Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authority Check does not work, regardless of auths

Former Member

‎05-03-2011 11:47 AM

0 Kudos

Hi,

I have created a Authorization object for Report ID and ACTVT. Created profiles also for the same and assigned the roles to the required users.

In the program i check as:

AUTHORITY-CHECK OBJECT 'ZAUTH_ATTC'

ID 'REPID' FIELD sy-repid

ID 'ACTVT' FIELD '16'. "Execute

Initially this worked fine only for the users who have this roles. But now its started working for all the users irespective of the roles assigned or not.

Can someone help me on this ?

Thanks

Edited by: Julius Bussche on May 3, 2011 7:52 PM

Subject title made more meaningful...

6 REPLIES 6

Former Member

‎05-03-2011 12:11 PM

0 Kudos

Hi,

Take ST01 authorization trace on the execution of the transaction. Check the report, whether this object is checked during the execution. Depending on the results, take decision.

If user already have that object, then it may be assigned to the users through some different toles. Then remove the role and test.

If user don't have access of the object, and there is no check against the object during execution, then it is problem in program. Check with the respective developer.

If authorization check fails and still the user is able to run the transaction, then also it is a problem with the program. Need to check with the developer.

Regards,

Sandip

Bernhard_SAP
Advisor
Advisor
In response to Former Member

‎05-03-2011 2:05 PM

0 Kudos

and in addition.....

If the user definitely doe snot have the authorization, but the authority-check succeeds, propably the auth.-check had been disabled in SU24 for that t-code by setting the check flag to 'no check'.

b.rgs, Bernhard

Former Member
In response to Former Member

‎05-03-2011 2:23 PM

0 Kudos

Hi

Thanks for the reply.

But my report program doesn't have any t-code. I have just created a auth object for reportid & actvt.

In my report program Im doing a check only for report id an dactvt.

Can you pls help on how will i configure for this Auth object in SU24?

Former Member
In response to Former Member

‎05-04-2011 3:12 PM

0 Kudos

A few inputs from my end.

1. Always associate Custom reports with Custom Z tcodes. In this way you can eliminate running programs from SE38.

2. Update SU24 with the custom auth object.

3. If possible use S_PROGRAM, S_TCODE, Z_***** (Custom Object) in a combination to restrict the report usage and provide this tcode to the user in a seperate role (If sensitive).

In your situation, i would recommend having a Z tcode created and update it with custom Auth object in SU24. That should help in restricting the access.

Rgds,

Sri

Former Member
In response to Former Member

‎02-20-2012 8:33 AM

0 Kudos

Hello,

I am facing the same problem: I created the Auth-Object on D-System, transported to Q-System, there the Auth-Check returns sy-subrc = 0 although the user doesn not have the authorization!

How did you resolve the issue?

Thanks

Johannes

Former Member

‎05-03-2011 6:47 PM

0 Kudos

What happens after the authority-check?

if sy-subrc 0.
"?????

Cheers,

Julius