Authority-Checks in Function REUSE_ALV_GRID_DISPLAY
Hi fellow developpers,
I'm trying to figure out why a user with just basic
display-authorizations has the option "Excel-Download"
available in the ALV-Grid display variant of SE16
(data browser) while on the other hand for such a user
all the download-options seem to be automatically shut
off in my programs on basis of the function module
REUSE_ALV_GRID_DISPLAY. Does anybody know which authority
object(s) need to be granted to make those functions
available again?
Thanks in advance for your appreciated help
Andreas Flügel
Hi,
I found just one authority check.
authority-check object 'S_GUI'
id 'ACTVT' field '61'. "download
if sy-subrc <> 0.
Do you receive any message ?
Svetlin
Similar Messages
-
Bypassing authority check in function module
hi experts
I have developed an abap report on material bom explosion using function module cs_bom_explosion
Its working fine and all data are coming ok since I HAVE THE AUTHORITY OF T CODE CS03..
pls note all bom fn modules checks for authorization .
However in production environment some users may not have CS03 AUTHORIZATION.
for them this report is not displaying any bom data.
Now the requirement is such that user will not have cs03 authorization,
but will see the bom data through this report.
so how to stop the authorization check for cs_bom_explosion in abap report.
regards
pankajas per my knowledge, granting the rights to those users is only the solution. Now a days the customers are wanting to add explicit authority-check too in the Z objects!! so, i dont see its good idea to bypass the check.
thanq
Edited by: SAP ABAPer on Mar 7, 2009 6:12 AM -
Function module for se16 with out authority check for se16
Hi ,
I am creating a tode YSE16 which has same functionality as SE16 but having its own authority check. I am calling a function module RS_TABLE_LIST_CREATE function module to get the functionality of SE16. But is there any way that i can get the function module which do not check for the authorization for se16 and execute my tcode.
Regards,
Sri.Hi Sri,
If I am not wrong this is the question?
Guys , Sri is modifying the YSE16 as per this requirement. Do u have some other solution? Thanks.
Requirement is to create customized tcodes YSE16, YSM30 and YSE38 for se16, sm0 and se38. Lets start with YSE16.
Client want YSE16 tcode to restrict users based on some tables within a authorization group or even * value for auth group field.
SE16 restricted on:
S_TABU_DIS
Auth Group and Activity
As per Requirement YSE16 tcode sld be restricted on :
Y_TABU_DI2 (customized object)
Auth Group, Activity and Table name
We dont want to give SE16 to users in Production. So basically requirement is to restrict users on table name with YSE16 irrespective on authorization group. User sld only be able to access the table mentioned in Table name field.
so Srilu is trying to modify the Program. Can you please suggest some other way to modify it.
Thanks.
Regards,
Naveen Dalal -
Web Service Homepage: Authority check failed
Dear Colleagues,
I have created a Web Service and now I want to test it via its Web Service Homepage (TA WSADMIN). The Homepage is displayed correctly, but testing leads to an error:
Authority check failed
Are there any prerequisites I maybe do not accomplish?
(I tested a very similar web service in another system, and there it works)
Here are some more information about my service:
- Service was build with Web Service Wizzard out of a function module
- Here you can see the conversation resulting of the test:
POST /sap/bc/srt/rfc/sap/Z_TEST_Q73_CONFIG_WS?sap-client=003 HTTP/1.1
Host: bsl8011.wdf.sap.corp:50073
Content-Type: text/xml; charset=UTF-8
Connection: close
Cookie: <value is hidden>
Cookie: <value is hidden>
Authorization: <value is hidden>
Content-Length: 381
SOAPAction: ""
<?xml version="1.0" encoding="UTF-8" ?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<ns1:Z_TEST_WS_CONFIG xmlns:ns1='urn:sap-com:document:sap:rfc:functions'>
<INPUT>TEST</INPUT>
</ns1:Z_TEST_WS_CONFIG>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
HTTP/1.1 500 Internal Server Error
content-type: text/xml; charset=utf-8
content-length: 363
sap-srt_id: 20060404/125124/v1.00_final_6.40/1B0831447838C429E10000000A424016
server: SAP Web Application Server (1.0;700)
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
<soap-env:Body>
<soap-env:Fault>
<faultcode xmlns:n0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">n0:FailedAuthentication</faultcode>
<faultstring xml:lang="e">Authority check failed</faultstring>
</soap-env:Fault>
</soap-env:Body>
</soap-env:Envelope>
The WSDL-Document looks as follows:
