Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to add authority check for authorization group in ABAP

former_member539645
Participant

‎11-01-2022 7:27 AM

0 Kudos

Hi All,

I want to add authority check for authorization group in my ABAP code but I didn't find any answers.

My Authorization group is ZSHP1.

I tried below code but its not working. 

AUTHORITY-CHECK OBJECT 'S_USER_GRP'
       ID 'CLASS' FIELD 'ZSHP1'
       ID 'ACTVT' FIELD '03'.
      IF sy-subrc <> 0.
        MESSAGE e011(z001)."Action not allowed
      ENDIF.

The Group is maintained in SU01

Regards,

Ganesh

Preview file
14 KB
7 REPLIES 7

FredericGirod
Active Contributor

‎11-01-2022 7:32 AM

In my system the data element linked to the authorization object is 4 char length

FredericGirod
Active Contributor
In response to FredericGirod

‎11-01-2022 7:41 AM

0 Kudos

Check the authorization object in SU21, go in the field of the object, and check the control table (TBRG)

jmodaal
Active Contributor

‎11-01-2022 8:29 AM

Hello,

hmm, maybe you mix up the user group on tab "Logon Data" with the group(s) on tab "Groups"...?
The user group on the "Logon Data" is the right one for authorization checks using S_USER_GRP. The groups on tab "Groups" are for classification purposes only and can be used for selection of users in SUIM or SU10.

Therefore, effective for the authorization check is the group in tab "Logon Data".

Kind regards

Jan

Preview file
11 KB

former_member539645
Participant
In response to jmodaal

‎11-01-2022 8:41 AM

0 Kudos

Can you clarify in which tcode & tab I can maintain the group & what will be the ABAP code for this

jmodaal
Active Contributor
In response to jmodaal

‎11-01-2022 9:14 AM

0 Kudos

Hello,

maintenance transaction for user groups is SUGR. Assignment to users can be done in SU01 (or SU10) in the already mentioned tabs "Logon Data" and "Groups".

ABAP Code: for authorization checks your code in your question looks ok. However, it is not totally clear to me what is the aim - to check against the value in tab "Logon data" or against the values in tab "Groups". For both I would suggest to use function module BAPI_USER_GET_DETAIL. You will find the user groups in export structure LOGONDATA resp. in table GROUPS.

Kind regards

Jan

former_member539645
Participant

‎11-01-2022 9:40 AM

0 Kudos

Used below select query instead of authority check.

SELECT SINGLE usergroup FROM usgrp_user
        INTO @DATA(lv_usr_grp)
        WHERE bname = @sy-uname
        AND   usergroup = @c_usergroup.
      IF sy-subrc <> 0.
        MESSAGE e011(z001)."Action not allowed
      ENDIF.

Sandra_Rossi
Active Contributor
In response to former_member539645

‎11-01-2022 11:28 AM

This solves your issue, but is not related to your question about "authority-check" and "authorization group", so it will mislead future visitors thinking that they will find an answer about the initial question. I think that Jan Modaal answer will help more the future visitors.