16.11.2019 SAPTechn cal.

COM - Def n ng Author zat on objects for custom database tables

Custom Search Search

Home • Trainings • Quiz • Tips • Tutorials • Functional • Cert Q's • Interview Q's • Jobs • Testimonials • Advertise • Contact Us

SAP Virtual/Onsite Defining Authorization objects for custom database tables

Trainings By Divya Nayudu, TCS

Authorization Objects
Document Categories:
Authorization Object, as the name itself suggests, is a method of restricting users to access any
particular application created in the system. It could simply be: denying user for viewing confidential
ABAPTM
data on-screen or denying access to certain Transactions.
Adobe Forms
ABAP-HR
Taking this feature into consideration, SAP gets the flexibility to decide at runtime whether a
ALE & IDocs
ALV
particular user is supposed to access a given application or not.
BAPI
To get an in-depth picture on the Authorization and the way it works, we’ll look at an example which
BASIS
BSP
would demonstrate the use of Authorization Object and the way to use.
Business Objects
Business Workflow
Example:
CRM NEW
LSMW
Requirement – We have a few Z-tables in our system that consists of confidential data, which cannot
SAP Script/Smart Forms be accessed by all users. Only authorized persons can have access to the data. So, incase these
BI/BW tables are being used in any program, for display/write purpose, that program would be executed
eXchange Infrastructure (XI) only by Authorized users. Please make sure to disable Table Entries, while creating tables, and not
Enterprise Portals (EP) to create any Table Maintenance Generator also. Only this program would be used to perform
eCATT read/write operations on the table.
Object Oriented Programming
SAP Query Resolution – We’ll see, step by step, what all needs to be done in order to fulfill the mentioned
Userexits/BADIs requirement.
WebDynpro for Java/ABAPTM
Others Giving authorization to access (read / write) into z-tables

Steps:
What's New?
1. To begin with Authorization Object, we’ll enter the Tcode: SU21. Here, we will create the
following, in the order shown:
ABAP Test Cockpit HOT
SAP ABAP Pragmas I. Object Class
Understanding SE32 (ABAP Text
Element Maintenance) II. Authorization Object
Creating an IDoc File on SAP
Application Server
Understanding “Advance with
dialog” option of SAP Workflow
SAP Workflow Scenario:
Maintenance Notification
Approval
Enhancements to a standard
class
Working with Floating Field in
Adobe Forms
Inserting data from Internal Table
into the step “Send Mail”
Display GL Account long text
using enhancement framework
Differences between
polymorphism in JAVA and
ABAP
Passing multiline parameters
from an ABAP Class event to a
Workflow container
Concept of Re-evaluate agents
for active work items in SAP
Workflow
Dynamic creation of component
usage in ABAP WebDynpro
Adobe Forms: Display symbols
like copyright and others
Deactivate Hold functionality in
Purchase order (ME21N)
Quiz on OOABAP
Add fields in FBL5N using BADIs
Tutorial on Wide casting
Defining a Range in Module Pool
Program
Copy fields from one 2. On clicking the Object Class (as shown in the above screen shot), you’ll see the window shown
structure/table into another below. Enter the Object class name, description & click on SAVE. You can also use available
structure/table objects, to create your Authorization Object. Like incase of HR module, you can make use of
Side Panel Usage in NWBC Object Class “HR”, then you need not create one.

Contribute?

Sample Specs

What's Hot?

Web Dynpro for ABAP Tutorials

Join the Mailing List 3. Once you create Object class (E.g. Test), you’ll see a folder with that name in the list. Now your
object class is ready. We will need this Object class to encapsulate the Authorization object that
Enter name and email address below:
we will be creating. Click on the Object created, and then click on “Create - Authorization Object”
Name:

saptechn cal.com/Tutor als/Bas s/Author zat on/Index.htm 1/4

16.11.2019 SAPTechn cal.COM - Def n ng Author zat on objects for custom database tables
Email: (shown in the figure step 1). On clicking, you’ll see the below shown screen.

Subscribe Unsubscribe
GO

Give respective field name, in our case, PERNR (Employee Number), as shown in the above
diagram. We will be keeping a check on the employee number, and see if the employee has
authorization to access the report (made to view z-tables) or not.

4. Now, we need to create a Role, inside which we will attach our Authorization Object. Enter
Transaction code: PFCG to create a role.

Select the “Authorizations” tab. And Click on the icon next to “profile name”, as shown in the
figure above. On the click of that icon, the system will generate a Profile name and a description
for the same.

5. Click on the “Change authorization data” as shown in the figure below:

You’ll see a new screen with the Role Name on top left. Here you will have to add your
‘Authorization Object’ that was created in SU21.

6.Click on the “Manually” button shown in the toolbar, to add the Authorization object, as shown
in the figure below. Here you can add your Authorization object in the list and press enter.

saptechn cal.com/Tutor als/Bas s/Author zat on/Index.htm 2/4

16.11.2019 SAPTechn cal.COM - Def n ng Author zat on objects for custom database tables

7. Now you need to add values (Employee numbers) in your object, for those who would be
given authorization. In our case, we will put a “*” symbol (to allow the system to provide
access to any employee, which is Assigned this role).

8. Press Save and then Generate the profile by clicking on ‘generate’ icon.

9. Finally you come out of the screen pressing back button. And you will see the Authorizations
tab with a Green symbol, meaning, Authorization object has been assigned and the role can
be used.

10. After these steps, if you want to give authorizations to say Employee No.: 96. Go to
Transaction SU01, click on the Roles tab and assign our role name, in our case : test_role.

This way, you can assign this role to all those users, who are supposed to be authorized to
access the report (for data entry in the table).

11. Finally, in the main program, which has been created, we need to write a small code, as
shown below, which will decide if that employee is authorized or not:

saptechn cal.com/Tutor als/Bas s/Author zat on/Index.htm 3/4

16.11.2019 SAPTechn cal.COM - Def n ng Author zat on objects for custom database tables
REPORT ZCHECK_AUTH.

DATA : L_PERNR TYPE PERNR_D.

SELECT SINGLE PERNR INTO L_PERNR FROM PA0105
WHERE UNAME EQ SY-UNAME AND USRTY EQ '0001' AND
BEGDA LE SY-DATUM AND ENDDA GE SY-DATUM.

AUTHORITY-CHECK OBJECT 'Z_OBJECT1'

ID 'PERNR' FIELD L_PERNR.

IF sy-subrc <> 0.
MESSAGE 'No authorization' TYPE 'E'.
ELSE.
**** Here you can have the Query to view the table or perform any
**** action related to the Z-tables

MESSAGE 'Congrats! You are authorized' TYPE 'I'.

ENDIF.

If the user passes this authorization check, the return code SY-SUBRC is set to 0. Hence, users who
are not assigned the Role, if they try to access this report; they’ll not be able to do the same.

This way, you can provide authorizations on any Z- objects.

Please send us your feedback/suggestions at webmaster@SAPTechnical.COM

Home • Contribute • About Us • Privacy • Terms Of Use • Disclaimer • Safe • Companies: Advertise on SAPTechnical.COM | Post Job • Contact Us
©2006-2007 SAPTechnical.COM. All rights reserved.
All product names are trademarks of their respective companies. SAPTechnical.COM is in no way affiliated with SAP AG.
SAP, SAP R/3, R/3 software, mySAP, ABAP, BAPI, xApps, SAP NetWeaver, and and any other SAP trademarks are registered trademarks of SAP AG in Germany and in several other countries.
Every effort is made to ensure content integrity. Use information on this site at your own risk.

Graphic Design by Round the Bend Wizards

saptechn cal.com/Tutor als/Bas s/Author zat on/Index.htm 4/4