Table for authorization objects

Similar Messages

• Table Name - For Authorization objects and fields.

  Hi
  Could any  one let me Know In which Table Authorization Objects and Authorization fields are stored.
  Thanks N Regards.
  Priya

  hi,
  TOBJ ---> Authorisation Objects
  Refer to the link.
  http://saptechnicalinfo.blogspot.com/2008/07/sap-authorization-objects-tables.html
  Regards
  Sumit Agarwal

• Translate Object class (for authorization objects)

  I wonder where I can translate the objects class (SU21 - auth objects). I manages to find where I can translate the authorization objects in SE63.
  What what is the object type for the objects class in order to translate it.

  SAP itself told me there is no way to do so. They recommend to directly edit the corresponding text table.

• Field Validation for Authorization Object field on selection screen

  Hi Experts,
  We have included a new field u2018Authorization Objectu2019 in the selection screen which should be reflected in the field Authorization Object of the spool property. Please let us know how we can provide F4 help for this field and also validate it in the code.
  The data element "RSPOAUTH" is used for the field on selection screen parameter. However, as there is no value table attached to the domain, we are unable to provide any F4 help and hence cannot validate the field in the code.
  Looking forward for your valuable reply.
  Thanks in advance.
  --Warm Regards,
    Prajakta Kanitkar.

  Hi Prajakta,
     You can refer the following code for getting F4 help.
  TYPES: BEGIN OF stru_btc,
           zesgbtc TYPE zhr_del_btc,
         END OF stru_btc.
  DATA: it_btc TYPE STANDARD TABLE OF stru_btc
  SELECT-OPTIONS: s_zzbtc FOR pa0001-zzbtc NO INTERVALS.
  AT SELECTION-SCREEN ON VALUE-REQUEST FOR s_zzbtc-low.
    SELECT * FROM zbtc INTO CORRESPONDING FIELDS OF TABLE it_btc.
    CALL FUNCTION 'F4IF_INT_TABLE_VALUE_REQUEST'
      EXPORTING
        retfield        = 'BTC'
        dynpprog        = sy-repid
        dynpnr          = sy-dynnr
        dynprofield     = 'S_ZZBTC'
        value_org       = 'S'
      TABLES
        value_tab       = it_btc
      EXCEPTIONS
        parameter_error = 1
        no_values_found = 2
        OTHERS          = 3.
    IF sy-subrc <> 0.
  MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
          WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
  Hope this will help you.
  Thanks & Regards.
  Aniruddha

• How to delete duplicate entries in table for the object DNL_CUST_BASIS2

  Hi All,
  I am trying to download the object DNL_CUST_BASIS2.
  In the SMQ2 the status is SYSFAIL.
  I checked in the ST22 for dumps.It says about the error while accessing the table T006.
  While analysing this,i found some duplicate entries in the related tables of this object.
  Can somebody help me how to delete these duplicate entries?
  Thanks,
  Senthil.

  Delete them directly from the table using se16:
  select the entries in the classic view (not ALV or grid view).
  activate the debugger.
  press the view button. --> you'll enter in the debugger
  press F7
  locate the sy-ucomm variable & change it to "DELE".
  press F8
  delete the entries.
  Trick-shots
  but it works!
  Michael.

• Missing authorizations for authorization object UIU_COMP

  I have generated the pfcg role for a business role using report CRMD_UI_ROLE_PREPARE and assigned the pfcg role to a user.
  The user is apparently able to perform navigation as required. However, when a ST01 trace is run for the user, there are few missing authorizations for UIU_COMP. Could anyone please explain the reason for this? No changes have been made to object UIU_COMP  i.e. only values generated by the report is present there. Should the missing authorizations be added manually to the role?

  I would recomend that you define for component UIU_COMP in your pfcg role full access (all set to *), because this authorization object is used for access to web ui components. Even thou if you define this object to full access users will still see just components defined in business role.
  Regards.

