12/1/2017 SAPTechnical.

COM - Defining Authorization objects for custom database tables

Custom Search Search

Home • Trainings • Quiz • Tips • Tutorials • Functional • Cert Q's • Interview Q's • Jobs • Testimonials • Advertise • Contact Us

SAP Virtual/Onsite Compare BI & Analytics

Trainings
Vendors - Gartner
Document Categories:
Magic Quadrant 2017
ABAPTM
Adobe Forms
Tableau is 5 Years a Leader.
ABAP-HR Read Why & Compare w/ Others.
ALE & IDocs
ALV View the Free Report
BAPI
BASIS
BSP
tableau.com
Business Objects
Business Workflow
CRM NEW
LSMW
SAP Script/Smart Forms
BI/BW
Defining Authorization objects for custom database tables
eXchange Infrastructure (XI)
Enterprise Portals (EP)
By Divya Nayudu, TCS
eCATT
Object Oriented Programming
Authorization Objects
SAP Query
Userexits/BADIs
Authorization Object, as the name itself suggests, is a method of restricting users to access any
WebDynpro for Java/ABAPTM particular application created in the system. It could simply be: denying user for viewing confidential
Others data on-screen or denying access to certain Transactions.

Taking this feature into consideration, SAP gets the flexibility to decide at runtime whether a
What's New? particular user is supposed to access a given application or not.

To get an in-depth picture on the Authorization and the way it works, we’ll look at an example which
ABAP Test Cockpit HOT would demonstrate the use of Authorization Object and the way to use.
SAP ABAP Pragmas
Understanding SE32 (ABAP Example:
Text Element Maintenance)
Creating an IDoc File on SAP Requirement – We have a few Z-tables in our system that consists of confidential data, which cannot
Application Server be accessed by all users. Only authorized persons can have access to the data. So, incase these
http://www.saptechnical.com/Tutorials/Basis/Authorization/Index.htm 1/8
12/1/2017 SAPTechnical.COM - Defining Authorization objects for custom database tables
Understanding “Advance with tables are being used in any program, for display/write purpose, that program would be executed
dialog” option of SAP Workflow only by Authorized users. Please make sure to disable Table Entries, while creating tables, and not
SAP Workflow Scenario: to create any Table Maintenance Generator also. Only this program would be used to perform
Maintenance Notification
Approval read/write operations on the table.
Enhancements to a standard
class Resolution – We’ll see, step by step, what all needs to be done in order to fulfill the mentioned
Working with Floating Field in requirement.
Adobe Forms
Inserting data from Internal Giving authorization to access (read / write) into z-tables
Table into the step “Send Mail”
Display GL Account long text Steps:
using enhancement framework
Differences between 1. To begin with Authorization Object, we’ll enter the Tcode: SU21. Here, we will create the
polymorphism in JAVA and
ABAP
following, in the order shown:
Passing multiline parameters
from an ABAP Class event to a I. Object Class
Workflow container
Concept of Re-evaluate agents II. Authorization Object
for active work items in SAP
Workflow
Dynamic creation of component
usage in ABAP WebDynpro
Adobe Forms: Display symbols
like copyright and others
Deactivate Hold functionality in
Purchase order (ME21N)
Quiz on OOABAP
Add fields in FBL5N using
BADIs
Tutorial on Wide casting
Defining a Range in Module
Pool Program
Copy fields from one
structure/table into another
structure/table
Side Panel Usage in NWBC

Contribute?

Sample Specs

What's Hot?

Web Dynpro for ABAP Tutorials

Join the Mailing List

2. On clicking the Object Class (as shown in the above screen shot), you’ll see the window shown
Enter name and email address below:
below. Enter the Object class name, description & click on SAVE. You can also use available
objects, to create your Authorization Object. Like incase of HR module, you can make use of

http://www.saptechnical.com/Tutorials/Basis/Authorization/Index.htm 2/8
12/1/2017 SAPTechnical.COM - Defining Authorization objects for custom database tables
Name: Object Class “HR”, then you need not create one.

Email:

Subscribe Unsubscribe
GO

3. Once you create Object class (E.g. Test), you’ll see a folder with that name in the list. Now your
object class is ready. We will need this Object class to encapsulate the Authorization object that
we will be creating. Click on the Object created, and then click on “Create - Authorization Object”
(shown in the figure step 1). On clicking, you’ll see the below shown screen.

