Authority check in the report
Hi All ,
I have created a ALV report in that displaying three different reports on three radio buttons.These three reports uses same selection screen except 2-3 fields.
Now our customer wants to create two t-codes for the same report one for first radio button report only and other will have whole report.My query is how I can put a check in the report so that i can check authorization available for that user or not as he will not able to access other two reports.
Please suggest.
Regards,
Sachin
your first program event (LOAD-OF-PROGRAM) or 2nd event ( INITIALIZATION ) are good places to 1:, determine which tranacaction was used (sy-tcode), and 2:; to check the user's authorization and shut down before he even sees a selection screen, if he doesn't have authorization for the transaction code and/or the program.
By the way, you could hide the buttons you don't want the user to see with the AT SELECTION-SCREEN OUTPUT event, which is called before the first appearance of the user screen.... That way, you only need one program for your more-than-one transaction code. And, by utilizing a authoriztion object, and selection-screen output, you could do it all from one program and one transaction code.
Similar Messages
-
Authority Check at the T.Code level for the user in particular User Group
Hi Friends,
I have created a ZREPORT and assigned this report to a ZTRANSACTION CODE.
Need to give Authority Check at the T.Code level for the user in particular User Group.
I have searched in SCN, but not get suitable pages.
How to solve this?
Regards,
Viji.Hi Viji.
Saha way is actual way for authority tcode but user authority in TCODE:- SE38 he/she can run report(ZREPORT) wise program is run is no authority check.
Another way is you have also check authority in program level.
DATA: T_ROLE_USERS TYPE STR_AGRS OCCURS 0 WITH HEADER LINE.
INITIALIZATION.
CALL FUNCTION 'ESS_USERS_OF_ROLE_GET'
EXPORTING
ROLE = 'ZROLE'' " Role define
TABLES
ROLE_USERS = T_ROLE_USERS.
READ TABLE T_ROLE_USERS WITH KEY UNAME = SY-UNAME.
IF SY-SUBRC NE 0.
RETURN.
ENDIF.
Thanks & Regards
Rahul -
Is there any why to check that the reports are functioning well in Webanaly
Hi Experts,
is there any why to check that the reports are functioning well in Webanalysis?
any Help in this issue ASAP is highly appreciated
Kind Regards,
Vam-cWhat do you mean by checking whether they are working?
You can always open the report and see whether everything is working ;)
Regards
Celvin
http://www.orahyplabs.com -
"you are not authorized to view the report(s)" while access from custom fol
Hey all,
Becz of some requirement, i have customized SQR to store PDF output files into custom directory located in UNIX,
psreports/htst2/my_fodler.
When i try to access them using ViewContentURL or manually writing the follolwing URL into my browser while im being
in environment as syntaxed below
http://<webserver>/psreports/htst2/my_folder/my_pdf.pdf
the system kicks out of the system with the error "you are not authorized to view the report(s)" for all the users.
By default if i ran any report as distribution node setup all the PDF's are getting saved into...
/psreports/htst2/YYYYMMDD/CONTENT_ID/my_pdf.pdf
Those files im able to access like below
http://<webserver>/psreports/htst2/CONTENT_ID/my_pdf.pdf
Can anyone helpme out what is the difference and any workaround for this?
Thanks in advance.Fortunately, it is not allowed to go through all the path directories you want onto the server. If you want your report in a specific folder, then rewrite your code to create the output file where you want, after the admin give you the proper grant against that folder.
Nicolas. -
Hi,
In how many ways can we set authorizations? I mean, in how many levels? My requirement is, to check the Authorization for a specific user to see if he is authorized to execute a Specific Z-Transaction (Report) for a specific Plant. How do I do that? I assume I need to code the AUTHORITY-CHECK OBJECT.... in my report. If yes, in which event? Please let me know.
Thanks and Regards,
Venkat.Hi Venkat,
You can put in the AUTHORITY-CHECK at a number of points, after initialisation, during selection, prior to output - it depends on what the program is doing and how the rest of it is coded.
