AUTHORITY CHECK BADI

Similar Messages

• Authority check on Creation of Purchase order usin badi BBP_ITEM_CHECK_BADI

  hi all,
  i have to apply authority checks on creation of Purchase order and shopping cart in SRM using badi BBP_ITEM_CHECK_BADI.
  i have applied checks on creation of shopping cart   using this badi which have some filters but how to apply on purchasing order using BBP_ITEM_CHECK_BADI.

  hi,
    You can use the BBP_DOC_CHECK_BADI.
  BR,
  Disha.
  Pls rewar points for useful answers.

• Authority Check for a selection condition/Range

  I am relatively new to ABAP and still learning.
  I am trying to create an authorisation check as part of a custom badi implementation.
  i have amended the code, but i am just trying to figure out how to take the selection condition table to get the specific value to check.
  i know the parameter - p_tplnr
  this code is pulled back into the Badi..
  * Import selection result
    IMPORT sel_tab = lt_nodes selcond = t_selcond          
      FROM MEMORY ID 'DIACL_SELECTION_NEW'.
  the table is t_selcond . so i do a loop round table into structure based upon this parameter.
  it could have single or multiple objects, and i am just unsure which object needs to be auth checked....
  my code...
  *--- Defect # 96 - Add Authorisation Check to filter out all Functional Locations.
    DATA: s_selcond TYPE rsparams.
    DATA: tplnr     TYPE diacl_lbk_sel_ds-tplnr.
  *--- Read table where selection name is Functional Location
    LOOP AT t_selcond INTO s_selcond
    WHERE   selname = 'P_TPLNR'.
      IF sy-subrc = 0.
  *--- Check the authorisation object for functional location
        AUTHORITY-CHECK OBJECT 'P_TPLNR'
        ID 'TPLNR' FIELD tplnr
        ID 'ACTVT' FIELD '03'.
      ENDIF.
    ENDLOOP.
  My question is how do i Authority Check the values within s_selcond when it could have single or multiple entries and could have conditions to include/exclude and have selection options?

  Hi ,
  LOOP AT t_selcond INTO s_selcond
    WHERE   selname = 'P_TPLNR'.
  endloop.
  -----------------This code can be replaced by
  READ TABLE T_SELCOND INTO S_SELCOND WITH KEY SELNAME = 'P_TPLNR'. "binary search after sort ..
  CHECK SY-SUBRC EQ 0
  auth-check  object...
  some basic code to get an idea ...
  tables /BIC/SPLANTGRP.
  select-options: so_basin for /bic/splantgrp-/bic/plantgrp no-display.
  so_basin-low = '1'. append so_basin.
  so_basin-low = '2'. append so_basin.
  so_basin-low = '3'. append so_basin.
  so_basin-low = '4'. append so_basin.
  loop at so_basin.
    write:/ so_basin-low.
  endloop.
  read table so_basin with key low = '4'.
  if sy-subrc eq 0 .
    write:/ 'found hit', so_basin-low.
  else.
    write:/ 'found NO hit'.
  endif.
  read table so_basin with key low = '5'.
  if sy-subrc eq 0 .
    write:/ 'found hit', so_basin-low.
  else.
    write:/ 'found NO hit'.
  endif.
  vijay

• BRFPlus - Control Rule maintenance using Auth checks (BADI?)

  Hello BRFPlus gurus,
  We are reviewing BRFPlus for use in our global project and here is our question.
  We want to develop some rules, for use in Business Workflow, using BRFPlus and make them available for change to users. Some of these rules are going to be based on company code and we want to control rule maintenance based on company code to ensure users can only modify/create/display rule (e.g. decision table entries) entries only for the company code that they belong to. e.g. user for company code 0001 should not be able to change decision table entry for company code 0002.
  currently we have similar rules maintained using ECC custom table maintenance and we use  table maintenance Events' to code authority checks for custom auth objects.
  I am wondering if BRFPlus has any BADI (or similar mechanism) available to allow us program these auth checks depending on 'Element' values.
  I would greatly appreciate your response.
  Thanks,
  Saurabh

  Hi Carsten,
  Thanks for making us aware of that hidden feature that we could use.
  would you mind sharing some high-leve steps that we could follow to complete the BRFPlus prototype we are doing?
  Ability to control modification of these objects using auth is one of the key criteria for prototype success .
  Looking forward to learn more about this rule engine.
  Thanks,
  Saurabh