Give respective field name, in our case, PERNR (Employee Number), as shown in the above
diagram. We will be keeping a check on the employee number, and see if the employee has
authorization to access the report (made to view z-tables) or not.

http://www.saptechnical.com/Tutorials/Basis/Authorization/Index.htm 3/8
12/1/2017 SAPTechnical.COM - Defining Authorization objects for custom database tables
4. Now, we need to create a Role, inside which we will attach our Authorization Object. Enter
Transaction code: PFCG to create a role.

Select the “Authorizations” tab. And Click on the icon next to “profile name”, as shown in the
figure above. On the click of that icon, the system will generate a Profile name and a description
for the same.

5. Click on the “Change authorization data” as shown in the figure below:

http://www.saptechnical.com/Tutorials/Basis/Authorization/Index.htm 4/8
12/1/2017 SAPTechnical.COM - Defining Authorization objects for custom database tables
You’ll see a new screen with the Role Name on top left. Here you will have to add your
‘Authorization Object’ that was created in SU21.

6.Click on the “Manually” button shown in the toolbar, to add the Authorization object, as shown
in the figure below. Here you can add your Authorization object in the list and press enter.

7. Now you need to add values (Employee numbers) in your object, for those who would be
given authorization. In our case, we will put a “*” symbol (to allow the system to provide
access to any employee, which is Assigned this role).

8. Press Save and then Generate the profile by clicking on ‘generate’ icon.

http://www.saptechnical.com/Tutorials/Basis/Authorization/Index.htm 5/8
12/1/2017 SAPTechnical.COM - Defining Authorization objects for custom database tables

9. Finally you come out of the screen pressing back button. And you will see the Authorizations
tab with a Green symbol, meaning, Authorization object has been assigned and the role can
be used.

10. After these steps, if you want to give authorizations to say Employee No.: 96. Go to
Transaction SU01, click on the Roles tab and assign our role name, in our case : test_role.

http://www.saptechnical.com/Tutorials/Basis/Authorization/Index.htm 6/8
12/1/2017 SAPTechnical.COM - Defining Authorization objects for custom database tables
This way, you can assign this role to all those users, who are supposed to be authorized to
access the report (for data entry in the table).

11. Finally, in the main program, which has been created, we need to write a small code, as
shown below, which will decide if that employee is authorized or not:

REPORT ZCHECK_AUTH.

DATA : L_PERNR TYPE PERNR_D.

SELECT SINGLE PERNR INTO L_PERNR FROM PA0105
WHERE UNAME EQ SY-UNAME AND USRTY EQ '0001' AND
BEGDA LE SY-DATUM AND ENDDA GE SY-DATUM.

AUTHORITY-CHECK OBJECT 'Z_OBJECT1'

ID 'PERNR' FIELD L_PERNR.

IF sy-subrc <> 0.
MESSAGE 'No authorization' TYPE 'E'.
ELSE.
**** Here you can have the Query to view the table or perform any
**** action related to the Z-tables

MESSAGE 'Congrats! You are authorized' TYPE 'I'.

ENDIF.

If the user passes this authorization check, the return code SY-SUBRC is set to 0. Hence, users who
are not assigned the Role, if they try to access this report; they’ll not be able to do the same.

This way, you can provide authorizations on any Z- objects.

Crossout
Apocalyptic MMO
PvP and PvE battles,
trading. Register now and
play for Free!
Crossout

Please send us your feedback/suggestions at [email protected]

http://www.saptechnical.com/Tutorials/Basis/Authorization/Index.htm 7/8
12/1/2017 SAPTechnical.COM - Defining Authorization objects for custom database tables
Home • Contribute • About Us • Privacy • Terms Of Use • Disclaimer • Safe • Companies: Advertise on SAPTechnical.COM | Post Job • Contact Us
©2006-2007 SAPTechnical.COM. All rights reserved.
All product names are trademarks of their respective companies. SAPTechnical.COM is in no way affiliated with SAP AG.
SAP, SAP R/3, R/3 software, mySAP, ABAP, BAPI, xApps, SAP NetWeaver, and and any other SAP trademarks are registered trademarks of SAP AG in Germany and in several other countries.
Every effort is made to ensure content integrity. Use information on this site at your own risk.

Graphic Design by Round the Bend Wizards

http://www.saptechnical.com/Tutorials/Basis/Authorization/Index.htm 8/8