Authorization in SAP

SAP development
Hi, If I find out all the authorizations objects that a particular user has, and using that get the transactions that uses those authorization objects, I will get the list of transactions along with the details of what the user can do within that transaction.i have this list and now to get to the qts. To explain the qts lemme give u an eg. Take the case of VA01 , using the above list i know what are the various objects that the user has for the transaction VA01, but how can i conclude that he can create a sales order.To be precise how do i know what object not to consider, like within sales order there may be objects used for creating documents , which isn't necessary to create a sales order. I want to know if the user can just do the basic functionality of creating a sales order. Note this qts is not just related with the transaction VA01, And if the qts is still ununderstood plz send me a mail regarding it.

Answer Wiki

Thanks. We'll let you know when a new response is added.

AFAIR there an trace possible, i.e. You should switch on tracing for check-authorization operations then go through sample procedure (create SO). Then in a trace file You will have all objects needed.

Discuss This Question: 3  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • TBear410
    Transaction SU24 might be a help. You put in your transaction or a list of transaction and click execute. Select the transaction you're interested in and click on "Display check indicator". The next screen seems to be a list of all possible authorization objects that can be checked in the transaction. Select the first object and click on "Display field values". I'm not a security expert but I have seen a tip about this and it appears to be what you're looking for.
    0 pointsBadges:
  • SAPFAQ14457
    Using Su24 is some clue, but based on my experience I can tell that SU24 is not always accure enough. Additional You should know that the same effect is if You add TC in PFCG during creation of role, while SU24 and PFCG transaction are based on the same data (table USOBT*).
    0 pointsBadges:
  • heiner
    In case a transaction will call function modules you also might have to check for all authorization checks that the function modules will call. - To find out simply which checks are performed by VA01 you might use the debugger and have breakpoints set at all command executions of command authority-check.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: