SQ01 - authorisation checks

Similar Messages

• How to put Authorisation Check?

  Hi,
  I have built a Module Program. In this there is a Save Button where information in the screen is saved to a Z table.
  I need to put an Authorisation check to this save button. That is only users who have “Save” capability could save.
  Simply there should be an authorisation check before the Save where it will check if the User has the Save option.
  Please guide me on how to do this.
  Thanks,
  Kishan

  Hi Kishan,
  1. AUTHORITY-CHECK
     The above statement is required for authority checking.
      Just see help on it for syntax purpose.
  2. Moreover,
     u will also have to know which authorisation object
     is necessary for your purpose.
     (or else new authorisation object may need tobe created)
  Hope the above helps.
  Regards,
  Amit M.

• Authorisation check in report

  Hi ,
  we have developed a z report which is fetching grade from infotype 8 .All the users here dont have authorisation for infotype 8.Is it possible somehow that the users who don have authorisation for infotype 8 can rum that report.Right now when they are trying to run the report its showing 'No Authorisation for infotype 8'.Or is there some other place from which grade can be retrieved .
  Regards
  Saurabh

  Create an authorisation object (SU21)
  Put an authorisation check for this object in your report (AUTHORITY-CHECK)
  Create a role that contains this object (PFCG)
  Assign this role to all the users who require access to the report (SU01).
  <REMOVED BY MODERATOR>
  Edited by: Alvaro Tejada Galindo on Feb 27, 2008 2:07 PM

• Skipping Authorisation checks in LDB

  Hi All,
  I am working on HR module and I have got to work on a report which is using LDB (Logical DataBase).LDB will do authorisation checks by default.
  1) My requirement is to skip the authorisation checks  and allow all the data to be retrieved.
  Can this be done by calling any standard FM ? If yes , please name it.
  regards,
  PP

  //LDB will do authorisation checks by default.
  in my opinion you are looking for a data retrieval process from report development point of view.
  Ok say you are pulling data from infotype -08 which is sensitive information. now you need a entry for the object of this and then you are allowed to select on this table.
  keep an authority-check on this table pa0008 and if you have the access then you will proceed or else dont pull the records.
  Authority-object / Authority -check from program perspective will do .
  ex:
  AUTHORITY-CHECK OBJECT 'Z_TCODE'
  ID 'ACTVT' FIELD '03' " read access
  ID 'ZTCODE' FIELD p_tcode. " actual value
  IF sy-subrc EQ 0. " check authorization
  * fetch record
  SELECT SINGLE *
  FROM tstc
  INTO wa_tstc
  WHERE tcode EQ p_tcode.
  Br,
  Vijay.

• User authorisation check in ABAP-HR program

  Hi,
  Can anyone please help me on the following query ?
  I need to check user authorisation in an ABAP report at Object level, filter only relevant records based on the user's authorisation and display appropriate messages.
  The above mentioned report is purely developed by us and is not a copy of any standard report. Hence, kindly help me with your suggestions and opinions.
  Thanks and Regards,
  Manas Menon

  Create an authorisation object (SU21)
  Put an authorisation check for this object in your report (AUTHORITY-CHECK)
  Create a role that contains this object (PFCG)
  Assign this role to all the users who require access to the report (SU01).
  <REMOVED BY MODERATOR>
  Edited by: Alvaro Tejada Galindo on Feb 27, 2008 2:07 PM

• Authorisation check for Object F_BL_BANK using transaction F110

  Hi
  Can you help me with transaction F110. The object F_BL_BANK has been linked on SU24 to transaction F110.  It has also been set for Check/maintain.
  There is no authorisation check for this object using F110.
  How can we resolve the issue.

  Hi
  We are on 4.6
  I linked the object but the program is not doing an authority check The F_BL_BANK object has the following linked to it
  .  .     .  Check          F_BKPF_BUP Accounting Document: Authorization for Posting Periods   
  .  .  .     Check/maintain F_BL_BANK  Authorization for House Banks and Payment Methods        
  .  .     .  Check          F_KNA1_APP Customer: Application Authorization                      
  .  .     .  Check          F_KNA1_BED Customer: Account Authorization                          
  .  .     .  Check          F_KNA1_BUK Customer: Authorization for Company Codes                
  .  .     .  Check          F_KNA1_GEN Customer: Central Data                                   
  .  .     .  Check          F_KNA1_GRP Customer: Account Group Authorization                    
  .  .     .  Check          F_LFA1_APP Vendor: Application Authorization                        
  .  .     .  Check          F_LFA1_BEK Vendor: Account Authorization                            
  .  .     .  Check          F_LFA1_BUK Vendor: Authorization for Company Codes                  
  .  .     .  Check          F_LFA1_GEN Vendor: Central Data                                     
  .  .     .  Check          F_LFA1_GRP Vendor: Account Group Authorization                      
  .  .     .  Check          F_PAYR_BUK Check Management: Action Authorization for Company Codes 
  .  .  .     Check/maintain F_REGU_BUK Automatic Payment: Activity Authorization for Company Code
  .  .  .     Check/maintain F_REGU_KOA Automatic Payment: Activity Authorization for Account Type
  .  .     .  Check          PLOG       Personnel Planning                                       
  .  .     .  Check          P_ABAP     HR: Reporting                                            
  Ther are more objects but these are the key ones The object also has a custom object in that was build by SAP called ZLSCH      Payment method  We want the system to do a check on the payment method