• LB13 add authority check

  Hi,
  I want to add an authority check on movement type using transaction LB13 and then create TO (both background as foreground) .
  Are there any user-exits / BADI's avaibalbe to build in an extra check, which allow error messages and will be passed using LB13?
  It seems that the only user-exit that is passed is EXIT_SAPML03T_002 but if I add an error message in this exit, it will end in an internal error, which of course I don't want to.
  kind regards
  Maarten

  Hi ,
  I don't know that you already resolved this issue. Any way try creating custome Authorization for plant and use it
  Create  Z_IS_WERKS with following authorization fields and assign permited value '03' for field ACTVT.
  ACTVT     Activity
  WERKS     Plant
  Use this code.
  AUTHORITY-CHECK OBJECT 'Z_IS_WERKS'
                 ID 'ACTVT' FIELD lv_display
                 ID 'WERKS' FIELD zmapw-werks.
  Regards,
  Babu

• Authority check at field level in sales order

  Dear all, our business requirement is the following:
  only some users should be able to see the prices (including netwr, netpr,...) in the sales order depending on the authority check performed on the sales group field.
  This means that for an order of sales group 'A':
  a user of sales group 'A' can see the prices and change the order, a user of sales group 'B' cannnot see the prices but can change the order, a user of sales group 'C' can display the order but cannnot see the prices.
  I ask you if such a scenario can be realized in SAP.
  We currently run SAP ECC 5.0.
  thx all !
  bye Roberto

  Hi agree with Jan and Auke,
  To my knowledge it is object V_KONH_VKO which you are looking for. See the documentation in SU24 - SD class.
  But whether or not that will influence the visibility / editability of the screen in VA02 etc when turned the check on in SU24, I am not sure.
  If not, search the forum for topics relating to "transaction variants", "variant transactions" and "screen variants" to see whether those solutions will fulfill the requirement.
  Cheers,
  Julius

• ALV GRID and AUTHORITY-CHECK

  Hi all !!! 
  I'm using the ALV Grid control with checkboxes and I want to control if the actual user have the appropriate authorization to check/uncheck them.
  In the AUTHORITY-CHECK call, I want to make the authorization test on the "DEPARTMENT" of the user (from Table USER_ADDR or SU01).
  For example :
  DEPARTMENT AA1 --> check/uncheck OK
  DEPARTMENT AA2 --> check/uncheck NOT OK
  DEPARTMENT AA3 --> check/uncheck OK
  ... etc.
  How can I do ? Create an new authorization object/field ?
  PS : it's the first time I'm using AUTHORITY-CHECK..

  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check. 
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object> 
     ID <authority field 1> FIELD <field value 1>. 
     ID <authority field 2> FIELD <field value 2>. 
     ID <authority-field n> FIELD <field value n>. 
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  Example ;
  REPORT  EXAMPLE MESSAGE-ID Z1.
  TABLES: USR02.
  PARAMETERS: LOCK AS CHECKBOX, LISTLOCK AS CHECKBOX.
  DATA: UFLAGVAL TYPE I, LOCKSTRING(8) TYPE C.
  ---- Authorization check -
  AUTHORITY-CHECK OBJECT 'ZPROG_RUN' ID 'PROGRAM' FIELD SY-CPROG.
  IF SY-SUBRC <> 0.
    IF SY-SUBRC = 4.
      MESSAGE E000 WITH SY-CPROG. "some message about authorization check failure
    ELSE.
      MESSAGE E005 WITH SY-SUBRC. "some message about authorization check failure
    ENDIF.
  ENDIF.
  IF LISTLOCK = 'X'.
    WRITE:/ 'List all locked users: '.
    SELECT * FROM USR02 WHERE UFLAG = 64.
      WRITE: / USR02-BNAME.
    ENDSELECT.
    EXIT.
  ENDIF.
  IF LOCK = 'X'.
    UFLAGVAL = 64.                       "lock all users
    LOCKSTRING = 'locked'.
  ELSE.
    UFLAGVAL = 0.                        "unlock all users
    LOCKSTRING = 'unlocked'.
  ENDIF.
  SELECT * FROM USR02 WHERE BNAME <> 'SAP*' AND BNAME <> SY-UNAME.
    IF USR02-UFLAG <> 0 AND USR02-UFLAG <> 64.
      WRITE: 'User', USR02-BNAME, 'untouched; please handle manually.'.
      CONTINUE.
    ENDIF.
  check that user has authority to make these changes
    AUTHORITY-CHECK OBJECT 'S_USER_GRP'
        ID 'CLASS' FIELD USR02-CLASS
        ID 'ACTVT' FIELD '05'.
    IF SY-SUBRC <> 0.
      IF SY-SUBRC = 4.
        WRITE: /'You are not authorized to lock/unlock user ',
          USR02-BNAME, USR02-CLASS.
      ELSE.
        WRITE: /'Authorization error checking user ',
               USR02-BNAME, USR02-CLASS, '(return code', SY-SUBRC, ').'.
      ENDIF.
    ELSE.                                "has authority
      UPDATE USR02 SET UFLAG = UFLAGVAL WHERE BNAME = USR02-BNAME.
      WRITE: / 'User', USR02-BNAME, LOCKSTRING, '.'.
    ENDIF.

