topic Re: Error with Authorization Object in Application Development and Automation Discussions

Error with Authorization Object

former_member185116 — Mon, 19 Oct 2020 07:57:12 GMT

Hello all,

My client has a requirement where if an equipment is set with user status 'CNFA',

all other fields in the equipment should be in display mode

for this i have created an Authroization object (ZAO_EQ_UST)in su21 as below,

with permitted activities for Display only , as shown below..

auth3.jpg

however , we are not able to achieve the desired result of disabling all other fields when status CNFA is set..

may i know where i am going wrong..

do i need to add additional changes in authorization object..

Please guide me in this regard..

Re: Error with Authorization Object

TammyPowlas — Mon, 19 Oct 2020 09:39:33 GMT

Please run an STAUTHTRACE on the transaction to see what objects the transaction is checking

Then you can determine what to do

Re: Error with Authorization Object

FredericGirod — Mon, 19 Oct 2020 09:44:31 GMT

You speak about specific authorization object, standard transaction, but how did you link the both ? do you use Badi / User exit ??

Re: Error with Authorization Object

Sandra_Rossi — Mon, 19 Oct 2020 09:51:46 GMT

Please attach directly the images instead of links, like below, that will make your question more attractive.

auth1.jpg (100.7 kB)

auth2.jpg (200.8 kB)

Re: Error with Authorization Object

Sandra_Rossi — Mon, 19 Oct 2020 09:52:13 GMT

auth3.jpg (250.4 kB)

Re: Error with Authorization Object

Sandra_Rossi — Mon, 19 Oct 2020 10:03:06 GMT

Just a candid question: did you assign some authorization to the user, which ones, did you write some ABAP code, and what does the debug says about the field values checked and check result?

Re: Error with Authorization Object

MateuszAdamus — Mon, 19 Oct 2020 10:23:28 GMT

Hello vinay.reddy11

Creating the authorization objects in itself will not disable the fields. You need to check the condition and then disable the fields in the logic of the screen. You need to put a custom code into the logic of the screen/transaction where you will check the status of the equipment and if the status is CNFA you need to disable the fields.

In this particular case I don't think the authorization objects is needed at all.

Kind regards,

Mateusz

Re: Error with Authorization Object

former_member185116 — Tue, 20 Oct 2020 11:51:08 GMT

Hi Sandra Rossi,

I have assigned the Object to corresponding user and i have written the Code in BADI (

INST_AUTHORITY_CHECK) in method CHECK_EQUI as

method IF_EX_INST_AUTHORITY_CHECK~CHECK_EQUI.

  if iv_tcode eq 'IE02'.

   DATA : wa_jsto TYPE jsto.
   data : wa_jstat TYPE jstat,
          it_jstat TYPE STANDARD TABLE OF jstat.

   if is_equi-equnr is NOT INITIAL.

       CALL FUNCTION 'CONVERSION_EXIT_ALPHA_OUTPUT'
           EXPORTING
            INPUT         = is_equi-equnr
           IMPORTING
             OUTPUT         = is_equi-equnr.

     if is_equi-objnr is NOT INITIAL.

         SELECT SINGLE *
                FROM jsto
                INTO wa_jsto
                WHERE objnr = is_equi-objnr.

          IF wa_jsto-stsma IS NOT INITIAL.

             " Get the user status

              CALL FUNCTION 'STATUS_READ'
                EXPORTING
                  client           = sy-mandt
                  objnr            = is_equi-objnr
                  only_active      = 'X'
                TABLES
                  status           = it_jstat
                EXCEPTIONS
                  object_not_found = 1
                  OTHERS           = 2.
            READ TABLE it_jstat INTO wa_jstat WITH KEY stat = 'E0012'.         "E0012 = CNFA stt=atus



              if sy-subrc = 0.

