topic Re: Verify Authorization for a differnt UserID in Application Development and Automation Discussions

Verify Authorization for a differnt UserID

Former Member — Wed, 09 Jan 2008 03:58:06 GMT

Hi all,

Hope you are all doing great. I need some help from the experts.

My question is that I am storing UserID in a Table Field as input from end users. I have to make sure that the entered Userid (not the current end user) has a authorization for a given auth Object field/value combination. I did a search for Function Modules that begin with Authority_Check but didn't see any obvious ones.

I think this should be possible, i.e. "AUTHORITY-CHECK OBJECT 'xx' " with also supplying the UserID.

Please let me know if you know how to do so.

Thanks.

Re: Verify Authorization for a differnt UserID

Former Member — Wed, 09 Jan 2008 04:04:33 GMT

HI,

see this link for creating the authority check object,field creating and the syntax need to be used in the program.

http://help.sap.com/saphelp_nw70/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm

rgds,

bharat.

Re: Verify Authorization for a differnt UserID

Former Member — Wed, 09 Jan 2008 04:06:54 GMT

Login to SAP with the normal user and click on the Form Settings button (the one with some little gears) situated in the tools bar .

with regards,

Hema.

Re: Verify Authorization for a differnt UserID

Former Member — Wed, 09 Jan 2008 04:19:57 GMT

Thanks Bharat. I looked at the help earlier. It shows regular check for current logged in user. note some random user.

Hema, not sure what u r referring to.

I tried the Function Code Behind the Authority-check but it gives me Another Auth Error. Still tryng to find out what is the Auth error running the code bewow.

REPORT ZAUTHCHECK.

&----

*& Report ZAUTHCHECK

&----

WRITE: / 'begin of test'.

CALL FUNCTION 'AUTHORITY_CHECK'

EXPORTING

NEW_BUFFERING = 3

USER = 'SAPID'

OBJECT = 'B_USERSTAT'

FIELD1 = 'BERSL'

VALUE1 = 'PS_APPD'

FIELD2 = ' '
VALUE2 = ' '
FIELD3 = ' '
VALUE3 = ' '
FIELD4 = ' '
VALUE4 = ' '
FIELD5 = ' '
VALUE5 = ' '
FIELD6 = ' '
VALUE6 = ' '
FIELD7 = ' '
VALUE7 = ' '
FIELD8 = ' '
VALUE8 = ' '
FIELD9 = ' '
VALUE9 = ' '
FIELD10 = ' '
VALUE10 = ' '
EXCEPTIONS
USER_DONT_EXIST = 1
USER_IS_AUTHORIZED = 2
USER_NOT_AUTHORIZED = 3
USER_IS_LOCKED = 4
OTHERS = 5

IF SY-SUBRC <> 0.

MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.

ENDIF.

WRITE: / 'End of Check.'.

Re: Verify Authorization for a differnt UserID

Former Member — Wed, 09 Jan 2008 04:24:29 GMT

Hi...

For the issue you stated you can use AUTHORITY-CHECK OBJECT ... The syantx for it is

AUTHORITY-CHECK OBJECT objectname

ID userid1 FIELD fieldvalue1

ID userid10 FIELD fieldvalue10.

1) you have to create the authorization object...you can ask Basis people to create it.

2) specify proper values to it...

3) Now in the program you can check the authorization against the required user id and the then process further...

Hope this will solve your issue....If not let me know..

Regard....

Reward if useful !!!!

Re: Verify Authorization for a differnt UserID

Former Member — Wed, 09 Jan 2008 04:36:56 GMT

please chk this link

[Authorization for user|https://www.sdn.sap.com/irj/sdn/wiki?path=/display/snippets/conceptofAuthorizationForusers&]

in the code

AUTHORITY-CHECK OBJECT 'ZAUTH' for userid

ID 'ACTVT' FIELD '02'.

IF sy-subrc <> 0.

APPEND 'EDIT' TO fcode.

ENDIF.

where user id contains the userid from the table

Re: Verify Authorization for a differnt UserID

Former Member — Wed, 09 Jan 2008 05:12:48 GMT

I tried the "For userID' addition as below, but it fails the syntex check. It looked to be the most promising though

I aa familier with the regualr Authority-Check... but it runs for the logged in user. I want to run it for some other users. All the authorizations fields - roles - profiles, are already there. I want to be able to check as if the user was actually logged in.

May be I didn't word the question right.

I want to do 'Authorization-check' in the program for some other user, who is currently NOT running the program.

thanks for all the input so far.

************

REPORT ZZAUTHCHECK .

write: / 'beging test'.

authority-check object 'A_ALL' for 'sapuser'

id 'M_ACT_PER' field '30'

id 'BUKRS' field '*'.

IF SY-SUBRC 0.

write: / 'sy-subrc = 0'.

ENDIF.

write: / 'end test'.

Re: Verify Authorization for a differnt UserID

Former Member — Wed, 09 Jan 2008 14:28:26 GMT

nevermind. I found an answer. It was in my face. When I inserted the Authority-Check using the pattern, the Exceptions section was commented out.

For others: How to to check for authorization for a user other than the one running the transaction.

Insert Function Module "Authority_Check" using Edit -> Pattern. Pass appropriate parameters.

Make sure you UNCOMMENT THE EXCEPTIONS SECTION!!! Normally it is for other functions, but not this!

Edited by: brd drb on Jan 9, 2008 9:29 AM

Re: Verify Authorization for a differnt UserID

Former Member — Wed, 09 Jan 2008 14:28:55 GMT

See my post above.