cancel
Showing results for 
Search instead for 
Did you mean: 

Checking Query and Web Template Authorizations

sap_cohort
Active Contributor
0 Kudos

Hi, I have some code that does an authority-check to determine if a user has access to a specific query.

AUTHORITY-CHECK OBJECT 'S_RS_COMP'

ID 'RSZCOMPID' FIELD '__________'.

I need to be able to test to see if a user has access to a specific Web Template.

Any ideas how to do this?

Thanks!

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hello Kenneth,

AUTHORITY-CHECK OBJECT 'S_RS_COMP'

ID 'RSZCOMPID' FIELD 'Z_Q01'. it works. But this statement you will incorporate in a program and this program will be executed by either you or an end user.

when you execute the program, system will check the authorizations of yours. And when user executes the program it will be checked against the user who is executing. But If you want to check this program for a particular user, it is not possible.

I dont know what is your actual requirement.

Hope this helps,

GSM.

Former Member
0 Kudos

Hello,

GOTO PFCG, select a role. When you display the role, there is a User tab. see all the users assigned to this role. In the authorizations tab, can get a webtemplate or query name.

Or if you know a user and take role from there, then goto SU01-> roles table, take a role and then goto PFCG.

RSZCOMPID is the actual query technical name.

GSM.

sap_cohort
Active Contributor
0 Kudos

Hmmm, make sense. I'm looking to doing it programmatically. I just noticed that RS_COMP1 has STR component for templates.

Do you or Anyone know if I can just use abap authority-check statement with STR type and template name to determine if someone has access to the template?

Thanks!

Former Member
0 Kudos

Kenneth,

There is no auth check for BW Web templates in a <b>3.X</b> system. Check OSS note 840068. STR type is for BW query structure auth check.

For NW 2004s there is a new Auth Object S_RS_BTMP which can be used for BW Web template authorization check.

http://help.sap.com/saphelp_nw2004s/helpdata/en/f3/291542e4b4df2ce10000000a1550b0/content.htm

Thanks.

sap_cohort
Active Contributor
0 Kudos

A coworker just mentioned that using RS_COMP with reporting component type STR (Template structure) will accomplish the Web Template Authority Checking I need. Is this correct?

Thanks!

Former Member
0 Kudos

No, Template structure STR is for query structures.

Former Member
0 Kudos

Kenneth,

Another way you can check a particular user authorizations is using

Create a view using tables AGR_USERS & AGR_1251 tables.

Give the restriction on AGR_USERS a user id and join agr_users & agr_1251 with the role_name.

In AGR_1251 check for object values 'S_RS_COMP' and 'S_RS_COMP1' for queries and web tempaltes.

GSM.

sap_cohort
Active Contributor
0 Kudos

Would the following scenario work/make sense?

1. Find the roles a template is assigned to

2. Find the roles a user is assigned to

3. check if the user has the role the template is assigned to?

If it does make sense then can it be done programatically?

Thanks for your ideas!

Ken Murray

Former Member
0 Kudos

Kenneth,

1. Find the roles a template is assigned to : Yes, use AGR_1251 table.

2. Find the roles a user is assigned to : Yes, use AGR_USERS.

3. check if the user has the role the template is assigned to? by joining both the tables.

By using these tables, programatically you can check it.

You cannot check this using C-Command AUTHORITY-CHECK OBJECT. As this checks only the authorizations for the user who is executing it. This command is more useful in the following scenario.

Eg.In BW if you have written a program for some reasons to read the values of an ODS active table. On this ODS you have authorization relevant infoobject. Lets say profit center. In order to check the profit center that the user is assigned to and populate the data for only profit centers for which he is eligible to view the data.

Hope this helps,

GSM.

sap_cohort
Active Contributor
0 Kudos

Hi GSM, thanks for following up!

I agree your AGR solution would work and I'll use it if I officially can't go the route of AUTHORITY-CHECK.

It is the user who is executing it. I have a virtual cube that lists all of our queries in the system. And when the user executes the list of queries I'm placing a checkmark icon next to the queries the user is authorized to. Looks nice, but I just have to do this for templates as well.

If your thinking I could somehow still use the AUTHORITY-CHECK for templates, in this case I'm curious on your thoughts. or is AGR tables the best solution.?

Thanks again!