Userrole - Authorization object - Field Values

Hi all,
we want to make a analyses of our user roles. We want to have an overview of :
Role + assigned tcode + checked auth. objects + auth. fields
At the moment I am just able to list all tcodes per role, and afterwards I can copy them to su24.. but there is no possibility for making one List with all roles and so on...
Is there a possibility for getting those linked information on a easy way?
thx in advance...
markus

Hi Markus,
This can be acheived by Z program ....we had some similar requirement in one of the clients i worked ...where report for this will have Input field Role name ...
Role name will be Input for this report
1)First It will retrieve list of transaction codes from AGR_1251 for a role.
2) Then you need to have Auth Objects Checked with Default Values + Checked when maintained in role for list of all T codes you have retrived from AGR_1251 ... u would get this list from USOBT_X and OSOBT_C
3) After collating all the objects get the values of these objects from the role for these objects.
Markus, If you can share with me ...reason for doing exercise ...i think i can be of some help to you ...
Regards,
Priyank.

Similar Messages

Authorization Object Field Values

Hello All,
I am trying to look for all possible values of an authorization object field's in change mode of a role. But when I click the pencil icon beside the specified field, for few auth objects field's, the list doesnt pop up.
Any idea, what is happening?
Thanks.
Rajesh

> I am trying to look for all possible values of an authorization object field's in change mode of a role. But when I click the pencil icon beside the specified field, for few auth objects field's, the list doesnt pop up.
> Any idea, what is happening?
For quite a lot of fields the possibilities are not forseeable because they are completely dependent on your configuration. The ones with pop-up-lists have check tables configured. Some fields also accept wildcards and ranges..... so their possibilities are endless.
I think it is a good idea to want such a list but I doubt if you'll ever get it.

Field Validation for Authorization Object field on selection screen

Hi Experts,
We have included a new field u2018Authorization Objectu2019 in the selection screen which should be reflected in the field Authorization Object of the spool property. Please let us know how we can provide F4 help for this field and also validate it in the code.
The data element "RSPOAUTH" is used for the field on selection screen parameter. However, as there is no value table attached to the domain, we are unable to provide any F4 help and hence cannot validate the field in the code.
Looking forward for your valuable reply.
Thanks in advance.
--Warm Regards,
Prajakta Kanitkar.

Hi Prajakta,
 You can refer the following code for getting F4 help.
TYPES: BEGIN OF stru_btc,
 zesgbtc TYPE zhr_del_btc,
 END OF stru_btc.
DATA: it_btc TYPE STANDARD TABLE OF stru_btc
SELECT-OPTIONS: s_zzbtc FOR pa0001-zzbtc NO INTERVALS.
AT SELECTION-SCREEN ON VALUE-REQUEST FOR s_zzbtc-low.
SELECT * FROM zbtc INTO CORRESPONDING FIELDS OF TABLE it_btc.
CALL FUNCTION 'F4IF_INT_TABLE_VALUE_REQUEST'
 EXPORTING
 retfield = 'BTC'
 dynpprog = sy-repid
 dynpnr = sy-dynnr
 dynprofield = 'S_ZZBTC'
 value_org = 'S'
 TABLES
 value_tab = it_btc
 EXCEPTIONS
 parameter_error = 1
 no_values_found = 2
 OTHERS = 3.
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
 WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
Hope this will help you.
Thanks & Regards.
Aniruddha

Authorization Object=S_RFC values for Integarted Planing

Hello all,
Does any one know specific values(Function Group Names) just to authorize and enable users to open IP-Workbooks on BEx.
Authorization Object: S_RFC- Authorization Check for RFC access..
When I give full "*" authorization everyting is working fine, but I dont want to give full RFC access authorization to End users, I just want to give specific values for IP.
Thanks, Regards,
Ali
Edited by: Ali on Oct 20, 2009 12:09 PM

Hi,
try the following objectnames. I think they are from a SAP Standard Role but include web-reporting.
If you want to know exactly which you have to authorize, activate authorization trace in st01 and check which authorization-checks fail when you execute BEX
RFC1
RRMX
RRXWS
RRY1
RSAH
RSBOLAP_BICS
RSBOLAP_BICS_CONSUMER
RSBOLAP_BICS_PROVIDER
RSBOLAP_BICS_PROVIDER_VAR
RSFEC
RSMENU
RSOBJS_RFC_INTERFACE
RSOD_BIRM
RSRCI_LOCAL_VIEW
RSR_XLS_RFC
RSWAD
RSWRTEMPLATE
RS_BEX_REPORT_RFC
RS_IGS
RZX0
RZX2
SDIFRUNTIME
SM02
SMHB
SRFC
SUNI
SUSO
SYST
SYSU

How to get the values for the Authorization Object Fields....

Hi Everyone,
I'm pretty new to the SAP Security and have been working on the Basis sides...I created a new role in PFCG and added a few transactions (ME13) and clicked on the Authorizations tab. In there, the authorization tree is in yellow and red. After providing the Org Values, only the yellow lights remain (apart from the green one ofcourse). Now how do we get the values for the different auth obj fields that are in yellow... say for example
Conditions                                                   COND
Maintain Condition: Auth. for Use/Appl./Cond.Type/Table      V_KOND_VEA
Activity                       03                                                                        ACTVT
Application                                                                                KAPPL
Condition table                                                                                KOTABNR
Condition Type                                                                                KSCHL
Usage of the condition table                                                                 KVEWE
Here the values for V_KOND_VEA fields e.g. KAPPL, KOTABNR etc are missing.
My question is how do we get these values in regard to the requirement provided by the client...is it the functional guys who provide these values or else how is a security person supposed to know it...
All the help in this regard is sincerely appreciated along with the awarding of points...

Hey thanks Alex and Catastrophe for the quick response...
I'll be sitting with the functional team and reviewing the roles created.
Thanks for all the help once more
Regards,
Akash.

Can I print an objects fields' values in a loop without having to cast?

Hi,
I have a Class with about 30 (public)fields and I need to print the values of each of them to a file. I tried the getFields() method of the Class object, but couldn't get the desired result, especially that the documentation says no order is guaranteed when using this method and I need to know have one in order to be able to read from the file when reconstriucting the object.
I considered using the Object Streams but I need it to be in human readable format, preferably ASCII, as the fields are int, long, String, Date...
Also the object might grow so I don't want to hardcode the writing and reading methods, would like it to be as generic as possible.
Thanks for help

hallo,
have you tried XMLEncoder ; something like this (from the API docs):
XMLEncoder e = new XMLEncoder(
new BufferedOutputStream(
new FileOutputStream("Test.xml")));
e.writeObject(new JButton("Hello, world"));
e.close();
you can customize which parts of the objects are written, i think. otherwise, just create bean-like setter and getter methods for the fields and they should be automatically written (and read with XMLDecoder).
ciao, -sciss-

Unable assign a BPM Object field value to a JSP Variable using "invoke"

Hi,
I'm unable to retrieve a value returned by a BPM Object Method and use it in JSP. Here is what I'm trying to achieve:
BPM object named : "myObject" has a method "getRequiredValue" which returns a "String". I want to assign the value returned by "getRequiredValue" to a JSP Variable "myVariable" using invoke method as below:
<% String myVariable = ""; %>
<f:invoke var="${myObject}" methodName="getRequiredValue" retAttName="myVariable"/>
<% out.println ("myVariable: " + myVariable); %>
When I execute the above code I don't get the value being returned by "getRequiredValue" into "myVariable".
Any help would be highly appreciated!
regards,
MK

1. Make sure you mark the "Server Side Method" property of the getRequiredValue method to "Yes".
2. I guess you dont need to specify "<% String myVariable = ""; %>". Try removing it.
3. Replace "<% out.println ("myVariable: " + myVariable); %>" by <c:out value="${myVariable}"/> just in case!
4. Lastly, I hope "myObject" is the name of the instance variable in your screenflow, and not the BPM object name.
Hope this helps
-Hemant

Getting response object field value as null when importing xsd file in wsdl

I have created a java webservice using X-Fire 1.2.6 framework and deployed on Tomcat 6.0 server. The response of the service is a java object named LoginDetail.
Inorder to reuse the basic elements and types we have defined them in a separate Types.xsd file which have been imported in the WSDl file using xsd:import by giving the path to the xsd file.
Below you can see the portion of the wsdl file
 <wsdl:types>
 <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
 attributeFormDefault="qualified" elementFormDefault="qualified"
 targetNamespace="http://webservices.gtl.de/xsd">
 <xsd:import namespace="http://webservices.gtl.de/xsd"
 schemaLocation="file:///D:/wsdl/LoginTypes.xsd"></xsd:import>
 </xsd:schema>
 </wsdl:types>
After deploying the application on Tomcat I could access the WSDL using a web browser and after that I could successfully generate webservice client code using using XFire wsgen ant build.
But when tried to call the service the fields of the response object(in my case it is LoginDetail object) returns null.
Follwing are the main class used for running the client and the output received as webservice respone.
Main class
public static void main(String[] args) {
CCLoginNewClient client = new CCLoginNewClient();
CCLoginNewPortType service = client.getCCLoginNewHttpPort();
LoginDetail loginDetail = service.getLogin("CCLoginNew", "DE", "DE", "100", "0", "CC", "15","9344");
System.out.println("service got in response : "+loginDetail.getService());
Output
service got in response : null
is this the right way to import an xsd file in a wsdl file?
Any input would be appreciated!
Thanks in advance

PramodDas wrote:
Output
service got in response : nullCheck with Apache TCPMonitor what response you are receiving from web service.
is this the right way to import an xsd file in a wsdl file?Make sure that you really need import, not the include. However, I guess it has nothing do with the actual issue. It just to make sure that you are using right option.

