Comments on: SAP: How to Create and Use the Authorization Objects in ABAP http://www.richardsantos.net/2009/03/16/sap-how-to-create-and-use-the-authorization-objects-in-abap/ Just another WordPress weblog Sun, 20 May 2012 01:26:29 +0000 http://wordpress.org/?v=2.7 hourly 1 By: Selva@sapsecuritytrainer.coms http://www.richardsantos.net/2009/03/16/sap-how-to-create-and-use-the-authorization-objects-in-abap/comment-page-1/#comment-74 Selva@sapsecuritytrainer.coms Thu, 17 Mar 2011 14:55:44 +0000 http://www.richardsantos.net/?p=88#comment-74 One of the issues we ran into was when we disable the authorization check in SU24 the transaction skipped the ABAP code check. This could be security risk if some one can disable the check perform the transaction by passing the authorization check www.sapsecuritytrainer.com From home maker to SAP Consultant One of the issues we ran into was when we disable the authorization check in SU24 the transaction skipped the ABAP code check. This could be security risk if some one can disable the check perform the transaction by passing the authorization check

http://www.sapsecuritytrainer.com
From home maker to SAP Consultant

]]> By: Sushil http://www.richardsantos.net/2009/03/16/sap-how-to-create-and-use-the-authorization-objects-in-abap/comment-page-1/#comment-73 Sushil Thu, 12 Aug 2010 08:38:39 +0000 http://www.richardsantos.net/?p=88#comment-73 in the above , why is the following line required? 8. And also don’t forget to add the S_TCODE authorization object and enter ZCOMM on it’s field. in the above , why is the following line required?

8. And also don’t forget to add the S_TCODE authorization object and enter ZCOMM on it’s field.

]]> By: Terry http://www.richardsantos.net/2009/03/16/sap-how-to-create-and-use-the-authorization-objects-in-abap/comment-page-1/#comment-71 Terry Wed, 05 Aug 2009 11:08:57 +0000 http://www.richardsantos.net/?p=88#comment-71 Hi.. "select transaction SU24 and I add the new object. Does it work?" The answer is Yes and No. The authorisation checks are called in the ABAP program, so it depends on how the ABAP has been written. So ABAP programs check for named authorization objects.. some ABAP programs check the SU24 tables ( USOBT & USOBT_c) So you can add an authorization into SU24, but the system may not check it. Check the ABAP code.. look for something like this AUTHORITY-CHECK OBJECT 'Z_TCODE' ID 'ACTVT' FIELD '03' " read access ID 'ZTCODE' FIELD p_tcode. " actual value or AUTHORITY-CHECK OBJECT 'S_TRVL_BKS' ID 'ACTVT' FIELD '02' ID 'CUSTTYPE' FIELD 'B'. IF SY-SUBRC 0. MESSAGE E... ENDIF. Terry Hi..

“select transaction SU24 and I add the new object. Does it work?”

The answer is Yes and No.
The authorisation checks are called in the ABAP program, so it depends on how the ABAP has been written.
So ABAP programs check for named authorization objects.. some ABAP programs check the SU24 tables ( USOBT & USOBT_c)
So you can add an authorization into SU24, but the system may not check it.
Check the ABAP code..
look for something like this

AUTHORITY-CHECK OBJECT ‘Z_TCODE’
ID ‘ACTVT’ FIELD ‘03′ ” read access
ID ‘ZTCODE’ FIELD p_tcode. ” actual value
or

AUTHORITY-CHECK OBJECT ‘S_TRVL_BKS’
ID ‘ACTVT’ FIELD ‘02′
ID ‘CUSTTYPE’ FIELD ‘B’.
IF SY-SUBRC 0.
MESSAGE E…
ENDIF.

Terry

]]> By: Enrique http://www.richardsantos.net/2009/03/16/sap-how-to-create-and-use-the-authorization-objects-in-abap/comment-page-1/#comment-72 Enrique Mon, 06 Jul 2009 19:23:30 +0000 http://www.richardsantos.net/?p=88#comment-72 Hi, What about modify the stantard transaction to include the new authorization object? If I select transaction SU24 and I add the new object. Does it work? Hi,

What about modify the stantard transaction to include the new authorization object?
If I select transaction SU24 and I add the new object. Does it work?

]]>