Program with authorization object

Similar Messages

• Who has the book:Object-Oriented Programming with ABAP Objects

  Hello everyone
  Now i want to learn ABAP OO,and Lots' of guys told me that the book  Object-Oriented Programming with ABAP Objects is realy a good book.but i searched on the net,and could not got PDF of this book,could some one gave me the net address if you know where to download the book or send me to my Mailbox:<email id removed by moderator>,I will very glad to receive any response from you,
  of course,if you have some advise on how to learn ABAP OO or some other material ,hope you could share your meaning with me, hope to receive your response.
  Best regards!
  From Carl
  Moderator message : Moved to career center.
  Edited by: Vinod Kumar on Aug 27, 2011 9:21 AM

  I'm sure you're not asking for illegal, "free" downloads. You can legally purchase the book, also in electronic format, at sap-press.com
  Thomas

• Red Light with Authorization Object in PFCG

  Hello All - I have a question with authorization objects, there are three roles with red lights 'ON' in authorization object screen in our PRD. However users who are using these roles have no auth issues, standard procedure is to make all lights green in PFCG by maintaining these auth objects.
  Big question is "what is the down fall by leaving these objects RED, I need to support my theory when I say all lights green with auth objects.
  Why best practise says maintain all lights to green?
  Please suggest, appreciate your suggestions.
  Thanks.
  Edited by: AJ on May 12, 2009 9:44 PM

  Hi,
  > "What will be the difference between leaving that red lights 'ON' vs "disabling" these red objects? (I am bit confused on this).
  Red Object: As you know that authorization Objects comprises of Authorization fields. There are certain fields, which are known as "Organization Level" fields and need to be maintained Centrally. If you miss this fields, then the traffic light icon is RED. For all other authorization fields, light will be Yellow if you miss any blank field to maintain. During check, these fields will provide missing authorization (but you may not get error if same object is present in the role with all fields maintained status).
  Disabled Object: If you make any Object Disable, then during check, this Object will not be treated for checking Authorizations. But profile generator will keep this in mind, so you don't get Standard Objects repeatedly (if already present in Deactivated status also) whenever you go to "..Merge with New Data".
  You all other questions are very nicely answered already.
  Regards,
  Dipanjan

• Association of authorization group with authorization object

  Dear Colleagues,
  We are using ECC 6.0 system. There is a transaction EMMAC2 where in the user would pick the case categories & view/make changes as required in the cases.
  However, we would like to have a user to pick only those case categories for which he/she is authorized & view/change the data.
  This EMMAC2 is controlled by authorization object B_EMMA_CAS & this authorization object has field BRGRU (Authorization Group) along with ACTVT (activity).
  We would like to control this via authorization groups
  We would like to create authorizations groups based on case categories & those authorization groups would be assigned in this BRGRU field.
  Meaning, the end result should be such that, when that new authorization group is added in BRGRU field & that role is assigned to an end user, the user should be able to see data only for those case categories for which the new authorization group has been created
  If I use SE54 to create authorization group, it automatically associates itself with authorization object S_TABU_DIS & this does not solve my purpose.
  But we would like to create a new authorization group & associate it with authorization object B_EMMA_CAS.
  Can someone please let me know the steps on how to achieve it or any other method to achieve it(for above underlined text)?
  Does a developer or functional consultant also need to be involved in this?
  PS: I tried to search in Google & our forums but could not get any answers

  Dear Aninda,
  Thanks for the help.
  I created an auth group via SE16 in table TBRG & associated to B_EMMA_CAS
  A case category was then assigned to this auth group
  We tested it - below are the results:-
  1. The user is allowed to 'change' and 'display' the case for the case category for which the user is authorized: this works as per requirement.
  2. The user is not allowed to 'change' case for the case category for which the user is not authorized: this works as per requirement.
  3. However, he is able to 'display' cases for the case category for which the user is not authorized: this we do not want.
  If I remove activty 03 (display), then the user is unable to display the case for the case category for which the user is  authorized.
  How to resolve this?

• Issue with authorization objects

  Hi,
  We are running on ECC 6 . There is an issue while adding t-codes to a role.
  When we add a transaction code in the Menu tab, for eg, a Z transaction code, it throws up a whole lot of open authorization objects under the authorization tab (open authorizations under FI, MM, so on). The open values proposed are all the default values in SU24. This happens even if we use the 'Read old status and merge with the new'. Our check indicator maintenance for all t-codes seem to be fine. Pls advise.
  Cheers!!

  > The default values (SU24 values) are once again populated if they were not maintained during the earlier maintenance.
  They are populated again if they were deleted during the earlier maintenance or are in a changed status of the original authorization where new values in SU24 are proposing something different.
  That is why you should never delete standard or maintained authorizations and try to avoid the copy & change strategy by maintaining SU24 to meet your needs.
  It shounds like SU24 is not as "fine" as you have stated before hand.
  Cheers,
  Julius

• Restricting infoobject in query designer with authorization object

  Hi,
  We have to restrict CUSTOMER infoobject with a authorization object in query designer.
  How to do this task ? Request kindly suggest.

  thr RSSECADMIN tcode. Search with this key word you will get good docs & Wikis in SDN
  bhaskar

• Display users with authorization objects assigened to them

  Hi,
      How can I display list of users with company code assigned to them?

  hello Rajesh,
  What you want is not straightforward. There is no SAP report for this as such. You need to find roles assigned to the user first then go to table agr_1252 anf give the value $BUKRS along with the role names.
  You will find out the company codes assigned to the user.
  This is not a very efficient way really and will involve too much of effort. If I needed such an information I would have written a simple ABAP report using joins of table AR_DEFINE and AGR_1252. Also check tables UST12 and AGR_1251.
  Hi Ben,
  Company code is present in several authorization objects other than F_BKPF_BUK. Check F_SKA1_BUK..There are several of them. So we need to check on basis of field BUKRS.
  Regards.
  Ruchit.

• BEx Query RRI with authorization object

  Hi,
  I have two queries linked using RRI (Sender and Receiver).
  Queries have authorization object.
  Both queries work fine with authorized user if I use them separately.
  (Query Sender works fine with authorized user, Query Receiver works fine with authorized user)
  Using BEx in Excel:
  - when an authorized user jumps from the Sender to the Receiver, system tells him he doesn't have the authorizations, and Receiver query doesn't appear.
  Using Web: 
  - when an authorized user jumps from the Sender to the Receiver it works fine and user can see the results in the Receiver Query
  Could anyone help me?
  Thanks in advance
  Fede
  Edited by: Federico Carta on Jun 23, 2009 2:53 PM

  Hi Mohan,
  I checked the authorizations and S_RS_COMP, S_RS_COMP1, S_RS_MPRO, S_RS_ICUBE are correctly set.
  The strange thing is that if user calls the Receiver query from the web (BI web server), it works fine. The problem is only if user executes them by BEx in Excel. If he uses Receiver query directly without using Sender query, it works fine!!!
  Best Regards
  Federico

• Making sub-programs with picture objects

  Hello all,
  I'm a mentor for a FRC Robotics Team. For the summer, I want to try to make a VI that is able to create sub-programs for the autonomous period. Basically, there would be this canvas that the user could move the "robot" (aka rectangle) around, and it would record its movements and "translate" them into "motor code".
  For instance: I want my robot to go straight for about 3 feet, rotate 90 degrees clockwise, and go another 3 feet. I would take the rectangle, drag it up an equivalent 3 feet (maybe using a grid pattern to show 0.5 feet increments), rotate the rectangle 90 degrees clockwise, then drag it another 3 feet.
  This is the big picture. Right now, I want to know if it's possible to have a user drag a picture (such as a rectangle) and have the program where it is on a coordinate plane.
  Thanks!

  Whenever I hear someone ask, "Can LabVIEW..." I always say yes, regardless of what comes next. In the the case of your requirement, there is (or at least was) an example in one of the lower-level training classes that did most is what you want.
  The point of the exercise was to teach saving binary data, but to generate the data (this is the bit that will be interesting to you) they created a little drawing program using mouse events on a 2D picture control.
  So, yes, what you want to do is very doable, my sense though is that it is one of those projects that would take a couple hours to create a working prototype, but you could play with tweaking for months...
  Have fun!
  Mike...
  Certified Professional Instructor
  Certified LabVIEW Architect
  LabVIEW Champion
  "... after all, He's not a tame lion..."
  Be thinking ahead and mark your dance card for NI Week 2015 now: TS 6139 - Object Oriented First Steps

• Module pool programming with Abap Objects

  Hi masters,
  Somebody tell me that you can directly call a local class in a module pool.
      Is that possible?
      Can anybody refer me to any kind of information?
  Thanks a lot.

