Creation and usage of Authorization Objects in ABAP Programs

Applies to:
SAP ECC 6.0. For more information, visit the ABAP homepage.

Summary
This document helps people to understand the steps involved in creation of Authorization objects in SAP and using Authorization objects in ABAP program. Author: Sai Ram Reddy Neelapu

Company: Atos Origin - Singapore Created on: 09 February 2011

Author Bio
Sai Ram Reddy Neelapu working as Sr. ABAP Consultant in Atos Origin for more then 5 years.

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 1

Creation and usage of Authorization Objects in ABAP Programs

Table of Contents
Purpose of Authorization .................................................................................................................................... 3 Steps Involved in Creating Authorization Objects ........................................................................................... 3
1. Create Authorization Field........................................................................................................................................ 3 2. Create Authorization Class ...................................................................................................................................... 4 3. Create Authorization Object ..................................................................................................................................... 5 4. Create Roles ............................................................................................................................................................ 7 5. Create Custom Module Pool Program ................................................................................................................... 10

Output:………. .................................................................................................................................................. 12 Related Content ................................................................................................................................................ 14 Disclaimer and Liability Notice .......................................................................................................................... 15

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 2

Creation and usage of Authorization Objects in ABAP Programs

Purpose of Authorization
SAP, security has always been an important part throughout the product life cycle, including product development, planning, and quality-assurance.   Authorization Objects are mainly used to control user‟s privileges for specific data selection and activities within the program SAP has given us an option to create our own authorization objects or use existing standard authorization objects. All this authorization objects can be used during the role creation or can be implemented with in the custom ABAP program.

Steps Involved in Creating Authorization Objects 1. Create Authorization Field 2. Create Authorization class 3. Create Authorization object 4. Create Roles 5. Create Custom program using Authorization object.

In Detailed 1. Create Authorization Field
Note: Transaction code for creating Authorization field is SU20

1.1. Go to transaction code SU20. 1.2. Press Create Button.

1.3. Enter Field Name as “ZTRNCODE” and data element as “TCODE”. Press Enter

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 3

Creation and usage of Authorization Objects in ABAP Programs

1.4. Press Save.

2. Create Authorization Class
Note: Transaction code for creating Authorization class is SU21

2.1. Go to transaction code SU21 2.2. Press Create button, for creating “Object Class”, as highlighted below.

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 4

Creation and usage of Authorization Objects in ABAP Programs

2.3. Enter Object Class as “ZTC” and give description, press Save.

3. Create Authorization Object
Note: Transaction code for creating Authorization Object is SU21

3.1. Go to transaction code SU21. 3.2. Select Authorization object class which we created in step 2 3.3 Press Create button, for creating “Authorization Object”, as highlighted below.

3.4. Enter Object “ZTRN_CODE” and description

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 5

Creation and usage of Authorization Objects in ABAP Programs

Also maintain the required authorization fields, here in this scenario we will be using standard field “ACTVT” and “ZTRNCODE” created in step 1.

3.5. Press Enter, and click on Permitted Activities, shown in the above screen capture. Click Ok, on pup-up 3.6. Select activities 01(Create or Generate) and 02(Display) as shown below.

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 6

Creation and usage of Authorization Objects in ABAP Programs

3.7. Press Save and Exit 4. Create Roles
Note: Transaction code for creating Roles is PFCG

4.1. Enter transaction code PFCG 4.2. Enter Role “ZCUSTOM_ROLE_CREATE”, press Single Role

4.3. Enter description and go to Authorizations tab, click on Propose Profile Names

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 7

Creation and usage of Authorization Objects in ABAP Programs

4.4. Click on change Authorization data On Pop-up press do not select templates.

4.5. Click “Manually” on the application tool bar.

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 8

Creation and usage of Authorization Objects in ABAP Programs

4.6. Key-in Authorization object “S_TCODE” and “ZTRN_CODE” which was created in step 3. Press enter to continue

4.7. Assign transaction code „ZTEST_AUTH‟ (this is the custom program transaction code) and Activity „01‟, save and Generate.

Note: Create new role “ZCUSTOM_ROLE_DISPLAY” follow step 4.1 to 4.7, make sure you change the activity type from “01” to “02”

Note: Assign Role “ZCUSTOM_ROLE_CREATE” to user “ZTEST1” and Role “ZCUSTOM_ROLE_DISPLAY” to user “ZTEST2”

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 9

Creation and usage of Authorization Objects in ABAP Programs

5. Create Custom Module Pool Program
Note: Transaction code for creating custom Program SE38

5.1. Create 3 Screens 0500, 1000, 2000, with screen type normal 5.2. On screen 500, place a push button

In PAI event of screen 500 enter the following code

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 10

Creation and usage of Authorization Objects in ABAP Programs

5.3. On screen 1000, place a text and give description as “You are authorized to Create” 5.4. On screen 2000, place a text and give description as “You are Authorized for Display” 5.5 Create transaction code “ZTEST_AUTH”

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 11

Creation and usage of Authorization Objects in ABAP Programs

Output:
1) Login as user ZTEST1 2) Run Transaction code “ZTEST_AUTH”

3) Press Create 4) It will take you to the below screen

Now repeat the above steps logging in as user ZTEST2 Output will be display as shown below once you click Create button.

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 12

Creation and usage of Authorization Objects in ABAP Programs

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 13

Creation and usage of Authorization Objects in ABAP Programs

Related Content
www.help.sap.com http://www.sdn.sap.com/irj/sdn/security For more information, visit the ABAP homepage

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 14

Creation and usage of Authorization Objects in ABAP Programs

Disclaimer and Liability Notice
This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade. SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document, and anyone using these methods does so at his/her own risk. SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or code sample, including any liability resulting from incompatibility between the content within this document and the materials and services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of this document.

SAP COMMUNITY NETWORK © 2011 SAP AG

SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 15

Sign up to vote on this title
UsefulNot useful