Customer Exit - Authorization

Anyone who can give me a step by step procedure on how to use Customer Exit on Authorization....
Thanks in Advance....

Hi Mary Ann,
           Check ..............
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
http://help.sap.com/saphelp_nw04s/helpdata/en/44/599b3c494d8e15e10000000a114084/content.htm
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f1a7e790-0201-0010-0a8d-f08a4662562d
Regards,
vijay.

Similar Messages

  • BW Authorizations - Query variable with processing mode as "customer exit"

    Hi,
    Iam new to BW authorizations and have not yet worked on customer exit before. I was going through the documentation at various sites but I could not get the end to end description on how the query process( when using a variable for an InfoObject) works in case of customer exit.
    Let's assume that I am using  a query variable with processing mode as "customer exit" and at the exit I  write some code to extract user's authorizations from a z table. if this is the case, then when an end user runs a query,how will the the system know what value needs to be filled in the variable for the requesting user. Are the user details  also sent to the code along with the query variable? If so how. If I mis-understood the process then forgive me and let me know the correct process.

    Hi!
    welcome to SDN!
    customer exit variables need programing by user. so if you create a customer exit variable, you got to right a program which extracts values into this variable. we can do what ever we want in program, SAP will not deal anything ´with customer exits.
    with regards
    ashwin
    PS n:  Assigning point to the helpful answers is the way of saying thanks in SDN.  you can assign points by clicking on the appropriate radio button displayed next to the answers for your question. yellow for 2, green for 6 points(2)and blue for 10 points and to close the question and marked as problem solved. closing the threads which has a solution will help the members to deal with open issues with out wasting time on problems which has a solution and also to the people who encounter the same porblem in future. This is just to give you information as you are a new user.

  • Authorizations by use of customer-exit: in  i_step = 3,   i_vnam is empty

    Hello all,
    I have checked multiple scenarios and they do not work:
    Current situation/setup:
    1. <b>Creation of several variables and adding each of them to different queries</b> :
    Variable   Type   Processing      Infoobject                     Selection  ready for input
    COB     1     6     ZCCOSTCTR__ZCCOB     S     
    CB2     1     6     ZCCOB                                     S     
    CBV     1     3     ZCCOB                                     S     
    2. <b>Adding values in a role</b> (currently 3.0 is used and we want to check the exit and if it works before upgrading to 7.0) and assign it to the user:
    Old active Object:ZCKS_COB:
    1KYFNM    *                                                                            
    9ZCCOB    $C-B2, $C-OB , $C-BV    
    added new object without 1KYFNM:                                                                               
    ZCCOB      $C-B2, $C-OB, , $C-BV             
    3. <b>Marked the used object auth. relevant</b> for the cube of the query
    4. Enhanced ZXRSRU01 via CMOD with coding and activated also the project:
      WHEN 'COB' or 'RESPNO'.
       IF I_STEP = 0.
        IF I_STEP = 1.
       IF I_STEP = 3.
          CALL FUNCTION 'Z_VARIABLE_BY_AUTH'
            EXPORTING
              I_VNAM           = I_VNAM
            TABLES
              E_T_RANGE        = E_T_RANGE
            EXCEPTIONS
              NO_AUTH          = 1
              NOT_VALID        = 2
              MISSING_OPERATOR = 3
              OTHERS           = 4.
          IF SY-SUBRC = 1.
            MESSAGE W007(EYE).
          ENDIF.
          IF SY-SUBRC = 2.
            MESSAGE W707(BRAIN).
          ENDIF.
          IF SY-SUBRC = 3.
            MESSAGE W999(BRAIN).
          ENDIF.
          IF SY-SUBRC = 4.
            MESSAGE W649(BRAIN) with I_VNAM ''.
          ENDIF.
        endif.
    The function 'Z_VARIABLE_BY_AUTH' was tested separately and fills in E_T_RANGE as expected.
    I also changed the variable names each time to all the other existing variables while debugging.
    If I use a variable of <b>type customer-exit</b> and process it with <b>i_step =1</b> the value selection and query result is OK.
    But this <b>scenario works without roles</b> and authorization values triggered by a variable $<VARIABLE> and is not the intended and documented way proposed by SAP. The documentation says to create a variable of type authorizations and to process it in I_Step = 3. But in this step I_VNAM is empty and so there is no processing ot the function module.
    Has anyone a solution? I could not find the issue during several debugging sessions. One strange thing is the protocol of rssm: the authorization buffer is not reflecting the enhanced role but only the value $C-B2 for object ZCKS_COB.
    Thanks in advance to have a look on this tricky issue.
    Bye,
    Petra