• Table for info objects

  Hi Experts,
  I have lot of info objects descrption. and i want to find out technical names for all these, is there any specific table for this?
  Thanks
  David

  Hi David,
  Check out the below tables
  RSDIOBJ                  Directory of all InfoObjects
  RSDIOBJT                Texts of InfoObjects
  RSDIOBJ                      Directory of all InfoObjects
  RSDIOBJT               Texts of InfoObjects
  RSDATRNAV          Navigation Attributes
  RSDATRNAVT        Navigation Attributes
  check out the below link
  http://zodano.wordpress.com/2009/01/16/sap-bw-tables/
  Regards,
  Venkatesh

• Prompt for Authorization Object

  Dear Experts,
  I would like to have control on certain authorization objects which are common among the roles while creating them.
  Is it possible that while maintaining or creating a role, if by mistake the administrator does not block the object OR add an entry which we do not authorize, the system should alert the administrator as a popup or alert message?
  I am aware about the report "RSUSR008_009_NEW" for maintaing critical authorizations, however, running a report and giving a prompt are two different things.
  Any possibility of an alert?
  Thanks and Regards,

  Hi J K
  I take the following approach with SU24:
  Complete Proposal - completely maintain an authorisation proposal when that values applies for any situation in PFCG role build. E.g. transaction FB03 for object F_BKPF_BUK has fields ACTVT and BUKRS. You can allow the value as ACTVT = 03 and BURKS = $BUKRS (org value) or each scenario
  Partial Proposal - only maintain some of the fields where it will be consistent. E.g transaction OB52 for posting periods and S_TABU_DIS with field ACTVT and DIBERCLS. You leave ACTVT blank as sometimes you want change whilst DIBERCLS for auth group is static so you can enter a value there
  Empty Proposal - leave the proposal values completely blank as the requirement will depend on the scenario. E.g transaction SM30 you might leave S_TABU_DIS empty as it will depend on the role for both fields.
  If you take this approach, you minimise the need for deactivating object, copying/changing and manual objects in PFCG. You maximise role authorisation under status of Standard or Maintained.
  Now if we set the proposals in su24, it will be applicable for other new roles as well for which we DO want the proposals to exist.
  Yes if you change SU24 you should clean up all impacted roles but before you build roles you should review
  At the end of the day your need to have competent security administrators who know what a display activity is and have attention to detail/meticulous enough to build the role with appropriate restrictions (i.e. do not put change access in a display role).
  How can we avoid the "new authorizaiton objects" to be added to this display role.
  To avoid this you are trying to avoid using SU24 integration. If you are tying to build a SAP display all role then you might as well copy SAP_ALL and go through and deactivate/remove any display access from the role. In this case you would not use the role menu.
  Not all solutions are technical. It's why you need to have a clearly defined process that is adhered to.
  My trick of display roles - I got the AGR_1251 role and look at the entire contents of the role and scan this list of objects and what's in the role. However, I do this as I know the objects relatively well and can identify the specific objects that are change/display  but do not use ACTVT field (e.g. PLOG/P_ORGIN/P_PERNR)
  Wonder why SAP prompts warning and errors messages doing a business/financial transaction and not security.
  Exactly what would you want the system to prompt? How would SAP know what a display role is?
  We noted that every time we add a t-code, the authorization object added is marked as "new" in the list. we jsut disable those and generate it
  If you take this approach you cannot guarantee the transaction code will work. The user may need the underlying values and that is why SU24 has them marked as proposal.
  My summary - defined your process to include a quality check after building a role and hire security administrators who know more than how to tick and click buttons in PFCG (i.e. they understand security objects and why some are sensitive).
  Regards
  Colleen

• Check for Authorization object

  Hi All,
  I have a report which will authorize the person running the report.
  I have been given a requirement which is to not accept some users and accept some users.
  Now I know this is possible with authorization object but as I never worked with it so I exactly kind of getting in confusion as to how to go about it.
  Could some one let me know how to go about it. I have few questions.
  1. what is the exact use of authorization object.
  2. I can build in the logic but what all should one start with before going for before implementing authorization object for the report.
  3. I know there is some basis work involved in this but what is that ?
  Thanks,
  Mahen

  Hi,
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  Reward points if useful
  Regards
  Anji

• Source  table for info object

  Hi,
  Can anybody tel me the  SOURCE TABLE FOR the Info Object <b>Plant</b>  technical name is " 0PLANT "..Is coming under Info Cube  "Purchasing Data "..
  Thanks in advance
  Umesh mc

  Barbara,
  Did you do the replication of the datasources ?
  Goto SourceSystem -> select your BW system -> right click replicate datasources.
  Then refresh your object tree, it should show you the datasource.
  Hope this helps,
  GSM.

