What are Authorization Objects

y y

Added by suresh revuru, last edited by kishan P on Jan 13, 2012 (view change)

Authorization objects are composed of a grouping of fields. The values in these fields will be used in authorization check. There can be a maximum of 10 fields defind on an authorization object. Basically we use this authoirzation objects to check whether the user is having an authoirzation to run perticular transaction. We assign authorization objects to a role with specific ACTVT type. For example a user is authorized only to view, other could be authorized to modify and so on. IF your userid not attached to specific role than contact your basis team to resolve the problem by sending SU53 screen shot. AUTHORITY-CHECK is the statement used in an ABAP Program to perform an authorization check against an authorization obect. This statement will return sy-subrc is 0 if user has required authorization otherwise will return code will be other than Zero. Each return code will have different meaning. Example: 8 - User has to authorization. 12 - Too many parameters etc., STEP BY STEP TO CREATE AUTHORIZATION OBJECT: STEP1: goto SU21 transaction and create a new Authorization Object Object Name: Z..... Text: ........... ClassL SD (YOUR MODULE) AUTHOR: YOUR ID STEP2: Give authorizatin fields as ACTION - Action of the Authorization Activity - Document Destribution. STEP3: Basis will create a role using transaction PFCG and assign this authorization object to that role.

STEP4: Call the AUTHORITY-CHECK Object in your code. AUTHORITY-CHECK OBJECT <authorization object> ID <authority field 1> FIELD <field value 1>. ID <authority field 2> FIELD <field value 2>. IF sy-subrc 0. MESSAGE e000(zzpp) WITH 'No Authorization'. ENDIF.