Show TOC

 Creating a Customer-Specific Authorization Object


  1. To create the authorization object, choose the SU21 transaction.

  2. First double-click an object class to select it, for example HR ( Human Resources ).

  3. Then choose Create on the following screen (F5). To be able to use the new authorization object you have created in the master data authorization check, the object must contain the following fields:

    • INFTY: Infotype

    • SUBTY: Subtype

    • AUTHC: Authorization Level

      If you want to use the authorization object for the context authorization check , it must also contain the PROFL field, which defines the structural profiles a user is authorized to access.

      You can use any of the fields in the Organizational Assignment infotype (0001) or in the PA0001 structure for the rest of the fields. You can also use customer-specific additional fields provided they are CHAR or NUMC type fields.

      In addition, you can use the following fields:

    • TCD: This field is always filled with the current transaction code ( SY-TCODE ). Note that when you use this authorization object in reports, the TCD field is filled with the name of the transaction that calls the report and not with the report name.

    • INFSU: This field is 8 characters long. The first 4 characters contain the infotype, the last 4 characters the subtype.

  4. After you have created the authorization object, start the RPUACG00 report. This report overwrites the MPPAUTZZ standard include with the code that is needed to evaluate the authorization object you created. Note: Technically speaking, this involves a modification. However, SAP fully supports this procedure. And you should not have more maintenance work as a result of this modification. To ensure that the report actually writes the program code, deselect the Test field. Enter your user as the password.

  5. Activate your checks by switching the appropriate authorization main switch, NNNNN or NNCON to 1 .

See also:

P_NNNNN (HR: Master Data: Customer-Specific Authorization Object)

P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context)