Authorization check - customer exit EXIT_SAPLRRS0_001

Hi gurus,
a question on customer exit about EXIT_SAPLRRS0_001 related to i_step = 0 (Authorization check).
I have two InfoObjects: 0WS_CAT and 0WSCATQ. The last one has a compounding that is 0WS_CAT.
In the exit: I need to check the 0WS_OBSFLAG (a simple flag attribute) to determine if the entries in 0WSCATQ Master data are valid or no.
If I found that the entry is valid I add the value to the e_t_range export table in this way:
if ( i_step = 0 ).
    l_s_range-sign = 'I'.
    l_s_range-opt = 'EQ'.
    l_s_range-low = '00000001'.
    append l_s_range to e_t_range.
endif.
The problem is the compound, how can specify the value key for the export table?
For example ... in the table I have three entries:
0001 00000001 #
0002 00000001 X
0003 00000001 #
The valid entries are:
0001 00000001 #
0003 00000001 #
How can specify '0001' or '0003'? Because if I assign only the value  '00000001' to l_s_range-low then the entries valid in the authorization for 0WS_CATQ are three and not two.
It's important for me to find a solution.
Regards, Roberto

Hi Roberto,
you have to build your logic into a variable for the other infoobject 0WS_CAT and find your values 0001 and 0003 the way you described.
You might have to restrict the selection for 0WSCATQ to a single value, in case you have a record like this in addition to the 3 you have listed.
0002 00000005 #
Best,
Ralf

Similar Messages

  • Error for customer specific Authorization check (User Exit)

    Dear Experts,
    I am facing a problem in PM.
    I have created a maintenace plan for calibration via t code IP42 and mentioned the order type PM05. Scheduling is done for the order. I got the order number.
    I have released the order and got the inspection lot number.
    While entering the results recording through t code QE17, the reluts are out of the specified range, i have given the valuation Rejected, immediately system is giving an error message as below:
    "Error for customer specific Authorization check (User Exit)"
    Though there is no user exit activated in the system, this message is coming and not allowing the result recoring for rejection.
    If I'm entering the result recording within the specified range, then valuation is Accepted and its allowing to save.
    I have checked the following user exits:
    QQMA0002: QM: Authorization Check for Entry into Notif. Transaction
    QQMA0026: PM/SM: Auth. check when accessing notification transaction.
    The above 2 User Exits are not active.
    I have also checked a note 429066. But it says incase of any dump for that user exit only its applicable and more over the current version of the system is ECC 6.0 packae 15, where as that note is applicable upto 4.6C.
    Please some one help me on this issue.
    Thanks and Regards,
    Praveen.

    Dear Pete,
    I have cheked with my technical team, There is no hotpacks updated recently. This is the implementaion project I'm in, so performing the cycle for the first time.
    Any how I got it solved, in T code QE17, after entering the Inspection lot in next screen goto menu path Settings - User settings - Defects recording mention the reprt type and tick on Reprt type Changable.
    At the time of result recording if the valuation is Rejected then it ask for defects recording close that window if not rwequired then save, the error message no longer apperaing now.
    Regards,
    Praveen

  • BW Customer Exit EXIT_SAPLRRS0_001

    I am trying to limit the values in the selection screen for a BW report using the BW customer exit EXIT_SAPLRRS0_001.  I have created a custom table to store values to limit the selection.  Unfortunately when coding for i_step = 2 I can only populate the field in the selection screen but the user is still able to click the multiple values button and see all values and not just the ones the limited to their user ID.  How can I limit this selection so the user cannot select any value but only the ones corresponding to their ID in the custom table ?  Also how can I de-activate the second text box in the selection so no range can be input ?  This is for setting up security for reporting.  Any help would be very much appreciated.

    to control the kind of input selection options displayed in the selection screen you have to configure and choose between different variables you create in the Bex.
    look for options in the Bex variable creation for single value selection only.
    in the customer exit.. stop at I_STEP = 3 and check if user input is correct .. else error out.
    If you can predict the correct user entries the user should make.. then you rather make this variable "not available for selection" and fill it in user exit yourself so the security is not breached. This way user cannot tamper with the values you fill in background. But he can filter further later in the query navigation.
    Thanks
    Sharan

  • Customer Exit  EXIT_SAPLRRS0_001

    Hi Experts,
    can some make pointer regarding the authorisation in the exit EXIT_SAPLRRS0_001
    1)Value Authorization
    2)Hierarchy Authorization.
    which one will be better, and in detail about both the Authorization.
    Thankyou.

    I am not so sure what you mean about authorization...
    If  you mean the variable is to used to define OLAP authorizations, you need to code customer exit for this variable with i_step=0 (see note 492504)
    If you want to control authorization to access query data, you need to setup OLAP authorization in transaction RSECADMIN for BW 7.0.  Here, of course you can define authorization based on value or hierarchy node.

  • Authorization with customer exit variable (CP, BT, EQ)

    Hi SDN-Experts,
    I have a question concerning the new authorization concept.
    I created an authorization for 0COSTCENTER which also contains the 3 special characters 0TCAACTVT, 0TCAIPROV and 0TCAVALID. I inserted a customer exit variable for 0COSTCENTER. The exit reads datasets from a db table which contains authorizations for the actual user. The authorizations have different formats, e.g. "1000", "1000;1200", "25*" etc.
    The internal table e_t_range is filled as followed in the exit:
      i   eq   1000
      i   bt   1000   1200
      i   cp   25*
    This does not work. It works if I only use "eq" OR "cp". But not both at the same time.
    How can I achieve to use the different authorizations in the db table for the bi authorization?
    Thanks in advance...
    Joerg

    Hi Olivier.
    Yes, the variable is defined as selection option and I did also try to use "EQ" instead of "CP".
    I tested again with another variable which is "ready for input" and is not used in an authorization. The Variable is filled in the customer exit. This is the code:
    WHEN 'ZJGR_COSTCTR_TEST'.
      l_s_range-sign = 'I'.
      l_s_range-opt  = 'BT'.
      l_s_range-low = '0000001000'.
      l_s_range-high = '0000001200'.
      APPEND l_s_range TO e_t_range.
      l_s_range-sign = 'I'.
      l_s_range-opt  = 'CP'.
      l_s_range-low = '0000002*'.
      APPEND l_s_range TO e_t_range.
    The result in the variable screen in BEx Analyzer is the following:
    1000 - 1200;0000002*;
    And it still does not work. It seems that you could not mix EQ, BT and CP. But this is exactly what I have to do with the authorization variable...
    Do you have any other tipps that I might try out?
    Thanks,
    Joerg

  • Hierarchy Node authorization with customer exit

    Hi All,
    I have created a hierarchy for an info-object A along with nodes test1 and test 2.node test1 consisit of value 10,20,30,40,50 and node test2 consist of value 60,70,80,90.  .
    1) I want that perticuler user should access perticuler node in hierarachy for that reason I have created a database table in which i have maintained the username and the values from the Infoobject A .I want to write a customer exit code in which user X can access node test1 and user Y can access node test2
    but in database table i can not maintain the nodes i can only maintain the values from the nodes
    so how can i restrict the user to perticuler node instead of values
    The authorization values for the perticuler user will get filled by customer exit variable maintained in the authorization profile
    can any body suggest me or send me example customer exit code for this scenario.
    I really appreciate your thoughts on this issue.
    Thanks,

    Hi,
    in addition to Anil's valid input, make sure that ZTEST is NOT ready for input. Indeed "ready for input" vars cannot be changed via customer exits.
    hope this helps...
    Olivier.