<?xml version="1.0" encoding="utf-8"?><wsdl:definitions targetNamespace="urn:sap-com:document:sap:rfc:functions" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="urn:sap-com:document:sap:rfc:functions" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><wsdl:types><xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns="urn:sap-com:document:sap:rfc:functions" targetNamespace="urn:sap-com:document:sap:rfc:functions" elementFormDefault="unqualified" attributeFormDefault="qualified"><xsd:simpleType name="char60"><xsd:restriction base="xsd:string"><xsd:maxLength value="60"/></xsd:restriction></xsd:simpleType><xsd:element name="Z_TEST_WS_CONFIG"><xsd:complexType><xsd:sequence><xsd:element name="INPUT" minOccurs="0" type="tns:char60"/></xsd:sequence></xsd:complexType></xsd:element><xsd:element name="Z_TEST_WS_CONFIGResponse"><xsd:complexType><xsd:sequence><xsd:element name="OUTPUT" type="tns:char60"/></xsd:sequence></xsd:complexType></xsd:element></xsd:schema></wsdl:types><wsdl:message name="Z_TEST_WS_CONFIG"><wsdl:part name="parameters" element="tns:Z_TEST_WS_CONFIG"/></wsdl:message><wsdl:message name="Z_TEST_WS_CONFIGResponse"><wsdl:part name="parameters" element="tns:Z_TEST_WS_CONFIGResponse"/></wsdl:message><wsdl:portType name="Z_TEST_Q73_CONFIG_WS"><wsdl:operation name="Z_TEST_WS_CONFIG"><wsdl:input message="tns:Z_TEST_WS_CONFIG"/><wsdl:output message="tns:Z_TEST_WS_CONFIGResponse"/></wsdl:operation></wsdl:portType><wsdl:binding name="Z_TEST_Q73_CONFIG_WSSoapBinding" type="tns:Z_TEST_Q73_CONFIG_WS"><soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/><wsdl:operation name="Z_TEST_WS_CONFIG"><soap:operation soapAction=""/><wsdl:input><soap:body use="literal"/></wsdl:input><wsdl:output><soap:body use="literal"/></wsdl:output></wsdl:operation></wsdl:binding><wsdl:service name="Z_TEST_Q73_CONFIG_WSService"><wsdl:port name="Z_TEST_Q73_CONFIG_WSSoapBinding" binding="tns:Z_TEST_Q73_CONFIG_WSSoapBinding"><soap:address location="http://bsl8011.wdf.sap.corp:50073/sap/bc/srt/rfc/sap/Z_TEST_Q73_CONFIG_WS?sap-client=003"/></wsdl:port></wsdl:service></wsdl:definitions>
Can anyone help me, I have no Idea
Message was edited by: Hans-Peter BauerThe message server defined in the SAP-Logon is us4278.wdf.sap.corp
But the url of the web service starts with http://us4185:58500/wsnavigator/jsps/explorer.jsp?description=WebServiceZ_TEST_Q73_CONFIG_WS
But I think that's not the problem, is it? As I mentioned above the test page can be shown, but the after filling in the input parameters an pressing send, there appears the authorisation error.
For better illustration I made some screenshots for you:
1) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_OVERVIEW.gif
2) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_TEST_INPUT_FORM.gif
3) http://wipux2.wifo.uni-mannheim.de/~wi01211/sonstiges/WS_HOMEPAGE_TEST_reqest_response.gif
What can be wrong, if the error "n0:FailedAuthentication" appears?
Regards,
Peter
Message was edited by: Hans-Peter Bauer -
HR PNP LDB and authority check
Hello All,
Can someone plzz tell me if there is any major difference between CODE1 and CODE2 below? I understand if we use LDB we dont need to do authority check but is there is any exceptional case where we do this kind of codeing...
CODE1:
Start-of-selection
GET pernr.
CALL FUNCTION 'HR_CHECK_AUTHORITY_INFTY'
EXPORTING
tclas = w_tclas
pernr = pernr-pernr
infty = '0001'
subty = space
begda = pn-begda
endda = pn-endda
level = w_level
EXCEPTIONS
no_authorization = 1
internal_error = 2
OTHERS = 3.
if not sy-subrc is initial.
reject.
endif.
PERFORM list_data.
END-OF-SELECTION.
CODE2:
Start-of-selection
GET pernr.
PERFORM list_data.
END-OF-SELECTION.
Thanks in advance...
-MuktarHi Muktar,
In my opinion, certain infotypes hold certain level of access by different user who is using that report to view HR information. Particularly sensitive infotype like 0008 (basic pay) and other pay involving infotypes can be use to check for authority before it is display or modify by users. So HR_CHECK_AUTHORITY_INFTY is used.
Get PERNR does not validate the authority because PERNR itself is just a structure that contains a few PA Keys and several of other infotype structure that doesn't tell the authority to read by any specific users. Get PERNR contains the PROVIDE macro and in it does not do any authorization, if i am not mistaken.
This is my understanding. I hope my explanation is correct and have help you in a way.
Thanks
William Wilstroth -
AUTHORITY-CHECK for an defined USER
Hi,
i write a abap (protokol) which shell be started every hour. In this report i will use
an AUTHORITY-CHECK for an defined user, because i will send the protokol via email, but i have
to check if this user is allowed to see the data.
I will use this:
AUTHORITY-CHECK OBJECT 'F_LFA1_BEK'
ID 'BRGRU' FIELD '__________'
ID 'ACTVT' FIELD '__________'.
for an defined user.
