Creation and usage of

Authorization Objects in ABAP

Programs

Applies to:
SAP ECC 6.0. For more information, visit the ABAP homepage.

Summary
This document helps people to understand the steps involved in creation of Authorization objects in SAP and
using Authorization objects in ABAP program.

Author: Sai Ram Reddy Neelapu

Company: Atos Origin - Singapore
Created on: 09 February 2011

Author Bio
Sai Ram Reddy Neelapu working as Sr. ABAP Consultant in Atos Origin for more then 5 years.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 1
 Creation and usage of Authorization Objects in ABAP Programs

Table of Contents
Purpose of Authorization .................................................................................................................................... 3
Steps Involved in Creating Authorization Objects ........................................................................................... 3
1. Create Authorization Field........................................................................................................................................ 3
2. Create Authorization Class ...................................................................................................................................... 4
3. Create Authorization Object ..................................................................................................................................... 5
4. Create Roles ............................................................................................................................................................ 7
5. Create Custom Module Pool Program ................................................................................................................... 10
Output:………. .................................................................................................................................................. 12
Related Content ................................................................................................................................................ 14
Disclaimer and Liability Notice .......................................................................................................................... 15

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 2
 Creation and usage of Authorization Objects in ABAP Programs

Purpose of Authorization
SAP, security has always been an important part throughout the product life cycle, including product
development, planning, and quality-assurance.
 Authorization Objects are mainly used to control user‟s privileges for specific data selection and
activities within the program
 SAP has given us an option to create our own authorization objects or use existing standard
authorization objects. All this authorization objects can be used during the role creation or can be
implemented with in the custom ABAP program.

Steps Involved in Creating Authorization Objects

1. Create Authorization Field
2. Create Authorization class
3. Create Authorization object
4. Create Roles
5. Create Custom program using Authorization object.

In Detailed

1. Create Authorization Field

Note: Transaction code for creating Authorization field is SU20

1.1. Go to transaction code SU20.

1.2. Press Create Button.

1.3. Enter Field Name as “ZTRNCODE” and data element as “TCODE”. Press Enter

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 3
 Creation and usage of Authorization Objects in ABAP Programs

1.4. Press Save.

2. Create Authorization Class

Note: Transaction code for creating Authorization class is SU21

2.1. Go to transaction code SU21

2.2. Press Create button, for creating “Object Class”, as highlighted below.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 4
 Creation and usage of Authorization Objects in ABAP Programs

2.3. Enter Object Class as “ZTC” and give description, press Save.

3. Create Authorization Object

Note: Transaction code for creating Authorization Object is SU21

3.1. Go to transaction code SU21.

3.2. Select Authorization object class which we created in step 2
3.3 Press Create button, for creating “Authorization Object”, as highlighted below.

3.4. Enter Object “ZTRN_CODE” and description

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 5
 Creation and usage of Authorization Objects in ABAP Programs

Also maintain the required authorization fields, here in this scenario we will be using standard field “ACTVT”
and “ZTRNCODE” created in step 1.

3.5. Press Enter, and click on Permitted Activities, shown in the above screen capture.
Click Ok, on pup-up
3.6. Select activities 01(Create or Generate) and 02(Display) as shown below.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 6
 Creation and usage of Authorization Objects in ABAP Programs

3.7. Press Save and Exit

4. Create Roles

Note: Transaction code for creating Roles is PFCG

4.1. Enter transaction code PFCG

4.2. Enter Role “ZCUSTOM_ROLE_CREATE”, press Single Role

4.3. Enter description and go to Authorizations tab, click on Propose Profile Names

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 7
 Creation and usage of Authorization Objects in ABAP Programs

4.4. Click on change Authorization data

On Pop-up press do not select templates.

4.5. Click “Manually” on the application tool bar.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 8
 Creation and usage of Authorization Objects in ABAP Programs

4.6. Key-in Authorization object “S_TCODE” and “ZTRN_CODE” which was created in step 3.
Press enter to continue

4.7. Assign transaction code „ZTEST_AUTH‟ (this is the custom program transaction code) and Activity „01‟,
save and Generate.

Note: Create new role “ZCUSTOM_ROLE_DISPLAY” follow step 4.1 to 4.7, make sure you change the activity type from
“01” to “02”

Note: Assign Role “ZCUSTOM_ROLE_CREATE” to user “ZTEST1” and Role “ZCUSTOM_ROLE_DISPLAY” to user
“ZTEST2”

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 9
 Creation and usage of Authorization Objects in ABAP Programs

5. Create Custom Module Pool Program

Note: Transaction code for creating custom Program SE38

5.1. Create 3 Screens 0500, 1000, 2000, with screen type normal
5.2. On screen 500, place a push button

In PAI event of screen 500 enter the following code

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 10
 Creation and usage of Authorization Objects in ABAP Programs

5.3. On screen 1000, place a text and give description as “You are authorized to Create”
5.4. On screen 2000, place a text and give description as “You are Authorized for Display”
5.5 Create transaction code “ZTEST_AUTH”

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 11
 Creation and usage of Authorization Objects in ABAP Programs

Output:
1) Login as user ZTEST1
2) Run Transaction code “ZTEST_AUTH”

3) Press Create
4) It will take you to the below screen

Now repeat the above steps logging in as user ZTEST2

Output will be display as shown below once you click Create button.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 12
 Creation and usage of Authorization Objects in ABAP Programs

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 13
 Creation and usage of Authorization Objects in ABAP Programs

Related Content
www.help.sap.com
http://www.sdn.sap.com/irj/sdn/security
For more information, visit the ABAP homepage

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 14
 Creation and usage of Authorization Objects in ABAP Programs

Disclaimer and Liability Notice

This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not
supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade.
SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document,
and anyone using these methods does so at his/her own risk.
SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or
code sample, including any liability resulting from incompatibility between the content within this document and the materials and
services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of this
document.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com | UAC - uac.sap.com
© 2011 SAP AG 15