For example, doing a big select and then only outputting based on the authority check may not efficient with large volumes of data. -
Pl sql Code To count how max checkboxes are checked In the Report Region
I am developing a APEX report where I put check boxes to row row of the report result . So I checked Some of this check box. Now I need a code to count how many checkboxes are checked during the runtime
there is a forum for APEX: Oracle Application Express (APEX)
-
How to check whether the report is being called or not
Iam using srw.run_report.for calling another report. I have registered both the report in oracle apps11.0.3. When i run the master report in oracle apps I want to see whether the second report is called or not. How to check this.
Thanks.try to check it in C:\Reports6i\Bin
C:\Reports6i\Bin <-- this may varry depending on the location of your reports.
btw, are you generating a pdf file? -
Su01 - authority check for the object s_user_grp
Dear Basis Gurus,
requirement:
Decentralisation of user administration. Local site admins should only be able to administrate users belonging to special user groups.
What I have done:
Generated a new role via pfcg for transaction su01 and object s_user_grp. Activity for s_user_grp = 02. Up to this point this works without any problems.
But trying to limit the role to a certain user group (s_user_grp => class), this doesn't have any effect for the local site admins. They are still able to change all user data, nevertheless if the users are member of another group or not (group membership via sugr).
Please advice.
thanks and regards..,
svenHi Lakshmi,
thanks! That solved my problem.
regards..,
sven -
How to Check the report is Finished while calling a report from Forms 6i
Dear All,
I am Calling a report from oracle forms 6i, after runing report in " Run_Product(REPORTS,:fn_cntl.nb_report_name,ASYNCHRONOUS, RUNTIME, FILESYSTEM,pl_id, NULL);"
I need to copy the pdf to store it in another place once the report is generated.
My Problem is : that i want ot Check first the report has generated after " Run_Product(REPORTS,:fn_cntl.nb_report_name,ASYNCHRONOUS, RUNTIME, FILESYSTEM,pl_id, NULL);" is executed ? How to check the report is generated ot not?
As i tried to use the below procedure after "Run_Product(REPORTS,:fn_cntl.nb_report_name,ASYNCHRONOUS, RUNTIME, FILESYSTEM,pl_id, NULL);"" but his does not work... nothing happens
{code}
PROCEDURE FPC_COPY_REPORT (p_report_name varchar2) IS
repid REPORT_OBJECT;
v_rep VARCHAR2(100);
rep_status varchar2(20);
lv_id varchar2(1000);
BEGIN
repid := find_report_object('AMTP_995.RDF');
v_rep := RUN_REPORT_OBJECT(repid);
rep_status := REPORT_OBJECT_STATUS(v_rep);
if rep_status = 'FINISHED' then
message('Report Completed'); message('Report Completed');
else
message('Error when running report.'); message('Error when running report.');
end if;
END;
{code}
Any Helpactually My code is this:
declare
ln_alert number;
pl_id ParamList;
lv_report_name varchar2(10000);
lv_path varchar2 (100) := 'C:\';
lv_shared_path varchar2(1000);
lv_copy_file varchar2(10000);
cursor cr_dir_path IS
select v_dir_path
from md_directory
where v_dir_code ='SHR';
lv_file_name varchar2(1000);
BEGIN
open cr_dir_path;
fetch cr_dir_path into lv_shared_path;
close cr_dir_path;
lv_report_name := lv_path||:fn_cntl.nb_ref_no||'_M08600000_'||to_char(sysdate,'YYYYMMDD-HHmmss')||'.pdf';
if ffn_check_fields THEN
pl_id := Get_Parameter_List('LAI');
IF NOT Id_Null(pl_id) THEN
Destroy_Parameter_List( pl_id );
END IF;
pl_id := Create_Parameter_List('LAI');
if :fn_cntl.nb_report_name ='MMAT_REPORT'
then