• Company code authority check

  Hi
  we have created ZTTL01 table maintenance view. Should not allow unauthorized company code to update/create or display.
  I searched thru forums and collected below points. but could not test it successfully.
  Authorization object (Z_XXX_BUK) was created.But <Permitted activities> Button is not available in display authorization object(SU21) to see what are the activities are permitted.
  In su01 for my user no roles or profiles are defined.
  To do
  Trying to write  below code in PBO and PAI flow logic of ZCHECK_BUK table for screen 01
  PBO & PAI
  *First statement
  Module Authorictycheck.
  module Authoritycheck
    LOOP AT EXTRACT.
      AUTHORITY-CHECK OBJECT 'ZCHECK_BUK'
                          ID 'ACTVT' FIELD '01,02,03'
                          ID 'BUKRS' FIELD ZTTL01-BUKRS.
      IF sy-subrc <> 0.
        MESSAGE e000(zrpt) WITH 'You do not have the authorization to'
      EXIT.                          'access Bukrs'extract-bukrs.
      ENDIF.
    ENDLOOP.
  endmodule
  Can i use above code in PBO and PAI to check change of company code?
  I am sharing role and profile created by other user, which allows only company code 'A10'.
  How to test this now?
  se11->Utilities->table contents create should not allow me to input A11 or other company codes? pls confirm.
  Regards
  Chandra

  Hi Suhas
  Regarding 1) It works when i remove the FORM routine assinged for EVENTS.
  Thanks for ur input.
  Regarding 2)When the user displays record in SM30 for a table, he must not be able to see the company code AD01.
  To achieve this can i use EVENT AA?
  I create FORM routine <hide_cocode> in EVENT AA and store at include LZXXXXF01.
  FORM ZHIDE_COCODE.
  DATA: F_INDEX LIKE SY-TABIX."Index to note the lines found"
  LOOP AT TOTAL.
  READ TABLE EXTRACT WITH KEY <vim_xtotal_key>.
  IF SY-SUBRC EQ 0.
  F_INDEX = SY-TABIX.
  ELSE.
  CLEAR F_INDEX.
  ENDIF. "(make desired changes to the line TOTAL)
  MODIFY TOTAL.
  CHECK F_INDEX GT 0.
  EXTRACT = TOTAL.
  MODIFY EXTRACT INDEX F_INDEX.
  *ENDIF.
  ENDLOOP.
  SY-SUBRC = 0.
  ENDFORM.
  I made break point at line LOOP at Total. and executed SM30 and clicked Display button.
  Sorry Code stops here and table TOTAL has flat line structure of empty.Loop at total is skipping
  what should be done now?
  Regards
  Chandra

• Authority check on company code

  Hi ,
        How i need to check whether the company codes in an internal table is having creation access to the particular user or not ?.
       In authority check what is  ACTVT - 01,02,03  signifies ??
  Thanks in adv.
  varma

  LOOP ...
  AUTHORITY-CHECK OBJECT 'F_LFA1_BUK'
  ID 'BUKRS' FIELD T_COMP_CODES-BUKRS
  ID 'ACTVT' FIELD '01'.
  IF SY-SUBRC <> 0.
  move  w_COMP_CODES-bukrs to (itab1).
  ENDIF.
  AUTHORITY-CHECK OBJECT 'F_LFA1_BUK'
  ID 'BUKRS' FIELD T_COMP_CODES-BUKRS
  ID 'ACTVT' FIELD '02'.
  IF SY-SUBRC <> 0.
  move  w_COMP_CODES-bukrs to (itab2).
  ENDIF.
  ENDLOOP.
  Hence segregating all the Company codes as per the authorization.

