Solved: Authrization issue for end user while running Dial...

Former Member · ‎2011 Sep 28

Hi

I have developed a Dialog program which contains the FM QPK1_UD_CODE_PICKUP_LEAN and CALL TRANSACTION for QA12 (BDC with No screen mode).

When end user runs the program he gets authrization failure message from FM as well as QA12 as he does not have authrizaion.

as per businees, the user can not get this authrization due to some business restriction.

Is there any way to over come the authrization check when end user run the dialog program (Z Transatcion)?

All your suggestions will be highly appreciated.

Regards

Mohamed

Former Member · ‎2011 Sep 28

End user has the authrization for transaction 'QA12' but does not have authrization to chnage the usage decision from 'W' to 'Q'.

Thats where authrity check fails and raise error message.

ChandrashekharMahajan · ‎2011 Sep 28

Hi,

QA12 is used to Change usage decision. now if your user supposed to use this transaction then basis should have granted this change access. I guess you cannot code to break the authorization.

Thanks,

Chandra

deepak_dhamat · ‎2011 Sep 28

Hi ,

No you cannot run other way you have to take user Authorization for transaction code ,

it is module pool program , so cannot work without authorisation .

regards

Deepak.

SuhaSaha · ‎2011 Sep 28

Hello Mohammed,

[CALL TRANSACTION|http://help.sap.com/abapdocu_702/en/abapcall_transaction.htm] doesn't automatically check the authorization of the user to run the report(authorization object S_TCODE). So even if the user doesn't have authority to use the T-code QA12 he'll be able to run it.

You can set up an "authorization check" trace in ST01 & provide the details. You can also check SU53 & see which authority check fails.

BR,

Suhas

Former Member · ‎2011 Sep 28

End user has the authrization for transaction 'QA12' but does not have authrization to chnage the usage decision from 'W' to 'Q'.

Thats where authrity check fails and raise error message.

Lukas_Weigelt · ‎2011 Sep 28

Hi,

take my approach if you like:

1. Does the FM which crashes for the end users has the possibility to be executed remotely? If yes go to step 3.

2. In case the FM cannot be executed remotely, make a Z-FM which can be executed remotely and inside it, execute the actual FM you want to use.

3. Create a system user in SE01 and give him the permission the application needs but the end user isn't allowed to have due to your business restrictions

4. Create a destination in SM59 that points on the system itself (in case this is confusing, make an internal abap connection in system xyz which points on the system xyz itself and here enter the user properties of the system user you created in step 3)

5. Call the FM/Z-FM with the option DESTINATION, i.e.

CALL FUNCTION <XYZ> DESTINATION <name of internal abap connection goes here>

This way you can change the user context as long as it's nothing SAP-GUI related. Worked well many times for me; as I had to execute lot's of "evil coding" whereas our authority experts would have me killed if given permission for it to end users... this way everything's fine and secure. Only disadvantage: Debugging is like pulling teeth because you can't Debug Remote FMs directly.

Cheers, Lukas

Former Member · ‎2011 Sep 28

Thanks Lucas.

Your solution is working

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

Authrization issue for end user while running Dialog program