if :fn_cntl.nb_report_desc ='EXPORT'
then
Add_Parameter(pl_id, 'PARAMFORM',TEXT_PARAMETER, 'NO');
Add_Parameter(pl_id, 'DESTYPE', TEXT_PARAMETER,'File');
Add_Parameter(pl_id, 'DESNAME', TEXT_PARAMETER, lv_report_name);
Add_Parameter(pl_id, 'DESFORMAT',TEXT_PARAMETER,'PDF');
Add_Parameter(pl_id, 'p_mat_no',TEXT_PARAMETER, :fn_cntl.nb_mat_no);
Add_Parameter(pl_id, 'p_ref_no', TEXT_PARAMETER, :fn_cntl.nb_ref_no);
Add_Parameter(pl_id, 'p_verified_by',TEXT_PARAMETER, user);
Run_Product(REPORTS,:fn_cntl.nb_report_name,ASYNCHRONOUS, RUNTIME, FILESYSTEM,pl_id, NULL);
DECLARE
repid REPORT_OBJECT; v_rep VARCHAR2(100); rep_status varchar2(20);BEGIN
/* REP_OBJ= REPORT OBJECT CREATED UNDER REPORT NODE AT FORM */
repid := find_report_object('MMAT_REPORT'); v_rep := RUN_REPORT_OBJECT(repid);
rep_status := REPORT_OBJECT_STATUS(v_rep);
if rep_status = 'FINISHED' then
message('Report Completed'); message('Report Completed');
--copy_report_object_output(v_rep,'c:\local.pdf');
-- host('netscape c:\tlocal.pdf');
else message('Error when running report.');
message('Error when running report.');
end if;
END;
end if;
end if;
if :fn_cntl.nb_report_desc ='EXPORT'
then
error_handler('This report will be Storde in ' ||lv_report_name||' and '||lv_shared_path|| ' Location',3);
lv_copy_file :='copy '||' "'||lv_report_name||'" "'||lv_shared_path||'"';
host(lv_copy_file,no_screen);
error_handler('Report Has been Generated Sucessfully.',3);
end if;
end if;
END;I will try first the another solution you have replied perviously... and will let you no the results... thanks a lot... -
RE: Authority checks included in the info set of the query
Hi all,
I am checking the program code for one of our custom tcodes and i asked ABAP team to add authority check to the program code because there is no auth check in the code and abapers told me that the authority check is included inside the info set of the query and not in the program . the program is used to execute the query in the Tcode.
how to find the Authority checks included in the info set of the query.
Thanks in advance,
Sun.If you have the BI support roles assigned to you and the security admin roles please login to the BI system
execute transaction RSECADMIN, click on the analysis tab and execute as the user who is assigned the role with restrictions.
For variables in authorizations like ( type customer exit )
use RSECADMIN - maintain authorization tab - Click on value authorization tab.
Keytransaction is RSECADMIN & infoobject maintenance details you can get from RSD1.
Regards -
Hi all,
I have a problem with authority check in a report.
I have to access to a field in an infotype and subtype.
I have all authorizations for this subtype and infotype.
I'm trying to retrieve this data from an employee, but this employee has informed another subtype in this infotype where I haven't permisions.
As in the source code there aren't access to this subtype where I haven't permisions, I found that the systems make it's authority check before the START-OF-SELECTION in class CL_HRPAD00AUTH_CHECK_STD, method IF_EX_HRPAD00AUTH_CHECK~CHECK_AUTHORIZATION.
The system takes the employee number, gets all its informed infotypes and subtypes and perform the authority check for my user, so I can't access to this employee information.
I think this authority check is made by the use of PNP logical database.
Is there any way to avoid this authority check?
Regards,
Angel CepaHi Angel Cepa,
first of all: maybe you can use logical database PNPCE, because PNP is obsolet.
Anyway, please refer to the documentation of PNPCE (transaction SE36), that may solve your problem.
