topic Re: Regarding security check... in Application Development and Automation Discussions

Regarding security check...

Former Member — Tue, 03 Feb 2009 15:03:37 GMT

Hello Gurus,

I am working on security side of a custom selection report. I have created a a authorization object in SU21 so that any user who does not have authorization will not be able to execute the report by using sy-subrc for authorization-check.

There is one more kind of authorization that is required. There is a dropdown selection field called 'Department' on selection screen which has around thre values. The requirement is security check on that selection field itself, so that when use does a dropdown, he would only see the department for which he/she is authorized.

Can someone tell how do I achieve this ? I know that we can specify the values in authorization object for which user can select data but do we have to do any coding for this in ABAP ?

Regards,

Rajesh.

Re: Regarding security check...

former_member156446 — Tue, 03 Feb 2009 15:12:59 GMT

Hi Drop down is created using FM : 'VRM_SET_VALUES' where ID and values hold the content... check the authorization check and send data to the Structures only if the authority check is passed..

AT SELECTION-SCREEN. 
AUTHORITY-CHECK OBJECT 'S_CARRID' 
ID 'CARRID' FIELD carr 
ID 'ACTVT' FIELD '03'. 
 
IF sy-subrc NE  0. 
 vrkme_lstbox_values-key = 'C'.
 vrkme_lstbox_values-text = 'Display All'(015).
APPEND vrkme_lstbox_values TO vrkme_lstbox.
ENDIF.

CALL FUNCTION 'VRM_SET_VALUES'
  EXPORTING
     id              = vrkme_lstbox_name
    values          = vrkme_lstbox
  EXCEPTIONS
   id_illegal_name = 1
    OTHERS          = 2.

Re: Regarding security check...

Former Member — Tue, 03 Feb 2009 15:19:00 GMT

hi,

You need to create authrization Object for department also as like we create for plant,company code..etc.

LOOP AT tbl_plant.
*   Calling the subroutine to check each plant code.
    PERFORM plant_code_check USING tbl_plant-werks
                                   v_value
                                   v_errmess
                                   v_subrc.
*   Get out and stop checking on the first failure.
    IF sy-subrc NE 0.
      IF v_errmess EQ space.
        v_werks = tbl_plant-werks.
      ENDIF.
      EXIT.
    ENDIF.
  ENDLOOP.


*********************************************************************************************

FORM plant_code_check USING v_werks v_value v_errmess v_subrc.
* Authorization check here..
  AUTHORITY-CHECK OBJECT 'ZPLANT'
                                                 ID 'ACTVT' FIELD v_value
                                                 ID 'WERKS' FIELD v_werks.

* Checking for Return code from the authority check.
  IF sy-subrc NE 0.
*   If error message printing option is turned on, write error message.
    IF v_errmess NE space.
*   Not authorized for this company code message.
      MESSAGE e000(zm1) WITH text-010 v_werks.
    ELSE.
      v_subrc = sy-subrc.                      "Not authorized
    ENDIF.
  ENDIF.

ENDFORM.

Thanks

Parvathi