3 sap authorization concept

Report

Tags:

Post on 13-Dec-2015

186 Views

Category:

Documents

50 Downloads

Preview:

Click to see full reader

DESCRIPTION

3 SAP Authorization Concept

TRANSCRIPT

1

SAP Authorization concept

Profiles

User Maintenance

2

contentsauthorization object classauthorization objectauthorization object - exampleauthorizationauthorization – exampleprofileuserABAP syntaxABAP code – exampleSY-SUBRCtransaction codessteps for handling authorizationsdemonstration

3

authorization object

authorization object

authorization object

authorization object

authorization field

authorization field

authorization field

4

authorization objects - example

S_TCODE - authorization check for transaction StartTCD – transaction code

M_MATE_STA – material master maintenance statusesACTVT - activitySTATM – maintenance status of material master record

M_MATE_MAN – material master data at client levelACTVT - activity

M_MATE_BUK – material master data at company code levelACTVT – activityBUKRS – company code

5

authorization objects - example

M_MATE_WRK – material master data at plant levelACTVT - activityWERKS – plant

M_MATE_MAT – material master data at sale organization / distributionACTVT – activityVKORG – sale organizationVTWEG – distribution channel

M_MATE_MAT – material master data at authorization group levelACTVT – activityBEGRU – authorization group

6

authorization object class

authorization object class

authorization object class

authorization object class

authorization object

authorization object

authorization object

7

authorization

authorization

authorization

authorization

authorization object

authorization object

authorization object

8

authorization - exampleM_MATE_WRK01 (authorization 1)M_MATE_WRK (material master data at plant level)ACTVT (activity) : 03WERKS (plant) : 1000, 2000

M_MATE_MAT01 (authorization 1)M_MATE_MAT (material master data at sale organization / distribution)ACTVT (activity) : 01, 03VKORG (sale organization) : 100VTWEG (distribution channel) : *

F_BKPF_BUK01 (authorization 1)F_BKPF_BUK (accounting document at company code level)ACTVT (activity) : * BUKRS (company code) : *

9

profile

profile

profile

profile

authorization

authorization

authorization

10

user

user

user

user

profile

profile

profile

11

authorization structure

user1

profile2profile1

authorization2authorization1

authorization object1

authorization object field2authorization object field1

value2value1

12

ABAP syntax

AUTHORITY-CHECK OBJECT objectID name1 FIELD field1ID name2 FIELD field2……ID name10 FIELD field10.

IF SY-SUBRC <> 0.……ENDIF

13

ABAP code - example

AUTHORITY-CHECK OBJECT ‘M_MATE_MAT’ID ‘ACTVT’ FIELD ’01’ID ‘VKORG’ FIELD ‘100’ID ‘VTWEG’ FIELD ’10’.

IF SY-SUBRC <> 0.……ENDIF

14

SY-SUBRC

0 – user has required authorization4 – user has no authorization8 – too may parameters (fields, values)12 – object is not maintained in user master16 – no profile entered in user master record24 – field names do not match28 – incorrect structure for user master record32 – incorrect structure for user master record36 – incorrect structure for user master record

programmer is responsible for 8, 24 system administrator is responsible for 4, 12, 16SAP is responsible for 28, 32, 36

15

transaction codes

SU20 – authorization object fieldSU21 – authorization objectSU03 – authorizationSU02 – profileSU01 – userSU24 – authorization objects to transaction codeSE93 – transaction codeSU53 – display authorization data

16

Steps for handling authorizations

step 01 : create authorization object field (SU20) step 02 : create authorization object class (SU21) step 03 : create authorization object (SU21) step 04 : create authorization (SU03)step 05 : create profile (SU02) step 06 : assign authorization objects to a profile (SU02) step 07 : assign authorization to profile (SU02) step 08 : create user (SU01)step 09 : assign profile to user (SU01)step 10 : assign authorization object to a transaction code (SE93)step 11 : handle authorization check in ABAP program (SE38)

17

demonstrationprogram : ZSP1transaction code : ZST1authorization object : ZSAO1authorization object fields : SMT, SMG, SD

authorization : SA1authorization values for SMT : SMT1, SMT3authorization values for SMG : SMG1, SMG3authorization values for SD : D1, D3

authorization : SA2authorization values for SMT : *authorization values for SMG : *authorization values for SD : *

profile : SP1user : SU1

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

top related

sap security authorization - trace & checks
Documents
sap security authorization - trace & checks ·...
Documents
sap security concept
Documents
new features of new sap bi 7 0 authorization as...
Documents
authorization in sap software design and configuration
Documents
authorization concept
Documents
cbs authorization concept for gts systems...specialist...
Documents
ssm authorization concept all wc
Documents
sap an introduction - silpakorn university · provide a...
Documents
sap bi authorization
Documents
concept of sap
Documents
sap transaction authorization break
Documents
sap solution manager authorization concept - scn wiki · pdf...
Documents
aglea sap security analyzer sod remediation sox...
Technology
excelcomindo sap security - saatnya kita jelajah dunia sap...
Documents
authorization concept in sap
Documents
csi tools: sap authorization logic
Documents
sap - authorization concept
Documents
the sap authorization concept - xpandion – take · pdf...
Documents
authorization concept guide
Documents