PNP/PNPCE knows two ways to check authority:
1. If no authorization exists for even one individual data record of one of the infotypes used, processing of the personnel numbers is terminated by default (switch "PNP_SW_SKIP_PERNR" = Y)
2. If you set this switch (at the INITIALIZATION or START-OF-SELECTION events) to N, no more personnel numbers (without authorization) are skipped. Only the data records for which no authorization exists are rejected (that is, not made available).
So, simply set the switch, mentioned above, to "N" and you will have access to this employee (except the infotype-records, you don't have authority for).
Regards
CHRIS -
With regard to lock object and authority check
hi all
i would like to know about lock object and authority check specifically in reports. there is a coding in sap library with regard to authority check, but there is no coding to restrict user (i mean there is no user names that the object is restricting for a particular user or any user has got permission to change or display object).
further, the code mentions that you need an authorization in your user master record for the object, could any of u explain where is user master record.
below is the code for authority check.
*& Module USER_COMMAND_0100 INPUT
MODULE USER_COMMAND_0100 INPUT.
CASE OK_CODE.
WHEN 'SHOW'.
AUTHORITY-CHECK OBJECT 'S_CARRID'
ID 'CARRID' FIELD '*'
ID 'ACTVT' FIELD '03'.
IF SY-SUBRC NE 0. MESSAGE E009. ENDIF.
MODE = CON_SHOW.
SELECT SINGLE * FROM SPFLI
WHERE CARRID = SPFLI-CARRID
AND CONNID = SPFLI-CONNID.
IF SY-SUBRC NE 0.
MESSAGE E005 WITH SPFLI-CARRID SPFLI-CONNID.
ENDIF.
CLEAR OK_CODE.
SET SCREEN 200.
WHEN 'CHNG'.
AUTHORITY-CHECK OBJECT 'S_CARRID'
ID 'CARRID' FIELD '*'
ID 'ACTVT' FIELD '02'.
IF SY-SUBRC NE 0. MESSAGE E010. ENDIF.
MODE = CON_CHANGE.
SELECT SINGLE * FROM SPFLI
WHERE CARRID = SPFLI-CARRID
AND CONNID = SPFLI-CONNID.
IF SY-SUBRC NE 0.
MESSAGE E005 WITH SPFLI-CARRID SPFLI-CONNID.
ENDIF.
OLD_SPFLI = SPFLI.
CLEAR OK_CODE.
SET SCREEN 200.
ENDCASE.
ENDMODULE. " USER_COMMAND_0100 INPUT
i thank u all for the help in advance.hi
this might help
REPORT YUSRLOCK NO STANDARD PAGE HEADING.
TABLES: TRDIR, USR02.
DATA: MARK,CNTR TYPE I,
ACCNT LIKE USR02-ACCNT, ERDAT LIKE USR02-ERDAT,
ANAME LIKE USR02-ANAME, CLI(3) VALUE 'AAA', SZIN TYPE I,
SYDATUM LIKE SY-DATUM, FLAG(3).
TABLES: UINFO.
DATA: OPCODE TYPE X VALUE 2.
DATA: BEGIN OF USR_TABL OCCURS 10.
INCLUDE STRUCTURE UINFO.
DATA: END OF USR_TABL.
START-OF-SELECTION.
CALL 'ThUsrInfo' ID 'OPCODE' FIELD OPCODE
ID 'TAB' FIELD USR_TABL-SYS.
SELECT * FROM USR02 CLIENT SPECIFIED ORDER BY MANDT BNAME.
IF USR02-MANDT <> CLI.
SZIN = SZIN + 1. SZIN = SZIN MOD 2.
CLI = USR02-MANDT.
ENDIF.
IF USR02-UFLAG = 0.
MARK = ' '.
ELSE.
MARK = 'X'.
ENDIF.
CLEAR FLAG.
LOOP AT USR_TABL.
