08-25-2008 11:27 AM
Hello this is jindal and please advise me about following topics.
Instead of using structural authorization becuase of performance issues and user requirements i am trying to use HRBAS00INFTY BADI for security check.
In our case, every user can inquary any students but update is restricted to certain department so i am using HRBAS00INFTY.
1) using HRBAS00INFTY badi, i only check whether certain user have update (add/change/delete) authority
and it working very well with relation to infotype.
2) but we also have BDT screen and it is not IT.
do we have any BADI that i can use similar to HRBAS00INFTY badi.
3) if we can add this kind of standard in the security, customers would be more happy.
Thanks in advance,
jin dal
08-25-2008 12:54 PM
Hi Jindal,
The BAdI HRBAS00INFTY can be used for HR infotypes. As Jeroen rightly daid, you can use event AUTH1 for providing your authorization check. The event AUTH1 will be called when the call is made to the first data screen from the initial screen. The event is also called before saving. So you can create a function module for this event for your application object and put your logic for authorization in that function module.
More details you can see in the development guideline for BDTs
Ajeesh
08-25-2008 11:36 AM
Hi jin dal,
Authority Checks for BDT Objects: For the BP, Contract Account and Contract Object Master Records additional authorization checks can be implemented using the event AUTH1 of the BDT Toolset. Further information can be found in the developer guide for the BDT toolset in the SAP online documentation.
Jeroen
08-25-2008 12:54 PM
Hi Jindal,
The BAdI HRBAS00INFTY can be used for HR infotypes. As Jeroen rightly daid, you can use event AUTH1 for providing your authorization check. The event AUTH1 will be called when the call is made to the first data screen from the initial screen. The event is also called before saving. So you can create a function module for this event for your application object and put your logic for authorization in that function module.
More details you can see in the development guideline for BDTs
Ajeesh
08-26-2008 5:25 AM
Hi Ajeesh,
Can you give me a little more detail information about Event.
How can i find out ?. it is in the IMG or T-code ?.
I do not have any knowledge about Event and AUTH1.
your help would be appreciated.
regards,
jin dal
08-26-2008 12:09 PM
Hi Jin dal,
In BDT framework, events are raised at different points so that customers can make use of them. The event AUTH1 is called before the call to first data screen. So you can create a function module which check for authorization and assign this function module for event AUTH1.
You can do this using transaction BUS7.
This will list out all events for application object BUPA. Now choose the event AUTH1 and click on the sub-tree on left to assign the function module. Give your function module name, put 'X' to call field, and then you need to choose an application. We have two applications. For all student master data screens except related persons tab use the application 'PSCM'. For 'related persons' tab screen , use application object 'PSCI'.
To get more details on how to write function module for the events, please have a look here
http://help.sap.com/erp2005_ehp_03/helpdata/EN/35/696d360856e808e10000009b38f839/frameset.htm
and
http://help.sap.com/erp2005_ehp_03/helpdata/EN/35/696d360856e808e10000009b38f839/frameset.htm
regards,
Ajeesh
08-28-2008 1:52 AM
Hello Ajeesh,
This is jin dal and i meet errors in visiting studies and as you know it is standard.
I add some logic in HRBAS00INFTY as follows.
I think "PERFORM .. ON COMMIT" has caused error and in my test user develpment screen
PERFORM ..
ON COMMIT is in the different line there is no error.
please have a look at our program logic and if there is mistakes let me know it.
-
Program source -
loop at new_image into ls_new_image.
l_infty = ls_new_image-infty.
call function 'ZCM_CHECK_AUTH01'
exporting
i_otype = 'ST'
i_objid = l_objst
I_PROCESS =
i_infty = l_infty
exceptions
no_authority = 1
others = 2
.
if sy-subrc <> 0.
clearbuffer.
message id sy-msgid type sy-msgty number sy-msgno
with sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
return .
endif.
FUNCTION zcm_check_auth01.
CLEAR: g_orgeh.
CASE i_otype.
WHEN 'ST'.
IF NOT i_infty IS INITIAL.
CASE i_infty.
WHEN
'1714' OR
'9545' OR
'9720' OR
'9502' OR
'9580' OR
'9540' OR
'9560' OR
'9610' OR
'9650' OR
'9670' OR
'9630' OR
'9620' OR
'9635' OR
'9750' OR
'1702' OR
'1705' OR
'1711' OR
'1712' OR
'1718' OR
'1703' OR
'9590' OR
'9550' OR
'9500' OR
'9520' OR
'9531' OR
'9570' OR
'9512' OR
'9660' OR
'9680' OR
'9641'.
WHEN OTHERS.
RETURN.
ENDCASE.
ENDIF.
