topic Re: authorization checks in Application Development and Automation Discussions

authorization checks

Former Member — Thu, 30 Apr 2009 07:42:12 GMT

Hi all

My requirement is

As we have 7 company and particular user are authorized for particular one. Means all are in group MGH.

Employee company

Rahul mgh1

Gaurav mgh2

Now suppose rahul is enduser and trying salesorganization plant division and many others from MGH2. As he is not authorized so message will come u201C YOU ARE NOT AUTHORIZED USERu201D.

Now generally we can do coding in our reports for that

But as we have thousands of report and every report have different scenario so can we have any global function module for that so that rather we can do code we just call FUNCTION MODULE and put the value for desired fields and get the output

thanks

babbal

Re: authorization checks

Former Member — Thu, 30 Apr 2009 07:43:08 GMT

Hi,

You can use FM 'AUTHORITY_CHECK'.

Re: authorization checks

Former Member — Thu, 30 Apr 2009 07:49:49 GMT

hi,

Use the following

AUTHORITY-CHECK OBJECT '<ur authorization object>'

The authorization object is provided by the basis people

And then write the logic u want to execute.

Regards,

Manish

Re: authorization checks

Former Member — Thu, 30 Apr 2009 07:54:40 GMT

please tell me how i can use this function module as i dont have documentation.

as i used earlier

authority_check

IMPORT

user

object

field1

value1

field2

value2

field3

value3

but i am unable to take use of it...

thanks

babbal

Re: authorization checks

Former Member — Thu, 30 Apr 2009 08:00:54 GMT

Hi,

user below EX:

AUTHORITY-CHECK OBJECT 'M_MRES_WWA'

ID 'ACTVT' FIELD '03'

ID 'WERKS' FIELD X_WERKS.

IF SY-SUBRC NE 0.

AUTH_FLG = 'X'.

WRITE:/ 'You are not authorised for Plant :', X_WERKS.

ENDIF.

AUTHORITY-CHECK OBJECT 'M_MRES_BWA'

ID 'ACTVT' FIELD '03'

ID 'BWART' FIELD X_BWART.

IF SY-SUBRC NE 0.

AUTH_FLG = 'X'.

WRITE:/ 'You are not authorised for Movement Type :', X_BWART.

ENDIF.

AUTHORITY-CHECK OBJECT 'M_MSEG_LGO'

ID 'ACTVT' FIELD '03'

ID 'BWART' FIELD X_REC01.

IF SY-SUBRC NE 0.

AUTH_FLG = 'X'.

WRITE:/ 'You are not authorised for Storage Location :', X_REC01.

ENDIF.

AUTHORITY-CHECK OBJECT 'M_MSEG_LGO'

ID 'ACTVT' FIELD '03'

ID 'BWART' FIELD X_ISS01.

IF SY-SUBRC NE 0.

AUTH_FLG = 'X'.

WRITE:/ 'You are not authorised for Storage Location :', X_ISS01.

ENDIF.

Regards,

Naresh

Re: authorization checks

Former Member — Thu, 30 Apr 2009 08:51:41 GMT

Hi Babbal,

In se38 from Pattern from application tool bar, You can see Authority-Check there enter your

Authority check Object..(ask for basis people or functional)...

here mine is (Z_COMPANY_FI)... and follow on... use F1 help how to apply...


SELECT-OPTIONS : S_BUKRS FOR BSEG-BUKRS.       "Company Code
AT SELECTION-SCREEN ON S_BUKRS.
  SELECT * FROM T001 WHERE BUKRS IN S_BUKRS.             
    
   AUTHORITY-CHECK OBJECT 'Z_COMPANY_FI'
               ID 'BUKRS'   FIELD T001-BUKRS
               ID 'ZZ_PROG' FIELD SY-REPID.
    IF SY-SUBRC NE 0.
      MESSAGE ID 'SD' TYPE 'E' NUMBER '836' WITH
      TEXT-E01 SY-CPROG.
      RETURN.
    ENDIF.
  ENDSELECT.

Thanks & regards,

Dileep .C

Re: authorization checks

Former Member — Sat, 02 May 2009 05:49:07 GMT

Dear Dileep

How far I know

For User administration...

There are few database tables for that...

USR01 User master

USR02 Logon data

USR03 User address data

USR04 User master authorizations

USR11 User Master Texts for Profiles (USR10)

UST12 User master: Authorizations

USR12 User master authorization values

USR13 Short Texts for Authorizations

USR40 Prohibited passwords

TOBJ Objects

TOBC Authorization Object Classes

TPRPROF Profile Name for Activity Group

DEVACCESS Table for development user

Provably in between these tables, in any way we can find out the specific user's authorizied company code, Sales org, and distribution channel, etc.

I dont want to use the standard S_BUKRS for company code, I would like to use some customized code here...so that i can use the same logic for others like Sales org/Distribution channel/etc..

if I am wrong....pls spefy me where is that...

Quote----

SELECT-OPTIONS : S_BUKRS FOR BSEG-BUKRS. "Company Code

AT SELECTION-SCREEN ON S_BUKRS.<.......this would be customized>

SELECT * FROM T001 WHERE BUKRS IN S_BUKRS.

ENDSELECT.

UN-Quote----

Rgds

babbalsingh

Re: authorization checks

Former Member — Sun, 03 May 2009 05:54:27 GMT

Dear All,

Is there anyone to help us on the same topic as per the last reply from babal.

Rgds

Farhad

Re: authorization checks

Former Member — Sun, 03 May 2009 14:31:12 GMT

Hi Babbal & Farhad,

I have did a same alternation for va01 & va02 T-Codes, but for this you need to create role or

you need to add the existing role like this.

check this & revert me if you have any more doubts.


  if sy-tcode eq 'VA02'.
    AUTHORITY-CHECK OBJECT 'Z_DELIVERY'
            ID 'LIFSK' FIELD VBAK-LIFSK.
    if sy-subrc = 0.
      if screen-name = 'VBAK-LIFSK'.
        screen-input = 1.                     "Enable input
        modify screen.
      endif.
    else.
      if screen-name = 'VBAK-LIFSK'.
        screen-input = 0.                     "Disable input
        modify screen.
      endif.
    endif.

I replaced the above code with the below one.

both has same effect.


  IF sy-tcode EQ 'VA02'.
    IF screen-name = 'VBAK-LIFSK'.
      screen-input = 0.
      MODIFY SCREEN.
    ENDIF.
  ENDIF.
*Now Unblock the Delivery Block field for Authorised users.
*Note: Z_NEWROLE_VA01 is the role created for change authurisation for va02.
*So, any user who have Z_NEWROLE_VA01 role is unblocks the delivery field.
  DATA : it_itab TYPE TABLE OF agr_users, wa_itab LIKE LINE OF it_itab.
  SELECT * FROM agr_users
           INTO TABLE it_itab
           WHERE agr_name = 'Z_NEWROLE_VA01'.
  LOOP AT it_itab INTO wa_itab.
    IF sy-uname = wa_itab-uname.
      IF screen-name = 'VBAK-LIFSK'.
        screen-input = 1.
        MODIFY SCREEN.
      ENDIF.
    ENDIF.
  ENDLOOP.

Thanks & regards,

Dileep .C