creation and usage of authorization objects in …...creation and usage of authorization objects in...

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com

© 2011 SAP AG 1

Creation and usage of

Authorization Objects in ABAP

Programs

Applies to:

SAP ECC 6.0. For more information, visit the ABAP homepage.

Summary

This document helps people to understand the steps involved in creation of Authorization objects in SAP and using Authorization objects in ABAP program.

Author: Sai Ram Reddy Neelapu

Company: Atos Origin - Singapore

Created on: 09 February 2011

Author Bio

Sai Ram Reddy Neelapu working as Sr. ABAP Consultant in Atos Origin for more then 5 years.

https://www.sdn.sap.com/irj/sdn/abap

Creation and usage of Authorization Objects in ABAP Programs


© 2011 SAP AG 2

Table of Contents

Purpose of Authorization .................................................................................................................................... 3

Steps Involved in Creating Authorization Objects ........................................................................................... 3 1. Create Authorization Field........................................................................................................................................ 3

2. Create Authorization Class ...................................................................................................................................... 4

3. Create Authorization Object ..................................................................................................................................... 5

4. Create Roles ............................................................................................................................................................ 7

5. Create Custom Module Pool Program ................................................................................................................... 10

Output:………. .................................................................................................................................................. 12

Related Content ................................................................................................................................................ 14

Disclaimer and Liability Notice .......................................................................................................................... 15



© 2011 SAP AG 3

Purpose of Authorization

SAP, security has always been an important part throughout the product life cycle, including product development, planning, and quality-assurance.

Authorization Objects are mainly used to control user‟s privileges for specific data selection and activities within the program

SAP has given us an option to create our own authorization objects or use existing standard authorization objects. All this authorization objects can be used during the role creation or can be implemented with in the custom ABAP program.

Steps Involved in Creating Authorization Objects

1. Create Authorization Field

2. Create Authorization class

3. Create Authorization object

4. Create Roles

5. Create Custom program using Authorization object.

In Detailed

1. Create Authorization Field

Note: Transaction code for creating Authorization field is SU20

1.1. Go to transaction code SU20.

1.2. Press Create Button.

1.3. Enter Field Name as “ZTRNCODE” and data element as “TCODE”. Press Enter



© 2011 SAP AG 4

1.4. Press Save.

2. Create Authorization Class

Note: Transaction code for creating Authorization class is SU21

2.1. Go to transaction code SU21

2.2. Press Create button, for creating “Object Class”, as highlighted below.



© 2011 SAP AG 5

2.3. Enter Object Class as “ZTC” and give description, press Save.

3. Create Authorization Object

Note: Transaction code for creating Authorization Object is SU21

3.1. Go to transaction code SU21.

3.2. Select Authorization object class which we created in step 2

3.3 Press Create button, for creating “Authorization Object”, as highlighted below.

3.4. Enter Object “ZTRN_CODE” and description



© 2011 SAP AG 6

Also maintain the required authorization fields, here in this scenario we will be using standard field “ACTVT” and “ZTRNCODE” created in step 1.

3.5. Press Enter, and click on Permitted Activities, shown in the above screen capture.

Click Ok, on pup-up

3.6. Select activities 01(Create or Generate) and 02(Display) as shown below.



© 2011 SAP AG 7

3.7. Press Save and Exit

4. Create Roles

Note: Transaction code for creating Roles is PFCG

4.1. Enter transaction code PFCG

4.2. Enter Role “ZCUSTOM_ROLE_CREATE”, press Single Role

4.3. Enter description and go to Authorizations tab, click on Propose Profile Names



© 2011 SAP AG 8

4.4. Click on change Authorization data

On Pop-up press do not select templates.

4.5. Click “Manually” on the application tool bar.



© 2011 SAP AG 9

4.6. Key-in Authorization object “S_TCODE” and “ZTRN_CODE” which was created in step 3.

Press enter to continue

4.7. Assign transaction code „ZTEST_AUTH‟ (this is the custom program transaction code) and Activity „01‟, save and Generate.

Note: Create new role “ZCUSTOM_ROLE_DISPLAY” follow step 4.1 to 4.7, make sure you change the activity type from “01” to “02”

Note: Assign Role “ZCUSTOM_ROLE_CREATE” to user “ZTEST1” and Role “ZCUSTOM_ROLE_DISPLAY” to user “ZTEST2”



© 2011 SAP AG 10

5. Create Custom Module Pool Program

Note: Transaction code for creating custom Program SE38

5.1. Create 3 Screens 0500, 1000, 2000, with screen type normal

5.2. On screen 500, place a push button

In PAI event of screen 500 enter the following code



© 2011 SAP AG 11

5.3. On screen 1000, place a text and give description as “You are authorized to Create”

5.4. On screen 2000, place a text and give description as “You are Authorized for Display”

5.5 Create transaction code “ZTEST_AUTH”



© 2011 SAP AG 12

Output:

1) Login as user ZTEST1

2) Run Transaction code “ZTEST_AUTH”

3) Press Create

4) It will take you to the below screen

Now repeat the above steps logging in as user ZTEST2

Output will be display as shown below once you click Create button.



© 2011 SAP AG 14

Related Content

www.help.sap.com

http://www.sdn.sap.com/irj/sdn/security

For more information, visit the ABAP homepage

http://www.help.sap.com/

http://www.sdn.sap.com/irj/sdn/security

https://www.sdn.sap.com/irj/sdn/abap



© 2011 SAP AG 15

Disclaimer and Liability Notice

This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade.

SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document, and anyone using these methods does so at his/her own risk.

SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or code sample, including any liability resulting from incompatibility between the content within this document and the materials and services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of this document.

creation and usage of authorization objects in …...creation and usage of authorization objects in...

Documents