1.创建Da ta Element
TCODE SE80
TCODE SE80
1) 创建Da ta Element
Name: Z_EMP_ID00
Field Label属性
Length Field Label
Short 10 ID
Medium 15 EMPLOYEE ID
Long 20 EMPLOYEE EMPLOYEE ID
Heading 19 EMPLOYEE ID HEADING
Field Label属性
Length Field Label
Short 10 ID
Medium 15 EMPLOYEE ID
Long 20 EMPLOYEE EMPLOYEE ID
Heading 19 EMPLOYEE ID HEADING
2) 为Z_EMP_ID00创建一个Domain
Name Z_EMP_ID00
Da ta Type NUMC
No. Characters 10
Decimal Places 0
Output Length 10
Name Z_EMP_ID00
Da
No. Characters 10
Decimal Places 0
Output Length 10
2.创建Authorization Fields
TCODE SU20
Field Name ZEMPID00
Da ta element Z_EMPID00
TCODE SU20
Field Name ZEMPID00
Da
3.创建Authorization Object
多个Authorization Fields是被归在一个Authorization Object中的,创建好Object后需要把Z_EMPID00 assign给它.
TCODE SU21
多个Authorization Fields是被归在一个Authorization Object中的,创建好Object后需要把Z_EMPID00 assign给它.
TCODE SU21
图SU21-1 (SU21界面)
1) 创建一个Object class ZEMP
Object Class ZEMP
Text Empleyee Object class.
Object Class ZEMP
Text Empleyee Object class.
2) 在ZEMP里创建一个Authorization Object ZEMPOBJ00
Object ZEMPOBJ00
Text Employee object 00.
Field name ZEMPID00
Object ZEMPOBJ00
Text Employee object 00.
Field name ZEMPID00
图SU21-2 (创建Authorization Object)
图SU21-3 (Object Class和Authorization Object创建完毕)
4.为用户添加Pro file
这个Pro file包含用户对Object ZEMPOBJ00的各个Field有权限访问的具体范围.
这个Pro
1) 创建Pro file
TCODE SU01
在菜单Enviroment > Mainten Pro file(F9)
Pro file: ZEMPRF00
选择Create.
TCODE SU01
在菜单Enviroment > Mainten Pro
Pro
选择Create.
图SU01-1
(
创建
Pro file)
在下半部分的表格中的Object列中添加ZEMPOBJ00,Save, 激活
Authorization列输入ZAHUEMP,双击新建它
Text: Authorization for Employee.
点击Maintenance Value, 在From列和To列分别输入*
分别激活Authorization, Pro
图SU01-2 (Pro
2) 将ZAHUEMP assign给用户BCUSER.
然后回到SU01对BCUSER的界面, 在Pro
添加ZEMPRF00,Save.
5.创建Role
TCODE PFCG
Role ZEMPR
选择Single Role
1) Description:
Maintenance Employee ID
在Authorizations面板中:
Pro
Pro
2) 给这个Role添加用户
在User面板中:
User: BCUSER
6.创建测试程序
REPORT ZAUTHORITY01.
DA TA: Z(20) VALUE 'abc'.
AUTHORITY-CHECK OBJECT 'ZEMPOBJ00'
ID 'ZEMPID00' FIELD Z.
WRITE:/ Z.
IF SY-SUBRC = 0.
WRITE:/ 'PASS'.
ELSE.
WRITE:/ 'Sorry.'.
ENDIF.
REPORT ZAUTHORITY01.
DA
AUTHORITY-CHECK OBJECT 'ZEMPOBJ00'
ID 'ZEMPID00' FIELD Z.
WRITE:/ Z.
IF SY-SUBRC = 0.
WRITE:/ 'PASS'.
ELSE.
WRITE:/ 'Sorry.'.
ENDIF.
7.运行程序
用户BCUSER必须先退出系统然后登录后前面设置的role才会生效.运行程序,结果为PASS.
用户BCUSER必须先退出系统然后登录后前面设置的role才会生效.运行程序,结果为PASS.