How do I add an authorization object to a transaction?
Example: For accepting incoming payments through F-28, I would like to restrict users in the field credit control area (KKBER). I added the object F_KNKA_KKB in the said transaction through SU22/SU24, and the same object also appears in PFCG, but in the actual transaction it does not control users.
I understand SU24/22 does not magically add the object. I have to do something more. But what?
In SE93, you can allocate an authorization object to a transaction. For authority checks beyond that, they are normally put into the program behind the transaction, by using the ABAP keyword AUTHORITY-CHECK.
For a standard SAP transaction, run the tx and do an authority trace to find out which authorization objects are touched. You may find the one that gives you what you need. Alternatively, there may be user exits available to add your own authority checks.
Finally, you could use field exits, but these should only be this used as a last resort since they are not being developed further by SAP.
Dig Deeper on SAP ABAP
Related Q&A from Matthew Billingham
An SAP user needs information on how to change the password on several SAP user accounts from a central location. Continue Reading
An SAP user is trying to run a report in an SAP ALV Grid online and wants to know how to get the data in the report to appear along with the header. Continue Reading
An SAP user needs to transfer customer purchase order spreadsheet data to SAP VA01 to create a new sales order. Continue Reading