Is this possible, or how can i check this in another way?
Thanks.
Regards, DieterHi Eric,
i tried it like this:
UTHORITY-CHECK OBJECT 'F_LFA1_BEK'
ID 'BRGRU' FIELD 'KRED'
ID 'ACTVT' FIELD '03'.
BREAK-POINT.
CALL FUNCTION 'AUTHORITY_CHECK'
EXPORTING
NEW_BUFFERING = 3
USER = SY-UNAME
OBJECT = 'F_LFA1_BEK'
FIELD1 = 'BRGRU'
VALUE1 = 'KRED'
FIELD2 = 'ACTVT'
VALUE2 = '03'
EXCEPTIONS
USER_DONT_EXIST = 1
USER_IS_AUTHORIZED = 2
USER_NOT_AUTHORIZED = 3
USER_IS_LOCKED = 4
OTHERS = 5.
BREAK-POINT.
at first breakt-point sy-subrc = 0 at second sy-subrc = 2. Can you tell why i get another sy-subrc?
is my FM-Call correct?
thanks.
Regards, Dieter -
Authority Check at the T.Code level for the user in particular User Group
Hi Friends,
I have created a ZREPORT and assigned this report to a ZTRANSACTION CODE.
Need to give Authority Check at the T.Code level for the user in particular User Group.
I have searched in SCN, but not get suitable pages.
How to solve this?
Regards,
Viji.Hi Viji.
Saha way is actual way for authority tcode but user authority in TCODE:- SE38 he/she can run report(ZREPORT) wise program is run is no authority check.
Another way is you have also check authority in program level.
DATA: T_ROLE_USERS TYPE STR_AGRS OCCURS 0 WITH HEADER LINE.
INITIALIZATION.
CALL FUNCTION 'ESS_USERS_OF_ROLE_GET'
EXPORTING
ROLE = 'ZROLE'' " Role define
TABLES
ROLE_USERS = T_ROLE_USERS.
READ TABLE T_ROLE_USERS WITH KEY UNAME = SY-UNAME.
IF SY-SUBRC NE 0.
RETURN.
ENDIF.
Thanks & Regards
Rahul -
Displaying table using call function 'REUSE_ALV_GRID_DISPLAY'
I have created a table which has product code, product description, and product level. I am trying to display it using REUSE_ALV_GRID_DISPLAY. When I Check it, I get the following error message: "PVS2" is not an internal table - the "Occurs n" specification is missing.
Is it possible to copy PVS2 into another table, and then display that table using REUSE_ALV_GRID_DISPLAY?
I have patched together code from sdn, a client program, and my own code and I am starting to get confused. So, please help me.
Regards,
Al Lal
REPORT YABHINAV16.
* program to display products at chosen level *
Tables: T179, T179t.
types: begin of hierarchy,
prodh type t179-prodh,
vtext type t179t-vtext,
stufe type t179-stufe,
end of hierarchy.
types: begin of text,
prodh type t179t-prodh,
vtext type t179t-vtext,
end of text.
data: pvs type standard table of hierarchy initial size 0.
data: pvs2 type hierarchy.
data: it_text type standard table of text,
wa_text type text.
TYPE-POOLS:SLIS.
*For ALV
DATA: GT_FLD TYPE SLIS_T_FIELDCAT_ALV,
GT_EV TYPE SLIS_T_EVENT,
GT_HDR TYPE SLIS_T_LISTHEADER,
GT_SORT TYPE SLIS_T_SORTINFO_ALV.
DATA: WA_FLD TYPE SLIS_FIELDCAT_ALV,
WA_EV TYPE SLIS_ALV_EVENT,
WA_HDR TYPE SLIS_LISTHEADER,
WA_SORT TYPE SLIS_SORTINFO_ALV,
WA_LAYOUT TYPE SLIS_LAYOUT_ALV.
DEFINE FLD.
WA_FLD-FIELDNAME = &1.
WA_FLD-TABNAME = &2.
WA_FLD-OUTPUTLEN = &3.
WA_FLD-SELTEXT_L = &4.
WA_FLD-SELTEXT_M = &5.
WA_FLD-SELTEXT_S = &6.
WA_FLD-COL_POS = &7.
WA_FLD-FIX_COLUMN = &8.
WA_FLD-DO_SUM = &9.
APPEND WA_FLD TO GT_FLD.
CLEAR WA_FLD.
END-OF-DEFINITION.
CONSTANTS: C_TOP TYPE SLIS_FORMNAME VALUE 'TOP_OF_PAGE',
C_USER_COMMAND TYPE SLIS_FORMNAME VALUE 'USER_COMMAND'.
DATA: MTRL LIKE SY-REPID,
TITLE LIKE SY-TITLE.
select-options level for t179-stufe no intervals.
start-of-selection.
Select prodh stufe from T179 into corresponding fields of table pvs where stufe in level.
select prodh vtext from t179t into corresponding fields of table it_text for all entries in pvs where prodh = pvs-prodh.
end-of-selection.
sort pvs by prodh.
sort it_text by prodh.
loop at pvs into pvs2.
read table it_text into wa_text with key prodh = pvs2-prodh.
if sy-subrc eq 0.
pvs2-vtext = wa_text-vtext.
write: / pvs2-prodh, pvs2-vtext, pvs2-stufe.
endif.
* modify pvs2.
endloop.
perform BUILD_FIELDCAT.
perform GRID_DISPLAY.
form BUILD_FIELDCAT .
FLD 'PRODH' 'PVS2' '20' 'Product Hierarchy' ' ' ' ' '1' '' '' .
FLD 'VTEXT' 'PVS2' '40' 'Description ' ' ' ' ' '3' '' '' .
FLD 'STUFE' 'PVS2' '5' 'Level' ' ' ' ' '2' '' '' .
endform. " BUILD_FIELDCAT
form GRID_DISPLAY .
call function 'REUSE_ALV_GRID_DISPLAY'
EXPORTING
I_CALLBACK_PROGRAM = MTRL
I_CALLBACK_USER_COMMAND = 'C_USER_COMMAND'
I_CALLBACK_TOP_OF_PAGE = C_TOP
I_STRUCTURE_NAME = 'PVS2'
IS_LAYOUT = WA_LAYOUT
IT_FIELDCAT = GT_FLD
IT_SORT = GT_SORT
I_DEFAULT = 'X'
I_SAVE = 'U'
IT_EVENTS = GT_EV
TABLES
T_OUTTAB = PVS2[]
EXCEPTIONS
PROGRAM_ERROR = 1
others = 2.
if SY-SUBRC <> 0.
message id SY-MSGID type SY-MSGTY number SY-MSGNO
with SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
endif.
endform. " GRID_DISPLAYTYPE-POOLS : SLIS.
DATA : BEGIN OF WA_T001,
BUKRS LIKE T001-BUKRS,
BUTXT LIKE T001-BUTXT,
ORT01 LIKE T001-ORT01,
END OF WA_T001,
IT_T001 LIKE TABLE OF WA_T001.
DATA : IT_FCAT TYPE SLIS_T_FIELDCAT_ALV,
WA_FCAT LIKE LINE OF IT_FCAT.
DATA : V_NAME LIKE SY-REPID.
SELECT BUKRS BUTXT ORT01 FROM T001 INTO TABLE IT_T001 UP TO 15 ROWS. V_NAME = SY-REPID.
CALL FUCTION MODULE 'REUSE_ALV_FIELDCATLOG_MERGE. EXPORTING I_CALBACK_PROGRAM =
V_NAME I_INTERAL_TABNAME = 'WA_T001' I_INCLNAME = V_NAME CHANGING CT_FIELDCAT =
IT_FCAT.
CALL FUNCTION MODULE "REUSE_ALV_GRID_DISPLAY"
EXPORTING
I_CALLBACK_PROGRAM = V_NAME
IT_FCAT = IT_FCAT.
TABLES
T_OUTTAB = IT_T001
SY-REPID IS THE SYSTEM VARIABLE WHICH IS HAVING THE ABAP PROGRAM
OR CURRENT MAIN PROGRAM.
----- Sample Progam -
***INCLUDE YRVR058_DEST_WISE_SUMMARY_DF01 .
*& Form DISPLAY_DATA
text *-- Rajesh Vasudeva
--> p1 text
<-- p2 text
FORM DISPLAY_DATA .
IF ITAB[] IS NOT INITIAL.
PERFORM F_APPEND_BLOCK.
ELSE.
MESSAGE 'Data not found for the selection
criteria' TYPE 'S'.
LEAVE LIST-PROCESSING.
ENDIF.
ENDFORM. " display_data
*& Form f_append_block
text
--> p1 text
<-- p2 text
FORM F_APPEND_BLOCK .
DATA : L_WA_SORT TYPE SLIS_SORTINFO_ALV, "For
sort
L_WA_EVENTS TYPE SLIS_ALV_EVENT. "For
events
Event (Top of List)
CLEAR L_WA_EVENTS.
L_WA_EVENTS-NAME = SLIS_EV_TOP_OF_LIST.
L_WA_EVENTS-FORM = C_TOPOFPAGE.
APPEND L_WA_EVENTS TO I_EVENTS_PART.
Event (Top of Page)
CLEAR L_WA_EVENTS.
L_WA_EVENTS-NAME = SLIS_EV_TOP_OF_PAGE.
L_WA_EVENTS-FORM = 'F_DISPLAY_HEADER_PARTA'(031).
"f_display_header_part
APPEND L_WA_EVENTS TO I_EVENTS_PART.
Event (End of List)
CLEAR L_WA_EVENTS.
L_WA_EVENTS-NAME = SLIS_EV_END_OF_LIST.
L_WA_EVENTS-FORM = C_END_OF_LIST.
APPEND L_WA_EVENTS TO I_EVENTS_PART.
Set Layout Zebra
STRUCT_LAYOUT-ZEBRA = 'X'.
STRUCT_LAYOUT-NUMC_SUM = 'X'.
STRUCT_LAYOUT-TOTALS_TEXT = 'TOTAL:'(032).
set field catalog
PERFORM F_FIELD_CATALOG_PART.
ASSIGN ITAB[] TO <F_OUTTAB>.
V_PART = 'A'. "initiating list is A
PERFORM F_DISPLAY_BLOCK USING STRUCT_LAYOUT
I_FIELD_CAT_PART[]
C_TAB
I_EVENTS_PART[]
I_SORT_PART[].
ENDFORM. " f_append_block
*& Form f_field_catalog_part
text
--> p1 text
<-- p2 text
FORM F_FIELD_CATALOG_PART .
REFRESH I_FIELD_CAT_PART.
CLEAR I_FIELD_CAT_PART.
PERFORM F_CREATE_CATALOG USING :
*Month
C_TAB 'MONTH' 'MONTH' SPACE 'L' 7
I_FIELD_CAT_PART[],
*OBD
*C_TAB 'VBELN' 'Delivery' SPACE 'L' 12
I_FIELD_CAT_PART[],
*DATE
C_TAB 'WADAT_IST' 'Date' SPACE 'L' 10
I_FIELD_CAT_PART[],
*Destination
C_TAB 'CITY1' 'Destination' SPACE 'L' 25
I_FIELD_CAT_PART[],
*Qty By Road
C_TAB 'NTGEW_ROAD' 'Road Quantity' SPACE 'R' 16
I_FIELD_CAT_PART[],
*Rail Qty
C_TAB 'NTGEW_RAIL' 'Rail Quantity' SPACE 'R' 16 I_FIELD_CAT_PART[],
*Total Qty C_TAB 'TOT' 'Total Quantity' SPACE 'R' 16 I_FIELD_CAT_PART[], *RR/Trk No.
C_TAB 'EXTI2' 'Truck/RR No.' SPACE 'L' 17 I_FIELD_CAT_PART[].
ENDFORM. " f_field_catalog_part
*& Form f_DISPLAY_block
text
-->P_STRUCT_LAYOUT text
-->P_I_FIELD_CAT_PART[] text
-->P_C_TAB text
-->P_I_EVENTS_PART[] text
-->P_I_SORT_PART[] text
FORM F_DISPLAY_BLOCK USING FP_LAYOUT TYPE
SLIS_LAYOUT_ALV
FP_I_FCAT TYPE
SLIS_T_FIELDCAT_ALV
VALUE(FP_TABNAME) TYPE
ANY
FP_I_EVENTS TYPE
SLIS_T_EVENT
FP_I_SORT TYPE
SLIS_T_SORTINFO_ALV.
DATA: V_REPID TYPE SYREPID,
"current Program id
C_SAVE TYPE CHAR1 VALUE 'A'.
"variant save
V_REPID = SY-REPID.
CALL FUNCTION 'REUSE_ALV_LIST_DISPLAY'
*CALL FUNCTION 'REUSE_ALV_GRID_DISPLAY'
EXPORTING
I_CALLBACK_PROGRAM = V_REPID
IS_LAYOUT = FP_LAYOUT
IT_FIELDCAT = FP_I_FCAT[]
IT_SORT = FP_I_SORT[]
I_SAVE = C_SAVE "variant
save
IT_EVENTS = FP_I_EVENTS[]
TABLES
T_OUTTAB = <F_OUTTAB>
EXCEPTIONS
PROGRAM_ERROR = 1
OTHERS = 2.
IF SY-SUBRC <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
ENDFORM. " f_DISPLAY_block
*& Form f_create_catalog
text
-->P_C_TAB text
-->P_0085 text
-->P_0086 text
-->P_SPACE text
-->P_0088 text
-->P_5 text
-->P_I_FIELD_CAT_PART[] text
FORM F_CREATE_CATALOG USING FP_I_TABNAME TYPE
SLIS_TABNAME
FP_I_FIELDNAME TYPE SLIS_FIELDNAME
FP_I_SELTEXT TYPE
SCRTEXT_L
FP_I_DOSUM TYPE
CHAR1
FP_I_JUST TYPE C
FP_I_OUTPUTLEN TYPE
OUTPUTLEN
FP_I_FCAT TYPE
SLIS_T_FIELDCAT_ALV.
Record for field catalog
DATA: L_REC_FCAT TYPE SLIS_FIELDCAT_ALV.
L_REC_FCAT-TABNAME = FP_I_TABNAME.
L_REC_FCAT-FIELDNAME = FP_I_FIELDNAME.
L_REC_FCAT-SELTEXT_L = FP_I_SELTEXT.
L_REC_FCAT-DO_SUM = 'X'.
*l_rec_fcat-do_sum = ' '.
