Register

Forgot Password

Site FAQ

Home > IT Answers > SAP > Authorization in SAP

PinkyV

0 pts.

Authorization in SAP

Basis, SAP, SAP development, Security

Hi, If I find out all the authorizations objects that a particular user has, and using that get the transactions that uses those authorization objects, I will get the list of transactions along with the details of what the user can do within that transaction.i have this list and now to get to the qts. To explain the qts lemme give u an eg. Take the case of VA01 , using the above list i know what are the various objects that the user has for the transaction VA01, but how can i conclude that he can create a sales order.To be precise how do i know what object not to consider, like within sales order there may be objects used for creating documents , which isn't necessary to create a sales order. I want to know if the user can just do the basic functionality of creating a sales order. Note this qts is not just related with the transaction VA01, And if the qts is still ununderstood plz send me a mail regarding it.

Software/Hardware used:

ASKED: March 24, 2005 12:45 AM

UPDATED: March 28, 2005 4:06 AM

RELATED QUESTIONS

Answer Wiki:

AFAIR there an trace possible, i.e. You should switch on tracing for check-authorization operations then go through sample procedure (create SO). Then in a trace file You will have all objects needed.

Last Wiki Answer Submitted: March 24, 2005 10:03 am by SAPFAQ14457

0 pts.

All Answer Wiki Contributors: SAPFAQ14457

0 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Mar 24, 2005 12:22 PM (GMT)

Transaction SU24 might be a help. You put in your transaction or a list of transaction and click execute. Select the transaction you’re interested in and click on “Display check indicator”. The next screen seems to be a list of all possible authorization objects that can be checked in the transaction. Select the first object and click on “Display field values”. I’m not a security expert but I have seen a tip about this and it appears to be what you’re looking for.

TBear410

0 pts.

POSTED: Mar 25, 2005 3:47 AM (GMT)

Using Su24 is some clue, but based on my experience I can tell that SU24 is not always accure enough. Additional You should know that the same effect is if You add TC in PFCG during creation of role, while SU24 and PFCG transaction are based on the same data (table USOBT*).

SAPFAQ14457

0 pts.

POSTED: Mar 28, 2005 4:06 AM (GMT)

In case a transaction will call function modules you also might have to check for all authorization checks that the function modules will call. – To find out simply which checks are performed by VA01 you might use the debugger and have breakpoints set at all command executions of command authority-check.

heiner

0 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags