|Home • Trainings • Quiz • Tips • Tutorials • Functional • Cert Q's • Interview Q's • Jobs • Testimonials • Advertise • Contact Us|
Defining Authorization objects for custom database tables
By Divya Nayudu, TCS
Object, as the name itself suggests, is a method of restricting users to access
any particular application created in the system. It could simply be: denying
user for viewing confidential data on-screen or denying access to certain
this feature into consideration, SAP gets the flexibility to decide at runtime
whether a particular user is supposed to access a given application or not.
To get an
in-depth picture on the Authorization and the way it works, we’ll look at an
example which would demonstrate the use of Authorization Object and the way
– We have a few Z-tables in our system that consists of confidential data,
which cannot be accessed by all users. Only authorized persons can have access
to the data. So, incase these tables are being used in any program, for
display/write purpose, that program would be executed only by Authorized users. Please
make sure to disable Table Entries, while creating tables, and not to create any
Table Maintenance Generator also. Only this program would be used to perform
read/write operations on the table.
– We’ll see, step by step, what all needs to be done in order to fulfill the
authorization to access (read / write) into z-tables
To begin with
Authorization Object, we’ll enter the Tcode: SU21.
Here, we will create the following, in the order shown:
On clicking the
Object Class (as shown in the above screen shot), you’ll see the window shown
below. Enter the Object class name, description & click on SAVE. You can
also use available objects, to create your Authorization Object. Like incase of
HR module, you can make use of Object Class “HR”, then you need not create
Once you create
Object class (E.g. Test), you’ll see a folder with that name in the list. Now
your object class is ready. We will need this Object class to encapsulate the
Authorization object that we will be creating. Click on the Object created, and
then click on “Create - Authorization Object” (shown in the figure step 1).
On clicking, you’ll see the below shown screen.
Give respective field name, in our case, PERNR (Employee
Number), as shown in the above diagram. We will be keeping a check on the
employee number, and see if the employee has authorization to access the report
(made to view z-tables) or not.
Now, we need to
create a Role, inside which we will attach our Authorization Object. Enter
Transaction code: PFCG to create a
Select the “Authorizations” tab. And Click on the icon
next to “profile name”, as shown in the figure above. On the click of that
icon, the system will generate a Profile name and a description for the same.
Click on the
“Change authorization data” as shown in the figure below:
You’ll see a new screen with the Role Name on top left.
Here you will have to add your ‘Authorization Object’ that was created in
6.Click on the “Manually” button shown in the toolbar, to
add the Authorization object, as shown in the figure below. Here you can add
your Authorization object in the list and press enter.
This way, you can assign this role to all those users, who
are supposed to be authorized to access the report (for data entry in the
MESSAGE 'Congrats! You are authorized' TYPE 'I'.
user passes this authorization check, the return code SY-SUBRC is set to 0.
Hence, users who are not assigned the Role, if they try to access this report;
they’ll not be able to do the same.
This way, you can provide authorizations on any Z- objects.
Please send us your feedback/suggestions at webmaster@SAPTechnical.COM
©2006-2007 SAPTechnical.COM. All rights reserved.
product names are trademarks of their respective companies. SAPTechnical.COM
is in no way affiliated with SAP AG.
Graphic Design by Round the Bend Wizards