Solved: Using BAdI HRBAS00_STRUAUTH to override structural...

former_member74904 · ‎2015 Oct 30

Hi all,

For a client I'm trying to develop an exception to structural authorizations for specific T-codes.

I have figured out that using BAdI HRBAS00_STRUAUTH should be suitable for this.

There are two relevant methods that I can and should use, namely: CHECK_AUTHORITY_VIEW & CHECK_AUTHORITY_SEARCH.

This is what they look like:


method IF_EX_AUTHORITY_BADI~CHECK_AUTHORITY_VIEW.
CASE sy-tcode.
  WHEN 'IW51' OR 'CAT3' OR 'CATS_DA' OR 'PPOSE'.
      exit_flag = 'X'.
      sy-subrc = 0.
  WHEN OTHERS.
       exit_flag = ''.
ENDCASE.
endmethod.

and


method IF_EX_AUTHORITY_BADI~CHECK_AUTHORITY_SEARCH.
  CASE sy-tcode.
     WHEN 'IW51' OR 'CAT3' OR 'CATS_DA' OR 'PPOSE'.
   SKIP_STANDARD = 'X'.
  WHEN OTHERS.
    SKIP_STANDARD = ''.
  ENDCASE.
endmethod.

All other methods have been implemented albeit with no functionality.

The issue I'm facing is that this only seems to work for HR-related transactions. As you can see in the code above, for PPOSE the BAdI works in a desired way. The thing is, I don't need this override capability for PPOSE at all. The requirement is for T-codes IW51, CATS_DA and CAT3 only.

More specifically, my implementation should allow for an F4 search help to show all available persons and select them in the aforementioned transactions, not just the ones a user is authorized for by his or her structural profile.

I have also looked into BAdI HRBAS00_SEARCH, but couldn't figure out whether this is going to help me with my requirement.

I'd be grateful for anyone's take on this.

Former Member · ‎2015 Nov 03

Hi Dimitri,

Figuring out this BAdI is still on my to do list but as I currently don't have a sandbox and a developer key available, how about an alternate approach:

You can implement BAdI HRBAS00_GET_PROFL and add a check on the SY-TCODE to the standard implementation code. In case the SY-TCODE is 'IW51', 'CATS_DA' or 'CAT3' you can add structural authorizations to all Persons to the users view.

This should effectively give them structural access to all Persons in these tcodes without impacting their authorizations in the other tcodes.

Hope that fits your requirement.

Brent

Former Member · ‎2015 Nov 03

Hi Dimitri,

Figuring out this BAdI is still on my to do list but as I currently don't have a sandbox and a developer key available, how about an alternate approach:

You can implement BAdI HRBAS00_GET_PROFL and add a check on the SY-TCODE to the standard implementation code. In case the SY-TCODE is 'IW51', 'CATS_DA' or 'CAT3' you can add structural authorizations to all Persons to the users view.

This should effectively give them structural access to all Persons in these tcodes without impacting their authorizations in the other tcodes.

Hope that fits your requirement.

Brent

former_member74904 · ‎2015 Nov 03

Hi Brent,

Thank you so much for your alternate approach. I just finished doing a quick test and it seems to do exactly what I want.

You sir have made my day

This is what I did:


method IF_EX_HRBAS00_GET_PROFL~GET_T77PR_TAB.
   DATA: profl_all TYPE hrprofl,
         t77pr_wa  TYPE t77pr.
   CASE sy-tcode.
     WHEN 'IW51' OR 'CATS_DA' OR 'CAT3'.
       profl_all = 'ALL'.
       SELECT * FROM t77pr INTO t77pr_wa
                WHERE profl = profl_all.
                APPEND t77pr_wa TO t77pr_tab.
       ENDSELECT.
    ENDCASE.
endmethod.

BTW, I don't think the DATA declaration for profl_all is really necessary.

Thank you very much for this!

Using BAdI HRBAS00_STRUAUTH to override structural authorization for specific T-codes