    Try this:
    IF i_s_rkb1d-compid = 'Query Name'
    Validation of data for the value entered in your Variable
        READ TABLE i_t_var_range INTO yourworkarea
                    WITH KEY vnam = yourvariable
        IF sy-subrc = 0.
          IF w_s_var_range-low(4) <>  w_s_var_range-high(4).  " Your condition or Logic
            l_msgv1     = c_qtr_com1.  " Your message
            i_handle = 9998.
            CALL FUNCTION 'RRMS_HANDLE_MESSAGE_INIT'
              EXPORTING
                i_handle         = i_handle
                i_msg_handler_id = sy-uzeit.
            CALL FUNCTION 'RRMS_MESSAGE_HANDLING'
              EXPORTING
                i_class  = 'RSBBS'
                i_type   = 'I'
                i_number = '000'
                i_msgv1  = l_msgv1
            RAISE again.
          ENDIF.
        ENDIF.
      ENDIF.

  • Analysis authorization customer exit

    I want to pass authorization value in0PLANT_0COMP_CODE same as 0COMP_CODE. For that i am trying ro to make customer exit variable in CMOD. can anybody tell me where I can find values of 0COMP_CODE during cmod exit. In which internal table or field?
    If I will find the authorization value in 0COMP_CODE I will pass the same in 0PLANT_0COMP_CODE using exit variable.

    Heading 1: Yes  I had made variable in BEx only with customer exit option but in CMOD i want to write routine in i_step = 0 to pass value of 0comp_code in 0plant_0comp_code.
    This varibale i can assign in RSECADMIN in authorization.
    But can not able to find value for  0COMP_CODE in CMOD.
    Can you suggest in which internal table i will get values for authorizatiion.
    Regards,
    Rohan Shah

  • Authorization (rsecadmin) with customer exit variable

    Hello,
    I need to maintain authorization on 0CALMONTH with a customer exit variable.
    0CALMONTH is "authorization relevant"
    I created a variable of type "customer exit" : ZVAR001 (this variable is OK, I checked its value in a query)
    I created a new authorization object with 0CALMONTH = $ZVAR001.
    When I run my query I have a message due to authorization error.
    If I change my authorization object by replacing my variable ($ZVAR001) by a constant value I have no authorization problem.
    I don't understand why...
    Error logs don't help me to solve my problem : I have the following message "Message EYE007: You do not have sufficient authorization" and system just says I have "0CALMONTH  I EQ $ZVAR001 " but doesn't precise values under variable ZVAR001
    Thanks for your help

    Indeed problem was in costumer exit because I used condition with "I_STEP". Since I have delete my condition I have no authorization problem with my variable....

  • Authorization with customer exit variable (CP, BT, EQ)

    Hi SDN-Experts,
    I have a question concerning the new authorization concept.
    I created an authorization for 0COSTCENTER which also contains the 3 special characters 0TCAACTVT, 0TCAIPROV and 0TCAVALID. I inserted a customer exit variable for 0COSTCENTER. The exit reads datasets from a db table which contains authorizations for the actual user. The authorizations have different formats, e.g. "1000", "1000;1200", "25*" etc.
    The internal table e_t_range is filled as followed in the exit:
      i   eq   1000
      i   bt   1000   1200
      i   cp   25*
    This does not work. It works if I only use "eq" OR "cp". But not both at the same time.
    How can I achieve to use the different authorizations in the db table for the bi authorization?
    Thanks in advance...
    Joerg

    Hi Olivier.
    Yes, the variable is defined as selection option and I did also try to use "EQ" instead of "CP".
    I tested again with another variable which is "ready for input" and is not used in an authorization. The Variable is filled in the customer exit. This is the code:
    WHEN 'ZJGR_COSTCTR_TEST'.
      l_s_range-sign = 'I'.
      l_s_range-opt  = 'BT'.
      l_s_range-low = '0000001000'.
      l_s_range-high = '0000001200'.
      APPEND l_s_range TO e_t_range.
      l_s_range-sign = 'I'.
      l_s_range-opt  = 'CP'.
      l_s_range-low = '0000002*'.
      APPEND l_s_range TO e_t_range.
    The result in the variable screen in BEx Analyzer is the following:
    1000 - 1200;0000002*;
    And it still does not work. It seems that you could not mix EQ, BT and CP. But this is exactly what I have to do with the authorization variable...
    Do you have any other tipps that I might try out?
    Thanks,
    Joerg

