06-09-2021 10:21 AM
Hi all,
I want to control specific user to read/write in AL11
Name of directory: \\sysld01\usr\interface\ATS\INBOUND\ASSET\DATA
Where and how do I do that?
Please give clear step by step procedure to do this.
Someone said go to SU21 change the authorization object S_DATASET but it dont have any fields for me to specify which users or specific file path. If change that directly in SU21, it will hit all users and all file paths in AL11
06-10-2021 10:58 AM
Finally solve this problem! Here is the solution. Tested.
Log in as user ztest1
User ztest1 cannot read the file with error message below.
06-09-2021 10:28 AM
06-09-2021 10:53 AM
found its s_dataset authorization object.
Example: I want user Ali to only able to read files inside \\sysld01\usr\interface\ATS\INBOUND\ASSET\DATA
So how is the example given is applicable here?
06-09-2021 10:34 AM
A good friend, is transaction SU24, if it has been correctly maintained, you will find all authorization object by transaction
06-09-2021 10:50 AM
frdric.girod
I dont get it. what am i supposed to here?
Example: I want user Ali to only able to read files inside \\sysld01\usr\interface\ATS\INBOUND\ASSET\DATA
So how is the example given is applicable here?
06-09-2021 10:45 AM
06-09-2021 11:08 AM
raymond.giuseppi
Example: I want user Ali to only able to read files inside \\sysld01\usr\interface\ATS\INBOUND\ASSET\DATA
sy-subrc forever 0. and it cannot solve the example above. Where to restrict Ali?
no any effect.
AUTHORITY-CHECK OBJECT 'S_PATH'
ID 'FS_BRGRU' FIELD 'RCCG'
ID 'ACTVT' FIELD '02'.
IF sy-subrc <> 0.
* Implement a suitable exception handling here
ENDIF.
06-09-2021 11:36 AM
Don't add an authority-check statement in code, it will be automatically performed by Dataset statements.
Which steps did you already performed, could you paste the SPTH table (only records related to this question)
Also execute SU53 or a trace to understand any unexpected result.
06-10-2021 2:52 AM
raymond.giuseppi
This is the entry in SPTH i created. I am only allowed to enter RCCG authorization group to save the entry. There is no other allowable entry.
created the pfcg as well
Let say I dont want user NGSC to able to read files in \\sysld01\usr\interface\ATS\INBOUND\ASSET\DATA
So I didnt asign these created role to NGSC and guess what? NGSC still able to goto the path \\sysld01\usr\interface\ATS\INBOUND\ASSET\DATA and read all the files inside.
So what is the wrong steps detailed above?
06-10-2021 8:48 AM
06-09-2021 11:07 AM
Your requirement is not clear: should this one user access or not access this directory? And not access other directories at all?
Authorization concept is a one week training, I'm not sure how we can sum up it here in a few sentences...
06-09-2021 11:14 AM
sandra.rossi
Example: I want user Ali to only able to read files inside \\sysld01\usr\interface\ATS\INBOUND\ASSET\DATA
So how do I go about it with this given user Ali and filepath \\sysld01\usr\interface\ATS\INBOUND\ASSET\DATA
The rest of the world means cannot read the file inside.
06-10-2021 10:58 AM
Finally solve this problem! Here is the solution. Tested.
Log in as user ztest1
User ztest1 cannot read the file with error message below.