LB13 add authority check

Similar Messages

• Authority-Check in ABAP Query

  Hello,
          I have a requirement to add authority check on two fields "Sales Organization" & "Plant" in a ABAP Query.
  Please let me know how can I do it?
  Will I be required to add some "Authority-check" code in sq02 or is there any button/checkbox available to do the same.
  Please let me know.
  Thanks in advance.
  Best regards,
  Tejas Savla

  Hi Ronak,
  Check this thread, this might help you.
  Authorisation on field
  Regards,
  Chandra Sekhar

• RE: Authority checks included in the info set of the query

  Hi all,
  I am checking the program code for one of our custom tcodes and i asked ABAP team to add authority check to the program code because there is no auth check in the code and abapers told me that the authority check is included inside the info set of the query and not in the program . the program is used to execute the query in the Tcode.
  how to find the Authority checks included in the info set of the query.
  Thanks in advance,
  Sun.

  If you have the BI support roles assigned to you  and the security admin  roles please login to the BI system
  execute transaction RSECADMIN, click on the analysis tab and execute as the user who is assigned the role with restrictions.
  For variables in authorizations like ( type customer exit )
  use RSECADMIN - maintain authorization tab - Click on value authorization tab.
  Keytransaction is RSECADMIN  & infoobject maintenance details you can get from RSD1.
  Regards

• Unable to Check ADD Attachment Check Box. Thereby getting only email and not the attachment (which will contain the output of BO report , in Excel Format)

  Post Author: hteoh
  CA Forum: Publishing
  I have an BO related issue. I tried to schedule a smtp event in BO to email the report output as Excel. Since this report will go to different users, I unchecked the Use the Job Server's defaults (CHECK BOX). For some reason, I can't check the Add Attachment(CHECK BOX). I received the email but without attachement. Do you know why I can't use attachment. The SMTP event works perfectly if I check Use the Job Server's defaults.

  Hi!
  Use the below code to populate the Sender and receiver mail ids:
  DATA GV_SENDER    TYPE SWC_OBJECT.    
  DATA GV_SENDER_ID LIKE SWOTOBJID.      
  SWC_CONTAINER LT_CONTAINER.
  reset data for CTCV
  CALL FUNCTION 'CTCV_INIT_USER_DATA'.
    Create sender using sender mail address from new table
      SWC_CLEAR_CONTAINER LT_CONTAINER.
      SWC_CREATE_OBJECT GV_SENDER    'RECIPIENT' SPACE.
      SWC_SET_ELEMENT LT_CONTAINER 'AddressString'
                                       ZMAIL-SENDER.
      SWC_SET_ELEMENT LT_CONTAINER 'TypeID' 'B'.
      SWC_CALL_METHOD GV_SENDER    'CreateAddress' LT_CONTAINER.
      IF SY-SUBRC NE 0.
           MESSAGE ID SY-MSGID TYPE 'E' NUMBER SY-MSGNO
                   WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4
                   RAISING SENDER_CREATION_FAILED.
      ENDIF.
      SWC_OBJECT_TO_PERSISTENT GV_SENDER GV_SENDER_ID.
  Similarly you can create the recipient mail id. Pass the GV_SENDER_ID to OPEN_FORM.
  Cheers!

• AUTHORITY-CHECK always Return sy-subrc 0

  Hi,
  I have created a Authorization Object  'ZAUTH_ATCH' and created Roles also. This role is assigned to only my Userid.
  When in Report program I do a check:
  AUTHORITY-CHECK OBJECT 'ZAUTH_ATCH'
           ID 'USER' FIELD l_syuname .
  But the AUTHORITY-CHECK return 0 for all User IDs.
  Pls help what could be the Issue.
  Thanks
  Mohammed

  Hi,
  May be you would need to change the auth object and add the following two fields:
  REPID        ABAP Program Name
  ACTVT      Activity
  allowed values for ACTVT :
                               01     Create or generate
                               02     Change
                               03     Display
                               16     Execute
  In the code you can check
  AUTHORITY-CHECK OBJECT   "OBJECT_NAME"
                        ID   'ACTVT'  FIELD '16'.
                        ID   'REPID'  FIELD sy-cprog.
  Hope it helps.
  Anju

• Bypassing authority check in function module

  hi experts
  I have developed an abap  report on material bom explosion using function module cs_bom_explosion
  Its working fine and all data are coming ok since I HAVE THE AUTHORITY OF T CODE CS03..
  pls note all bom fn modules checks for authorization .
  However in production environment some users may not have CS03 AUTHORIZATION.
  for them this report is not displaying  any bom data.
  Now the requirement  is such that user will not have cs03 authorization,
  but will see the bom data through this report.
  so how to stop the authorization check for cs_bom_explosion in  abap report.
  regards
  pankaj

  as per my knowledge, granting the rights to those users is only the solution. Now a days the customers are wanting to add explicit authority-check too in the Z objects!! so, i dont see its good idea to bypass the check.
  thanq
  Edited by: SAP ABAPer on Mar 7, 2009 6:12 AM