  • Authorization check - customer exit EXIT_SAPLRRS0_001

    Hi gurus,
    a question on customer exit about EXIT_SAPLRRS0_001 related to i_step = 0 (Authorization check).
    I have two InfoObjects: 0WS_CAT and 0WSCATQ. The last one has a compounding that is 0WS_CAT.
    In the exit: I need to check the 0WS_OBSFLAG (a simple flag attribute) to determine if the entries in 0WSCATQ Master data are valid or no.
    If I found that the entry is valid I add the value to the e_t_range export table in this way:
    if ( i_step = 0 ).
        l_s_range-sign = 'I'.
        l_s_range-opt = 'EQ'.
        l_s_range-low = '00000001'.
        append l_s_range to e_t_range.
    endif.
    The problem is the compound, how can specify the value key for the export table?
    For example ... in the table I have three entries:
    0001 00000001 #
    0002 00000001 X
    0003 00000001 #
    The valid entries are:
    0001 00000001 #
    0003 00000001 #
    How can specify '0001' or '0003'? Because if I assign only the value  '00000001' to l_s_range-low then the entries valid in the authorization for 0WS_CATQ are three and not two.
    It's important for me to find a solution.
    Regards, Roberto

    Hi Roberto,
    you have to build your logic into a variable for the other infoobject 0WS_CAT and find your values 0001 and 0003 the way you described.
    You might have to restrict the selection for 0WSCATQ to a single value, in case you have a record like this in addition to the 3 you have listed.
    0002 00000005 #
    Best,
    Ralf

  • Customer-Exit for analysis Authorizations: i_step = 3, i_vnam is empty

    Hello all,
    I have checked multiple scenarios and I cannot figure out the mistake I've done:
    Current situation/setup:
    1. Creation of several variables and adding each of them to different queries :
    Variable Type Processing Infoobject Selection ready for input
    COB 1 6 ZCCOSTCTR__ZCCOB S
    CB2 1 6 ZCCOB S
    CBV 1 3 ZCCOB S
    2. Adding values in a role (currently 3.0 is used and we want to check the exit and if it works before upgrading to 7.0) and assign it to the user:
    Old active Object:ZCKS_COB:
    1KYFNM *
    9ZCCOB $C-B2, $C-OB , $C-BV
    added new object without 1KYFNM:
    ZCCOB $C-B2, $C-OB, , $C-BV
    3. Marked the used object auth. relevant for the cube of the query
    4. Enhanced ZXRSRU01 via CMOD with coding and activated also the project:
    WHEN 'COB' or 'RESPNO'.
    IF I_STEP = 0.
    IF I_STEP = 1.
    IF I_STEP = 3.
    CALL FUNCTION 'Z_VARIABLE_BY_AUTH'
    EXPORTING
    I_VNAM = I_VNAM
    TABLES
    E_T_RANGE = E_T_RANGE
    EXCEPTIONS
    NO_AUTH = 1
    NOT_VALID = 2
    MISSING_OPERATOR = 3
    OTHERS = 4.
    ENDIF.
    The function 'Z_VARIABLE_BY_AUTH' was tested separately and fills in E_T_RANGE as expected.
    I also changed the variable names each time to all the other existing variables while debugging.
    If I use a variable of type customer-exit and process it with i_step =1 the value selection and query result is OK.
    But this scenario works without roles and authorization values triggered by a variable $<VARIABLE> and is not the intended and documented way proposed by SAP. The documentation says to create a variable of type authorizations and to process it in I_Step = 3. But in this step I_VNAM is empty and so there is no processing ot the function module.
    Has anyone a solution? I could not find the issue during several debugging sessions. One strange thing is the protocol of rssm: the authorization buffer is not reflecting the enhanced role but only the value $C-B2 for object ZCKS_COB.
    Thanks in advance to have a look on this tricky issue.
    Bye,
    Petra

    Hi Petra,
    You are correct.  I_VANM is not stored at I_STEP 3.  However, to access that value at I_STEP3, use the following code.
    IF I_STEP = '3'.
         READ TABLE I_T_VAR_RANGE INTO L_RANGE WITH KEY VNAM = '...variable name.....'
         IF SY-SUBRC = 0.
           ...code here to alter values...
          .....for example:  L_RANGE-LOW = 'S'
         ENDIF.
    ENDIF.
    Kind Regards,
    Larry

