creation and usage of authorization objects in …...creation and usage of authorization objects in...
TRANSCRIPT
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 1
Creation and usage of
Authorization Objects in ABAP
Programs
Applies to:
SAP ECC 6.0. For more information, visit the ABAP homepage.
Summary
This document helps people to understand the steps involved in creation of Authorization objects in SAP and using Authorization objects in ABAP program.
Author: Sai Ram Reddy Neelapu
Company: Atos Origin - Singapore
Created on: 09 February 2011
Author Bio
Sai Ram Reddy Neelapu working as Sr. ABAP Consultant in Atos Origin for more then 5 years.
Creation and usage of Authorization Objects in ABAP Programs
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 2
Table of Contents
Purpose of Authorization .................................................................................................................................... 3
Steps Involved in Creating Authorization Objects ........................................................................................... 3 1. Create Authorization Field........................................................................................................................................ 3
2. Create Authorization Class ...................................................................................................................................... 4
3. Create Authorization Object ..................................................................................................................................... 5
4. Create Roles ............................................................................................................................................................ 7
5. Create Custom Module Pool Program ................................................................................................................... 10
Output:………. .................................................................................................................................................. 12
Related Content ................................................................................................................................................ 14
Disclaimer and Liability Notice .......................................................................................................................... 15
Creation and usage of Authorization Objects in ABAP Programs
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 3
Purpose of Authorization
SAP, security has always been an important part throughout the product life cycle, including product development, planning, and quality-assurance.
Authorization Objects are mainly used to control user‟s privileges for specific data selection and activities within the program
SAP has given us an option to create our own authorization objects or use existing standard authorization objects. All this authorization objects can be used during the role creation or can be implemented with in the custom ABAP program.
Steps Involved in Creating Authorization Objects
1. Create Authorization Field
2. Create Authorization class
3. Create Authorization object
4. Create Roles
5. Create Custom program using Authorization object.
In Detailed
1. Create Authorization Field
Note: Transaction code for creating Authorization field is SU20
1.1. Go to transaction code SU20.
1.2. Press Create Button.
1.3. Enter Field Name as “ZTRNCODE” and data element as “TCODE”. Press Enter
Creation and usage of Authorization Objects in ABAP Programs
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 4
1.4. Press Save.
2. Create Authorization Class
Note: Transaction code for creating Authorization class is SU21
2.1. Go to transaction code SU21
2.2. Press Create button, for creating “Object Class”, as highlighted below.
Creation and usage of Authorization Objects in ABAP Programs
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 5
2.3. Enter Object Class as “ZTC” and give description, press Save.
3. Create Authorization Object
Note: Transaction code for creating Authorization Object is SU21
3.1. Go to transaction code SU21.
3.2. Select Authorization object class which we created in step 2
3.3 Press Create button, for creating “Authorization Object”, as highlighted below.
3.4. Enter Object “ZTRN_CODE” and description
Creation and usage of Authorization Objects in ABAP Programs
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 6
Also maintain the required authorization fields, here in this scenario we will be using standard field “ACTVT” and “ZTRNCODE” created in step 1.
3.5. Press Enter, and click on Permitted Activities, shown in the above screen capture.
Click Ok, on pup-up
3.6. Select activities 01(Create or Generate) and 02(Display) as shown below.
Creation and usage of Authorization Objects in ABAP Programs
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 7
3.7. Press Save and Exit
4. Create Roles
Note: Transaction code for creating Roles is PFCG
4.1. Enter transaction code PFCG
4.2. Enter Role “ZCUSTOM_ROLE_CREATE”, press Single Role
4.3. Enter description and go to Authorizations tab, click on Propose Profile Names
Creation and usage of Authorization Objects in ABAP Programs
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 8
4.4. Click on change Authorization data
On Pop-up press do not select templates.
4.5. Click “Manually” on the application tool bar.
Creation and usage of Authorization Objects in ABAP Programs
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 9
4.6. Key-in Authorization object “S_TCODE” and “ZTRN_CODE” which was created in step 3.
Press enter to continue
4.7. Assign transaction code „ZTEST_AUTH‟ (this is the custom program transaction code) and Activity „01‟, save and Generate.
Note: Create new role “ZCUSTOM_ROLE_DISPLAY” follow step 4.1 to 4.7, make sure you change the activity type from “01” to “02”
Note: Assign Role “ZCUSTOM_ROLE_CREATE” to user “ZTEST1” and Role “ZCUSTOM_ROLE_DISPLAY” to user “ZTEST2”
Creation and usage of Authorization Objects in ABAP Programs
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 10
5. Create Custom Module Pool Program
Note: Transaction code for creating custom Program SE38
5.1. Create 3 Screens 0500, 1000, 2000, with screen type normal
5.2. On screen 500, place a push button
In PAI event of screen 500 enter the following code
Creation and usage of Authorization Objects in ABAP Programs
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 11
5.3. On screen 1000, place a text and give description as “You are authorized to Create”
5.4. On screen 2000, place a text and give description as “You are Authorized for Display”
5.5 Create transaction code “ZTEST_AUTH”
Creation and usage of Authorization Objects in ABAP Programs
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 12
Output:
1) Login as user ZTEST1
2) Run Transaction code “ZTEST_AUTH”
3) Press Create
4) It will take you to the below screen
Now repeat the above steps logging in as user ZTEST2
Output will be display as shown below once you click Create button.
Creation and usage of Authorization Objects in ABAP Programs
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 13
Creation and usage of Authorization Objects in ABAP Programs
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 14
Related Content
www.help.sap.com
http://www.sdn.sap.com/irj/sdn/security
For more information, visit the ABAP homepage
Creation and usage of Authorization Objects in ABAP Programs
SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 15
Disclaimer and Liability Notice
This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade.
SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document, and anyone using these methods does so at his/her own risk.
SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or code sample, including any liability resulting from incompatibility between the content within this document and the materials and services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of this document.