Authorization Group Tool
About
This tool support exploration and management of authorization groups.
The Problem
A recurring task is to create SM30 maintenance views in onPremise SAP systems on top of customizing tables to enable configuration of processes. When You generate a maintenance dialog, You can choose an authorization group to protect recording data to the table/view through the generated maintenance dialog.
Sometimes that Authorization Group is not predefined in the requirement, due no appropriate one exists, or no one can provide You with an appropriate Authorization Group name, but protection of recording entries in the table is essential. You can search for existing groups or create new one then validate it by people defining the requirement. At this point You might find Yourself in a jungle to come up with a right Authorization Group. This tool is a helper tool to bunch the required functions together to solve this problem quickly.
Technical Background
The Authorization Group itself is a Field in the Authorization Object S_TABU_DIS. The Authority Check is done against this Group and the Activity (02-Edit/03-Display ) by the system.
This Object can be assigned in the Authorization Profile of the corresponding Role in transaction PFCG to provide Display or Edit capability for a user having the Role:
Installation
Clone repository
https://github.com/attilaberencsi/authgroups.git
using ABAPGit (online / offline).
Features of the tool
The following selection screen welcomes You, when You execute the report zsapdev_authgroup.
- List Authorization Groups (Quick Jump to SE54 identical feature)
- List Authorization Groups used in Table/View maintenance dialogs (Custom Feature)
- List Authorizations Profiles / PFCG Roles where a given Authorization Group is embedded (Custom Feature)
- Maintain Authorization Groups (Quick Jump to SE54 identical feature)
- Assign Authorization Group to Table/View Maintenance Dialog (Quick Jump to SE54 identical feature)
Show Authorization Groups
Shows all the Authorization groups in the system, which are client (in)dependent.
This is a standard feature.
List Authorization Groups used in Table/View maintenance dialogs
I developed this feature to get an insight which Authorization Groups are used in our systems in maintenance dialogs. You can restrict the search. It comes handy to search for Z* Authorization groups to see which You have, and to which tables/views are they assigned at the moment.
Roles with Authorization group
In case You are trying to validate correctness of an existing Authorization Group, You can fetch the PFCG Roles within a given Authorization Group is used. Without defining a Group, all the PFCG roles are listed having Authorization Groups.
Maintain Authorization Groups
When You didn’t found any appropriate Authorization Group, here You can create a new one.
This is a standard feature.
Assign Group to Table / View Maintenance dialog
You can change Assign Authorization Groups to tables in Mass. The next selection screen helps to list maintenance dialog objects by name or currently assigned Authorization Group.
This is a standard feature.
Validation
ATC Check: Passed
Manual validation done on:
Software Component | Release | Support Package | Support Package Level | Description |
---|---|---|---|---|
S4FND | 104 | SAPK-10402INS4FND | 0002 | Foundation |
SAP_ABA | 75E | SAPK-75E02INSAPABA | 0002 | Cross-Application Component |
SAP_BASIS | 754 | SAPK-75402INSAPBASIS | 0002 | SAP Basis Component |
SAP_GWFND | 754 | SAPK-75402INSAPGWFND | 0002 | SAP Gateway Foundation |
SAP_UI | 754 | SAPK-75404INSAPUI | 0004 | User Interface Technology |
Good luck with Authorization Groups 🙂
Share this content: