cancel
Showing results for 
Search instead for 
Did you mean: 

Authorisation checks within a Z report

Former Member
0 Kudos

We had a report created to run based on "org key" field. Its working perfectly.

We now have a request for the report to run based on a Manager's staff .i.e. restrict data as of Manager's sub-ordinates? Is this possible? Is this a case of getting the coder to insert a different authority check within the report?

Please help!!!!

thanks.

Marie

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

hi Marie,

There is a function module which has the authorization code check in it. SUSR_AUTHORITY_CHECK_SIMULATE you may find it in your WebAS/R3.

This will check if your user has the corresponding authorization objects assigned ot that person or not during RUNTIME.

you may copy paste the relevant code to into your Zreport and accomplish your purpose

Regards

Arun

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi Marie,

I take it you are using SAP-HR when you talk about managers and restricting the scope of viewing their sub-ordinates ? If so, I'm not too familiar with the available authorisation objects in HR but I'm sure there will be one that controls access to a managers organisation structure.

You are right. You will need to issue an AUTHORITY-CHECK in the report, as before, against the appropriate authorisation object. Based on the outcome of the check (i.e. the value returned in system variable sy-subrc), the ABAP can filter the sub-ordinate data.

Hope this helps.

Regards,

Gary

Former Member
0 Kudos

Thanks Arun!!

Do we need the ABAP guy to activate this within the report? Had a look at this function module but doesn't really make much sense to me. Does this restrict a Manager from seeing other Manager's staff within his org. unit. thanks again!!!!

Marie

Former Member
0 Kudos

hi Marie,

If you don't know ABAP, i guess you have to get an ABAPer to do this job.

The funda behind this goes like this:

there are authorization objects which when incorporated in a role and assigned to a user, enables the user to view reports, to access transactions, gives rfc access etc.

So, in this FM i'm talking about, you have to check if the user has the authorization objects (corresponding to the data) assigned to him/her. If this condition is satisfied, you may show that person the concerned data. otherwise, you may restrict.. in this case, i guess YOU NEED AN ABAPer who knows how to give authorization objects and code accordingly...

Hope that cleared...

Regards

Arun