Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization Check

Former Member
0 Kudos
604

Hi,

I have put an authorization check on WERKS which is entered through SELECT-OPTIONS.

So lets say that the range entered by the user consists of some plants which should have the authorization to view that report and some should not, however when i put the authorization check in the report it is blocking all the plants to view the report.

How to tackle such situations.

Regards,

Dan

8 REPLIES 8

Former Member
0 Kudos
277

Hi,

Remove all the plants for which the authorization check fails and proceed for only those plants for which the user has authorization.

regards,

Anoop Panackal

0 Kudos
277

how can you remove plants from authorization object???

Former Member
0 Kudos
277

Hi,

loop at s_werks .

AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'(say)

ID 'ACTVT' FIELD '03'

ID 'BUKRS' FIELD s_werks-low.

if sy-subrc <> 0.

delete s_werks.

ENDIF.

endloop.

proceed with the plants that has autorization checks .

reg

Ramya

Edited by: Ramya S on Jan 21, 2009 10:39 AM

Former Member
0 Kudos
277

Hi,

Are u trying like this?

AUTHORITY-CHECK OBJECT 'your object '

ID ' your field ' FIELD s_werks-low

ID 'ACTVT' FIELD '03'.

This will allow the plants which have authorizations.

Thanks,

Srilakshmi.

0 Kudos
277

what i am trying is like this:

AUTHORITY-CHECK OBJECT 'ZREPORTS'

ID 'ACTVT' FIELD '03'

ID 'VKORG' FIELD s_vkorg

ID 'VKGRP' FIELD s_vkgrp.

IF SY-SUBRC <> 0.

MESSAGE 'No Authorisation for selected sales organization' TYPE 'I' DISPLAY LIKE 'W'.

LEAVE TO TRANSACTION sy-tcode.

ENDIF.

note that both vkorg and vkgrp are in select options

0 Kudos
277

Hi,

You can do the authorization check later and filter the reocrds where it fails.

What you can do is select the data first for the select-options and do the authorization check while looping at the output table. Whereever the authorization fails, delete that record. keep it otherwise.

something like this :


select * from dbtab into table itab
where vkorg in s_vkorg...

loop at itab.

AUTHORITY-CHECK OBJECT 'ZREPORTS'
ID 'ACTVT' FIELD '03'
ID 'VKORG' FIELD itab-vkorg
ID 'VKGRP' FIELD itab-vkgrp.

IF SY-SUBRC NE 0.
delete itab.
continue.
ENDIF.

" rest of the processing.

endloop.

This way the users will only get a list of records they are authorized to see.

regards,

Advait

0 Kudos
277

Hi

U can't do that authorization control, but u need to check the data extracted:

LOOP AT ITAB.
  AUTHORITY-CHECK OBJECT 'ZREPORTS'
    ID 'ACTVT' FIELD '03'
    ID 'VKORG' FIELD ITAB-VKORG
    ID 'VKGRP' FIELD ITAB-VKGRP.
  IF SY-SUBRC <> 0.
    DELETE ITAB.
  ENDIF.
ENDLOOP.

DESCRIBE TABLE ITAB LINES SY-TABIX.

IF SY-TABIX = 0.
  MESSAGE 'No Authorisation for selected sales organization' TYPE 'I'
  DISPLAY LIKE 'W'.
  LEAVE TO TRANSACTION SY-TCODE.
ENDIF.

or to filter the possible hits of the selectiion-screen:

DATA: BEGIN OF IT_SEL OCCURS 0,
        VKORG TYPE TVKBZ-VKORG,
        VKGRP TYPE TVBVK-VKGRP,
      END   OF IT_SEL.

SELECT TVKBZ~VKORG TVBVK~VKGRP INTO TABLE IT_SEL
   FROM TVKBZ INNER JOIN TVBVK ON  TVKBZ~VKBUR = TVBVK~VKBUR
      WHERE TVKBZ~VKORG IN SO_VKORG
        AND TVBVK~VKGRP IN SO_VKGRP.

LOOP AT IT_SEL.
  AUTHORITY-CHECK OBJECT 'ZREPORTS'
    ID 'ACTVT' FIELD '03'
    ID 'VKORG' FIELD IT_SEL-VKORG
    ID 'VKGRP' FIELD IT_SEL-VKGRP.
  IF SY-SUBRC <> 0.
    DELETE IT_SEL.
  ENDIF.
ENDLOOP.

DESCRIBE TABLE IT_SEL LINES SY-TABIX.

IF SY-TABIX = 0.
  MESSAGE 'No Authorisation for selected sales organization' TYPE 'I'
  DISPLAY LIKE 'W'.
  LEAVE TO TRANSACTION SY-TCODE.
ELSE.
  SELECT * FROM <TABL> INTO TABLE ITAB
     FOR ALL ENTRIES IN IT_SEL
       WHERE VKORG = IT_SEL-VKORG
         AND VKGRP = IT_SEL-VKGRP.
ENDIF.

Max

former_member217316
Contributor
0 Kudos
277

Hi Dan

Create a new FM which looks something like this:

FUNCTION AUTHORITY_CHECK.

*"----


""Local interface:

*" IMPORTING

*" REFERENCE(AUT_OBJ) TYPE C

*" REFERENCE(FIELD1_OBJECT) TYPE C

*" REFERENCE(FIELD1_VALUE) TYPE C

*" REFERENCE(FIELD2_OBJECT) TYPE C

*" REFERENCE(FIELD2_VALUE) TYPE C

*" EXCEPTIONS

*" NO_AUTHORITY

*"----


authority-check object aut_obj

id field1_object field field1_value

id field2_object field field2_value.

if sy-subrc ne 0.

Raise No_authority.

endif.

ENDFUNCTION.

And call it in your program like this:

form check_authority.

data : wa_t001 like t001w.

  • Check for the validity of plant

select single *

into wa_t001

from t001w

where werks = pa_werks.

  • If the plant entered is a valid plant check for authority

if sy-subrc eq 0.

call function 'AUTHORITY_CHECK'

EXPORTING

aut_obj = co_auth_obj

field1_object = co_werks

field1_value = pa_werks

field2_object = co_actvt

field2_value = co_03

EXCEPTIONS

no_authority = 1

others = 2.

if sy-subrc <> 0.

message e261 with pa_werks. "no authorization for plant

endif.

else.

message e048 with pa_werks. "plant & is invalid.

endif. "sy-subrc

endform. " check_authority

Hope this is useful.

Regards

Harsh