IF USR_TABL-BNAME = USR02-BNAME AND USR_TABL-MANDT = USR02-MANDT.
FLAG = '!!!'.
ENDIF.
ENDLOOP.
SYDATUM = SY-DATUM - 30.
IF SYDATUM < USR02-TRDAT.
IF SZIN = 0.
WRITE:/ ' ', MARK AS CHECKBOX,' ', USR02-BNAME COLOR 2,
' ',USR02-MANDT COLOR 2,
' ',USR02-USTYP COLOR 2,
' ',USR02-TRDAT COLOR 2, USR02-LTIME COLOR 2,
' ',FLAG COLOR 6.
ELSE.
WRITE:/ ' ', MARK AS CHECKBOX,' ', USR02-BNAME COLOR 3,
' ',USR02-MANDT COLOR 2,
' ',USR02-USTYP COLOR 2,
' ',USR02-TRDAT COLOR 2, USR02-LTIME COLOR 2,
' ',FLAG COLOR 6.
ENDIF.
ELSE.
IF SZIN = 0.
WRITE:/ ' ', MARK AS CHECKBOX,' ', USR02-BNAME COLOR 2,
' ',USR02-MANDT COLOR 2,
' ',USR02-USTYP COLOR 2,
' ',USR02-TRDAT COLOR 4, USR02-LTIME COLOR 4,
' ',FLAG COLOR 6.
ELSE.
WRITE:/ ' ', MARK AS CHECKBOX,' ', USR02-BNAME COLOR 3,
' ',USR02-MANDT COLOR 2,
' ',USR02-USTYP COLOR 2,
' ',USR02-TRDAT COLOR 4, USR02-LTIME COLOR 4,
' ',FLAG COLOR 6.
ENDIF.
ENDIF.
HIDE: USR02-BNAME, USR02-MANDT.
ENDSELECT.
CLEAR USR02.
TOP-OF-PAGE.
WRITE:/ 'LOCK USER CLIENT TYPE LAST lOGIN ' COLOR 6.
SKIP.
AT USER-COMMAND.
IF SY-UCOMM = 'SEL'.
DO.
CLEAR MARK.
READ LINE SY-INDEX FIELD VALUE MARK.
IF SY-SUBRC NE 0. EXIT. ENDIF.
IF USR02-BNAME IS INITIAL.CONTINUE.ENDIF.
SELECT SINGLE * FROM USR02 CLIENT SPECIFIED WHERE
MANDT = USR02-MANDT AND BNAME = USR02-BNAME.
IF MARK = 'X' AND USR02-UFLAG = 0.
USR02-UFLAG = 64.
UPDATE USR02 CLIENT SPECIFIED SET: UFLAG = 64 WHERE
MANDT = USR02-MANDT AND
BNAME = USR02-BNAME.
COMMIT WORK.
ENDIF.
IF MARK = ' ' AND USR02-UFLAG = 64.
USR02-UFLAG = 0.
UPDATE USR02 CLIENT SPECIFIED SET: UFLAG = 0 WHERE
MANDT = USR02-MANDT AND
BNAME = USR02-BNAME.
COMMIT WORK.
ENDIF.
ENDDO.
CLEAR USR02.
ENDIF.
regards
Arun -
Authority Check - Best Practice - Optimum Way
Hi Experts,
I want to use authority check in my reports. The requirement is to filter data on the selection screen and execute the query. Error messages are not to be thrown because, a user will find it difficult to enter all the document types/company codes/sales areas etc authorized and remove the ones not authorized from the range.
I am planning to create range tables and populate it with the authorized values and use it in the select queries.
I have two concerns:
1. I will have to build range tables based on the values authorized. This will take some time, keeping in mind that append is an expensive statement.
2. What if the range table becomes big enough to give me a dump in the select query in some scenario. (What if scenario? Its a rare possibility that some field like this also needs to be authorized)
What is the best practice or rule of the thumb that you have figured out.
