topic Re: Authorization Object in Application Development and Automation Discussions

Authorization Object

sreeramkumar_madisetty — Mon, 16 Jan 2012 08:03:20 GMT

Hi Friends,

My report is fetching the data related to all employees.Based on the user who runs the report,I want to restrict the data records which were fetching i.e fetch and display records which can be permissiable by that user only.

Could anyone help me /guide me how to achieve this.

Regards,

Sreeram

Re: Authorization Object

Former Member — Mon, 16 Jan 2012 08:10:28 GMT

'RH_STRU_AUTHORITY_CHECK'

Re: Authorization Object

nabheetscn — Mon, 16 Jan 2012 08:13:13 GMT

Restrict as on what basis

Nabheet

Re: Authorization Object

Former Member — Mon, 16 Jan 2012 08:18:36 GMT

based on infotypes may be

Re: Authorization Object

sreeramkumar_madisetty — Mon, 16 Jan 2012 08:22:45 GMT

Certain User eg Project Manager can able to see all his reportees details,TL able to see only his team details.

Based on User running the report need to restrict the data records fetching and display.

If Manager running the report he has to get all teams data where as TL running the report he has to get his team data only.

Regards,

Sreeram

Re: Authorization Object

nabheetscn — Mon, 16 Jan 2012 08:27:15 GMT

So i think first of all you need to get all the valid team members and search their data.

Nabheet

Re: Authorization Object

kesavadas_thekkillath — Mon, 16 Jan 2012 08:40:08 GMT

Instead of authorization checks( not sure how easily its possible ), you can get the position or designation of an employee from the organizational structure and then filter the records accordingly.


Based on the user who runs the report

also one sap id can be used by multiple users at one time. , So please try to provide the employee id in the screen or some thing which could solve this. By this you can create a authority check if the the user executing the program hs authorization to see the employee details or ....

Re: Authorization Object

Former Member — Mon, 16 Jan 2012 08:45:46 GMT

you want reporting employee by user name! then use HRWPC_PNP_MANAGED_EMPLOYEES FM to get reporting employees for a user.

and search SDN to get more info

Re: Authorization Object

former_member150968 — Mon, 16 Jan 2012 10:49:12 GMT

Hi,

If you know the authorization object which you want to use then this can be achieved very easily. In your report, create an internal table with the fields of the auth object plus one additional field (auth). Fetch all the possible values of the auth object field from the tables into the internal table and loop that internal table and set the auth field of the internal table if user has authorization. Please check below code for more help.

DATA: BEGIN OF lwa_vkorg,

vkorg TYPE vkorg,

vtweg TYPE vtweg,

spart TYPE spart,

auth TYPE xflag,

END OF lwa_vkorg.

DATA: li_vkorg LIKE TABLE OF lwa_vkorg.

SELECT vkorg vtweg spart FROM tvta INTO CORRESPONDING FIELDS OF TABLE li_vkorg. "find all sales orgs

IF sy-subrc NE 0.

REFRESH li_vkorg.

ENDIF.

LOOP AT li_vkorg INTO lwa_vkorg.

AUTHORITY-CHECK OBJECT 'V_VBAK_VKO'

ID 'ACTVT' FIELD '03'

ID 'VKORG' FIELD lwa_vkorg-vkorg

ID 'VTWEG' FIELD lwa_vkorg-vtweg

ID 'SPART' FIELD lwa_vkorg-spart. "check for display auth

IF sy-subrc EQ 0.

lwa_vkorg-auth = 'X'.

MODIFY li_vkorg FROM lwa_vkorg TRANSPORTING auth.

ENDIF.

ENDLOOP.

DELETE li_vkorg WHERE auth IS INITIAL.

After this, in the table you have only those values for which user has authority. Now, you can modify/fetch your data accordingly.

Regards,

Manish Sethia

Re: Authorization Object

Former Member — Mon, 16 Jan 2012 11:05:24 GMT

Hi here is simple solution with similar situation .... I had request to reduce visibility of IT0008 salary for some users.

I created Z table with user names and maximum value permitted to see for this user name.

In report I called

select single value from pa0008.

if value > permitted .

val = 0.

endif.

Re: Authorization Object

Former Member — Mon, 16 Jan 2012 11:13:31 GMT

Hi ,

First of take the authorization object from your basis person and then use it in your code.

Send syntax to use authorization object.

Use it.

tcode to check authorization in SU21.

Syntax

AUTHORITY-CHECK OBJECT auth_obj [FOR USER user]

ID id1 {FIELD val1} | internal tab field

[ID id2 {FIELD val2} |internal tab field

...

[ID id10 {FIELD val10} |internal tab field.

Edited by: kamal_kishore_sah on Jan 16, 2012 12:15 PM

Re: Authorization Object

RaymondGiuseppi — Mon, 16 Jan 2012 15:03:32 GMT

As HR is authority managed, use

- one of their logical database like PNP or PNPCE

- or one of their FM to read data like HR_READ_INFOTYPE

- or one of their FM to check authority like HR_CHECK_AUTHORITY_INFTY or HR_CHECK_AUTHORITY_PERNR

(Read some documentation like [Authorizations for Human Resources|http://help.sap.com/erp2005_ehp_03/helpdata/en/97/27973b3ea3eb0fe10000000a114084/frameset.htm])

Regards,

Raymond