Examples of Using Critical Authorizations and Combinations
You determine all users that have development authorization for either executable programs (reports) or function groups.
For a user to be able to develop, he or she requires the following authorizations:
- Authorization for the object S_TCODE that contains at least one of the transaction SE80, SE37, or SE38
- An authorization for the object S_DEVELOP with the value PROG or FUGR in the OBJTYPE field and the value 02 in the ACTVT field
The ID to be created with critical authorization data therefore contains three groups, for each of which the values are each linked with OR.
| Group | Object* | Field Name | From | To | AND/OR* |
|---|---|---|---|---|---|
|
A001 |
S_TCODE |
TDC |
SE80 |
|
OR |
|
A001 |
S_TCODE |
TDC |
SE37 |
|
OR |
|
A001 |
S_TCODE |
TDC |
SE38 |
|
OR |
|
A002 |
S_DEVELOP |
OBJTYPE |
PROG |
|
OR |
|
A002 |
S_DEVELOP |
OBJTYPE |
FUGR |
|
OR |
|
A003 |
S_DEVELOP |
ACTVT |
02 |
|
any (OR or AND) |
In a modification of the first example, you now determine users that have development authorization both for executable programs and for function groups. To do this, split the ID of the first example into two individual IDs and create a combination of these two IDs:
| Group | Object* | Field Name | From | To | AND/OR |
|---|---|---|---|---|---|
|
A001 |
S_TCODE |
TCD |
SE80 |
|
OR |
|
A001 |
S_TCODE |
TCD |
SE38 |
|
OR |
|
A002 |
S_DEVELOP |
OBJTYPE |
PROG |
|
AND |
|
A002 |
S_DEVELOP |
ACTVT |
02 |
|
AND |
| Group | Object* | Field Name | From | To | AND/OR |
|---|---|---|---|---|---|
|
A001 |
S_TCODE |
TCD |
SE80 |
|
OR |
|
A001 |
S_TCODE |
TCD |
SE37 |
|
OR |
|
A002 |
S_DEVELOP |
OBJTYPE |
FUGR |
|
AND |
|
A002 |
S_DEVELOP |
ACTVT |
02 |
|
AND |