creation and usage of authorization objects in abap programs

7/31/2019 Creation and Usage of Authorization Objects in ABAP Programs

1/15

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com 2011 SAP AG 1

Creation and usage of Authorization Objects in ABAPPrograms

Applies to:SAP ECC 6.0. For more information, visit the ABAP homepage .

SummaryThis document helps people to understand the steps involved in creation of Authorization objects in SAP andusing Authorization objects in ABAP program.

Author: Sai Ram Reddy NeelapuCompany: Atos Origin - Singapore

Created on: 09 February 2011

Author BioSai Ram Reddy Neelapu working as Sr. ABAP Consultant in Atos Origin for more then 5 years.
https://www.sdn.sap.com/irj/sdn/abaphttps://www.sdn.sap.com/irj/sdn/abaphttps://www.sdn.sap.com/irj/sdn/abaphttps://www.sdn.sap.com/irj/sdn/abap


2/15

Creation and usage of Authorization Objects in ABAP Programs


Table of ContentsPurpose of Authorization .................................................................................................................................... 3

Steps Involved in Creating Authorization Objects ............... .................. ................. ................. .................. ...... 3 1. Create Authorization Field........................................................................................................................................ 3 2. Create Authorization Class ...................................................................................................................................... 4 3. Create Authorization Object ..................................................................................................................................... 5

4. Create Roles ............................................................................................................................................................ 7 5. Create Custom Module Pool Program ................................................................................................................... 10

Output: . .................................................................................................................................................. 12

Related Content .................. ................. .................. ................. .................. ................. .................. ................. .... 14

Disclaimer and Liability Notice .......................................................................................................................... 15


3/15



Purpose of AuthorizationSAP, security has always been an important part throughout the product life cycle, including productdevelopment, planning, and quality-assurance.

Authorization Objects are mainly used to control users privileges for specific data selection andactivities within the program

SAP has given us an option to create our own authorization objects or use existing standard

authorization objects. All this authorization objects can be used during the role creation or can beimplemented with in the custom ABAP program.

Steps Involved in Creating Authorization Objects

1. Create Authorization Field

2. Create Authorization class

3. Create Authorization object

4. Create Roles

5. Create Custom program using Authorization object.

In Detailed

1. Create Authorization Field

Note: Transaction code for creating Authorization field is SU20

1.1. Go to transaction code SU20.

1.2. Press Create Button.

1.3. Enter Field Name as ZTRNCODE and data element as TCODE. Press Enter


4/15



1.4. Press Save.

2. Create Authorization Class

Note: Transaction code for creating Authorization class is SU21

2.1. Go to transaction code SU21

2.2. Press Create button , for creating Object Class, as highlighted below.


5/15



2.3. Enter Object Class as ZTC and give description, press Save.

3. Create Authorization Object

Note: Transaction code for creating Authorization Object is SU21

3.1. Go to transaction code SU21.

3.2. Select Authorization object class which we created in step 23.3 Press Create button, for creating Authorization Object , as highlighted below.

3.4. Ent er Object ZTRN_CODE and description


6/15



Also maintain the required authorization fields, here in this scenario we will be using standard field ACTVTand ZTRNCODE created in step 1.

3.5. Press Enter, and click on Permitted Activities, shown in the above screen capture.

Click Ok, on pup-up

3.6. Select activities 01(Create or Generate) and 02(Display) as shown below.


7/15



3.7. Press Save and Exit

4. Create Roles

Note: Transaction code for creating Roles is PFCG

4.1. Enter transaction code PFCG

4.2. Enter Role ZCUSTOM_ROLE_CREATE , press Single Role

4.3. Enter description and go to Authorizations tab, click on Propose Profile Names


8/15



4.4. Click on change Authorization data

On Pop-up press do not select templates.

4.5. Click Manually on the application tool bar.


9/15



4.6. Key-in Authorization object S_TCODE and ZTRN_CODE which was created in step 3.

Press enter to continue

4.7. Assign transaction code ZTEST_AUTH ( this is the custom program transaction code) and Activity 01,save and Generate.

Note: Create new role ZCUSTOM_ROLE_DISPLAY follow step 4.1 to 4.7, make sure you change the activity type from01 to 02

Note: Assign Role ZCUSTOM_ROLE_CREATE to user ZTEST1 and Role ZCUSTOM_ROLE_DISPLAY to user ZTEST2


10/15



5. Create Custom Module Pool Program

Note: Transaction code for creating custom Program SE38

5.1. Create 3 Screens 0500, 1000, 2000, with screen type normal

5.2. On screen 500, place a push button

In PAI event of screen 500 enter the following code


11/15



5.3. On screen 1000, place a text and give description as You are authorized to Create

5.4. On screen 2000, place a text and give description as You are Authorized for Display

5.5 Create transaction code ZTEST_AUTH


12/15



Output:1) Login as user ZTEST1

2) Run Transa ction code ZTEST_A UTH

3) Press Create

4) It will take you to the below screen

Now repeat the above steps logging in as user ZTEST2

Output will be display as shown below once you click Create button.


13/15




14/15



Related Contentwww.help.sap.com

http://www.sdn.sap.com/irj/sdn/security

For more information, visit the ABAP homepage
http://www.help.sap.com/http://www.help.sap.com/http://www.sdn.sap.com/irj/sdn/securityhttp://www.sdn.sap.com/irj/sdn/securityhttps://www.sdn.sap.com/irj/sdn/abaphttps://www.sdn.sap.com/irj/sdn/abaphttps://www.sdn.sap.com/irj/sdn/abaphttps://www.sdn.sap.com/irj/sdn/abaphttp://www.sdn.sap.com/irj/sdn/securityhttp://www.help.sap.com/


15/15


SAP COMMUNITY NETWORK SDN d | BPX b | BOC b | UAC

Disclaimer and Liability NoticeThis document may discuss sample coding or other information that does not include SAP official interfaces and therefore is n otsupported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade.

SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document,and anyone using these methods does so at his/her own risk.

SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or code sample, including any liability resulting from incompatibility between the content within this document and the materials andservices offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of thisdocument.

creation and usage of authorization objects in abap programs

Documents