L_REC_FCAT-JUST = FP_I_JUST.
L_REC_FCAT-OUTPUTLEN = FP_I_OUTPUTLEN.
L_REC_FCAT-DECIMALS_OUT = '2'.
L_REC_FCAT-KEY = '1'.
APPEND L_REC_FCAT TO FP_I_FCAT.
ENDFORM. " f_create_catalog
Subroutines for Headings
*& Form f_display_header_partA
Display header for report for Part A
*& Form top_of_page
text
--> p1 text
<-- p2 text
FORM TOP_OF_PAGE .
SKIP 1.
WRITE:/25 ' Name of Company ',80 'RUN DATE' ,
SY-DATUM.
SKIP 1.
WRITE:/60 'RUN DATE' , SY-DATUM.
SKIP 1.
DATA: YR(4) TYPE N,
FIN_PRD(10) TYPE C.
IF S_DTABF-LOW+4(2) LT '04'.
YR = S_DTABF-LOW+0(4) - 1.
CONCATENATE YR '-' S_DTABF-LOW+2(2) INTO FIN_PRD.
ELSE.
YR = S_DTABF-LOW+0(4) + 1.
CONCATENATE S_DTABF-LOW0(4) '-' YR2(2) INTO
FIN_PRD.
ENDIF.
WRITE:/5 'DETAILS OF THE MONTH/DATE WISE DESPATCHES
MADE BY ROAD/RAIL DURING THE YEAR ' , FIN_PRD .
SKIP 1.
WRITE :/ 'SALES OFFICE : ' , P_SALES,' ' , RNAME.
SKIP 1.
ENDFORM. " DISPLAY_DATA
Award Points If Useful... -
I have created a Web Service for a Function Module in ECC 5.0. I was able to generate the proxy using SE37--> Web Wizard. I can see the Web Service in WSADMIN, WSCONFIG, SICF.
I am using the WSADMIN and Test Tool to generate a request for testing the proxy hosted on my ECC 5.0 system. I am finding this particular error relating Authorization. We have granted most of the Authorzations. Any Clue on how to resolve?
Request Object
POST /sap/bc/srt/rfc/sap/ZWS_CONCATENATE_STRING?sap-client=100 HTTP/1.1
Host: sapdbs.foxboro.com:8000
Content-Type: text/xml; charset=UTF-8
Connection: close
Authorization: <value is hidden>
Content-Length: 559
SOAPAction: ""
<?xml version="1.0" encoding="UTF-8" ?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema"><SOAP-ENV:Header><sapsess:Session xmlns:sapsess="http://www.sap.com/webas/630/soap/features/session/"><enableSession>true</enableSession></sapsess:Session></SOAP-ENV:Header><SOAP-ENV:Body><ns1:Ztest4 xmlns:ns1='urn:sap-com:document:sap:soap:functions:mc-style'><Par1>str1</Par1><Par2>str2</Par2></ns1:Ztest4></SOAP-ENV:Body></SOAP-ENV:Envelope>
Response Object
HTTP/1.1 500 Internal Server Error
Set-Cookie: <value is hidden>
content-type: text/xml; charset=utf-8
content-length: 363
sap-srt_id: 20091117/102452/v1.00_final_6.40/4B02B94392E30041000000000A9BAC6E
server: SAP Web Application Server (1.0;640)
<soap-env:Envelope xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Body><soap-env:Fault><faultcode xmlns:n0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">n0:FailedAuthentication</faultcode><faultstring xml:lang="e">Authority check failed</faultstring></soap-env:Fault></soap-env:Body></soap-env:Envelope>
Thanks.Hi,
This means your userid/password don't have sufficient authorization.
do following:
- Grant following authorization using SU01 : *WEBSERVICE* (search for all role with webservice)
- If above doesn't work then check if your user exist in visual admin secure store (java side). Usually visual admin secure store point to ABAP client for user sync but it is possible it is not configured to right client (instead pointing to client 001).
- check service with third party tool like SOAP UI (provide ur userid/password as well) - if it is working from here then it means you have problem with userid on java side (use visual admin to troubleshoot).
Regards,
Gourav -
Authority Check - Best Practice - Optimum Way
Hi Experts,
I want to use authority check in my reports. The requirement is to filter data on the selection screen and execute the query. Error messages are not to be thrown because, a user will find it difficult to enter all the document types/company codes/sales areas etc authorized and remove the ones not authorized from the range.
I am planning to create range tables and populate it with the authorized values and use it in the select queries.
I have two concerns:
1. I will have to build range tables based on the values authorized. This will take some time, keeping in mind that append is an expensive statement.
2. What if the range table becomes big enough to give me a dump in the select query in some scenario. (What if scenario? Its a rare possibility that some field like this also needs to be authorized)
What is the best practice or rule of the thumb that you have figured out.
Thanks,
Abdullah Ismail.Are they asking you to check the authorisations for each of the following?