• Authority check in hr payroll infotype report

  Hi all,
  We have developed a report which gives infotypewise employee details.here we are checking authority for reading employee data.we are applying authority check at selection-screen and while reading the data from database tables.following is the sample code.
  do .
  if  s_abkrs-high < s_abkrs-low.
      authority-check object 'P_PCR'
                id 'ABRKS' field s_abkrs-high
                id 'ACTVT' field '01'
                id 'ACTVT' field '02'.
      if sy-subrc <> 0.
        message id 'ZHR_ERRMSGS' type 'E' number '292' with s_abkrs-low.
      endif.
  exit.
  endif.
      authority-check object 'P_PCR'
                id 'ABRKS' field s_abkrs-low
                id 'ACTVT' field '01'
                id 'ACTVT' field '02'.
      if sy-subrc <> 0.
        message id 'ZHR_ERRMSGS' type 'E' number '292' with s_abkrs-low.
      endif.
    s_abkrs-low = s_abkrs-low + 1.
  enddo.
  my senior says this code is right but it is not checking authority for all infotypes.can anyone suggest what changes are required in this code so that it will check authority for all infotypes.
  Thanks in advance.
  Regards,
  Harshada

  Hi ,
        A select-option will have a structure with four fields (sign , option , low , high) .
        So if you want to use your below code : you cannot check authority.
  loop at s_abkrs.
  authority-check object 'P_PCR'
  id 'ABRKS' field s_abkrs  <-- is an internal table
  id 'ACTVT' field '01'
  id 'ACTVT' field '02'.
  if sy-subrc 0.
  message id 'ZHR_ERRMSGS' type 'E' number '292' with s_abkrs-low.
  endif.
  endloop.
  The other option is :
  If your select option has values only in low ... then you can loop thru it ...
  loop at s_abkrs.
  authority-check object 'P_PCR'
  id 'ABRKS' field s_abkrs-low
  endloop.
  Regards,
  Srini.

• In DOC CHECK BADI: Check if PO has a SC when coming from a BID

  Hi Experts,
  Please consider this situation and recommend best possible approach.
  From Sourcing, I raise a BID and then create a PO from the BID.
  While PO creation, I need to check if this PO had SC and if so include the SC requestor in the approval if the price has increased while Bidding when compared the created SC.
  Here I am facing a challenge - When executing the DOC CHECK BADI, the FM: BBP_PROCDOC_GETDETAIL does not result any HEADER_REL itab values that shows any history details of the PO document. Whereas by the time the logic moves to the Workflow BADI, this same FM returns values (SC and other details).
  My Query: While creating from a BID, How can I check if this PO is generating out of a SC in the DOC CHECK BADI.
  Thanks in advance.
  Vj

  Hello Asha,
  You can check this BADI "BBP_ITEM_CHECK_BADI" and this badi is called when
  u2022     a new item has been created,
  u2022     an item has been changed or the document is to be checked
  Regards
  Sameer

