SAP AND ABAP TIPS AND FACTS

Tuesday, March 25, 2008

SAP ABAP Authorizations / SAP Authorizations

SAP ABAP Authorizations / SAP Authorizations

While writing code in ABAP for example reports/interfaces/enhancements developers should take care that the Authorizations are taken care of. In ABAP code the SQL statements (Database Access) does not trigger Authorizations. This makes the code vulnerable. A program that has been transported to production without proper authorizations gives access to all the data that the SQL and Native SQL statements are querying to any user who is executing that program.

Hence it becomes mandatory for the developer to take care of Authorizations in the code.

SAP Authorization Concept

In SAP Authorization are user specific and in the user master record the authorization is assigned. Data in SAP must be protected so that only those users who have permission should be able to access the data. For example certain users may have access to Sales Side data amongst these users certain users may have permission only to view the data and other to change it. Also certain users may have permissions only to view MM side data.

Authorization Objects are used to take care of the Authorizations in SAP. Each Authorization Object can have 10 fields.

As a developer if required you can create your own Authorization Object. For example if you create an Authorization Object Z_Sales then it can have 2 authorization fields and the activity field can have  3 actions associated with it like create (01), change (02) and display (03).

Important tables associated with Authorization are as follows

Some of the tables associated with SAP Authorizations.

TACT        Activities which can be Protected
TACTZ      Valid activities for each authorization object
TSTCA      Values for transaction code authorizations

For example customers can be divided into certain regions say NORTH, SOUTH, EAST, WEST.

and the Authorization object S_Sales has a filed REGIONID to define the region, then you can create an authorization object as follows.

Aythorization Object                        Authorization Display for S_SALES
S_SALES                                           REGIONID '*'  (For All Regions)
REGIONID (Region)                         ACTVT 'DISPLAY'
ACTVT (Activity)                          

S_SALES                                           REGIONID 'NORTH'  (Only North Region)
REGIONID (Region)                         ACTVT 'CHANGE'
ACTVT (Activity)                          

This object shows how to restrict certain users from changing customer data not related to regions in SOUTH, EAST and WEST.

Transactions associated with Authorization Objects are as follows

SU20  Fields
SU21 Objects
Posted by ABAP FRIEND at 3:45 AM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

ABAP TIPS

PREVIOUS                  NEXT                    RANDOM

ABAP TIPS

Since your web browser does not support JavaScript, here is a non-JavaScript version of the image slideshow:

ABAP TIPS
Always specify your conditions in the Where-clause instead of checking them yourself with check statements. The database system can then use an index (if possible) and the network load is considerably less.

ABAP TIPS
For all frequently used Select statements, try to use an index. You always use an index if you specify (a generic part of) the index fields concatenated with logical Ands in the Select statement's Where clause. Note that complex Where clauses are poison for the statement optimizer in any database system.

ABAP TIPS
If there exists at least one row of a database table or view with a certain condition, use the Select Single statement instead of a Select-Endselect-loop. Select Single requires one communication with the database system, whereas Select-Endselect needs two.

ABAP TIPS
It is always faster to use the Into Table version of a Select statement than to use Append statements.

ABAP TIPS
To read data from several logically connected tables use a join instead of nested Select statements. Network load is considerably less.

ABAP TIPS
If you want to find the maximum, minimum, sum and average value or the count of a database column, use a select list with aggregate functions instead of computing the aggregates yourself. Network load is considerably less.

ABAP TIPS
If you process your data only once, use a Select-Endselect-loop instead of collecting data in an internal table with Select Into Table. Internal table handling takes up much more space.

ABAP TIPS
Use a select list or a view instead of Select * , if you are only interested in specific columns of the table. Network load is considerably less.

ABAP TIPS
For all frequently used, read-only tables, try to use SAP buffering. Network load is considerably less.

ABAP TIPS
Whenever possible, use array operations instead of single-row operations to modify your database tables. Frequent communication between the application program and database system produces considerable overhead.

ABAP TIPS
Whenever possible, use column updates instead of single-row updates to update your database tables. Network load is considerably less.

ABAP TIPS
Instead of using nested Select loops or FOR ALL ENTRIES it is often possible to use subqueries. Network load is considerably less.

ABAP TIPS
Use the special operators CO, CA, CS, instead of programming the operations yourself. If ABAP/4 statements are executed per character on long strings, CPU consumption can rise substantially.

ABAP TIPS
Some function modules for string manipulation have become obsolete and should be replaced by ABAP/4 statements or functions: STRING_CONCATENATE... -> CONCATENATE, STRING_SPLIT... -> SPLIT, STRING_LENGTH -> strlen(), STRING_CENTER -> WRITE...TO...CENTERED, STRING_MOVE_RIGHT -> WRITE...TO...RIGHT-JUSTIFIED

ABAP TIPS
Use the CONCATENATE statement instead of programming a string concatenation of your own.

ABAP TIPS
If you want to delete the leading spaces in a string, use the ABAP/4 statement SHIFT...LEFT DELETING LEADING... .Other constructions (with CN and SHIFT...BY SY-FDPOS PLACES, with CONDENSE if possible, with CN and ASSIGN CLA+SY-FDPOS(LEN) ...) are not as fast. In any case, avoid using SHIFT inside a WHILE-loop!

ABAP TIPS
Use the SPLIT statement instead of programming a string split yourself.

ABAP TIPS
Use the strlen( ) function to restrict the DO loop to the relevant part of the field, e.g. when determinating a check-sum.

ABAP TIPS
Use "CLEAR f WITH val" whenever you want to initialize a field with a value different from the field's type-specific initial value.

