topic Re: supress authentication check from within ABAP code in Application Development and Automation Discussions

supress authentication check from within ABAP code

Former Member — Mon, 17 Jan 2011 11:31:30 GMT

Hi,

we want all users to update their email-address in their own sap profile. (a self service)

By default, in the screen "System"->"User Profile"->"Own Data", he can update all except his email-id.

For this, we have written an abap report.


DATA: p_smtp TYPE TABLE OF bapiadsmtp WITH HEADER LINE,
      p_return TYPE TABLE OF bapiret2 WITH HEADER LINE,
      p_addressx TYPE bapiaddr3x.

data: p_uname TYPE xubname.
PARAMETERS:   p_email TYPE ad_smtpadr OBLIGATORY.
      
      
      p_uname = sy-uname. "logged in user

      p_smtp-e_mail = p_email.
      p_smtp-std_no = 'X'.
      p_smtp-home_flag = 'X'.
      p_smtp-consnumber = '001'.

    p_addressx-e_mail = 'X'.

    CALL FUNCTION 'BAPI_USER_CHANGE'
      EXPORTING
        username = p_uname
        addressx = p_addressx
      TABLES
        return   = p_return
        addsmtp  = p_smtp.

when we execute this report, with all rights, it works fine.

but a normal user when he executes, he is getting this error:

"You are not authorized to change users in group"

the su53 screen shows:

Authorization check failed Object Class BC_A Basis: Administration Authorization Obj. S_USER_GRP User Master Maintenance: User Groups Authorization Field ACTVT Activity 02 Authorization Field CLASS User group in user master maintenance <Dummy>

the point here is we cannot add User Maintenance rights to all our normal users.

is there any way, within the report (code) we can suppress the authentication check, programatically just while calling 'BAPI_USER_CHANGE', so that the user will be able to update his email-id.

thanks in advance,

Madhu_1980

Re: supress authentication check from within ABAP code

former_member201275 — Mon, 17 Jan 2011 11:38:03 GMT

Here are 2 useful links:

http://www.sapdev.co.uk/fmodules/fms_updateaddress.htm

If these don't help the noly thing I can suggest is that you write your own bdc program.

Regards,

Warren.

Re: supress authentication check from within ABAP code

brad_bohn — Mon, 17 Jan 2011 16:04:57 GMT

Why don't you just log the requests and run a job at frequent intervals with an appropriate user ID that calls the BAPI? Typically, self-service stuff like this (address changes, email changes, password resets) are done from an external app or portal and the underlying comm user that connects to the system has the authority to make the change.

Re: supress authentication check from within ABAP code

Former Member — Tue, 18 Jan 2011 05:20:23 GMT


@Brad Bohn :
>>Why don't you just log the requests and run a job at frequent intervals with an appropriate user ID that calls the BAPI?

thanks for this idea, your idea meets atleast partially the requirement.