08-22-2007 9:34 AM
Hi all,
i want to write authorization check on following object
F_BKPF_BLA.
How to write code please guide me
Thanks in advance
Krishna
08-22-2007 9:37 AM
Hi,
try this one.
INITIALIZATION.
irepid = sy-repid.
AUTHORITY-CHECK OBJECT 'F_BKPF_BLA'
ID 'TCODE' FIELD '<tcode>'
ID 'ACTVT' FIELD '16'.
IF sy-subrc NE 0.
MESSAGE 'NO authorisation found' TYPE 'E' .
ENDIF.
<i><b>Regards
Debjani
Rewards point for all helpful answer</b></i>
08-22-2007 9:38 AM
Hi Krishna
Go to Pattern of your SE38 editor and choose the radio button for Authority object. Then give in your Auth. object name i.e. F_BKPF_BLA in your case and press enter. And for the "field" part which is quotes with blanks please give in the values that you want to check against for that field i mean "ID".
Reward points for all useful answers !!
~Ranganath
08-22-2007 9:41 AM
Hello,
<b>AUTHORITY-CHECK OBJECT object ID name1 FIELD f1
ID name2 FIELD f2
...
ID name10 FIELD f10.</b>
Please look the below code.
REPORT zbc_08_6author .
PARAMETER : p_carrid TYPE sflight-carrid,
p_connid TYPE sflight-carrid,
p_mode(2) TYPE c.
DATA : wa LIKE sflight.
<b>AUTHORITY-CHECK OBJECT 'ZVCARRID'
ID 'ZVCARRID' FIELD p_carrid
ID 'ACTVT' FIELD p_mode.</b>
IF sy-subrc = 0.
SELECT * FROM sflight INTO wa WHERE carrid = p_carrid.
WRITE : / wa-carrid, wa-connid, wa-fldate, wa-price .
ENDSELECT.
ELSE.
WRITE : / 'No'.
ENDIF.
<b>Description</b>
AUTHORITY-CHECK
Basic form
<b>AUTHORITY-CHECK OBJECT object ID name1 FIELD f1
ID name2 FIELD f2
...
ID name10 FIELD f10.</b>
Explanation of IDs:
<b>object</b>
Field which contains the name of the object for which the authorization is to be checked.
<b>name1 ...</b>
Fields which contain the names of the
<b>name10</b>
authorization fields defined in the object.
<b>f1 ...</b>
Fields which contain the values for which the
<b>f10</b>
authorization is to be checked.
<b>AUTHORITY-CHECK</b> checks for one object whether the user has an authorization that contains all values of f (see SAP authorization concept).
You must specify all authorizations for an object and a also a value for each ID (or DUMMY).
The system checks the values for the IDs by AND-ing them together, i.e. all values must be part of an authorization assigned to the user.
If a user has several authorizations for an object, the values are OR-ed together. This means that if the CHECK finds all the specified values in one authorization, the user can proceed. Only if none of the authorizations for a user contains all the required values is the user rejected.
If the return code value in SY-SUBRC is 0, the user has the required authorization and may continue.
The return code value changes according to the different error scenarios.
<b>From the pattern u can select the format.</b>
Reward if helpful,
regards,
LIJO JOHN
08-22-2007 9:46 AM
AUTHORITY-CHECK OBJECT 'S_TABU_DIS' (Object Name)
ID 'DICBERCLS' FIELD wa_tddat-cclass (Autherization grp)
ID 'ACTVT' FIELD '02'.
08-22-2007 9:49 AM
Hi,
Please follow the following example -
Example
Check whether the user is authorized for a particular plant. In this case, the following authorization object applies:
Table OBJ : Definition of authorization object
M_EINF_WRK
ACTVT
WERKS
Here, M_EINF_WRK is the object name, whilst ACTVT and WERKS are authorization fields. For example, a user with the authorizations
M_EINF_WRK_BERECH1
ACTVT 01-03
WERKS 0001-0003 .
can display and change plants within the Purchasing and Materials Management areas.
Such a user would thus pass the checks
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0002'
ID 'ACTVT' FIELD '02'.
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' DUMMY
ID 'ACTVT' FIELD '01':
authorization would fail the check in this case
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0005'
ID 'ACTVT' FIELD '04'.
To suppress unnecessary authorization checks or to carry out checks before the user has entered all the values, use DUMMY - as in this example. You can confirm the authorization later with another AUTHORITY-CHECK .
Reward points if Helpful.