  Well, thanks for the answer, but not was the one i was waiting for... it wasn't helpful.
  But, i've continued searching for answers... and i've found that:
  OO Transactions Locate the document in its SAP Library structure
  In transaction maintenance (SE93), you can specify a transaction code as an OO transaction.
  You either link the transaction code to the Transaction Service of the Structure link ABAP Object Services for persistent objects or to a public method of a global or local class of a program. When calling up a transaction that is linked to an instance method, the system automatically generates an instance of the class in its own internal session.
  An example of a link between a transaction code and an instance method of a local class of an unspecified ABAP program:
  Example
  *& Modulpool DEMO_OO_TRANSACTION *
  program DEMO_OO_TRANSACTION.
  class DEMO_CLASS definition.
  public section.
  methods INSTANCE_METHOD.
  endclass.
  class DEMO_CLASS implementation.
  method INSTANCE_METHOD.
  message 'Instance method in local class' type 'I'.
  endmethod.
  endclass.
  The DEMO_OO_TRANSACTION program is a module pool of type M that does not contain any screens or dialog modules. Instead, the program contains the definition of a local class DEMO_CLASS.
  The DEMO_OO_METHOD transaction code is linked to this program as follows:
  The start object of the transaction is Method of a class (OO transaction).
  OO transaction model is not selected.
  The Class Name is DEMO_CLASS.
  The Method is INSTANCE_METHOD.
  Local in program is selected and DEMO_OO_TRANSACTION specified.
  When the transaction is called up, the program is loaded, an instance of the class is created, and the method is executed.
  Leaving content frame
  That's what i wanted.
  I hope it would be helpful for anyone else.

• Check for Authorization object

  Hi All,
  I have a report which will authorize the person running the report.
  I have been given a requirement which is to not accept some users and accept some users.
  Now I know this is possible with authorization object but as I never worked with it so I exactly kind of getting in confusion as to how to go about it.
  Could some one let me know how to go about it. I have few questions.
  1. what is the exact use of authorization object.
  2. I can build in the logic but what all should one start with before going for before implementing authorization object for the report.
  3. I know there is some basis work involved in this but what is that ?
  Thanks,
  Mahen

  Hi,
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  Reward points if useful
  Regards
  Anji

• SAP BO WebI Report on top of BI Bex Query with Authorization Variable

  Hi,
       We are trying to restrict row level data using BI 7.0 analysis authorization concept. We have an authorization variable in the Bex query and is working perfect in Bex Analyzer as well as in RSRT.
  Now we are trying to achieve the same thing in BO webI. We created an Universe using Authentication Mode SSO. We are on BOXI 3.1 and implemented SSO. When we try to run the query in WebI we get the error
     "A database error occured. The database error text is: Error in MDDataSetBW.GetCellData..(WS 10901)"
  Just for testing purpose, when we use query filter in WebI and use Values from List, it is showing only the authorized value it supposed to show and runs well with that value selected. But we have to achieve this without the query filter in WebI.
  So are we missing some thing here or any patch issue? Please share if you have done this type of reports in BO.
  Thanks in advance for your help.
  Moorthy.

  Yes I did run MDXTEST and it gives error as 'you do not have sufficient authorization'. The reason it is giving, I guess and we are debugging that to confirm, is first it looks for 0BI_ALL and throws error which is not the case in Bex. See the following trace in RSRT trace.
  InfoObject Properties Defined
  Reading of Directly Assigned Authorizations
  Direct Assignment Does Not Include Universal Authorization 0BI_ALL
  Reading the Indirect Assignments with Authorization Object S_RS_AUTH
  Does user have OBI_ALL?
  No, the User Does Not Have Universal Authorizion 0BI_ALL
  Negative Entry in SU53 Result of Failed Check for 0BI_ALL
  Indirect assignments found; no universal authorization
  Reduction of Authorization Dimensions on Characteristics in InfoProvider
  Reduction Successful
  Thanks!
  Moorthy