• Mov Type - Authorisation Check

  Hi Everybody
  I want to control my mov types thru the Authorisation check ie Suppose there is a Log in "x" , and I dont want to give hime  the Atuthorisation of mov type 551/552 under mb1a Tcode but rest all Mov types can be used by him .
  Pls advice how to go ahead for the same
  Rgds
  Manoj

  Manoj,
  This can be controlled by std authorisation object check. This will be given by basis in PFCG transaction. The setting in the relevant authorisation object example M_MSEG_BWA has to be provided.
  The movement type will appear as one of the parameters while a specific authorisation for a transaction is given. The movement type could be restricted here.
  Regards
  Ram

• How to add authorisation check to a program?

  Hi all :
        Could you please tell me how to add authorisation check to a program?  
        Thanks a lot.

  Hi,
  Check SAP help for authority-check. You can search on SDN on that.
  AUTHORITY-CHECK
  Basic form
  AUTHORITY-CHECK OBJECT object
  ID name1 FIELD f1
  ID name2 FIELD f2
  ID name10 FIELD f10.
  Thanks
  Nidhi

• Authorisation checks in NWBC

  Dear All,
  Is there a way, other than testing and tracing, we can get to know the list of authorization objects which get checked for various NWBC functionalities?
  Or if I move from one Service pack of GRC to another, is some list of new authorization object checks for webdynpro, available?
  Thanks

  Hi Paramjit
  You will not get an exact list of what is needed. You can look at the SAP_GRAC* roles as a base of what is needed and refine the access. You can also look at the GRAC authorisation objects.
  Security does not appear to change much between a support pack unless SAP identified a missing or incorrect authorisation check. Looking at the notes for the SP may help you identify these changes
  Ultimately, trial/error and testing/investigation. SAP standard roles are a starting point but then you will need to determine if you need to restrict access further.
  Regards
  Colleen

• OSA - Authorisation Checks

  Hi all:
  In my client's appraisal form, only the employee can fill in the form. They will also have to specify their manager's name as the appraiser.
  I tried to use "Default Manager" BADI for my appraisal form. However, this is not a complete functionality because the appraisee can simply change the appraiser's name, after system defaults. There is no control on the appraiser chosen. I can even choose my subordinate as my appraiser, which is not correct.
  I know that in "Processing" tab, we can de-select "No Authorisation Check for Appraiser". This feature will check if the user (in my case, the appraisee) has authorisation for the appraiser etc. A few questions I would like to find out:
  1) Will this functionality meet my requirement?
  2) To use this functionality, do I need structural authorisation or just non-structural authorisation?
  3) Should i use BADI "Authority Check" instead, to cater to my requirement?
  Many thanks for your advice in advance.
  Thank you,
  Ash

  What is an authorisation checks?
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  ·        Starting SAP transactions (authorization object S_TCODE)
  ·        Starting reports (authorization object S_PROGRAM)
  ·        Calling RFC function modules (authorization object S_RFC)
  ·        Table maintenance with generic tools (S_TABU_DIS)
  How do we provide a basic authorisation check read for a employee? Could anyone help me with the path?
  Go to transaction PFCG and provide the role based authorization.

• Authorisation checks failed

  Hi Guys
  A Problem has come in picture: I ran su53 and it ended with error for some users.
  This all has come in picture after we applied SP to SAP System.
  Authorisation check failed
     Object class BC_C Basis - Developement Environemnt
       Authorisation Ojb.S_TransLAT Translation environment ojbect
        Authorisation field ACTVT Activity
                                       02
        Authorisation filed TLANGUAGE Target Language
                                       E
        Authorisation field TRANOBJ Translation : Text type name
  Can anyone aware of this error?
  Regards
  Ricky
  Edited by: Ricky kayshap on Oct 14, 2008 4:56 PM

  Hi Ricky,
  You had said earlier that the SU53 had ended with errors for some users.What i wanted to say is that if you could check for those users if they are missing the authorizations as shown in SU53 in their user profile.
  For finding out the same.
  Go to SUIM
  Roles by complex search criteria
  In the field "User" give the user name i.e PASCOAJ
  Scroll down to the section "Selection according to authorization values"
  Enter the name of the auth. obj in the field "Object 1" i.e S_TRANSLAT
  Click on the button "Entry Values" and then in the respective fields below enter the values as per the SU53 error that you are getting.
  Then Execute.
  If the user PASCOAJ has this authorization avaliable in his user profile then the result would display the name of the roles through which he is getting the access or else it will display at the bottom "no data was selected" which would mean that the user does not have this particular authorization.
  You will then have to find out the appropriate roles if existing in your landscape with this authorization which can be assigned to the user without any SOD conflicts.
  Thanks,
  Saby..

