Scribd
Upload
26 views3 pages

Objects

The document discusses authorization checks in SAP systems. Authorization objects contain fields that define what activities a user is allowed to perform, like create, change or display. The AUTHORITY-CHECK statement is used to program authorization checks in transactions. Authorization objects and fields can be created and assigned to users through transactions like SU21, SUIM and PFCG to control user access.

Uploaded by

ashfaq.erp3780
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
26 views3 pages

Objects

The document discusses authorization checks in SAP systems. Authorization objects contain fields that define what activities a user is allowed to perform, like create, change or display. The AUTHORITY-CHECK statement is used to program authorization checks in transactions. Authorization objects and fields can be created and assigned to users through transactions like SU21, SUIM and PFCG to control user access.

Uploaded by

ashfaq.erp3780
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

In order to perform an authorisation check you have to find the

appropriate authorisation object. An authorisation object consist from


a table field and an activity field.

You can search for authorisation objects in SE84 -> Other Objects ->
Authorisation Objects.

For example let-s say you want to check authorisation for field
BUKRS.

You can take a look at authorisation object F_FEBC_BUK. Here you


can find fields BUKRS and ACTVT. If you press on permited activities
you will see three activities defined for this field: create, change,
display.

After this, in your program, you can use the AUTHORITY-CHECK


statement with this authirisation object. See documentation for this
statement.

Also, if you cannot find an appropriate object, you can create your
own authorisation object in transaction SU21.

In general different users will be given different authorizations based


on their role in the orgn.

We create ROLES and assign the Authorization and TCODES for that
role, so only that user can have access to those T Codes.

USe SUIM and SU21 T codes for this.

Much of the data in an R/3 system has to be protected so that


unauthorized users cannot access it. Therefore the appropriate
authorization is required before a user can carry out certain actions in
the system. When you log on to the R/3 system, the system checks in
the user master record to see which transactions you are authorized
to use. An authorization check is implemented for every sensitive
transaction.

If you wish to protect a transaction that you have programmed


yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the
definition of the transaction.

For example:

program an AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT <authorization object>

ID <authority field 1> FIELD <field value 1>.

ID <authority field 2> FIELD <field value 2>.

...

ID <authority-field n> FIELD <field value n>.

The OBJECT parameter specifies the authorization object.

The ID parameter specifies an authorization field (in the authorization


object).

The FIELD parameter specifies a value for the authorization field.

The authorization object and its fields have to be suitable for the
transaction. In most cases you will be able to use the existing
authorization objects to protect your data. But new developments
may require that you define new authorization objects and fields.

To ensure that a user has the appropriate authorizations when he or


she performs an action, users are subject to authorization checks.

Authorization : An authorization enables you to perform a particular


activity in the SAP System, based on a set of authorization object field
values.

You program the authorization check using the ABAP statement


AUTHORITY-CHECK.

AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'

ID 'ACTVT' FIELD '02'


ID 'CUSTTYPE' FIELD 'B'.

IF SY-SUBRC <> 0.

MESSAGE E...

ENDIF.

'S_TRVL_BKS' is a auth. object

ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create
or display.

The AUTHORITY-CHECK checks whether a user has the appropriate


authorization to execute a particular activity.

This Authorization concept is somewhat linked with BASIS people.

As a developer you may not have access to access to SU21


Transaction where you have to define, authorizations, Objects and for
nthat object you assign fields and values. Another Tcode is PFCG
where you can assign these authrization objects and TCodes for a
profile and that profile in turn attached to a particular user.

Take the help of the basis Guy and create and use.

You might also like