About

This tool support exploration and management of authorization groups.

The Problem

A recurring task is to create SM30 maintenance views in onPremise SAP systems on top of customizing tables to enable configuration of processes. When You generate a maintenance dialog, You can choose an authorization group to protect recording data to the table/view through the generated maintenance dialog.

image Authorization Group Tool
image-1 Authorization Group Tool

Sometimes that Authorization Group is not predefined in the requirement, due no appropriate one exists, or no one can provide You with an appropriate Authorization Group name, but protection of recording entries in the table is essential. You can search for existing groups or create new one then validate it by people defining the requirement. At this point You might find Yourself in a jungle to come up with a right Authorization Group. This tool is a helper tool to bunch the required functions together to solve this problem quickly.

Technical Background

The Authorization Group itself is a Field in the Authorization Object S_TABU_DIS. The Authority Check is done against this Group and the Activity (02-Edit/03-Display ) by the system.

image-2 Authorization Group Tool

This Object can be assigned in the Authorization Profile of the corresponding Role in transaction PFCG to provide Display or Edit capability for a user having the Role:

image-3-1024x452 Authorization Group Tool

Installation

Clone repository

https://github.com/attilaberencsi/authgroups.git

using ABAPGit (online / offline).

Features of the tool

The following selection screen welcomes You, when You execute the report zsapdev_authgroup.

image-4 Authorization Group Tool
  • List Authorization Groups (Quick Jump to SE54 identical feature)
  • List Authorization Groups used in Table/View maintenance dialogs (Custom Feature)
  • List Authorizations Profiles / PFCG Roles where a given Authorization Group is embedded (Custom Feature)
  • Maintain Authorization Groups (Quick Jump to SE54 identical feature)
  • Assign Authorization Group to Table/View Maintenance Dialog (Quick Jump to SE54 identical feature)

Show Authorization Groups

Shows all the Authorization groups in the system, which are client (in)dependent.

This is a standard feature.

List Authorization Groups used in Table/View maintenance dialogs

I developed this feature to get an insight which Authorization Groups are used in our systems in maintenance dialogs. You can restrict the search. It comes handy to search for Z* Authorization groups to see which You have, and to which tables/views are they assigned at the moment.

Roles with Authorization group

In case You are trying to validate correctness of an existing Authorization Group, You can fetch the PFCG Roles within a given Authorization Group is used. Without defining a Group, all the PFCG roles are listed having Authorization Groups.

Maintain Authorization Groups

When You didn’t found any appropriate Authorization Group, here You can create a new one.

This is a standard feature.

Assign Group to Table / View Maintenance dialog

You can change Assign Authorization Groups to tables in Mass. The next selection screen helps to list maintenance dialog objects by name or currently assigned Authorization Group.

This is a standard feature.

Validation

ATC Check: Passed

Manual validation done on:

Software ComponentReleaseSupport PackageSupport Package LevelDescription
S4FND104SAPK-10402INS4FND0002Foundation
SAP_ABA75ESAPK-75E02INSAPABA0002Cross-Application Component
SAP_BASIS754SAPK-75402INSAPBASIS0002SAP Basis Component
SAP_GWFND754SAPK-75402INSAPGWFND0002SAP Gateway Foundation
SAP_UI754SAPK-75404INSAPUI0004User Interface Technology

Good luck with Authorization Groups 🙂

Share this content: