Beruflich Dokumente
Kultur Dokumente
Applies to:
SAP ECC 6.0. For more information, visit the ABAP homepage.
Summary
This document helps people to understand the steps involved in creation of Authorization objects in SAP and using Authorization objects in ABAP program. Author: Sai Ram Reddy Neelapu
Author Bio
Sai Ram Reddy Neelapu working as Sr. ABAP Consultant in Atos Origin for more then 5 years.
Table of Contents
Purpose of Authorization .................................................................................................................................... 3 Steps Involved in Creating Authorization Objects ........................................................................................... 3
1. Create Authorization Field........................................................................................................................................ 3 2. Create Authorization Class ...................................................................................................................................... 4 3. Create Authorization Object ..................................................................................................................................... 5 4. Create Roles ............................................................................................................................................................ 7 5. Create Custom Module Pool Program ................................................................................................................... 10
Output:. .................................................................................................................................................. 12 Related Content ................................................................................................................................................ 14 Disclaimer and Liability Notice .......................................................................................................................... 15
Purpose of Authorization
SAP, security has always been an important part throughout the product life cycle, including product development, planning, and quality-assurance. Authorization Objects are mainly used to control users privileges for specific data selection and activities within the program SAP has given us an option to create our own authorization objects or use existing standard authorization objects. All this authorization objects can be used during the role creation or can be implemented with in the custom ABAP program.
Steps Involved in Creating Authorization Objects 1. Create Authorization Field 2. Create Authorization class 3. Create Authorization object 4. Create Roles 5. Create Custom program using Authorization object.
1.3. Enter Field Name as ZTRNCODE and data element as TCODE. Press Enter
2.1. Go to transaction code SU21 2.2. Press Create button, for creating Object Class, as highlighted below.
2.3. Enter Object Class as ZTC and give description, press Save.
3.1. Go to transaction code SU21. 3.2. Select Authorization object class which we created in step 2 3.3 Press Create button, for creating Authorization Object, as highlighted below.
Also maintain the required authorization fields, here in this scenario we will be using standard field ACTVT and ZTRNCODE created in step 1.
3.5. Press Enter, and click on Permitted Activities, shown in the above screen capture. Click Ok, on pup-up 3.6. Select activities 01(Create or Generate) and 02(Display) as shown below.
4.1. Enter transaction code PFCG 4.2. Enter Role ZCUSTOM_ROLE_CREATE, press Single Role
4.3. Enter description and go to Authorizations tab, click on Propose Profile Names
4.4. Click on change Authorization data On Pop-up press do not select templates.
4.6. Key-in Authorization object S_TCODE and ZTRN_CODE which was created in step 3. Press enter to continue
4.7. Assign transaction code ZTEST_AUTH (this is the custom program transaction code) and Activity 01, save and Generate.
Note: Create new role ZCUSTOM_ROLE_DISPLAY follow step 4.1 to 4.7, make sure you change the activity type from 01 to 02
Note: Assign Role ZCUSTOM_ROLE_CREATE to user ZTEST1 and Role ZCUSTOM_ROLE_DISPLAY to user ZTEST2
5.1. Create 3 Screens 0500, 1000, 2000, with screen type normal 5.2. On screen 500, place a push button
5.3. On screen 1000, place a text and give description as You are authorized to Create 5.4. On screen 2000, place a text and give description as You are Authorized for Display 5.5 Create transaction code ZTEST_AUTH
Output:
1) Login as user ZTEST1 2) Run Transaction code ZTEST_AUTH
Now repeat the above steps logging in as user ZTEST2 Output will be display as shown below once you click Create button.
Related Content
www.help.sap.com http://www.sdn.sap.com/irj/sdn/security For more information, visit the ABAP homepage