1. Sales Organization
2. Distribution Channel
3. Division
4. Sales Group
5. Sales Office
6. Sales Document Type
7. Sales Country
8. Material Group(Brands)
If so that is completely over engineered and good luck with that. Surely you only need to check at one level of the sales structure, the lowest level I would guess. Your auths team should be able to guide you here and I cannot imagine they would want that level of auths as it would be a nightmare for them to build it. I suppose you might want one on material group as well.
Therefore they auths team or functional consultants will need to tell you at what level you are checking for each report, there will only be a small number at each level, (think you will struggle to get near the 12,000 Rob points out would cause an issue with a range) of the sales structure so I would use a range, you wonu2019t have that many appends and it wonu2019t add much to the time of the report. While for all entries is great you can also use the range where the report may have already used for all entries on a select and better not to have to rebuild the whole report.
Also I would do the auths check first up and make the field mandatory if they really want it nice and tight so the user has to choose, you can use a PID to make it a bit more friendly.
If you know the setup is the same each time you could use a standard include and subroutine, or ABAP objects would probably be the best route with a set of standard methods to call.
Hope that helps,
Tim -
Authority Check for a selection condition/Range
I am relatively new to ABAP and still learning.
I am trying to create an authorisation check as part of a custom badi implementation.
i have amended the code, but i am just trying to figure out how to take the selection condition table to get the specific value to check.
i know the parameter - p_tplnr
this code is pulled back into the Badi..
* Import selection result
IMPORT sel_tab = lt_nodes selcond = t_selcond
FROM MEMORY ID 'DIACL_SELECTION_NEW'.
the table is t_selcond . so i do a loop round table into structure based upon this parameter.
it could have single or multiple objects, and i am just unsure which object needs to be auth checked....
my code...
*--- Defect # 96 - Add Authorisation Check to filter out all Functional Locations.
DATA: s_selcond TYPE rsparams.
DATA: tplnr TYPE diacl_lbk_sel_ds-tplnr.
*--- Read table where selection name is Functional Location
LOOP AT t_selcond INTO s_selcond
WHERE selname = 'P_TPLNR'.
IF sy-subrc = 0.
*--- Check the authorisation object for functional location
AUTHORITY-CHECK OBJECT 'P_TPLNR'
ID 'TPLNR' FIELD tplnr
ID 'ACTVT' FIELD '03'.
ENDIF.
ENDLOOP.
My question is how do i Authority Check the values within s_selcond when it could have single or multiple entries and could have conditions to include/exclude and have selection options?Hi ,
LOOP AT t_selcond INTO s_selcond
WHERE selname = 'P_TPLNR'.
endloop.
-----------------This code can be replaced by
READ TABLE T_SELCOND INTO S_SELCOND WITH KEY SELNAME = 'P_TPLNR'. "binary search after sort ..
CHECK SY-SUBRC EQ 0
auth-check object...
some basic code to get an idea ...
tables /BIC/SPLANTGRP.
select-options: so_basin for /bic/splantgrp-/bic/plantgrp no-display.
so_basin-low = '1'. append so_basin.
so_basin-low = '2'. append so_basin.
so_basin-low = '3'. append so_basin.
so_basin-low = '4'. append so_basin.
loop at so_basin.
write:/ so_basin-low.
endloop.
read table so_basin with key low = '4'.
if sy-subrc eq 0 .
write:/ 'found hit', so_basin-low.
else.
write:/ 'found NO hit'.
endif.
read table so_basin with key low = '5'.
if sy-subrc eq 0 .
write:/ 'found hit', so_basin-low.
else.
write:/ 'found NO hit'.
endif.
vijay -
How to make Authority Check for ALVGrid?!
Hey mates,
i got the problem which is mentioned in the headline. How can i make an authority check for my ALVGrid? I mean i want to restrict special functions to the matching users ( Display, Edit, Delete mode ).
Would be cool if someone can help
Regards BastiHello Bastian
A simple approach would be to define three different transactions (e.g. Z_MYALV01, Z_MYALV02, Z_MYALV03) for editing/deleting, editing only and displaying only. Add the following coding to the report displaying your ALV grid:
CASE syst-tcode.
WHEN gc_tcode_create. " 01
" Allow all grid functions
WHEN gc_tcode_change. " 02
" Suppress grid functions for deleting rows
WHEN gc_tcode_display. " 03
" Suppress grid functions for editing/deleting
WHEN others.
RETURN.
ENDCASE.
Regards
Uwe -
Analize authority checks in web dynpro processing
Hi,
I'm facing strange things here.
A user was reported not to be able to successfully use a function provided in our system:
We provide a function for use of our call center agents that will reprocess and output document and send it by mail to the customer. It looks as if it worked but the mail is not sent.
I started SE80 with my own user and put some external breakpoints in the webdynpro code for the agents username. Then I started the webdynpro application by entering the URL into the browser and logging in with the agent's credentials.
On my first try, the debugger started ehen the external breakpoint was reached. SY-UNAME was the agent's name but everything went fine.