• Authority Check - Best Practice - Optimum Way

  Hi Experts,
  I want to use authority check in my reports. The requirement is to filter data on the selection screen and execute the query. Error messages are not to be thrown because, a user will find it difficult to enter all the document types/company codes/sales areas etc authorized and remove the ones not authorized from the range.
  I am planning to create range tables and populate it with the authorized values and use it in the select queries.
  I have two concerns:
  1. I will have to build range tables based on the values authorized. This will take some time, keeping in mind that append is an expensive statement.
  2. What if the range table becomes big enough to give me a dump in the select query in some scenario. (What if scenario? Its a rare possibility that some field like this also needs to be authorized)
  What is the best practice or rule of the thumb that you have figured out.
  Thanks,
  Abdullah Ismail.

  Are they asking you to check the authorisations for each of the following?
  1.     Sales Organization
  2. Distribution Channel
  3. Division
  4. Sales Group
  5. Sales Office
  6. Sales Document Type
  7. Sales Country
  8. Material Group(Brands)
  If so that is completely over engineered and good luck with that.  Surely you only need to check at one level of the sales structure, the lowest level I would guess.  Your auths team should be able to guide you here and I cannot imagine they would want that level of auths as it would be a nightmare for them to build it. I suppose you might want one on material group as well.
  Therefore they auths team or functional consultants will need to tell you at what level you are checking for each report, there will only be a small number at each level, (think you will struggle to get near the 12,000 Rob points out would cause an issue with a range) of the sales structure so I would use a range, you wonu2019t have that many appends and it wonu2019t add much to the time of the report.  While for all entries is great you can also use the range where the report may have already used for all entries on a select and better not to have to rebuild the whole report.
  Also I would do the auths check first up and make the field mandatory if they really want it nice and tight so the user has to choose, you can use a PID to make it a bit more friendly.
  If you know the setup is the same each time you could use a standard include and subroutine, or ABAP objects would probably be the best route with a set of standard methods to call.
  Hope that helps,
  Tim

• Authority Check for a selection condition/Range

  I am relatively new to ABAP and still learning.
  I am trying to create an authorisation check as part of a custom badi implementation.
  i have amended the code, but i am just trying to figure out how to take the selection condition table to get the specific value to check.
  i know the parameter - p_tplnr
  this code is pulled back into the Badi..
  * Import selection result
    IMPORT sel_tab = lt_nodes selcond = t_selcond          
      FROM MEMORY ID 'DIACL_SELECTION_NEW'.
  the table is t_selcond . so i do a loop round table into structure based upon this parameter.
  it could have single or multiple objects, and i am just unsure which object needs to be auth checked....
  my code...
  *--- Defect # 96 - Add Authorisation Check to filter out all Functional Locations.
    DATA: s_selcond TYPE rsparams.
    DATA: tplnr     TYPE diacl_lbk_sel_ds-tplnr.
  *--- Read table where selection name is Functional Location
    LOOP AT t_selcond INTO s_selcond
    WHERE   selname = 'P_TPLNR'.
      IF sy-subrc = 0.
  *--- Check the authorisation object for functional location
        AUTHORITY-CHECK OBJECT 'P_TPLNR'
        ID 'TPLNR' FIELD tplnr
        ID 'ACTVT' FIELD '03'.
      ENDIF.
    ENDLOOP.
  My question is how do i Authority Check the values within s_selcond when it could have single or multiple entries and could have conditions to include/exclude and have selection options?

  Hi ,
  LOOP AT t_selcond INTO s_selcond
    WHERE   selname = 'P_TPLNR'.
  endloop.
  -----------------This code can be replaced by
  READ TABLE T_SELCOND INTO S_SELCOND WITH KEY SELNAME = 'P_TPLNR'. "binary search after sort ..
  CHECK SY-SUBRC EQ 0
  auth-check  object...
  some basic code to get an idea ...
  tables /BIC/SPLANTGRP.
  select-options: so_basin for /bic/splantgrp-/bic/plantgrp no-display.
  so_basin-low = '1'. append so_basin.
  so_basin-low = '2'. append so_basin.
  so_basin-low = '3'. append so_basin.
  so_basin-low = '4'. append so_basin.
  loop at so_basin.
    write:/ so_basin-low.
  endloop.
  read table so_basin with key low = '4'.
  if sy-subrc eq 0 .
    write:/ 'found hit', so_basin-low.
  else.
    write:/ 'found NO hit'.
  endif.
  read table so_basin with key low = '5'.
  if sy-subrc eq 0 .
    write:/ 'found hit', so_basin-low.
  else.
    write:/ 'found NO hit'.
  endif.
  vijay

• How to make Authority Check for ALVGrid?!

