2008 Oct 02 5:21 PM
I can't seem to find any specific instructions on implemention the AUTHORITY-CHECK function.
I have to add additional authorization to transaction vap2, program SAPMF02D - change contact person for customer.
The requirement is to check whether user has authority to change "Advertising Material" flag. I have created an authorization object in SAP FI authorization class
ZF_KNA1_AM with the following authorization fields:
ACTVT (possible activities are 01, 02, 03)
ZNMAIL (advertising material)
I guess the next step is actually inserting the authority check method into the program?
Where exactly do I insert the method to?
Could someone provide some instructions on this?
Thanks,
Sergiy
2008 Oct 02 6:00 PM
What you need to do is look for a user-exit or enhancement point (an appropriate correct one, if available) and then add your logic (authority-check) there.
For information on the AUTHORITY-CHECK statement, just place your cursor on the statement in the editor and hit F1 on the keyboard (same as transaction ABAPDOCU for the ABAP keyword documentation).
Note that as you are wanting to control the change of an existing contact, your object would perhaps require some value field of the record selected to be checked against a field value of the authorization object. Don't hardcode it!
If you have not done this before, then it is advisable to get some help from an ABAPer who has, as it can be tricky...
Cheers,
Julius
2008 Oct 02 7:08 PM
So as I understand is not to write code to check whether the value of the Advertising Material checkbox has changed or not right and then call the authority-check if it did change?
I am guessing I will have to find an ABAPer that should be able to show me how this is done.
Thank you for your input however,
Sergiy
2008 Oct 02 7:43 PM
I dont have a SAP system infront of me right now to look at the exits and enhancement-points (or possibly even config pssibilities which are sometimes neglected in favour of additional coding...), but something puzzles me here...
> Sergiy Mysyk wrote:
> So as I understand is not to write code to check
and
>... I will have to find an ABAPer
How were you going to add ABAP code (initially you mentioned changing...) without an ABAP programmer?
Cheers,
Julius
2008 Oct 02 8:03 PM
Well I have done some minor ABAP programming, reports mostly. So if it was something easy I was attempting to do it myself but it seems like something that an inexperienced programmer should stay away from. I just did not undestand your "Don't Hard Code it!" part.
Edited by: Sergiy Mysyk on Oct 2, 2008 9:05 PM
2008 Oct 02 8:14 PM
I am also just a hobby-ABAPer and have witnessed (even contributed to) a few messes in my time
That is why I was mentioning a word of caution.
- Changing SAP code should be your very last option...
- Exits you need to be carefull of because they may be used by several transactions and you might only want the exit to fire for a certain screen. It is quite easy to make mistakes in this area...
- Perhaps the best first resort is to talk to a functional consultant together with someone who is familiar with your authorization concept to find out whether there is an option there without changing or adding code to complicate matters.
Cheers,
Julius
2008 Oct 02 8:57 PM
Thanks Julius,
You do have some good reason not to mess with the code for me.
That is also what I was looking for here. Some suggestions as to how this can be done without complicating myself too much.
They just want certain people only to be able to change the Advertising Material flag and others to be able to change everything in Change Contact - VAP2. First I created a transaction variant to hide the field and have the transaction run without a variant for those that need access to it, but then when the program is called from other transactions, VD03 for example - to maintain customer, the field was visible.
Do you have any ideas as to how this can be done without implementing the AUTHORITY_CHECK?
Sergiy
2008 Nov 17 2:55 PM
It has been a while but I was actually able to figure out the problem without changing the ABAP code.
Good point there! If someone stumbles across a similar problem here is how I solved it.
There is an authorization object called F_KNA1_AEN which checks for field groups that can be defined in SPRO>....>Define Field Groups for Customer Master Records you can define field groups and assign fields to them.
2008 Nov 17 3:37 PM
Glad to hear that. It looks like you did the right thing to let the standard system modify the standard screen depending on authority for a standard object. That way you will also have far fewer hassles at SP and release upgrades.
>Perhaps the best first resort is to talk to a functional consultant together with someone who is familiar with your authorization concept to find out whether there is an option there without changing or adding code to complicate matters.
In hindsight, it is a bit of an "Ahhh, yes!" moment reading that protecting field groups solved the problem...