Obviously the authority checks where done for my own user although there was a different sy-uname.
I logged off completely and started a second time. I used my owner user to set the external breakpoints because the agent's user has no rights for development, just restricted to a couple of roles.
This time I got a rabax state error - the dump was caused because the agent's user does not have authority for debug. The rabax error shoed me the call hierarchy and pointed to the method where I set the external breakpoint.
So, is the any way to come close to the code where authorization check fails?
Or - which we could try: What are the roles/profiles for use of SAPOFFICE? (in SU53, we can see failed checks, but it looks strange as there are failed authority-checks for ...ADMIN - dont know exactly because now I', home and don't have remote access).
Good ideas always welcome!
Note: Nobody knows why this function is implemented in Webdynpro but we have to live with it and get it working for this group of agents.
Regards
ClemensTraditionally I would probably have used ST01 with the "Authorization check" option and general filters to log which authority checks are working / failing.
But now I quite like using ST05 (SQL Trace) instead as drilldown to the code is available ... you can tick the "Buffer Trace" option and "Activate Trace with Filter" to log the other user's calls - this will then display lots of references to tables USOBX_C and USRBF2 - drilling to the code on these usually gives you the "authority-check object 'xyz' .." details.
Jonathan -
Hi!
Let me ask something.
As usual, when we call a program using T-CODE in command field, R3 checks the authority. even BDC prog.
But, in program text, I programed like this. "CALL TRANSACTION XXX".
the system doesn't check authority.
for example, A user type 'XD01' in command field, system denyed. but, A user call 'XD01' through my progam. system admitted it. and in my program, I coded like this "CALL TRANSACTION 'XD01'.
I don't know why... Have you ever seen like this?
If sb know this, please let me know! what shold I do for it!
sorry for my poor english, I need your help~~Hi Kyung Woo,
When the user enters the transaction code, let's say XD01, the R/3 system would get the authorization information as defined in the user's profile and check if the authority object required to execute the transaction exists in the user's profile. This is just a preliminary check. It prevents the non-technical users from accessing the transaction.
But when it comes to a technical user like an ABAP Programmer, almost anything can be done within the R/3 system. For example, you can just write a small program of about a few lines and cause serious damage to the entire R/3 System.
The point is that when you use the CALL TRANSACTION statement, it means that you are writing the program to accomplish some functionality. The preliminary check is bypassed in this case. But if there's an authority check coded into the transaction, then even the CALL TRANSACTION method won't work.
But remember one thing - so long as you are an ABAPer, with the authorization to create a program in SE38 and execute it, along with the authorization for Debugging, you can do almost anything within the R/3 system.
It is upto the programmer and the company to take care of any such mishaps happening. Anyways, when it comes to the Production system, your hands are all tied up. you would never have the authorization to do any development directly in there. If you do, then somebody is in very deep trouble !!:-).
As far as the Development system is concerned, nobody really bothers too much about them, because they do not affect any real-time data.
Regards,
Anand Mandalika. -
Securing action box items with authority-check object
In a 4.6c environment I have setup action box items for various sm and QM notifications.
I would like to secure some of the action box items that their execution is only allowed by authorized personnel using authority-check objects.
Is there a way to secure the action box item by the item number? If not the action box items are using a function module. Maybe I could use the fm name in the authority-check.
Any ideas would be greatly appreciated.Hi,
just see these examples
SAPTLIST_TREE_CONTROL_DEMO_HDR
SAPTLIST_TREE_CONTROL_DEMO
SAPTLIST_TREE_MODEL_DEMO
and for getting a checkbox we have to repalce the icon what is there in the example program and handle the checked and unchecked event for the checkbox.
this can be achieved by using object oriented methods...
reward if helpful
rgds,
Prajith
Prajith
Maybe you are looking for
-
Buying additional iCloud storage with gift certificate
I am not able to buy additional icloud storage using pre-loaded gift certificates in iTunes. Can onyone advise whether this is possible and if so how it is done?
-
Airport Express + Airtunes for music, 3g tethering for internet?
Hi, I'm having problems with my ISP and considering using my 3g data plan as my primary internet solution, tethering with my iPhone. The only reason I haven't done this until now is that I seem to have to turn airport off in order to use 3g, and that
-
Javascript array ;Add and remove elements without using push and pop
Hi I need to perform add and remove operation in Javascript with following scenarios i) Add element, if element does not exist in array(javascript) ii) Remove element, if element exist in array(javascript) Without using push and pop method how to a
-
Digital Editions will not open
I cannot get digital editions to open, all I get is a window stating the Windows is checking for a solution, and of course they have not provided one. HELP, I have several downloaded books that have a limited time availability that I have not read. T
-
Exporting DV/HD files from iMovie to FCE-different sizes in canvas?
Hi! Desperately need your help. I have a problem with moving my files from iMovie to FCE to edit. Pre cut in iMovie from both DV and HD files (canon 5D) and moving the project to FCE through XML. When in FCE the files line up with different sizes, th