topic Re: Authorization Check in Application Development and Automation Discussions

Authorization Check

Former Member — Wed, 21 Jan 2009 09:32:14 GMT

Hi,

I have put an authorization check on WERKS which is entered through SELECT-OPTIONS.

So lets say that the range entered by the user consists of some plants which should have the authorization to view that report and some should not, however when i put the authorization check in the report it is blocking all the plants to view the report.

How to tackle such situations.

Regards,

Dan

Re: Authorization Check

Former Member — Wed, 21 Jan 2009 09:36:08 GMT

Hi,

Remove all the plants for which the authorization check fails and proceed for only those plants for which the user has authorization.

regards,

Anoop Panackal

Re: Authorization Check

Former Member — Wed, 21 Jan 2009 09:38:06 GMT

Hi,

loop at s_werks .

AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'(say)

ID 'ACTVT' FIELD '03'

ID 'BUKRS' FIELD s_werks-low.

if sy-subrc <> 0.

delete s_werks.

ENDIF.

endloop.

proceed with the plants that has autorization checks .

reg

Ramya

Edited by: Ramya S on Jan 21, 2009 10:39 AM

Re: Authorization Check

Former Member — Wed, 21 Jan 2009 09:38:32 GMT

how can you remove plants from authorization object???

Re: Authorization Check

Former Member — Wed, 21 Jan 2009 09:41:03 GMT

Hi,

Are u trying like this?

AUTHORITY-CHECK OBJECT 'your object '

ID ' your field ' FIELD s_werks-low

ID 'ACTVT' FIELD '03'.

This will allow the plants which have authorizations.

Thanks,

Srilakshmi.

Re: Authorization Check

Former Member — Wed, 21 Jan 2009 09:42:48 GMT

Hi Dan

Create a new FM which looks something like this:

FUNCTION AUTHORITY_CHECK.

*"----

""Local interface:

*" IMPORTING

*" REFERENCE(AUT_OBJ) TYPE C

*" REFERENCE(FIELD1_OBJECT) TYPE C

*" REFERENCE(FIELD1_VALUE) TYPE C

*" REFERENCE(FIELD2_OBJECT) TYPE C

*" REFERENCE(FIELD2_VALUE) TYPE C

*" EXCEPTIONS

*" NO_AUTHORITY

*"----

authority-check object aut_obj

id field1_object field field1_value

id field2_object field field2_value.

if sy-subrc ne 0.

Raise No_authority.

endif.

ENDFUNCTION.

And call it in your program like this:

form check_authority.

data : wa_t001 like t001w.

Check for the validity of plant

select single *

into wa_t001

from t001w

where werks = pa_werks.

If the plant entered is a valid plant check for authority

if sy-subrc eq 0.

call function 'AUTHORITY_CHECK'

EXPORTING

aut_obj = co_auth_obj

field1_object = co_werks

field1_value = pa_werks

field2_object = co_actvt

field2_value = co_03

EXCEPTIONS

no_authority = 1

others = 2.

if sy-subrc <> 0.

message e261 with pa_werks. "no authorization for plant

endif.

else.

message e048 with pa_werks. "plant & is invalid.

endif. "sy-subrc

endform. " check_authority

Hope this is useful.

Regards

Harsh

Re: Authorization Check

Former Member — Wed, 21 Jan 2009 09:43:17 GMT

what i am trying is like this:

AUTHORITY-CHECK OBJECT 'ZREPORTS'

ID 'ACTVT' FIELD '03'

ID 'VKORG' FIELD s_vkorg

ID 'VKGRP' FIELD s_vkgrp.

IF SY-SUBRC <> 0.

MESSAGE 'No Authorisation for selected sales organization' TYPE 'I' DISPLAY LIKE 'W'.

LEAVE TO TRANSACTION sy-tcode.

ENDIF.

note that both vkorg and vkgrp are in select options

Re: Authorization Check

Former Member — Wed, 21 Jan 2009 09:59:25 GMT

Hi,

You can do the authorization check later and filter the reocrds where it fails.

What you can do is select the data first for the select-options and do the authorization check while looping at the output table. Whereever the authorization fails, delete that record. keep it otherwise.

something like this :


select * from dbtab into table itab
where vkorg in s_vkorg...

loop at itab.

AUTHORITY-CHECK OBJECT 'ZREPORTS'
ID 'ACTVT' FIELD '03'
ID 'VKORG' FIELD itab-vkorg
ID 'VKGRP' FIELD itab-vkgrp.

IF SY-SUBRC NE 0.
delete itab.
continue.
ENDIF.

" rest of the processing.

endloop.

This way the users will only get a list of records they are authorized to see.

regards,

Advait

Re: Authorization Check

Former Member — Wed, 21 Jan 2009 10:24:15 GMT

U can't do that authorization control, but u need to check the data extracted:

LOOP AT ITAB.
  AUTHORITY-CHECK OBJECT 'ZREPORTS'
    ID 'ACTVT' FIELD '03'
    ID 'VKORG' FIELD ITAB-VKORG
    ID 'VKGRP' FIELD ITAB-VKGRP.
  IF SY-SUBRC <> 0.
    DELETE ITAB.
  ENDIF.
ENDLOOP.

DESCRIBE TABLE ITAB LINES SY-TABIX.

IF SY-TABIX = 0.
  MESSAGE 'No Authorisation for selected sales organization' TYPE 'I'
  DISPLAY LIKE 'W'.
  LEAVE TO TRANSACTION SY-TCODE.
ENDIF.

or to filter the possible hits of the selectiion-screen:

DATA: BEGIN OF IT_SEL OCCURS 0,
        VKORG TYPE TVKBZ-VKORG,
        VKGRP TYPE TVBVK-VKGRP,
      END   OF IT_SEL.

SELECT TVKBZ~VKORG TVBVK~VKGRP INTO TABLE IT_SEL
   FROM TVKBZ INNER JOIN TVBVK ON  TVKBZ~VKBUR = TVBVK~VKBUR
      WHERE TVKBZ~VKORG IN SO_VKORG
        AND TVBVK~VKGRP IN SO_VKGRP.

LOOP AT IT_SEL.
  AUTHORITY-CHECK OBJECT 'ZREPORTS'
    ID 'ACTVT' FIELD '03'
    ID 'VKORG' FIELD IT_SEL-VKORG
    ID 'VKGRP' FIELD IT_SEL-VKGRP.
  IF SY-SUBRC <> 0.
    DELETE IT_SEL.
  ENDIF.
ENDLOOP.

DESCRIBE TABLE IT_SEL LINES SY-TABIX.

IF SY-TABIX = 0.
  MESSAGE 'No Authorisation for selected sales organization' TYPE 'I'
  DISPLAY LIKE 'W'.
  LEAVE TO TRANSACTION SY-TCODE.
ELSE.
  SELECT * FROM <TABL> INTO TABLE ITAB
     FOR ALL ENTRIES IN IT_SEL
       WHERE VKORG = IT_SEL-VKORG
         AND VKGRP = IT_SEL-VKGRP.
ENDIF.

Max