• 0Orgunit(hierarchy) and authorization object display getcell error in Webi

  Hello,
           We are facing with GetCellData error in WebI to SAP BEx Query.
           This works perfectly fine in Bex for a particular test user who has access to particular org unit value.
           But in Webi we are getting this Getcelldata error.
          Tried all the options and message as recommended in sdn group.
          mdxtest returns no value.
          looked at all below messages but no luck.
  GetCellData error in WebI to SAP BEx Query
  Re: SAP BO WebI Report on top of BI Bex Query with Authorization Variable
  in the rsecadmin, we get the same error like mentioned in below message
  Hierarchy Authorization doesn't work for MDX but works for BEx Query.
  Is any authorization required for this user to execute and view the authorized values in Webi?
  or we have to assign any authorization ?(0BI_ALL is not assigned).
  Please find below screenshots of BEx query auth log or Webi auth log (differences)
  Bex auth log:
  The Following Attributes Are Authorized and Thus Are Visible
  0BBPPURGRPX
  0BBPPURORGX
  0BBP_BUYID
  0BBP_ISCOMP
  0BUS_AREA
  0COMP_CODE
  0CO_MST_AR
  0CRMSALGRPX
  0CRMSALOFFX
  0CRMSALORGX
  0CRMSRVTGRP
  0CRM_SALGRP
  0CRM_SALOFF
  0CRM_SALORG
  0CRM_SRVORG
  0LEAVERS
  0LOGSYS
  0MAST_CCTR
  0PERS_AREA
  0PERS_SAREA
  0PLANT
  0PURCH_ORG
  0PUR_GROUP
  0SALESORG
  0SALES_GRP
  0SALES_OFF
  This above log is missing for mdxtest auth log.
  Is this the issue?
  Any quick reponse or help really appreciated.
  Regards,
  Ravi
  Edited by: Ravi Gadicherla on Feb 28, 2010 5:36 PM

  Hi,
      Here is the log of MDXtest:
  Buffering the Authorization Data  
    Buffering for InfoProvider 0PA_C01 and Users HRTEST93  
  InfoObject Properties Defined
  Reading of Directly Assigned Authorizations
  Direct Assignment Does Not Include Universal Authorization 0BI_ALL
  Reading the Indirect Assignments with Authorization Object S_RS_AUTH
  Does user have OBI_ALL?
  No, the User Does Not Have Universal Authorizion 0BI_ALL
  Negative Entry in SU53 Result of Failed Check for 0BI_ALL
  Indirect assignments found; no universal authorization
  Regards,
  Ravikanth

• Authorization objects in PM notification

  Hello all,
  I would like to check if there is any possiblity to prohibit changing the line items of activities in PM notification thru security with authorization objects. I did checked with standard default objects and does not see anything related to activities.
  Basically I want to restrict changing the line items of activities
  Mahee

  Thanks fro your responses guys. I am not pretty sure SHD0 should work for me as it might totally disabled the entire line items before giving the input itself if I am correct. Basically I want to input the data first in activity tab and then upon save..it should be grayed out only for that line item so that nobody could change it.
  Pete - Will the mentioned user exit will work for this ?
  I am also trying to think about change log option to track the changes. But I could NOT able to see the values populated in old value and new value in change log...is there any config to be made ? If I got this, I would go with this option rather blocking it..as we always have a track that who made the changes to it.
  Mahee
  Edited by: maheee on Feb 16, 2011 7:51 PM

• Assigning  ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT authorization objects

  Hi all,
  I need to create new role with Authorization objects as below:
  S_RFC, S_TCODE, S_TABU_CLI, S_TABU_DIS, S_BTCH_JOB, S_RS_ADMWB, ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT. I can assign some objects as S_RFC, S_TCODE, S_TABU_CLI, S_TABU_DIS, S_BTCH_JOB, S_RS_ADMWB. But  ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT objects, I can not assign it! Can you help me assign  ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT  objects for my new role?
  Please advise,
  Thanks
  Duypm

  Hi,
  Then I assume that the Auth. Objects ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT have not been created in your system.
  Normally the Authorization objects will be created by the ABAP team through the transaction SU21. Each authorization object must be assigned to an object class when it is created.
  You can also create authorization objects in the Object Navigator (SE80).
  please go thru this link .
  [http://help.sap.com/saphelp_nw70/helpdata/EN/52/6716a6439b11d1896f0000e8322d00/frameset.htm]
  Regards,