• Journal tables for Oracle Objects

  Hi.
  How can I create Journal tables for database tables including columns with datatype being a Nested table. I am trying to this in Oracle Designer.
  Thanks.

  Hi,
  check this table <b>TADIR</b> .
  Enter OBJECT = PROG
  and see in SE16.
  follow this link for sample program.
  http://abap4.tripod.com/Upload_and_Download_ABAP_Source_Code.html
  regards,
  Ashok Reddy

• Role Maintenance - Automatically generated names for authorization objects

  Hello NG,
  I've got a question concerning the mentioned subject.
  Currently I am maintaining the roles/authorizations of a customers system (Rel. 3.0) which has moved to Rel. 7.0.
  When I add an authorization object to a role, the technical name is generated automatically. How can I set up the naming conventions for the authorization objects?
  Thank you very much.
  Regards ..

  Hi SUNIL L,
  I refered to 3.0 but I think that the release version has no relevance for my problem. I think I should try to explain my problem once more:
  When I add an authorization object to a role, a technical name is generated automatically and assigned to it. Is it possible to set any naming conventions for this?
  Regards..

• Table for all objects in a bex query structure

  Hi All,
  I am looking for some table/report/t code where I can find all Char,Kf,Rkf and Ckfs along with technical name of that query.
  I know there are couple of work around for this like capturing a screenshot or collect objects via transport connection and copy paste objects from there.
  Basically I need a meta data repository where I can see all this information in a complete manner. I tried to dig around in some tables but they don't have all information  at single place.
  Any help would be appreciated.
  Thanks,
  Vikas

  Hey.  There are a number of tables related to query elements.  I would go through them and figure out which pertain to exactly what you need.  You could then buold an InfoSet query (via SAP Query)  to output all the information you are looking for.  Here is a list of the main query tables...
  Table Name          Use of the table
  RSZELTDIR -      Directory of the reporting component elements
  RSZELTTXT     -     Texts of reporting component elements
  RSZELTXREF -    Directory of query element references .
  RSRREPDIR      -    Directory of all reports (Query GENUNIID) .
  RSZCOMPDIR  -  Directory of reporting components.
  RSZRANGE      -    Selection specification for an element
  RSZSELECT      -    Selection properties of an element
  RSZCOMPIC      -    Assignment reuseable component <-> InfoCube
  RSZELTPRIO      -    Priorities with element collisions
  RSZELTPROP  -   Element properties (settings)
  RSZELTATTR  -   Attribute selection per dimension element
  RSZCALC       -  Definition of a formula element
  RSZCEL  -  Query Designer: Directory of Cells
  RSZGLOBV     - Global Variables in Reporting
  RSZCHANGES - Change history of reporting components
  Sorry, I know this looks messy,  Cut and paste didn't work for me that great.
  Thanks

• Tables for tracing  objects using date option.

  Hi,
      We need to develop a program in which newly developed objects on a particular date has to be traced.what tables can i use for this requirement.

  Hi,
  check this table <b>TADIR</b> .
  Enter OBJECT = PROG
  and see in SE16.
  follow this link for sample program.
  http://abap4.tripod.com/Upload_and_Download_ABAP_Source_Code.html
  regards,
  Ashok Reddy

• Table for Authorizations

  Dear All,
  What is the table name in which the general authorizations for various users is stored?
  Please help me.
  Tamil

  Hi Tamil,
  please see Note [1175770|https://service.sap.com/sap/support/notes/1175770] - User Authorisations cannot be queried.
  All the best,
  Kerstin