AFS-User-Network: Authorization Object

Thursday 4 August 2011

Authorization Object - Checks

Hello Experts,

We make use of Authority checks in our applications which require User authorization .

For example Sales application makes use of Standard authorization object 'V_VBAK_VKO' .

AUTHORITY-CHECK OBJECT 'V_VBAK_VKO'

ID 'VKORG' FIELD VBAK-VKORG

ID 'VTWEG' FIELD VBAK-VTWEG

ID 'SPART' FIELD VBAK-SPART

ID 'ACTVT' FIELD DA_ACTVT.

The above check is a combination of Business fields like Sales org(VBAK-VKORG) etc and Type of a Activity (DA_ACTVT) for example '01' for create and '02' for change .

My requirement is to have pure activity based check .

Can we use the same check without Business fields and have only the Activity type . for example

AUTHORITY-CHECK OBJECT 'ZOBJ'

ID 'ACTVT' FIELD '02'.

Syntactically seems to correct .Is this a correct usage ?

Thanks and Regards,

Ravish.

4 comments:

AFS-User-Network said...: The reason for this requirement is to avoid Users from Viewing certains Tabs in an application which they are not authorized to.

- Ravish; 4 August 2011 at 21:33
AFS-User-Network said...: Yes. We don’t always use business fields with the authority-check process.

- Gary Gaston; 4 August 2011 at 21:34
AFS-User-Network said...: AUTHORITY-CHECK OBJECT 'ZCCOST'
ID 'ACTVT' FIELD '03'.

- Gary Gaston; 4 August 2011 at 21:36
AFS-User-Network said...: Hello Ravish

Its precisely correct use. We can make our own Auth. obj and can give the Activity of our choices.Later you can define the
role based autherization in PFCG.

Quite useful in many cases like some user can only 'display' the Quality Inspection Recording in z-screen while Key-user in supply-chain can 'change' the quality inspection data in same screen.

So its puerly activity based Autherization without any Business Fields.

Best Regards
Subham Arya; 4 August 2011 at 21:36