Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Authorization Object

sreeramkumar_madisetty
Active Contributor

‎2012 Jan 16 8:03 AM

0 Likes
1,616

Hi Friends,

My report is fetching the data related to all employees.Based on the user who runs the report,I want to restrict the data records which were fetching i.e fetch and display records which can be permissiable by that user only.

Could anyone help me /guide me how to achieve this.

Regards,

Sreeram

11 REPLIES 11
Read only

Former Member

‎2012 Jan 16 8:10 AM

0 Likes
1,450

'RH_STRU_AUTHORITY_CHECK'

Read only

nabheetscn
SAP Champion
SAP Champion
In response to Former Member

‎2012 Jan 16 8:13 AM

0 Likes
1,450

Restrict as on what basis

Nabheet

Read only

Former Member
In response to Former Member

‎2012 Jan 16 8:18 AM

0 Likes
1,450

based on infotypes may be

Read only

sreeramkumar_madisetty
Active Contributor
In response to Former Member

‎2012 Jan 16 8:22 AM

0 Likes
1,450

Hi

Certain User eg Project Manager can able to see all his reportees details,TL able to see only his team details.

Based on User running the report need to restrict the data records fetching and display.

If Manager running the report he has to get all teams data where as TL running the report he has to get his team data only.

Regards,

Sreeram

Read only

nabheetscn
SAP Champion
SAP Champion
In response to Former Member

‎2012 Jan 16 8:27 AM

0 Likes
1,450

So i think first of all you need to get all the valid team members and search their data.

Nabheet

Read only

Former Member
In response to Former Member

‎2012 Jan 16 8:45 AM

0 Likes
1,450

you want reporting employee by user name! then use HRWPC_PNP_MANAGED_EMPLOYEES FM to get reporting employees for a user.

and search SDN to get more info

Read only

kesavadas_thekkillath
Active Contributor

‎2012 Jan 16 8:40 AM

0 Likes
1,450

Instead of authorization checks( not sure how easily its possible ), you can get the position or designation of an employee from the organizational structure and then filter the records accordingly.

Based on the user who runs the report

also one sap id can be used by multiple users at one time. , So please try to provide the employee id in the screen or some thing which could solve this. By this you can create a authority check if the the user executing the program hs authorization to see the employee details or ....

Read only

former_member150968
Participant

‎2012 Jan 16 10:49 AM

0 Likes
1,450

Hi,

If you know the authorization object which you want to use then this can be achieved very easily. In your report, create an internal table with the fields of the auth object plus one additional field (auth). Fetch all the possible values of the auth object field from the tables into the internal table and loop that internal table and set the auth field of the internal table if user has authorization. Please check below code for more help.

DATA: BEGIN OF lwa_vkorg,

vkorg TYPE vkorg,

vtweg TYPE vtweg,

spart TYPE spart,

auth TYPE xflag,

END OF lwa_vkorg.

DATA: li_vkorg LIKE TABLE OF lwa_vkorg.

SELECT vkorg vtweg spart FROM tvta INTO CORRESPONDING FIELDS OF TABLE li_vkorg. "find all sales orgs

IF sy-subrc NE 0.

REFRESH li_vkorg.

ENDIF.

LOOP AT li_vkorg INTO lwa_vkorg.

AUTHORITY-CHECK OBJECT 'V_VBAK_VKO'

ID 'ACTVT' FIELD '03'

ID 'VKORG' FIELD lwa_vkorg-vkorg

ID 'VTWEG' FIELD lwa_vkorg-vtweg

ID 'SPART' FIELD lwa_vkorg-spart. "check for display auth

IF sy-subrc EQ 0.

lwa_vkorg-auth = 'X'.

MODIFY li_vkorg FROM lwa_vkorg TRANSPORTING auth.

ENDIF.

ENDLOOP.

DELETE li_vkorg WHERE auth IS INITIAL.

After this, in the table you have only those values for which user has authority. Now, you can modify/fetch your data accordingly.

Regards,

Manish Sethia

Read only

Former Member

‎2012 Jan 16 11:05 AM

0 Likes
1,450

Hi here is simple solution with similar situation .... I had request to reduce visibility of IT0008 salary for some users.

I created Z table with user names and maximum value permitted to see for this user name.

In report I called

select single value from pa0008.

if value > permitted .

val = 0.

endif.

Read only

Former Member
In response to Former Member

‎2012 Jan 16 11:13 AM

0 Likes
1,450

Hi ,

First of take the authorization object from your basis person and then use it in your code.

Send syntax to use authorization object.

Use it.

tcode to check authorization in SU21.

Syntax

AUTHORITY-CHECK OBJECT auth_obj [FOR USER user]

ID id1 {FIELD val1} | internal tab field

[ID id2 {FIELD val2} |internal tab field

...

[ID id10 {FIELD val10} |internal tab field.

Edited by: kamal_kishore_sah on Jan 16, 2012 12:15 PM

Read only

RaymondGiuseppi
Active Contributor

‎2012 Jan 16 3:03 PM

0 Likes
1,450

As HR is authority managed, use

- one of their logical database like PNP or PNPCE

- or one of their FM to read data like HR_READ_INFOTYPE

- or one of their FM to check authority like HR_CHECK_AUTHORITY_INFTY or HR_CHECK_AUTHORITY_PERNR

(Read some documentation like [Authorizations for Human Resources|http://help.sap.com/erp2005_ehp_03/helpdata/en/97/27973b3ea3eb0fe10000000a114084/frameset.htm])

Regards,

Raymond