  • Double Role for Analysis Authorization using Variable via Customer Exit

    Hi Guys I have been implementing AA using variable via customer exit and I have run into this problem, I wonder anyone have encountered this.
    Example I have a User having 2 sets of authorization Roles
    Role 1
    Personnel Area = A, B
    Personnel Sub Area = 1,
    Role 2
    Personnel Area = A
    Personnel Sub Area = 1, 2
    And what we can derive this that is the user is able to see A-1 B-1 and A-2 BUT NOT B-2 when we run all.
    But instate when we run the report it is drawing B-2 as well as because we are entering
    Personnel Area = A,B
    Personnel Sub area = 1,2
    Any idea how to solve this?
    <removed by moderator>
    Edited by: Siegfried Szameitat on Dec 3, 2008 2:41 PM

    Hello Chee Jason,
    Are you working with version 3.5 or 7.0
    How do you specify Hierarchy variable?
    Any advise you can share is very much appreciated.
    Thanks,
    Patrick

  • Error for customer specific Authorization check (User Exit)

    Dear Experts,
    I am facing a problem in PM.
    I have created a maintenace plan for calibration via t code IP42 and mentioned the order type PM05. Scheduling is done for the order. I got the order number.
    I have released the order and got the inspection lot number.
    While entering the results recording through t code QE17, the reluts are out of the specified range, i have given the valuation Rejected, immediately system is giving an error message as below:
    "Error for customer specific Authorization check (User Exit)"
    Though there is no user exit activated in the system, this message is coming and not allowing the result recoring for rejection.
    If I'm entering the result recording within the specified range, then valuation is Accepted and its allowing to save.
    I have checked the following user exits:
    QQMA0002: QM: Authorization Check for Entry into Notif. Transaction
    QQMA0026: PM/SM: Auth. check when accessing notification transaction.
    The above 2 User Exits are not active.
    I have also checked a note 429066. But it says incase of any dump for that user exit only its applicable and more over the current version of the system is ECC 6.0 packae 15, where as that note is applicable upto 4.6C.
    Please some one help me on this issue.
    Thanks and Regards,
    Praveen.

    Dear Pete,
    I have cheked with my technical team, There is no hotpacks updated recently. This is the implementaion project I'm in, so performing the cycle for the first time.
    Any how I got it solved, in T code QE17, after entering the Inspection lot in next screen goto menu path Settings - User settings - Defects recording mention the reprt type and tick on Reprt type Changable.
    At the time of result recording if the valuation is Rejected then it ask for defects recording close that window if not rwequired then save, the error message no longer apperaing now.
    Regards,
    Praveen

  • Hierarchy Node authorization with customer exit

    Hi All,
    I have created a hierarchy for an info-object A along with nodes test1 and test 2.node test1 consisit of value 10,20,30,40,50 and node test2 consist of value 60,70,80,90.  .
    1) I want that perticuler user should access perticuler node in hierarachy for that reason I have created a database table in which i have maintained the username and the values from the Infoobject A .I want to write a customer exit code in which user X can access node test1 and user Y can access node test2
    but in database table i can not maintain the nodes i can only maintain the values from the nodes
    so how can i restrict the user to perticuler node instead of values
    The authorization values for the perticuler user will get filled by customer exit variable maintained in the authorization profile
    can any body suggest me or send me example customer exit code for this scenario.
    I really appreciate your thoughts on this issue.
    Thanks,

    Hi,
    in addition to Anil's valid input, make sure that ZTEST is NOT ready for input. Indeed "ready for input" vars cannot be changed via customer exits.
    hope this helps...
    Olivier.

  • Hierarchy Authorization using Variable via Customer Exit

    Hi experts,
    I am wondering if I can do Hierarchy Authorization using Variable via Customer Exit? I know it can be done on normal value authorization by putting $+(the variable name). So can we do the same for Hierarchy authorization?
    For my case I have a 0ORGUNIT and I would allow the role to access anything below its node. So do I put $VARORGUNIT in Technical Node Name and Hierarchy name as ORGEH, Type of authorization = 1 and Area of Validity = 3.
    Points will be given!
    Thanx!

