topic Re: Authority-check in Application Development and Automation Discussions

Authority-check

Former Member — Mon, 05 Feb 2007 08:06:45 GMT

Hi ,

I need to chek the authorization for P_orgin for the user .

I have written the code chek in my Z report .

But its always returning mr the sy-subrc as 12 .

can any1 tell me the possible rectifications for the same .

My code is as given below.

AT selection-screen.

AUTHORITY-CHECK OBJECT 'p_orgin' for user sy-uname

ID 'INFTY' FIELD '*'

ID 'SUBTY' FIELD '*'

ID 'AUTHC' FIELD '*'

ID 'PERSA' FIELD '*'

ID 'VDSK1' FIELD '*'

ID 'PROFL' FIELD '*'

ID 'PERSG' FIELD '*'.

If sy-subrc NE 0 .

message i007.

*leave to list-processing.

*STOP.

*leave to screen 0.

endif.

Re: Authority-check

Former Member — Mon, 05 Feb 2007 08:09:12 GMT

Give p_orgin in capital letters>

AUTHORITY-CHECK OBJECT 'P_ORGIN' for user sy-uname....

Re: Authority-check

Former Member — Mon, 05 Feb 2007 08:09:21 GMT

Hi,

Sy-subrc will be 12, when

Specified object not maintained in the user master record.

So check whetehr it is maintained and specify <b>'P_ORIGIN'</b> in caps.

AUTHORITY-CHECK checks for one object whether the user has an authorization that contains all values of f (see SAP authorization concept).

You must specify all authorizations for an object and a also a value for each ID (or DUMMY).

The system checks the values for the IDs by AND-ing them together, i.e. all values must be part of an authorization assigned to the user.

If a user has several authorizations for an object, the values are OR-ed together. This means that if the CHECK finds all the specified values in one authorization, the user can proceed. Only if none of the authorizations for a user contains all the required values is the user rejected.

If the return code value in SY-SUBRC is 0, the user has the required authorization and may continue.

The return code value changes according to the different error scenarios. The return code values have the following meaning:

User has no authorization in the SAP System for such an action. If necessary, change the user master record.

Too many parameters (fields, values). Maximum allowed is 10.

<b>12

Specified object not maintained in the user master record.</b>

No profile entered in the user master record.

The field names of the check call do not match those of an authorization. Either the authorization or the call is incorrect.

Incorrect structure for user master record.

If the return code value is 8 or 24, inform the person responsible for the program. If the return code value is 4, 12, 16 or 24, consult your system administrator if you think you should have the relevant authorization. In the case of errors 28 to 36, contact SAP because authorizations have probably been destroyed.

Individual authorizations are assigned to users in their respective user profiles, i.e. they are grouped together in profiles which are stored in the user master record.

Re: Authority-check

Former Member — Mon, 05 Feb 2007 08:11:43 GMT

Hi,

AT selection-screen.

AUTHORITY-CHECK OBJECT 'p_orgin' for user sy-uname

ID 'INFTY' FIELD '*'

ID 'SUBTY' FIELD '*'

ID 'AUTHC' FIELD '*'

ID 'PERSA' FIELD '*'

ID 'VDSK1' FIELD '*'

ID 'PROFL' FIELD '*'

ID 'PERSG' FIELD '*'.

If sy-subrc NE 0 .

message i007.

*leave to list-processing.

*STOP.

*leave to screen 0.

endif.

after the Field you need to use the values for those fields to check the same, if you do not want to check then then use DUMMY instead of the '*'

Regards

Sudheer

Re: Authority-check

Former Member — Mon, 05 Feb 2007 08:12:51 GMT

Hi,

It is a good practise to use option 'Pattern' from toolbar to implement authority-checks to avoid typing errors...

Re: Authority-check

Former Member — Mon, 05 Feb 2007 08:13:28 GMT

Thanks,

the sy-subrc has changed now to 4.

Though in the user master I am having * in for all the fields .

Now what cud havee been the p[ossible reason for statement failure.

Re: Authority-check

Former Member — Mon, 05 Feb 2007 08:13:50 GMT

abap80,

Use Fm

CALL FUNCTION 'AUTHORITY_CHECK'

EXPORTING

user = sy-uname

object = l_object

field1 = l_field1

value1 = l_value1

field2 = l_field2

value2 = l_value2

EXCEPTIONS

user_dont_exist = 1

user_is_authorized = 2

user_not_authorized = 3

user_is_locked = 4

OTHERS = 5.

IF sy-subrc <> 2.

MOVE sy-subrc TO l_value1.

MESSAGE e998(zmamap) WITH sy-uname l_value1.

ENDIF.

Pls.Mark if useful

Re: Authority-check

Former Member — Mon, 05 Feb 2007 08:24:38 GMT

Specify:

...

ID 'INFTY' FIELD 'DUMMY'

...

if the access right for eg infotype is irrelevant for you, otherwise try:

...

ID 'INFTY' FIELD '107'

...

if you want to check access right for given eg infotype...

Re: Authority-check

Former Member — Mon, 05 Feb 2007 09:46:59 GMT

The answers given by were really helpful .

My sincere thanks to all of u who came up with the kind gesture.

Thanks a lot