학생의 학과 조회
CALL FUNCTION 'ZCM_KDT_BP_ST_DERIVED_ORG1'
EXPORTING
PLANVERSION = '01'
PARTNER =
objectid = i_objid
PIQSTUDENT =
read_texts = ' '
KEY_DATE = SY-DATUM
OPTION =
IMPORTING
ex_d_objid = g_d_objid
EX_D_SHORT =
EX_D_STEXT =
EX_P_OBJID =
EX_P_SHORT =
EX_P_STEXT =
.
g_orgeh = g_d_objid. CLEAR g_d_objid.
SELECT SINGLE *
FROM t77ua
WHERE uname = sy-uname
AND profl = g_orgeh
AND begda <= sy-datum
AND endda >= sy-datum.
IF sy-subrc <> 0.
MESSAGE e186 RAISING no_authority. "데이터를 업데이트 할 수 있는 권한이 없습니다.
ENDIF.
PERFORM .. ON COMMIT part got an error
08-29-2008 9:20 AM
Hi Jin dal,
Can i ask you which is the method that you are trying to implement from BAdI HABAS00INFTY? If you wish to check the authorization, may be you use the method BEFORE_OUTPUT.
The method IN_UPDATE will be called while making the update to the database. If you are making some checks here and if the checks failed, then then entire application should be rolled back. So you must throw an abort message in the method implementation. This means that the checks that you do here are those checks which would either results in a data roll back or data commit. So if you have raised messages, they obviously result in dumps. Also DO NOT COMMIT inside this method.
May be you can analyse the reason of the dump from transaction ST22.
If you can paste the dump log, may be i can suggest you what went wrong.
Kind regards,
Ajeesh
08-29-2008 2:56 PM
Hello Ajeesh,
I will send you dump message by monday but only Visiting studies i met error which means except Visiting studies everything is Ok including user developed infotype and standard infotype.
By analysing ST22 we changed my user develped program source not to includ ON COMMIT
but i think, visiting studies looks have this ON COMMIT source and it only have problem.
we also tested in update and before update and visiting studies looks ON commit so i asked to develop center whether they can change program source not to include ON COMMIT.
by the way i am also testing for security check in BP master but takes times. if you can send me some sample source that can check security i will be happy.
i am checking as follows for info type security.
if customers trying to change some student who are not belong to my org unit, i just send an error saying you are not authorized to update this student.
thanks in advance.
jin dal
09-01-2008 2:14 AM
Hello Ajeesh,
I got a message from develop center saying they will change Visiting studies program not to incoude ON COMMIT.
regards,
jin dal
09-02-2008 2:30 AM
Hello Ajeesh,
I add program as follows and i am testing but looks no problem.
if you have any recommendation, please let me know.
By the way if i want to give display authorization for BDT screen, technical topics says i gave to use field group 0009 but it is not working well.
Can you recommend what authorization Object i have to use and my function module can influence it.
regards,
jin dal
-
Event AUTH1
3700000 ZCM_EVENT_AUTH1 X PSCM
function zcm_event_auth1.
*"----
""Local Interface:
*"----
get activity
data: l_aktyp type tbz0k-aktyp.
call function 'BUS_PARAMETERS_ISSTA_GET'
importing
e_aktyp = l_aktyp.
check l_aktyp <> '03'. "disyplay가 아닐때
case sy-ucomm.
when 'SAVE' or
'YES' or
'OPT1'. "save 일때
when others.
return.
endcase.
get instance id
data: l_instance_count type i,
lt_instances like bdt_instance occurs 0 with header line,
l_instance_id type bdt_instance_id.
call function 'BDT_CLASS_ATTRIBUTES_GET'
importing
ev_instance_count = l_instance_count
tables
et_instances = lt_instances.
if l_instance_count > 0.
read table lt_instances index 1.
l_instance_id = lt_instances-instance_id.
else.
l_instance_id = '1'.
endif.
data modified ?
data: l_xchng type boole_d .
call function 'BDT_DATA_MODIFIED'
exporting
iv_handle = l_instance_id
importing
ev_xchng = l_xchng
exceptions
handle_not_found = 1
others = 2
.
if sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
endif.
if sy-subrc = 0.
check l_xchng <> ''.
endif.
get student object id
data: l_pon type hrp1001-objid.
get parameter id 'STUDENT' field l_pon.
check authority
call function 'ZCM_CHECK_AUTH01'
exporting
i_otype = 'ST'
i_objid = l_pon
I_PROCESS =
i_infty = c_bupa_infty
exceptions
no_authority = 1
others = 2
.
if sy-subrc <> 0.
call function 'BUS_MESSAGE_STORE'
exporting
arbgb = sy-msgid
msgty = sy-msgty
txtnr = sy-msgno
msgv1 = sy-msgv1
msgv2 = sy-msgv2
msgv3 = sy-msgv3
msgv4 = sy-msgv4.
endif.
endfunction.