• Web Service Homepage: Authority check failed

  Dear Colleagues,
  I have created a Web Service and now I want to test it via its Web Service Homepage (TA WSADMIN). The Homepage is displayed correctly, but testing leads to an error:
  Authority check failed
  Are there any prerequisites I maybe do not accomplish?
  (I tested a very similar web service in another system, and there it works)
  Here are some more information about my service:
  - Service was build with Web Service Wizzard out of a function module
  - Here you can see the conversation resulting of the test:
  POST /sap/bc/srt/rfc/sap/Z_TEST_Q73_CONFIG_WS?sap-client=003 HTTP/1.1
  Host: bsl8011.wdf.sap.corp:50073
  Content-Type: text/xml; charset=UTF-8
  Connection: close
  Cookie: <value is hidden>
  Cookie: <value is hidden>
  Authorization: <value is hidden>
  Content-Length: 381
  SOAPAction: ""
  <?xml version="1.0" encoding="UTF-8" ?>
  <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">
  <SOAP-ENV:Body>
  <ns1:Z_TEST_WS_CONFIG xmlns:ns1='urn:sap-com:document:sap:rfc:functions'>
  <INPUT>TEST</INPUT>
  </ns1:Z_TEST_WS_CONFIG>
  </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
  HTTP/1.1 500 Internal Server Error
  content-type: text/xml; charset=utf-8
  content-length: 363
  sap-srt_id: 20060404/125124/v1.00_final_6.40/1B0831447838C429E10000000A424016
  server: SAP Web Application Server (1.0;700)
  <soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
  <soap-env:Body>
  <soap-env:Fault>
  <faultcode xmlns:n0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">n0:FailedAuthentication</faultcode>
  <faultstring xml:lang="e">Authority check failed</faultstring>
  </soap-env:Fault>
  </soap-env:Body>
  </soap-env:Envelope>
  The WSDL-Document looks as follows:
  <?xml version="1.0" encoding="utf-8"?><wsdl:definitions targetNamespace="urn:sap-com:document:sap:rfc:functions" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="urn:sap-com:document:sap:rfc:functions" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><wsdl:types><xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns="urn:sap-com:document:sap:rfc:functions" targetNamespace="urn:sap-com:document:sap:rfc:functions" elementFormDefault="unqualified" attributeFormDefault="qualified"><xsd:simpleType name="char60"><xsd:restriction base="xsd:string"><xsd:maxLength value="60"/></xsd:restriction></xsd:simpleType><xsd:element name="Z_TEST_WS_CONFIG"><xsd:complexType><xsd:sequence><xsd:element name="INPUT" minOccurs="0" type="tns:char60"/></xsd:sequence></xsd:complexType></xsd:element><xsd:element name="Z_TEST_WS_CONFIGResponse"><xsd:complexType><xsd:sequence><xsd:element name="OUTPUT" type="tns:char60"/></xsd:sequence></xsd:complexType></xsd:element></xsd:schema></wsdl:types><wsdl:message name="Z_TEST_WS_CONFIG"><wsdl:part name="parameters" element="tns:Z_TEST_WS_CONFIG"/></wsdl:message><wsdl:message name="Z_TEST_WS_CONFIGResponse"><wsdl:part name="parameters" element="tns:Z_TEST_WS_CONFIGResponse"/></wsdl:message><wsdl:portType name="Z_TEST_Q73_CONFIG_WS"><wsdl:operation name="Z_TEST_WS_CONFIG"><wsdl:input message="tns:Z_TEST_WS_CONFIG"/><wsdl:output message="tns:Z_TEST_WS_CONFIGResponse"/></wsdl:operation></wsdl:portType><wsdl:binding name="Z_TEST_Q73_CONFIG_WSSoapBinding" type="tns:Z_TEST_Q73_CONFIG_WS"><soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/><wsdl:operation name="Z_TEST_WS_CONFIG"><soap:operation soapAction=""/><wsdl:input><soap:body use="literal"/></wsdl:input><wsdl:output><soap:body use="literal"/></wsdl:output></wsdl:operation></wsdl:binding><wsdl:service name="Z_TEST_Q73_CONFIG_WSService"><wsdl:port name="Z_TEST_Q73_CONFIG_WSSoapBinding" binding="tns:Z_TEST_Q73_CONFIG_WSSoapBinding"><soap:address location="http://bsl8011.wdf.sap.corp:50073/sap/bc/srt/rfc/sap/Z_TEST_Q73_CONFIG_WS?sap-client=003"/></wsdl:port></wsdl:service></wsdl:definitions>
  Can anyone help me, I have no Idea
  Message was edited by: Hans-Peter Bauer

  The message server defined in the SAP-Logon is us4278.wdf.sap.corp
  But the url of the web service starts with  http://us4185:58500/wsnavigator/jsps/explorer.jsp?description=WebServiceZ_TEST_Q73_CONFIG_WS
  But I think that's not the problem, is it? As I mentioned above the test page can be shown, but the after filling in the input parameters an pressing send, there appears the authorisation error.
  For better illustration I made some screenshots for you:
  1) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_OVERVIEW.gif
  2) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_TEST_INPUT_FORM.gif
  3) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_TEST_reqest_response.gif
  What can be wrong, if the error "n0:FailedAuthentication" appears?
  Regards,
  Peter
  Message was edited by: Hans-Peter Bauer

