Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Saving file on application server based on employee Area ,with all security

We have one discussion going on !! I just want a suggestion about that . We are using Open data set logic to open the file for read and write , Now we have different companies and we want that file should be saved on the basis of company code in that person area. Which represent a folder on application server in AL11? Can you guys suggest me how we can deal with this matter?

I mean employee # 123 run report or interface ( from ABC company )

On the selection screen ( it says /USR/ABC/interface/save/

I mean employee # 3 run report or interface ( from DUMMY company )

On the selection screen ( it says /USR/DUMMY/interface/save/

<b>Note : it wont allowed them to save the file which is not belong to their company area, and authorization should be strict .</b>

Cheers

usman

Tags:
replied

Well as far as person area .. company code is concern . SAP standard authorization objects control them . you don’t need to do it . The object is P_ORGIN , which has these values. But you don’t need to worry about that . I am 100 % sure , Your security group already implement that . If that specific user has the roles , he can access the company code and personal areas ..

FYI: you can also see its values in Table AGR_1251 against roles and user.

In addition, AL11 use the auth object S_ADMI_FCD

and See the Fm in AL11 program ( RSWATCH0 )

auth_check_filename = path_name.

call function 'AUTHORITY_CHECK_DATASET'

exporting

  • PROGRAM =

activity = 'READ'

filename = auth_check_filename

exceptions

no_authority = 1

activity_unknown = 2

others = 3.

if sy-subrc = 1.

message id '00' type 'E' number '149'

with path_name.

In above Fm you`ll see differnt activity types like

hen sabc_act_read. l_actvt = '33'.

openmode = 'R'.

when sabc_act_write. l_actvt = '34'.

openmode = 'W'.

when sabc_act_read_with_filter. l_actvt = 'A6'.

openmode = 'R'.

when sabc_act_write_with_filter. l_actvt = 'A7'.

openmode = 'W'.

when sabc_act_delete. l_actvt = '06'.

openmode = 'D'.

with Auth check in place

<b> authority-check object 'S_DATASET'

id 'PROGRAM' field program

id 'ACTVT' field l_actvt

id 'FILENAME' field filename. </b>

<i><b>You can also define a role in which you put Auth object = S_DATASET and with Activity </b></i>

06 Delete

33 Read

34 Write

A6 Read with filter

A7 Write with filter

with object = S_DATASET

you can give filename = /usr/dumyy/inter* ( for one compnay code ( <b>just chage this value for every one</b> )

with object = S_DATASET

program = ZP* ( program name )

ref:<b> authority-check object 'S_DATASET'

id 'PROGRAM' field program

id 'ACTVT' field l_actvt

id 'FILENAME' field filename. </b>

Hope it`ll help you !!

Thanks

Saquib Khan

Message was edited by: Saquib Khan

0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question