  • Authorizations by use of customer-exit: in  i_step = 3,   i_vnam is empty

    Hello all,
    I have checked multiple scenarios and they do not work:
    Current situation/setup:
    1. <b>Creation of several variables and adding each of them to different queries</b> :
    Variable   Type   Processing      Infoobject                     Selection  ready for input
    COB     1     6     ZCCOSTCTR__ZCCOB     S     
    CB2     1     6     ZCCOB                                     S     
    CBV     1     3     ZCCOB                                     S     
    2. <b>Adding values in a role</b> (currently 3.0 is used and we want to check the exit and if it works before upgrading to 7.0) and assign it to the user:
    Old active Object:ZCKS_COB:
    1KYFNM    *                                                                            
    9ZCCOB    $C-B2, $C-OB , $C-BV    
    added new object without 1KYFNM:                                                                               
    ZCCOB      $C-B2, $C-OB, , $C-BV             
    3. <b>Marked the used object auth. relevant</b> for the cube of the query
    4. Enhanced ZXRSRU01 via CMOD with coding and activated also the project:
      WHEN 'COB' or 'RESPNO'.
       IF I_STEP = 0.
        IF I_STEP = 1.
       IF I_STEP = 3.
          CALL FUNCTION 'Z_VARIABLE_BY_AUTH'
            EXPORTING
              I_VNAM           = I_VNAM
            TABLES
              E_T_RANGE        = E_T_RANGE
            EXCEPTIONS
              NO_AUTH          = 1
              NOT_VALID        = 2
              MISSING_OPERATOR = 3
              OTHERS           = 4.
          IF SY-SUBRC = 1.
            MESSAGE W007(EYE).
          ENDIF.
          IF SY-SUBRC = 2.
            MESSAGE W707(BRAIN).
          ENDIF.
          IF SY-SUBRC = 3.
            MESSAGE W999(BRAIN).
          ENDIF.
          IF SY-SUBRC = 4.
            MESSAGE W649(BRAIN) with I_VNAM ''.
          ENDIF.
        endif.
    The function 'Z_VARIABLE_BY_AUTH' was tested separately and fills in E_T_RANGE as expected.
    I also changed the variable names each time to all the other existing variables while debugging.
    If I use a variable of <b>type customer-exit</b> and process it with <b>i_step =1</b> the value selection and query result is OK.
    But this <b>scenario works without roles</b> and authorization values triggered by a variable $<VARIABLE> and is not the intended and documented way proposed by SAP. The documentation says to create a variable of type authorizations and to process it in I_Step = 3. But in this step I_VNAM is empty and so there is no processing ot the function module.
    Has anyone a solution? I could not find the issue during several debugging sessions. One strange thing is the protocol of rssm: the authorization buffer is not reflecting the enhanced role but only the value $C-B2 for object ZCKS_COB.
    Thanks in advance to have a look on this tricky issue.
    Bye,
    Petra

    Try this:
    IF i_s_rkb1d-compid = 'Query Name'
    Validation of data for the value entered in your Variable
        READ TABLE i_t_var_range INTO yourworkarea
                    WITH KEY vnam = yourvariable
        IF sy-subrc = 0.
          IF w_s_var_range-low(4) <>  w_s_var_range-high(4).  " Your condition or Logic
            l_msgv1     = c_qtr_com1.  " Your message
            i_handle = 9998.
            CALL FUNCTION 'RRMS_HANDLE_MESSAGE_INIT'
              EXPORTING
                i_handle         = i_handle
                i_msg_handler_id = sy-uzeit.
            CALL FUNCTION 'RRMS_MESSAGE_HANDLING'
              EXPORTING
                i_class  = 'RSBBS'
                i_type   = 'I'
                i_number = '000'
                i_msgv1  = l_msgv1
            RAISE again.
          ENDIF.
        ENDIF.
      ENDIF.

  • Authorization (rsecadmin) with customer exit variable

    Hello,
    I need to maintain authorization on 0CALMONTH with a customer exit variable.
    0CALMONTH is "authorization relevant"
    I created a variable of type "customer exit" : ZVAR001 (this variable is OK, I checked its value in a query)
    I created a new authorization object with 0CALMONTH = $ZVAR001.
    When I run my query I have a message due to authorization error.
    If I change my authorization object by replacing my variable ($ZVAR001) by a constant value I have no authorization problem.
    I don't understand why...
    Error logs don't help me to solve my problem : I have the following message "Message EYE007: You do not have sufficient authorization" and system just says I have "0CALMONTH  I EQ $ZVAR001 " but doesn't precise values under variable ZVAR001
    Thanks for your help

    Indeed problem was in costumer exit because I used condition with "I_STEP". Since I have delete my condition I have no authorization problem with my variable....

  • Customer-Exit for analysis Authorizations: i_step = 3, i_vnam is empty

    Hello all,
    I have checked multiple scenarios and I cannot figure out the mistake I've done:
    Current situation/setup:
    1. Creation of several variables and adding each of them to different queries :
    Variable Type Processing Infoobject Selection ready for input
    COB 1 6 ZCCOSTCTR__ZCCOB S
    CB2 1 6 ZCCOB S
    CBV 1 3 ZCCOB S
    2. Adding values in a role (currently 3.0 is used and we want to check the exit and if it works before upgrading to 7.0) and assign it to the user:
    Old active Object:ZCKS_COB:
    1KYFNM *
    9ZCCOB $C-B2, $C-OB , $C-BV
    added new object without 1KYFNM:
    ZCCOB $C-B2, $C-OB, , $C-BV
    3. Marked the used object auth. relevant for the cube of the query
    4. Enhanced ZXRSRU01 via CMOD with coding and activated also the project:
    WHEN 'COB' or 'RESPNO'.
    IF I_STEP = 0.
    IF I_STEP = 1.
    IF I_STEP = 3.
    CALL FUNCTION 'Z_VARIABLE_BY_AUTH'
    EXPORTING
    I_VNAM = I_VNAM
    TABLES
    E_T_RANGE = E_T_RANGE
    EXCEPTIONS
    NO_AUTH = 1
    NOT_VALID = 2
    MISSING_OPERATOR = 3
    OTHERS = 4.
    ENDIF.
    The function 'Z_VARIABLE_BY_AUTH' was tested separately and fills in E_T_RANGE as expected.
    I also changed the variable names each time to all the other existing variables while debugging.
    If I use a variable of type customer-exit and process it with i_step =1 the value selection and query result is OK.
    But this scenario works without roles and authorization values triggered by a variable $<VARIABLE> and is not the intended and documented way proposed by SAP. The documentation says to create a variable of type authorizations and to process it in I_Step = 3. But in this step I_VNAM is empty and so there is no processing ot the function module.
    Has anyone a solution? I could not find the issue during several debugging sessions. One strange thing is the protocol of rssm: the authorization buffer is not reflecting the enhanced role but only the value $C-B2 for object ZCKS_COB.
    Thanks in advance to have a look on this tricky issue.
    Bye,
    Petra