    Hello Chee Jason,
    Are you working with version 3.5 or 7.0
    How do you specify Hierarchy variable?
    Any advise you can share is very much appreciated.
    Thanks,
    Patrick

  • Populating Authorization value in Customer exit

    Dear Experts,
    I have two info objects Sales org and Plant and both are hierarchies.And both are having the same values
    ie Sales org A100 = Plant A100
    And Sales org hierarchy is like this:
    A100 ( Top Node)
    -A110 (Child of top node)
    --A111 (child of A110)
    -A120 (Child of top node)
    --A121  (child of A120)
    Sales org is authroziation object and plant is not.
    Users are provided authroziation based on Sales org , but our requirement is to popullate the same value to plant variable as well in the query.So in case if they want to drill down there wont be any problem.
    I have created a query with sales org as input varible and plant as customer exit variable.
    Suppose a user is authorized to top node ie A100 sales org and in the query if he inputs sales org as A111 which is a child node of A110
    then my plant vairable should  be populated with the top node which user is authroized to ie A100 iresepective of what ever he enters.
    If the user is authorized to A110 and if he enters A111 then my plant should be populated with A110.
    I am trying to get that info from tables UST12 etc but it would be great if someone throws some light on how to do this requirement.
    Thank you for the help.

    Please see my reply to your another thread.
    Please do not open the thread for same issue twice.
    Regards,
    Ganesh Bothe

  • How to identify what customer exit variables are used in which query?

    Hi all,
    When i happened to check the CMOD transaction code i can find a list of customer exits are used. But i want to know what are those customer exist are used in which query? can anyone let me know the procedure of identifying it.
    Thanks a lot
    Pooja

    hii pooja
    check the foll links
    Very Urgent: Customer Exit Variable
    customer exit variable
    MIssing Authorisation for customer exit variable query
    Authorization variable or customer exit variables
    if it is helpful assign points
    thanks.

  • Regarding Customer Exit in Bex

    Hello Expers.
    Here is my scenario: I have variable which accepts the key date from the user. The requirement is to get the calmonth from the date entered by the user. According to my point of view, Writing customer exit is a best option but i do not know is it possible for me to pass the date, entered by the user, to exit? If Yes than please let me know how?
    Help required Urgently

    use the parameter I_STEP which specifies when the enhancement is called.
    The following values are valid for I_STEP:
    ·        I_STEP = 1
    Call takes place directly before variable entry
    ·        I_STEP = 2
    Call takes place directly after variable entry. This step is only started up when the same variable is not input ready and could not be filled at I_STEP=1.
    ·        I_STEP = 3
    In this call, you can check the values of the variables. Triggering an exception (RAISE) causes the variable screen to appear once more. Afterwards, I_STEP=2 is also called again.
    ·        I_STEP = 0
    The enhancement is not called from the variable screen. The call can come from the authorization check or from the Monitor.
    sample code : user enter value of date in say variable ZDATE
    l_s_range TYPE rsr_s_rangesid,
    l_t_var_range TYPE rsr0_s_var_range.
    WHEN 'ZCALM' .
    if i_step=2.
    read table i_t_var_range into l_t_var_range with key vnam = 'ZDATE' .
    if sy-subrc = 0.
    l_s_range-low = l_t_var_range+0(6).
    l_s_range-high = l_t_var_range+0(6).
    l_s_range-opt = 'EQ'.
    l_s_range-sign = 'I'.
    append l_s_range to e_t_range.
    endif.
    endif.

Maybe you are looking for

  • What program filenames are used to create PDFs?

    We are in school where we restrict what type of programs the students can access by filenames (e.g. Word.exe, Excel.exe), using the Windows 2003 Group Policy "Run only Windows Applications" policy. I've added all the programs I can in the Adobe folde

  • Links in my email (Mail) won't open in Firefox no more...waaah!

    Hello, I used to be able to just click on links in my email ( apple Mail) and they would open in Firefox.. Awesome now they don't. I made Safari my default browser again - and they open up fine there...but I don't want to use Safari. I want to use Fi

  • Invoke reports with Beans

    Hi, every one: Can I invoke reports with Beans? How to do it? Which JARs must I use? Where can I find materials of it? Best regards. Leslie Chen

  • Change Labview default from Radians to Degrees

    Hey everybody, have what im hoping is a simple question. Is there a way to convert the default operating mode of labview from radians to degrees? Such as on my trusty TI-89 switching the mode from Radians to Degrees. Thanks fellas

  • How do a reattach a tab to another tab.

    I have a vi that has been running for quite some time. It has 5 tabs, with 6 more sub-tabs underneath each tab. One of the sub-tabs has become disassociated with its main tab. If I try to go to the other tabs this main sub-tab stays on top blocking t