05-14-2009 9:47 PM
Hi,
I am currently trying to restrict user access by company code and cost center combination.
We have roles defined for each user and I am trying to use the standard authorization object A_S_KOSTL in this role . It seems that since it is not a 'maintianed' object no activity can be assigned to this autorization object.
currently the values are :
company Code : 1110 , 1112, 1114
Cost Center : *
i am getting sy-subrc as 0 even when i test for company code : 1110 for a user with the above role.
My code is :
AUTHORITY-CHECK OBJECT 'A_S_KOSTL'
ID 'BUKRS' FIELD '1110'.
F sy-subrc EQ 0.
AUTHORITY-CHECK OBJECT 'A_S_KOSTL'
ID 'KOSTL' FIELD '*' .
IF sy-subrc EQ 0.
MESSAGE 'Success with KOSTL also' TYPE 'S'.
ELSE.
MESSAGE 'Success with BUKRS only' TYPE 'S'.
ENDIF.
ELSE.
MESSAGE 'Failure' TYPE 'S'.
ENDIF .
I get a subrc NE 0 for the KOSTL part. The test passes for BUKRS.
Please advise on how to proceed.
Thanks and Regards
Soumya
05-14-2009 9:56 PM
That is what you coded and that is what the user has, so that is what you got.
Additionally you hardcoded the BUKRS. Shame on you...
Anyway, I don't understand your question. Based on your code and the description, you are looking for a XANDOR operand between the 3 BUKRS, which if sy-subrc = 0 should check KOSTL = * (so must have full authority...).
You need to react to the first AUTHORITY-CHECK and code it...
Cheers,
Julius
05-14-2009 9:56 PM
That is what you coded and that is what the user has, so that is what you got.
Additionally you hardcoded the BUKRS. Shame on you...
Anyway, I don't understand your question. Based on your code and the description, you are looking for a XANDOR operand between the 3 BUKRS, which if sy-subrc = 0 should check KOSTL = * (so must have full authority...).
You need to react to the first AUTHORITY-CHECK and code it...
Cheers,
Julius
05-14-2009 9:59 PM
Hi,
I am jsut testing this in a dummy program to make sure it works... I wont hard code the BUKRS value or any other value.
The user profile has authorizations to post in all cost centers.. So i am puzzled as to why the the AUTHORITY-CHECK statemt returned a value of 4. IT should have been 0.
Thanks and Regards,
Soumya
05-14-2009 10:28 PM
Okay, I misread the "NE". Sorry.
Have you done a syntax check on it?
Also compare to:
AUTHORITY-CHECK <object>
ID 'KOSTL' '*'.
I cannot confess to ever have done a "full" AUTHORITY-CHECK myself, but it is most likely the same as with DUMMY -> you should not use the FIELD statement as '' value if the data element does not know what a '' is...
Cheers,
Julius
05-14-2009 9:57 PM
Hi all,
I also found that some time back that it works when there are some values maintained for KOSTL. It fails only when a value of '*' is maintianed.
Please give me some ideas on the same.
Thanks and Regards,
Soumya
06-16-2009 7:46 PM