    Hi Petra,
    You are correct.  I_VANM is not stored at I_STEP 3.  However, to access that value at I_STEP3, use the following code.
    IF I_STEP = '3'.
         READ TABLE I_T_VAR_RANGE INTO L_RANGE WITH KEY VNAM = '...variable name.....'
         IF SY-SUBRC = 0.
           ...code here to alter values...
          .....for example:  L_RANGE-LOW = 'S'
         ENDIF.
    ENDIF.
    Kind Regards,
    Larry

  • Questions about authorization variable customer user exit

    Dear all,
    To reduce the authorization maintenance effort, I found from the web that we can use authorization variable with customer user exit RSR00001.
    When I use the transaction CMOD to display the maintain the user exit RSR00001, the user exit does not found. I would like to know how can I use thie user-exit?
    My SAP version is R/3 4.7
    The information of authorization variable  from web is as follow:
    http://help.sap.com/saphelp_nw04/helpdata/en/6d/58f438114ee836e10000000a114084/frameset.htm
    Would anyone have some ideas to solve my questions?
    Many thanks
    Sunny
    Edited by: LI Sunny on Aug 3, 2010 12:08 PM

    Dear Bala Duvvuri,
    Firstly, many thanks of your reply.
    Actually, what I want to do is to call some user-exit when performing authorization checking. I want to add some logic to the authorization checking and the user exit can be called automatically when performing authorization checking.
    I mainly use this checking in the FI module.
    Are there any ways I can perform this checking?
    One more findings, I have another machine containing SAP XI, I can search the user exit RSR00001. but it doesn't exit in SAP R/3 4.7. Is it version issue or my SAP R/3 4.7 doesn't contain the BI module?
    Many Thanks again.
    Sunny

  • Customer Exit - Authorization

    Anyone who can give me a step by step procedure on how to use Customer Exit on Authorization....
    Thanks in Advance....

    Hi Mary Ann,
               Check ..............
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
    http://help.sap.com/saphelp_nw04s/helpdata/en/44/599b3c494d8e15e10000000a114084/content.htm
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f1a7e790-0201-0010-0a8d-f08a4662562d
    Regards,
    vijay.

  • Check user entry in Customer Exit Variable in i_step2

    Hi Folks,
    at the moment I'm facing a challenging problem. In an BW Query i have a Customer Exit defined as "not ready for Input" to catch the Variable in I_Step = 2 and fill by a certain algorithm. When i change the CE Variable to "Inputready", the user can enter values, but i have no chance to react on these values as i_step = 2 will not b reached during execution- And this behaviour is correct. BUT is there any chance to Check user entries in an Customer Exit variable and change this somehow in des code?
    Thanks for all replies.
    BR,
    Maik

    Hi there,
    It is possibel depending on what you wish to accomplish.
    You can create two variables for the same characteristic.
    The first is an input ready variable for the user to enter the data and the second is a not input ready variable CE where you can in step 2 process the data entered from the variable ready for input.
    You can than fill the CE variable with any data, but you will have the variable restricted by the two variables (the ready for input and the CE).
    But for validating you could throw an error message based on the variable input ready.
    Diogo.

  • HR ABAP Custom Authorization Check

    Hi all,
    We know that Implicit authorization check is carried out. The system determines whether the user has the authorizations required for the organizational features of the employees selected with
    GET PERNR.
        I have a question, if we create a custom authorization then, whether this custom authorization is checked or not.
    Thanks in Advance.