ABAP TIPS
Try to keep the table ordered and use binary search or used a table of type SORTED TABLE. If TAB has n entries, linear search runs in O( n ) time, whereas binary search takes only O( log2( n ) ).

ABAP TIPS
A dynamic key access is slower than a static one, since the key specification must be evaluated at runtime. However, for large tables the costs are dominated by number of comparison needed to locate the entry.

ABAP TIPS
If you need to access an internal table with different keys repeatedly, keep your own secondary indices.With a secondary index, you can replace a linear search with a binary search plus an index access.

ABAP TIPS
LOOP ... WHERE is faster than LOOP/CHECK because LOOP ... WHERE evaluates the specified condition internally. As with any logical expressions, the performance is better if the operands of a comparison share a common type. The performance can be further enhanced if LOOP ... WHERE is combined with FROM i1 and/or TO i2, if possible.

Always use Pretty Printer and Extended Program Check before releasing the code. Do not leave unused code in the program. Comment the code thoroughly. Align the comments and the Code. Follow the SAP Standards and SAP Best Practices guidelines. It’s a good practice to take a dump of the code on your local drive.

Ole Automation Part1
Ole Automation Part 2
Processing Blocks in ABAP
Simple ABAP Report
ALV Grid - Changing Colors
ALV Report Example
Creating Variants For ABAP Reports
Recording BDC using Transaction
Sales Document Flow in ABAP
User Exits in SAP SD
SAP ABAP Naming Standards
SAP SD Tables
SAP ABAP Data Dictionary Tables
MM Important Transaction Codes in SAP
Passing g Data From One ABAP Program to Another
ABAP Compute Add Collect and Append
SAP ABAP Determining Attributes of Data
SAP ABAP Editor Icons
BAPI for Displaying Material Data
BAPI to get customer bank details
EDI Outbound Process
SAP EDI Process Overview
Function Module for Vendor Bank details
SAP IDOC
Creating a Valid Password in SAP
SAP BADIs Introduction
SAP ABAP MACROS
POP UP function Module to Confirm and Save Data
Select Options
BAPI for availability check
String to Numerical
SAP Goods Movement Process
Getting a List of Plants for a Material
SAP R3 Clients Concept
ABAP Adobe Forms
Authorization Object Tables
SAP Industry Specific Solutions

Sap Scripts and SmartForms Bar Codes
Standard Reports and Sap Scripts
Important Standard Reports in SAP
Abap Tricks and Tips
Bapi Sales Order
BAPI Purchase Order
Creating Function Modules in SAP
Creating Tables in SAP
Finding User Exits in SAP
Function Module Create Text and Read Text
Important Transaction Codes in SAP
ABAP Function Module for Submitting a Program
ABAP Game Tic Tac Toe
ABAP Internal Table To Excel Sheet
ABAP Function Module to create Directory
Different Types of Menus in SAP
Function Modules in SAP to check Loged in Users
ABAP Function Module for Adding Days to Dates
Call a Transaction From a Remote System
SAP MM simple Procurement Cycle
BAPI Material EDIT
Finding Decimal Places in Currency
Getting negative sign before a number in ABAP
Program Editor Lock Unlock
Restricting Select Options
List of BAPIs in the system
SAP Function Module Scramble a String
LSMW
POP up table contents on the screen
SAP R3 Bookmarking Websites
Stock Requirements List Function Module
Retail Transaction Codes 		ABAP Debugger Break Points
ABAP Debugger WatchPoints
Drill Down Reports Concept
Creating a HOT SPOT
Interactive Programs and Hide Technique
String Concatenate
Get Week of the Year
SAP ABAP to Add Days to a Date
Add Months to a Date
Get Month in the Year
Display Clock
ABAP Code For Progress BAR
ABAP Function Module For Caluclator
ABAP Function Module For Calender
Displaying Messages in ABAP
Function Module Pop Up To Confirm
Conversion Routines in SAP
SAP ABAP Authorization
SAP ABAP Module Pool Tutorial
SAP ABAP RFC
Finding Path to SAP Transaction in Menu
SAP Purchasing Documents
SAP and ABAP Shortcuts
Logical Databases
Advantages of Logical Databases
Copy to Clipboard
BAPI Create Material
Finding and Running Programs in ABAP
Program Syntax Check and Extended Syntax Check
Select Options upper lower case
BAPI Sales Order Simulate
Get PLANT and Description for a Material
MRP List Function Module
Production Planning and Controlling
Applications in SAP R3
Tool Based Reports
Important Transaction Codes in SAP
SAP Stock per Bin 		Pop Up a Calender
Module to Read a File
Module to Reverse A String
Run an Executable Program with Parameters
Program for POP up Screen
Printing Selection Parameters for a Report
Uploading and DownLoading a Report
SAP ABAP Version Management
SAP ABAP Short Cuts
List of Important System Variables
ABAP MACROS
ABAP Calling a File Selector
Some Important Function Modules
ABAP String Operations
ABAP Function Module to Check Validity of Date
Transfer Internal Table Contents to a File
SAP ABAP Program Types
BAPI to Read Customer Data
Checking Validity of Date
Download to Application Server
ABAP Debugger Breakpoint and Watchpoint
BAPI to get Company Code Details
Creating Material Using BAPI part 2
Generating a Valid Password
Logical Databases Structure
Making Fields OBligatory in Selection Screen
ABAP Views
Getting a Company Code for a Plant
Importing contents of Clipboard in SAP
Getting a Plant for a Material
Plant Material and Storage Location
SAP Production Planning Standard Reports
NetWeaver Components
Supported Databases and Operating Systems