Authorization object with no authorization field

Hi Experts,
I have created authorization object with no field checking.
This is possible? Because i want to create this auth object for conversion only, and its not needed field checking.
Please advice.

Hi
See this and do accordingly
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Regards
Anji

Authorization Object Values

Hi All,
There's an authorization object called P_ORGINCON. It has 8 different fields and respective values. Now, one of the fields has '' as a value (two continuous single quotes, without space between them) and another field has ' ' as a value (continuous single quotes, with space between them).
What is the difference between both the values i.e., the two different quotes with and without spaces.
It would be 'rewarding' if someone can help me on this
Cheers,
Ravi

Hi
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Reward points for useful Answers
Regards
Anji

Query on authorization object

Hi,
I need to create one authorization object which contain only one field as sy-uname.
I carry out the following stapes:
1. I went to SU21
2. Create a class
3. create a authorization object
4. Add a field sy-uname in the field
Now , my query is that,
1. is it allowed to add sy-uname in there in the field or i have to put just 'uname' there. or what??
2. Is there any other steps required after adding the field in the authorization object
3. Do any one has some document on how these authorization object work execpt the F1 help on the 'AUTHORITY-CHECK' in the editor???

Hi
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Reward points if useful
Regards
Anji

Authorization objects details

Hi everyone,
How can I get the list of all authorization objects and their details for a specific user ?
Is there a function ?
Thanks.
Regards.

Hi
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Reward points for useful Answers
Regards
Anji

Authorization Object and Authorization...!!!

Hi BW Experts,
Could anyone plz tell me what is the difference between Authorization Object and Authorization..!!!
Thanks in Advance.
Regards,
Giftedbrain.

Giftedbrain,
Authorization Object:
An authorization object groups up to ten fields that are related by AND.
An authorization object allows complex tests of an authorization for multiple conditions. Authorizations allow users to execute actions within the system. For an authorization check to be successful, all field values of the authorization object must be appropriately maintained in the user master.
Authorization objects are divided into classes for comprehensibility. An object class is a logical combination of authorization objects and corresponds, for example, to an application (financial accounting, human resources, and so on). The line of the authorization object class is colored orange in the profile generator.
For information about maintaining the authorization values, double click an authorization object.
The line of the authorization object is colored green in the profile generator.
Authorization:
Definition of an authorization object, that is, a combination of permissible values in each authorization field of an authorization object.
An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
Authorizations allow you to specify any number of single values or value ranges for a field of an authorization object. You can also allow all values, or allow an empty field as a permissible value.
If you change authorizations, all users whose authorization profile contains these authorizations are affected.
As a system administrator, you can change authorizations in the following ways:
· You can extend and change the SAP defaults with role maintenance.
· You can change authorizations manually. These changes take effect for the relevant users as soon as you activate the authorization.
The programmer of a function decides whether, where and how authorizations are to be checked. The program determines whether the user has sufficient authorization for a particular activity. To do this, it compares the field values specified in the program with the values contained in the authorizations of the user master record.
The line of the authorization is colored yellow in the profile generator.
-Doodle

Check for Authorization object

Hi All,
I have a report which will authorize the person running the report.
I have been given a requirement which is to not accept some users and accept some users.
Now I know this is possible with authorization object but as I never worked with it so I exactly kind of getting in confusion as to how to go about it.
Could some one let me know how to go about it. I have few questions.
1. what is the exact use of authorization object.
2. I can build in the logic but what all should one start with before going for before implementing authorization object for the report.
3. I know there is some basis work involved in this but what is that ?
Thanks,
Mahen

Hi,
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Reward points if useful
Regards
Anji

What values are possible for a specific object/field

Hi everyone,
I am trying to do the following
Pull a list out of the system that would provide me with value's description for a specific authoirsation object / field
I have tried SE16 > AGR_1251 > one of my roles
I am getting the role, object, field, low and high values
for example
myrole - M_FORECAST - ACTVT - 03
What I have missing is the English description of what "03" is. for example "Display"
A 03 for a field may not always have the same meaning for different objects
Alternativly can I pull a list somewhere of the potential values and their description for a specific Authorization Object / Field combination?
Thank you
Coco

Please go through the following Tables:
TACT : Contains the Text Descriptions of all Activities (for e.g. 01= Create/ Generate, 02= change etc.)
TACTZ : Contains the Authorization Object specific Activities.
TOBJ : Description of Authorization Objects
TOBJT: Text Description of Authorization Objects
AUTHX: Details of Fields
TPARA: Parameter Ids of Fields
There are many more... but these are of help as per your question.
Regards,
Dipanjan

Userrole - Authorization object - Field Values

Similar Messages

Maybe you are looking for