Thanks,
Abdullah Ismail.Are they asking you to check the authorisations for each of the following?
1. Sales Organization
2. Distribution Channel
3. Division
4. Sales Group
5. Sales Office
6. Sales Document Type
7. Sales Country
8. Material Group(Brands)
If so that is completely over engineered and good luck with that. Surely you only need to check at one level of the sales structure, the lowest level I would guess. Your auths team should be able to guide you here and I cannot imagine they would want that level of auths as it would be a nightmare for them to build it. I suppose you might want one on material group as well.
Therefore they auths team or functional consultants will need to tell you at what level you are checking for each report, there will only be a small number at each level, (think you will struggle to get near the 12,000 Rob points out would cause an issue with a range) of the sales structure so I would use a range, you wonu2019t have that many appends and it wonu2019t add much to the time of the report. While for all entries is great you can also use the range where the report may have already used for all entries on a select and better not to have to rebuild the whole report.
Also I would do the auths check first up and make the field mandatory if they really want it nice and tight so the user has to choose, you can use a PID to make it a bit more friendly.
If you know the setup is the same each time you could use a standard include and subroutine, or ABAP objects would probably be the best route with a set of standard methods to call.
Hope that helps,
Tim -
Troubleshooting through Authority check
Hello All,
Please let me know the procedure for troubleshooting at programming level. I understand, we have to go thru SE38 then authority check but, I want to know the correct program name for authority check at the auth.object level , the tcode level and steps after executing the program.
Regard's
Salman>
> Can We do troubleshooting at the programming level ? If yes, then please let me know the steps to proceed.
>
Seems your requirement is to find out the meaning and requirement of Authority Check.
You know each Transaction Codes consist of several screens through which we used to navigate by clicking some buttons. These screens are basically represented by separate programs called Dynpro (Dynamic Program). You know the Authorization Objects are the control point of measuring access to a user. These Objects are not checked for their values just because you see them in SU24 or in USOBT_C. They are basically checked by a typical ABAP program statement called "AUTHORITY-CHECK".
Now if you want to see the AUTHORITY-CHECK statements involved for a specific TCode: You can do this by using the report RSABAPSC.
Regards,
Dipanjan -
Need to Check whether the program is Active or not
Is there any statement where i can check whether the report program is Active or not.
Using below statement i am copying the entire Code in internal table it_source.Before copying in the source code in the internal table it_source.I need to check that program is Active or not if it is not active and i need to give a pop message and forceliy i need to Active it.
read report wa_trdir-name into it_source.Hi Srini,
i just checked the table REPOSRC for a program which was not activated, i got two entries for the program one as active and one as inactive ,as soon as i activated the program there was a single entry.
so is it that we should check if we have any inactive entry in the table for the program?.
Regards,
gunjan
Maybe you are looking for
-
Does one need to disable the wifi on ones reuter if using a time capsule to create a new network what happens if you don't and what are the benefits of doing so
-
Run button not appearing in 11.5.10.2 workflow administrator
Hi, I am learning Oracle workflow on E-business suite 11.5.10.2 and very new in this.I am selecting a workflow in developer studio(under workflow administrator responsibility) and it is appearing also.But now when I want to run the workflow I am not
-
IPhoto Slideshows: major loss of quality when passed to iMovie or iDVD
Problem: Slideshows created in iPhoto and exported to a Quicktime movie lose quality when exported from iMovie or iDVD. I've read through many threads in both the iMovie and iDVD forums, and I've done a lot of testing to find the source of my frustra
-
Pls give me step by step sequence of Automatic Payment Prog
Hi, Pls give me step by step sequence of Automatic Payment Program. Thanks in Advance
-
Illustrator CS2 Still default after upgrade to CS5
When I right click a pdf - on windows 7 - and go to open with, it shows only illustrator CS2. So when I go to open with > choose file location, and select CS5 there, it automatically shows CS2 instead. This is not ok. I even tried removing the cs2 ex