    There is no difference in the coding of the check, which as RJ has stated needs to be somewhere at the correct coding location... otherwise it is going no where.
    Some special differences are:
    - The object class of the custom object in SU21 => Authorization objects in HR cannot be deactived context specifically in SU24. You can create custom objects within SAP classes.
    - Depending on the transport type of your system, you will have to maintain transaction SU24 with a check indicator for the object - so make in known that the transaction has the capability to check the object. This does not affect "customer" systems, but is still a very good practice for the same reason that SAP forces it in their own development systems.
    - Additional object checks in SE93 (which are typically "plausibility" checks) are not subject to this restraint. The check is always there, and your ability to bypass it is limited if you check the tcode authority of the caller at initialization of the (called) coding context. CALL TRANSACTION will skip this check, unless the called transaction is sy-tcode already (as it is in variant transactions... which urban legends claim to be secured to use for CALL TRANSACTION).
    This concept is to a large extent influenced by SAP's own development guidelines and "settings" - but it is advisable to understand them and the intended authorization concept - to be able to create consistent customer implementations of SAP products.
    Of course there are exceptions to the rules... but they generally cause problems and sooner or later need to be corrected as well when the auditors get hold of them....
    Cheers,
    Julius
    Edited by: Julius Bussche on Apr 27, 2009 9:03 PM

  • BW Authorizations - Query variable with processing mode as "customer exit"

    Hi,
    Iam new to BW authorizations and have not yet worked on customer exit before. I was going through the documentation at various sites but I could not get the end to end description on how the query process( when using a variable for an InfoObject) works in case of customer exit.
    Let's assume that I am using  a query variable with processing mode as "customer exit" and at the exit I  write some code to extract user's authorizations from a z table. if this is the case, then when an end user runs a query,how will the the system know what value needs to be filled in the variable for the requesting user. Are the user details  also sent to the code along with the query variable? If so how. If I mis-understood the process then forgive me and let me know the correct process.

    Hi!
    welcome to SDN!
    customer exit variables need programing by user. so if you create a customer exit variable, you got to right a program which extracts values into this variable. we can do what ever we want in program, SAP will not deal anything ´with customer exits.
    with regards
    ashwin
    PS n:  Assigning point to the helpful answers is the way of saying thanks in SDN.  you can assign points by clicking on the appropriate radio button displayed next to the answers for your question. yellow for 2, green for 6 points(2)and blue for 10 points and to close the question and marked as problem solved. closing the threads which has a solution will help the members to deal with open issues with out wasting time on problems which has a solution and also to the people who encounter the same porblem in future. This is just to give you information as you are a new user.

  • Analysis authorization customer exit

    I want to pass authorization value in0PLANT_0COMP_CODE same as 0COMP_CODE. For that i am trying ro to make customer exit variable in CMOD. can anybody tell me where I can find values of 0COMP_CODE during cmod exit. In which internal table or field?
    If I will find the authorization value in 0COMP_CODE I will pass the same in 0PLANT_0COMP_CODE using exit variable.

    Heading 1: Yes  I had made variable in BEx only with customer exit option but in CMOD i want to write routine in i_step = 0 to pass value of 0comp_code in 0plant_0comp_code.
    This varibale i can assign in RSECADMIN in authorization.
    But can not able to find value for  0COMP_CODE in CMOD.
    Can you suggest in which internal table i will get values for authorizatiion.
    Regards,
    Rohan Shah

Maybe you are looking for

  • Error 9006 and error -50

    these 2 errors keep coming up when i try to download the toronto blue jays world series game from 93 that i bought, i kept getting 9006 errror until i reinstealled itunes with the newest update, and now i get error -50, please help

  • Need Help with Firework HTML in Dreamweaver

    I'm using dreamweaver 8 for a project. I want to seek council with someone. Basically my web page's tool bar is an image. I thought to do it this way because if I change the image i'd just have to change the new image to the old file name and everyth

  • Scanning characters in a text file

    Hello, firstly I am trying to get the program to work, then I will use different methods (program description shown in code). I have not done Java for a while therefore I do not know if i am on the right track or not - please say. Basicly I have the

  • Doubt on Sync-Async  bridge using BPM

    Hi Experts,                  I had a doubt on Sync-Async  bridge using BPM,    1. If sender system is SAP system and receiver system is non-sap system then while configuring in Integration Directory how many  Receiver Determinations should be done ?

  • Error when importing from Ipad

    I recently rebuilt my Aperture database to fix an issue that meant I had to repair it every time I tried to open Aperture. Now when I plug my ipad in, Aperture asks to import 400 images from the ipad. However, most of the  image previews for these im