stlnr
                             AND b~stlal IN s_stlal. "(ALT BOM)
    Thanks
    Ricky

    Hi Ricky,
    to check each individual plant in the selection, you can not use s_plant in the authority chek, here you need to give the value..
    Code like this:
    DATA : BEGIN of t_werks OCCURS 0,
                  werks TYPE t001w-werks,
    END OF t_werks.
    DATA : w_text(30) TYPE c.
    AT SELECTION-SCREEN.
    IF NOT s_werks[] IS INITIAL.
    REFRESH t_werks.
    SELECT werks
    FROM t001w
    INTO TABLE t_werks
    WHERE werks IN s_werks.
    IF sy-subrc EQ 0.
    LOOP AT t_werks.
    AUTHORITY CHECK...
    ID 'WERKS' FIELD t_werks-werks.
    IF sy-subrc EQ 0.
    DELETE t_werks.
    ENDIF.
    ENDLOOP.
    IF NOT t_werks[] IS INITIAL.
    LOOP AT t_werks.
    CONCATENATE t_werks-werks
                             w_text
                    INTO w_text.
    ENDLOOP.
    MESSAGE exxx WITH 'No authorisation for '
                                      w_text.
    ENDIF.
    ENDIF.
    ENDIF.
    Thanks and Best Regards,
    Vikas Bittera.
    **Reward if useful**

  • Authority CHeck VK11

    Hi Guru's,
    I want to have a authority check for  table control field KOMG-KBSTAT in the screen 1850 for the program SAPMV13A.
    I know how to create the authorisation object and also tested a sample code for a z-report .
    I want the details how to apply it to a standard program. Please guide me for this issue.
    Thanx in Advance,
    Arcahan

    Hello ,
    I will elaborate my requirement.
    See in the program SAPMV13A , screen no 1850 , the table control field is komg-kbstat .
    The possible value's for komg-kbstat are as mentioned -
    >  01-blocked  , 02 - Released
    Now  I want the User ' XYZ' should have the authority to block only and not to release.
    Regards,
    W. Archana

  • Authority-check for particular comp code

    Hi All,
    when i'm using standard Authority Object F_BKPF_BUK  for a particular standard code say 'CO01'. but it is working for all company code, but i want work for only one company code say 'CO01' ONLY.i'm using in report program (zreport prog)
    I written code as
    AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
        ID 'BUKRS' FIELD 'BE10'
        ID 'ACTVT' FIELD '03'.
    Please can u advice on this .
    Many Thanks in Advance for u r Answer
    Naren

    Hi
    In general different users will be given different authorizations based on their role in the orgn.
    We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
    USe SUIM and SU21 T codes for this.
    Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
    If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
    This means you have to allocate an authorization object in the definition of the transaction.
    For example:
    program an AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT <authorization object>
    ID <authority field 1> FIELD <field value 1>.
    ID <authority field 2> FIELD <field value 2>.
    ID <authority-field n> FIELD <field value n>.
    The OBJECT parameter specifies the authorization object.
    The ID parameter specifies an authorization field (in the authorization object).
    The FIELD parameter specifies a value for the authorization field.
    The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
    http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
    You program the authorization check using the ABAP statement AUTHORITY-CHECK.
    AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
    ID 'ACTVT' FIELD '02'
    ID 'CUSTTYPE' FIELD 'B'.
    IF SY-SUBRC <> 0.
    MESSAGE E...
    ENDIF.
    'S_TRVL_BKS' is a auth. object
    ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
    The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
    This Authorization concept is somewhat linked with BASIS people.
    As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
    Take the help of the basis Guy and create and use.
    Reward points if useful
    Regards
    Anji

Maybe you are looking for

  • MSI NX 6600 Ares PCI-E video card availability

    I cannot find a vendor who has the new NX 6600 Ares PCI-E card.  Has it been released yet? 

  • BI publisher reports LOV paramter is not working in Dashboard

    All, I have a BI publisher report with parameters list of values. The publisher report is working fine when I run the report and select one or 2 more more values form this (LOV) parameters. Now I created new dashboard prompt with presentation variabl

  • My swf is not loading xml on server

    Hi I'm creating a flipbook which get the data through xml. It works properly in the flash means when I test it using ctrl+Enter but when I upload it onto the server it not shows even a single page means the cml isn't loaded there. Any ideas what woul

  • Uploading Videos to Video App

    Is there a way to upload "homemade" videos to the video app without being connected to iTunes or a computer? In other words if I have a video I've created and want other iPad users to add it to their Video app - without wiping out the videos already

  • Question about JSpinner code

    I would like to know how to write the code for JSpinner from scratch. Can anyone tell me where I can get the code for the current JSpinner?