Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization issue with Company code/ Cost center combination

Former Member
0 Kudos

Hi,

I am currently trying to restrict user access by company code and cost center combination.

We have roles defined for each user and I am trying to use the standard authorization object A_S_KOSTL in this role . It seems that since it is not a 'maintianed' object no activity can be assigned to this autorization object.

currently the values are :

company Code : 1110 , 1112, 1114

Cost Center : *

i am getting sy-subrc as 0 even when i test for company code : 1110 for a user with the above role.

My code is :

 AUTHORITY-CHECK OBJECT 'A_S_KOSTL'
    ID 'BUKRS' FIELD '1110'.
F sy-subrc EQ 0.
  AUTHORITY-CHECK OBJECT 'A_S_KOSTL'
  ID 'KOSTL' FIELD '*' .
  IF sy-subrc EQ 0.
    MESSAGE 'Success with KOSTL also' TYPE 'S'.
  ELSE.
      MESSAGE 'Success with BUKRS only' TYPE 'S'.

  ENDIF.

ELSE.
      MESSAGE 'Failure' TYPE 'S'.
ENDIF .

I get a subrc NE 0 for the KOSTL part. The test passes for BUKRS.

Please advise on how to proceed.

Thanks and Regards

Soumya

1 ACCEPTED SOLUTION

Former Member
0 Kudos

That is what you coded and that is what the user has, so that is what you got.

Additionally you hardcoded the BUKRS. Shame on you...

Anyway, I don't understand your question. Based on your code and the description, you are looking for a XANDOR operand between the 3 BUKRS, which if sy-subrc = 0 should check KOSTL = * (so must have full authority...).

You need to react to the first AUTHORITY-CHECK and code it...

Cheers,

Julius

5 REPLIES 5

Former Member
0 Kudos

That is what you coded and that is what the user has, so that is what you got.

Additionally you hardcoded the BUKRS. Shame on you...

Anyway, I don't understand your question. Based on your code and the description, you are looking for a XANDOR operand between the 3 BUKRS, which if sy-subrc = 0 should check KOSTL = * (so must have full authority...).

You need to react to the first AUTHORITY-CHECK and code it...

Cheers,

Julius

0 Kudos

Hi,

I am jsut testing this in a dummy program to make sure it works... I wont hard code the BUKRS value or any other value.

The user profile has authorizations to post in all cost centers.. So i am puzzled as to why the the AUTHORITY-CHECK statemt returned a value of 4. IT should have been 0.

Thanks and Regards,

Soumya

0 Kudos

Okay, I misread the "NE". Sorry.

Have you done a syntax check on it?

Also compare to:

AUTHORITY-CHECK <object>
ID 'KOSTL' '*'.

I cannot confess to ever have done a "full" AUTHORITY-CHECK myself, but it is most likely the same as with DUMMY -> you should not use the FIELD statement as '' value if the data element does not know what a '' is...

Cheers,

Julius

Former Member
0 Kudos

Hi all,

I also found that some time back that it works when there are some values maintained for KOSTL. It fails only when a value of '*' is maintianed.

Please give me some ideas on the same.

Thanks and Regards,

Soumya

Former Member
0 Kudos

Thanks a lot for your inputs..It worked.