2009 Jan 21 9:32 AM
Hi,
I have put an authorization check on WERKS which is entered through SELECT-OPTIONS.
So lets say that the range entered by the user consists of some plants which should have the authorization to view that report and some should not, however when i put the authorization check in the report it is blocking all the plants to view the report.
How to tackle such situations.
Regards,
Dan
2009 Jan 21 9:36 AM
Hi,
Remove all the plants for which the authorization check fails and proceed for only those plants for which the user has authorization.
regards,
Anoop Panackal
2009 Jan 21 9:38 AM
2009 Jan 21 9:38 AM
Hi,
loop at s_werks .
AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'(say)
ID 'ACTVT' FIELD '03'
ID 'BUKRS' FIELD s_werks-low.
if sy-subrc <> 0.
delete s_werks.
ENDIF.
endloop.
proceed with the plants that has autorization checks .
reg
Ramya
Edited by: Ramya S on Jan 21, 2009 10:39 AM
2009 Jan 21 9:41 AM
Hi,
Are u trying like this?
AUTHORITY-CHECK OBJECT 'your object '
ID ' your field ' FIELD s_werks-low
ID 'ACTVT' FIELD '03'.
This will allow the plants which have authorizations.
Thanks,
Srilakshmi.
2009 Jan 21 9:43 AM
what i am trying is like this:
AUTHORITY-CHECK OBJECT 'ZREPORTS'
ID 'ACTVT' FIELD '03'
ID 'VKORG' FIELD s_vkorg
ID 'VKGRP' FIELD s_vkgrp.
IF SY-SUBRC <> 0.
MESSAGE 'No Authorisation for selected sales organization' TYPE 'I' DISPLAY LIKE 'W'.
LEAVE TO TRANSACTION sy-tcode.
ENDIF.
note that both vkorg and vkgrp are in select options
2009 Jan 21 9:59 AM
Hi,
You can do the authorization check later and filter the reocrds where it fails.
What you can do is select the data first for the select-options and do the authorization check while looping at the output table. Whereever the authorization fails, delete that record. keep it otherwise.
something like this :
select * from dbtab into table itab
where vkorg in s_vkorg...
loop at itab.
AUTHORITY-CHECK OBJECT 'ZREPORTS'
ID 'ACTVT' FIELD '03'
ID 'VKORG' FIELD itab-vkorg
ID 'VKGRP' FIELD itab-vkgrp.
IF SY-SUBRC NE 0.
delete itab.
continue.
ENDIF.
" rest of the processing.
endloop.
This way the users will only get a list of records they are authorized to see.
regards,
Advait
2009 Jan 21 10:24 AM
Hi
U can't do that authorization control, but u need to check the data extracted:
LOOP AT ITAB.
AUTHORITY-CHECK OBJECT 'ZREPORTS'
ID 'ACTVT' FIELD '03'
ID 'VKORG' FIELD ITAB-VKORG
ID 'VKGRP' FIELD ITAB-VKGRP.
IF SY-SUBRC <> 0.
DELETE ITAB.
ENDIF.
ENDLOOP.
DESCRIBE TABLE ITAB LINES SY-TABIX.
IF SY-TABIX = 0.
MESSAGE 'No Authorisation for selected sales organization' TYPE 'I'
DISPLAY LIKE 'W'.
LEAVE TO TRANSACTION SY-TCODE.
ENDIF.
or to filter the possible hits of the selectiion-screen:
DATA: BEGIN OF IT_SEL OCCURS 0,
VKORG TYPE TVKBZ-VKORG,
VKGRP TYPE TVBVK-VKGRP,
END OF IT_SEL.
SELECT TVKBZ~VKORG TVBVK~VKGRP INTO TABLE IT_SEL
FROM TVKBZ INNER JOIN TVBVK ON TVKBZ~VKBUR = TVBVK~VKBUR
WHERE TVKBZ~VKORG IN SO_VKORG
AND TVBVK~VKGRP IN SO_VKGRP.
LOOP AT IT_SEL.
AUTHORITY-CHECK OBJECT 'ZREPORTS'
ID 'ACTVT' FIELD '03'
ID 'VKORG' FIELD IT_SEL-VKORG
ID 'VKGRP' FIELD IT_SEL-VKGRP.
IF SY-SUBRC <> 0.
DELETE IT_SEL.
ENDIF.
ENDLOOP.
DESCRIBE TABLE IT_SEL LINES SY-TABIX.
IF SY-TABIX = 0.
MESSAGE 'No Authorisation for selected sales organization' TYPE 'I'
DISPLAY LIKE 'W'.
LEAVE TO TRANSACTION SY-TCODE.
ELSE.
SELECT * FROM <TABL> INTO TABLE ITAB
FOR ALL ENTRIES IN IT_SEL
WHERE VKORG = IT_SEL-VKORG
AND VKGRP = IT_SEL-VKGRP.
ENDIF.
Max
2009 Jan 21 9:42 AM
Hi Dan
Create a new FM which looks something like this:
FUNCTION AUTHORITY_CHECK.
*"----
""Local interface:
*" IMPORTING
*" REFERENCE(AUT_OBJ) TYPE C
*" REFERENCE(FIELD1_OBJECT) TYPE C
*" REFERENCE(FIELD1_VALUE) TYPE C
*" REFERENCE(FIELD2_OBJECT) TYPE C
*" REFERENCE(FIELD2_VALUE) TYPE C
*" EXCEPTIONS
*" NO_AUTHORITY
*"----
authority-check object aut_obj
id field1_object field field1_value
id field2_object field field2_value.
if sy-subrc ne 0.
Raise No_authority.
endif.
ENDFUNCTION.
And call it in your program like this:
form check_authority.
data : wa_t001 like t001w.
Check for the validity of plant
select single *
into wa_t001
from t001w
where werks = pa_werks.
If the plant entered is a valid plant check for authority
if sy-subrc eq 0.
call function 'AUTHORITY_CHECK'
EXPORTING
aut_obj = co_auth_obj
field1_object = co_werks
field1_value = pa_werks
field2_object = co_actvt
field2_value = co_03
EXCEPTIONS
no_authority = 1
others = 2.
if sy-subrc <> 0.
message e261 with pa_werks. "no authorization for plant
endif.
else.
message e048 with pa_werks. "plant & is invalid.
endif. "sy-subrc
endform. " check_authority
Hope this is useful.
Regards
Harsh