                  AUTHORITY-CHECK OBJECT 'ZAO_EQ_UST'
                                  ID 'ESTAT' FIELD wa_jstat-stat
                                  ID 'STSMA' FIELD wa_jsto-stsma
                                  ID 'ACTVT' FIELD '03'.

              endif.
          endif.
      endif.

   endif.

 endif.
endmethod.

Re: Error with Authorization Object

former_member185116 — Wed, 21 Oct 2020 06:00:57 GMT

I have assigned the Object to corresponding user and i have written the Code in BADI (

INST_AUTHORITY_CHECK) in method CHECK_EQUI as

method IF_EX_INST_AUTHORITY_CHECK~CHECK_EQUI.

  if iv_tcode eq 'IE02'.

   DATA : wa_jsto TYPE jsto.
   data : wa_jstat TYPE jstat,
          it_jstat TYPE STANDARD TABLE OF jstat.

   if is_equi-equnr is NOT INITIAL.

       CALL FUNCTION 'CONVERSION_EXIT_ALPHA_OUTPUT'
           EXPORTING
            INPUT         = is_equi-equnr
           IMPORTING
             OUTPUT         = is_equi-equnr.

     if is_equi-objnr is NOT INITIAL.

         SELECT SINGLE *
                FROM jsto
                INTO wa_jsto
                WHERE objnr = is_equi-objnr.

          IF wa_jsto-stsma IS NOT INITIAL.

             " Get the user status

              CALL FUNCTION 'STATUS_READ'
                EXPORTING
                  client           = sy-mandt
                  objnr            = is_equi-objnr
                  only_active      = 'X'
                TABLES
                  status           = it_jstat
                EXCEPTIONS
                  object_not_found = 1
                  OTHERS           = 2.
            READ TABLE it_jstat INTO wa_jstat WITH KEY stat = 'E0012'.         "E0012 = CNFA stt=atus



              if sy-subrc = 0.

                  AUTHORITY-CHECK OBJECT 'ZAO_EQ_UST'
                                  ID 'ESTAT' FIELD wa_jstat-stat
                                  ID 'STSMA' FIELD wa_jsto-stsma
                                  ID 'ACTVT' FIELD '03'.

              endif.
          endif.
      endif.

   endif.

 endif.
endmethod.

Re: Error with Authorization Object

MateuszAdamus — Wed, 21 Oct 2020 07:10:25 GMT

You need to raise an exception if there is no authorization.

AUTHORITY-CHECK OBJECT 'ZAO_EQ_UST'
  ID 'ESTAT' FIELD wa_jstat-stat
  ID 'STSMA' FIELD wa_jsto-stsma
  ID 'ACTVT' FIELD '03'.
IF sy-subrc <> 0.
  RAISE error_with_message.
  " OR
  " MESSAGE RAISING error_with_message
ENDIF.

Kind regards,
Mateusz

Re: Error with Authorization Object

matt — Wed, 21 Oct 2020 08:19:44 GMT

I think you need to read the documentation about authority-check, and the authorisation concept in general. It doesn't work as you seem to think it does.

I don't know how to achieve the requirement, but I'd bet that using an authority-check isn't the right way.

Re: Error with Authorization Object

Sandra_Rossi — Wed, 21 Oct 2020 13:11:24 GMT

Many things illogical in your code:

If IE02 (change) then check authorization ACTVT '03' (display), illogical !
CONVERSION_EXIT_ALPHA_OUTPUT : no way, why do you need that !?
READ TABLE it_jstat INTO wa_jstat WITH KEY stat ='E0012'. -> AUTHORITY-CHECK OBJECT 'ZAO_EQ_UST' ID 'ESTAT' FIELD wa_jstat-stat - so it's always E0012 that you check? don't use a variable then, or correct your code.

NB: I didn't see your comment because if you want to target someone, if this person has posted an Answer, use the button COMMENT, if this person is the Original Poster of the question he/she will be automatically informed, otherwise copy/paste their hyperlinked name so that the person receives a warning (NB: @ doesn't work/but typing this character will suggest hyperlinked names).