05-07-2008 10:45 AM
Hi Guru ,
Can any one tell me what is authorization group?. I have heard of authorization Object.
In which senario is authorization group used and how to creat authorization group and assign to program?
regards
Akif
05-07-2008 11:48 AM
Hi Akif,
In addition to the good info from the other 2 posters, authorisation group is also used in a functional context.
It is often used as a way to provide an additional level of security which may or may not be used. Some examples include Vendor Authorisation Groups, GL Account Auth Groups, Auth Groups against Material Types.......the list goes on.
In effect it is an arbitrary 4 character field against a line item, which when populated for a record will invoke an authorisation check against that value.
The check in the code is done as such to ignore the field (or pass the auth check as successful) if it is blank (most of the time, sometimes it will try to introduce a dummy value) and perform the check if populated.
05-07-2008 10:53 AM
Hi Akif,
please refer to [SAP Note 338177|https://service.sap.com/sap/support/notes/338177] , where you can find some mor information....
b.rgds, Bernhard
05-07-2008 10:54 AM
Hi,
For Tables
The authorization groups created for tables are to prevent unauthorized configurators or any unauthorized
person from modifying contents of a specific table or a group of tables. Most of the authorization groups will
be created for newly created tables but some SAP provided table definitions could also be modified on an as
needed basis.
For Programs
The authorization groups created for programs are to prevent any unauthorized user from running the
program. Almost all authorization groups will be created for newly created programs that will be used in QA
or Production environments.
For more information, please refer to the following link:
http://searchsap.techtarget.com/tip/1,289483,sid21_gci816940,00.html
05-07-2008 11:45 AM
Authorization Group :
Contains
Field of the authorization objects S_DEVELOP (program development and program execution) and S_PROGRAM (program maintenance).
This field contains the name of a program group that allows users to
execute programs
schedule jobs for background processing
maintain programs
maintain variants
When creating a program, you can specify an authorization group as one of the program attributes. This allows you to group together programs for the purposes of authorization checking.
And u can create Auth Groups with the Tcode SE54
Reward Pts if useful
Regards,
Malti
05-07-2008 6:39 PM
Malti,
Do you really think it is suitable to ask for points for repeating what the other posters have said about program auth groups and then giving a transaction for creating table authorisation groups?
05-08-2008 4:52 AM
Hi Alex,
I do think so..Coz if he finds the suitable solution in my reply..
I.e.. if he understood wt i hav posted that is well n enough i guess.
Regards,
Malti
05-08-2008 9:52 AM
Maybe we have different opinions whether it's suitable to ask for credit for repeating what other people have already said.
Julius the mod is on holiday and will usually delete point begging so get it in while you can!
05-08-2008 10:08 AM
Alex,
So wen u have passed this rule...?
I see many threads this way..
Y dont u post a seperate thread ..on 'Not to do's' in SDN Forum.
Malti
05-08-2008 10:28 AM
Malti,
Take a look in the Coffee Corner to get an idea of what the common perception of points begging is.
As I said, they will be deleted when the Mod gets back as it is generally considered to be rude & counterproductive to the forum.
Have a good day
Cheers
Alex
05-08-2008 5:04 PM
Well said Alex!
Akif,
Bernhard, Hemant and Alex have covered it all ! Authorization groups are explained in detail in ADM 950 too.
05-07-2008 11:48 AM
Hi Akif,
In addition to the good info from the other 2 posters, authorisation group is also used in a functional context.
It is often used as a way to provide an additional level of security which may or may not be used. Some examples include Vendor Authorisation Groups, GL Account Auth Groups, Auth Groups against Material Types.......the list goes on.
In effect it is an arbitrary 4 character field against a line item, which when populated for a record will invoke an authorisation check against that value.
The check in the code is done as such to ignore the field (or pass the auth check as successful) if it is blank (most of the time, sometimes it will try to introduce a dummy value) and perform the check if populated.