SAP R/3 ABAP
Russian ABAP Developer's Club

Home - FAQ - Search - Memberlist - Usergroups - Profile - Log in to check your private messages - Register - Log in - English
Blogs - Weblogs News

How to Create and Use the Authorization Objects in ABAP



 
Post new topic   Reply to topic    Russian ABAP Developer's Club Forum Index -> Security and Monitoring
View previous topic :: View next topic  
Author Message
admin





Joined: 01 Sep 2007
Posts: 1636

PostPosted: Mon Mar 22, 2010 5:40 pm    Post subject: How to Create and Use the Authorization Objects in ABAP Reply with quote

How to Create and Use the Authorization Objects in ABAP

Published by rson.

Authorization Objects are used to manipulate the current users privileges for specific data selection and activities from within a program.

We could always create our own authorization objects and implement it in our own abap programs. As an example, we will create our own authorization field similar to TCD used in S_TCODE Authorization object

Steps to create authorization field
1. Go to transaction code SU20
2. Click the create new button on the application toolbar.
3. Enter ZTCODE in the Field Name and TCODE in the Data Element, then hit Enter.
4. Click the save button on the system toolbar.


Steps to create authorization class
1. Go to transaction code SU21
2. Click on the Create buttons drop down icon and select Object Class.
3. Enter ZTRN on the Object Class field.
4. Give it a description and save it.

Steps to create authorization object
1. Again in SU21, in the list of authorization class(folder icon), click the one that weve created(ZTRN).
2. Click on the Create buttodrop down, this time selecting Authorization Object.
3. Enter Z_TCODE on the Object field and give it a description.
4. On the authorization fields section, enter ACTVT and ZTCODE. ACTVT is used to set and limit the activity of the user, while the ZTCODE is the authorization field that weve created earlier which is
responsible for holding a list of tcodes.
5. On the Further Authorization Object Settings, click on Permitted activities button. Here we will select the specific activities that we want to be available for our authorization object.
6. As an example, we will select 01(Create), 02(Change), and 03(Display).
7. Save and Exit.

Now were done creating our own authorization object, let us now use and assign it to a user.

Steps to create a role
1. Go to transaction code PFCG.
2. Enter ZAUTHTEST on Role field and click the Single Role button.
3. Now give it a description, click the save button and click the Authorization tab.
4. Click the Change Authorization Data button inside the authorization tab.
5. Then click the Manually button on the application toolbar and type in the name of the authorization object that weve created earlier(Z_TCODE) and press enter.
6. Expand all the nodes, double click on the input field of the Activity and select activity 01 and 02.
7. Enter the tcode of our own abap program in ZTCODE field, in our example I used ZCOMM .
8. And also dont forget to add the S_TCODE authorization object and enter ZCOMM on its field.
9. Now Click on the Generate button in the application toolbar and press enter on the pop-up screen.
10. press the back button and assign a specific user on the user tab and click User Comparison button.
11. Now create another role by repeating steps 1 to 9 but this time select activity 03 on step 6.
12. Then assign this 2nd role to another user.

Now lets implement this authorization in our ABAP program. Let say we have a dialog program(ZCOMM) wherein we have a button on the screen that when clicked, the user will go to the Create/Edit screen(1000) if hes authorized. On the other hand, he will go to display only screen(2000) if hes not authorized. To do that, simply add the code below on your program.

Code:
  AUTHORITY-CHECK OBJECT 'Z_TCODE' "authorization object that weve created
      ID ACTVT FIELD '01'            "Activity = 01, authorized to create
      ID ZTCODE FIELD 'ZCOMM'. "tcodes that we wants to check for authorization
  IF sy-subrc EQ 0.
      CALL SCREEN 1000. "The user is authorized to create
  ELSE.
      CALL SCREEN 2000. "User is not authorized to create (Display only)
  ENDIF.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Russian ABAP Developer's Club Forum Index -> Security and Monitoring All times are GMT + 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


All product names are trademarks of their respective companies. SAPNET.RU websites are in no way affiliated with SAP AG.
SAP, SAP R/3, R/3 software, mySAP, ABAP, BAPI, xApps, SAP NetWeaver and any other are registered trademarks of SAP AG.
Every effort is made to ensure content integrity. Use information on this site at your own risk.