• Authorisation checks

  hello frnds
  I have a a document number and listbox on selection screen. There are 5 vales in listbox ( create, save, cancel, park, post), my program works according to the vale selected in listbox.
  Now i have to add authorisation check in it, means if some user does not have the role to cancel/create it then it shuld give the message ' you are not authorised to cancel/create it' and for other values in listbox.
  In other words i have to give authorisation according to roles.
  Kindly suggest how can i do it???
  regds

  Hi,
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  Starting SAP transactions (authorization object S_TCODE)
  starting reports (authorization object S_PROGRAM)
  Calling RFC function modules (authorization object S_RFC)
  Table maintenance with generic tools (S_TABU_DIS)
  The authorization objects S_TCODE, S_PROGRAM, S_RFC, and S_TABU_DIS are standard SAP provided.
  data: wa_tstc type tstc.
  parameters: p_tcode type tcode.
  authority-check object 'Z_TCODE'
  id 'ACTVT' field '03' " read access
  id 'ZTCODE' field p_tcode. " actual value
  if sy-subrc eq 0. " check authorization
  * fetch record
  select single *
  from tstc
  into wa_tstc
  where tcode eq p_tcode.
  write:/ wa_tstc-tcode,
  wa_tstc-pgmna,
  wa_tstc-dypno,
  wa_tstc-menue,
  wa_tstc-cinfo,
  wa_tstc-arbgb.
  else.
  * bad authorization
  write:/ 'Bad Authorization'.
  endif.

• Authorisation checks while calling SAPGUI.

  Hi All,
  I am analysing the authorisations required to call SAP GUI Script.
  Autho obj S_SCR with ACTVT 16, should be present in user's profle to successfully call the SAPGUI Script.
  However auth check will only be active sapgui/user_scripting_per_user to TRUE.we have set the parameter to TRUE and were expecting for SAPGUI Script call to fail because of above missing authorisation.
  However, as the SAPGUI Script was successfully called without access to S_SCR auth obj.
  (Trace shows a check and returns a code RC=12,  for obj S_SCR).
  Can someone provide me inputs on authorisation checks while calling SAPGUI.

  Additional authorization check of S_SCR through parameter : sapgui/user_scripting_per_user is available with below software versions :
  SAP GUI for Windows
  1- 6.40: Patch 22 and following
  2- 7.10 and following
  SAP System
  1 - 6.40: Kernel 6.40 patch level 159, support package SAPKB64020
  2 - 7.00: Kernel 7.00 patch level 87, support package SAPKB70011
  3 - 7.10 and following
  Just check the version of SAP GUI and let us know.

• Authorisation checks fails in FMRP_RFFMEP1AX

  Hi,
  I've created a role giving access to transaction FMRP_RFFMEP1AX with restrictions on possible values
  for funds, budgetgroup, budgetposition.
  The authorisation checks succeed for funds and budgetgroup but fail for budgetposition : the report output shows lines which it shouldn't. I'm not an ABAP expert, but could it possible to disable programmatically certain authorisation checks ? How/where can I check this out ?
  Kind regards,
  Erik

  Hi Forhad,
  I'm not sure if the error is related to the communication between the Java and the BW or if it's a problem with the authorization.
  Are you using a customer exit or an authorization variable in your query/bookmark?
  Check if by chance your query have an hirarchy assigned to a characteristic, then, check the user's authorization and check whether you have enough authorization for the hierarchy.
  I'm unsure, but maybe note 916090 can help you.
  I hope it helps.
  Regards,
  Daniel

• Authorisation check in MI07

  Dear SAP gurus,
  We are trying to perform an authorisation check on the movement types 701 and 702. Can you kindly suggest the best way to do this and if possible guide us to the best user exit possible.
  Many thanks
  PRG

  These are Background generated movement types.Better you give MI07 access to limited people so that you can track it.Give autorization MI01 ,MI02...to all people.Give MI07 posting transaction to some manager or criticle people so that they can not access the the transaction.
  Check with basis team what their view on this.
  Edited by: Sridhar Jayavarapu on Mar 6, 2012 10:08 PM