Solved: Commitment item authorization check

Former Member · ‎2010 May 06

Hi Experts,

We have activated the commitment item authorization check by implementing IF_EX_FM_AUTHORITY_CHECK~COMMITMENT_ITEM_CHECK, and we realized for the changing parameter 'C_F_MESSAGE', the message type will be overwritten by 'E' in program SAPLFMAU/LFMAUF03.

The user would like to generate a commitment item report based on a range of commitment items for example, 220100 to 220199, but user will not have the authorization to view commitment item 220109. By implementing this commitment authorization check, user will not be able to generate the report due to the message type 'E' which has been overwritten in program SAPLFMAU/LFMAUF03.

Please advise.

Regards

Sam

joseluis_basalo · ‎2010 May 06

Hi Sam,

If i did not understand wrong, user has not authorizations to see some commitments items inside of range and report will not

able to generate due to error type "E" overwritten in program SAPLFMAU/LFMAUF03.

So, finally no report is created with or without authorizations isn´t it?. You expect that report will be created only with authorizations commitments for this user.

What report are you using?. Is it a customer report?. In this case you ( i think) could check the AUTHORITY-CHECK statement.

Authorization Checks in ABAP Programs, the AUTHORITY-CHECK statement first checks whether the user has the authorization containing all required values. You then read the code value in the system field SY-SUBRC. If this value is not 0, the user does not possess the required authorization and the system outputs an appropiate message.

If the value is 0, the user has the required authorization and the program can continue and you can send line to report.

Useful transactions for check authorizations, SU53, SU56, SU01 and SU24 to trace authorizations.

I hope this help.

Regards,

JLB

View solution in original post

joseluis_basalo · ‎2010 May 06

Hi Sam,

If i did not understand wrong, user has not authorizations to see some commitments items inside of range and report will not

able to generate due to error type "E" overwritten in program SAPLFMAU/LFMAUF03.

So, finally no report is created with or without authorizations isn´t it?. You expect that report will be created only with authorizations commitments for this user.

What report are you using?. Is it a customer report?. In this case you ( i think) could check the AUTHORITY-CHECK statement.

Authorization Checks in ABAP Programs, the AUTHORITY-CHECK statement first checks whether the user has the authorization containing all required values. You then read the code value in the system field SY-SUBRC. If this value is not 0, the user does not possess the required authorization and the system outputs an appropiate message.

If the value is 0, the user has the required authorization and the program can continue and you can send line to report.

Useful transactions for check authorizations, SU53, SU56, SU01 and SU24 to trace authorizations.

I hope this help.

Regards,

JLB

Former Member · ‎2010 May 06

Hi Joes,

Thanks for your reply.

I'm executing standard SAP report, FMRP_3FMB4002, by activating the commitment authorization check, the user are not able to generate the report if he has only authorization for certain commitment item.

In program SAPLFMES/LFMESF10, subroutine CHECK_AUTHORITY_IFMEISA1, there is a logic to delete the commitment item if the authorization checks failed. My question is why the message type passes from the BAdi (IF_EX_FM_AUTHORITY_CHECK~COMMITMENT_ITEM_CHECK) need to be overwritten to 'E' and this will prompt as an error message and stop the process of generating the report.

Hope my question is clear for you, appreciate if you can answer question.

Regards

Sam

Former Member · ‎2010 May 12

Hi Experts,

Please help us on the above issue.