• How to use the AUTHORITY-CHECK in ABAP

  I am a security guy but am trying to understand how the AUTHORITY-CHECK works. I have read the help on it but it doesn't answer to my understanding. I want a check in a report so that no matter what the user selects the program goes out and checks the authorization in the users master record and only displays what he has access to. I am sure this is basic but I am not a programmer.
  Thanks

  Hi Greg,
    Basically a AUTHORITY-CHECK is a programmatic way to check a auth object a user has.  This is only as good as the person writing the code makes is.
  Here is a basic example of how it could work.  Lets say you have auth objects for users that limit them to see company code. User A can see cc 10, User B can see cc 20 and user C can see both.
  In the code the programmer would have to first do the authcheck to see what CC the user has access to.  Then they would have to limit his reporting based on the results of the authority check.  So they might do it by saying SELECT * FROM XYZTAB WHERE COMPANY CODE = AUTHCC
  This is what I think you are looking for.  There are other ways to use the auth check.  You can do a check and end the program with a message if they don't have authorization. 
  If you need more info, let me know
  John

• BBP_PD_MSG_ADD  issue in CHECK badi

  Hi all,,
  SRM 5.0 ECS
  I want to display an error message in the cofnirmation screen bit in the form op a POP UP !
  I tried using the FM BBP_PD_MSG_ADD in the CHECK badi but it doesnt display the message in the pop up format!
  The strange thing is that the pop up msg is being displayed in the search list screen before I click on CREATE CONFIRMATION button!
  I want the pop up msg to be displayed after the user clicks on the next screen after user clicks on create confirmation button...
  Please help as to where I am going wrong....
  Here is my code:
  IF flt_val = 'BUS2203'.
      IF sy-ucomm = 'BUTTON_CHECK'.
  REFRESH et_messages.
        CALL FUNCTION 'BBP_PD_CONF_GETDETAIL'
          EXPORTING
            i_guid          = iv_doc_guid
            i_with_itemdata = 'X'
          IMPORTING
            e_header        = lt_conf_header
          TABLES
            e_item          = lt_conf_item.
        LOOP AT lt_conf_item INTO ls_conf_item.
  *get the PO # and doc type
          lv_po = lt_conf_header-be_refobj+0(10).
          CALL FUNCTION 'BBP_PD_PO_GETDETAIL'
            EXPORTING
              i_object_id = lv_po
            IMPORTING
              e_header    = lt_po_header.
          IF lt_po_header-process_type = 'ECV' .
  CALL FUNCTION 'BBP_PD_MSG_ADD'
                EXPORTING
                  i_msgty       = 'W'
                  i_msgid       = 'BBP_SC'
                  i_msgno       = '014'
                  i_msgv1       = text-001
  *            i_doc_guid    = iv_doc_guid
                  i_field_name  = 'EXPRESS'
                EXCEPTIONS
                  log_not_found = 1
                  OTHERS        = 2.
  EXIT.
  ENDIF.
  ENDLOOP.
      ENDIF.

  Thanks Jay.
  If I change the SY_UCOMM to that of "CREATE CONFIRMATION" button,custom message does get displayed in POP UP form,but then the next screen (which should be displayed after lcicking on CREATE CONFIRMATION button) is not dsplayed and controlstays on the same screen which is worse!
  Please let me know if something wrongly written in  my code or if SRM CONFIRMATION screen is designed in such a way that custom messages cannot be diplaye din form of pop up!

• Authority check in for condition type

  Hi
  What do you mean by an authority check on condition type.. especially Pricing..
  There are authority check that are embedded as Reqt and AltCTy in the IMG at the pricing procedure level for different condition type.
  Could someone explain me what they are for..?
  Thanks
  Jac

  Hi,
      authority check is the std sap methodology of check the permitted authorisation values for every transaction  and every user.
  here in this example;authority object is used to maintain or change condition record for allowed condition types.
  scenario eg;if we maintain create value for user mukund for pr00 condition type ,system allows me only for creating .if we maintain change value for user sherin for condition type,system allows to change the values.
  net net i can create and u can change ,not visa-viz or any body else cannot do it.
  hope this is clear.if it helps  REWARD!!!!!!!