  Hey mates,
  i got the problem which is mentioned in the headline. How can i make an authority check for my ALVGrid? I mean i want to restrict special functions to the matching users ( Display, Edit, Delete mode ).
  Would be cool if someone can help
  Regards Basti

  Hello Bastian
  A simple approach would be to define three different transactions (e.g. Z_MYALV01, Z_MYALV02, Z_MYALV03) for editing/deleting, editing only and displaying only. Add the following coding to the report displaying your ALV grid:
    CASE syst-tcode.
      WHEN gc_tcode_create.    " 01
        " Allow all grid functions
      WHEN gc_tcode_change.  " 02
        " Suppress grid functions for deleting rows
      WHEN gc_tcode_display.  " 03
        " Suppress grid functions for editing/deleting
      WHEN others.
        RETURN.
     ENDCASE.
  Regards
    Uwe

• User role and Authority-check ?

  Hello,
  Could you please let me know how are the differences between User role and Authority-check. In a program I do not use Authority-check , And The user is not assigned to user role which contain this transaction ( for this program), Can the user execute this transaction OR he must be assigned to user role which contain this transaction to execute it . Supposing that we do not use any Authority-check in then program.
  Thanks in advance

  Hello Martin,
  I think this answers the OP's question about user not being assigned the role which contains the trxn code. As you have explained in this case the default auth. check for S_TCODE will fail & user cannot execute the trxv. (If i remember correctly the tables for this are AGR_USERS & AGR_TCODES)
  Anyways just to add to the OP's query. Auth. objects are added to profiles which in turn assigned to roles. So if you implement the auth. object in your program the user must also subscribe to the role containing the auth. obj. profile to be able to execute it.
  @OP:
  The transactions PFCG & SUIM might interest you. Also the tables dealing with these stuffs begin with AGR*. You can check the tables for better understanding.
  BR,
  Suhas

• [svn:osmf:] 17935: Addition to fix for FM-936: Add null check when casting to NetStreamTimeTrait, since DVR elements will have a TimeTrait of a different type.

  Revision: 17935
  Revision: 17935
  Author:   [email protected]
  Date:     2010-09-29 13:07:07 -0700 (Wed, 29 Sep 2010)
  Log Message:
  Addition to fix for FM-936: Add null check when casting to NetStreamTimeTrait, since DVR elements will have a TimeTrait of a different type.
  Ticket Links:
      http://bugs.adobe.com/jira/browse/FM-936
  Modified Paths:
      osmf/trunk/framework/OSMF/org/osmf/net/NetStreamSeekTrait.as

  I had saved one copy as an .asp but then resaved it to .xhtml 
  I'm assuming this is a static web site.  Rename (F2) all your pages with .html or .htm extension. 
  .xhtml is not a valid extension.
  Nancy O.

• How to add authorisation check to a program?

  Hi all :
        Could you please tell me how to add authorisation check to a program?  
        Thanks a lot.

  Hi,
  Check SAP help for authority-check. You can search on SDN on that.
  AUTHORITY-CHECK
  Basic form
  AUTHORITY-CHECK OBJECT object
  ID name1 FIELD f1
  ID name2 FIELD f2
  ID name10 FIELD f10.
  Thanks
  Nidhi

• Authority Check on Table - Restrict Entries based on check

  Hi,
  I need to add an authorization check to a table.
  The check will restrict certain entries from displaying, based on the check of some table fields.
  The table is custom and I know which authority object to use, as well as which fields to restrict.
  How do I do this?
  Thanks!

  Hi N.,
  select all data into internal table, loop at the table, do authority check for each table, delete records that fail authority check, display results.
  Or use SELECT INTO structure, check authority , append if authority check is OK (SY-SUBRC = 0), ENDSELECT, then display.
  Try which way is better based on memory requirement and performance.
  I hope this answer will help you. If not, feel free to ask for details.
  Regards,
  Clemens

• Info about AUTHORITY-CHECK

  Hi all.
  in CJ02 I have this autorization check:
  AUTHORITY-CHECK OBJECT 'C_DRAD_OBJ'
               ID 'ACTVT' FIELD lt_display-mode        
               ID 'DOKOB' FIELD object
               ID 'STATUS' FIELD ls_draw-dokst
               ID 'DOKAR'  FIELD ls_draw-dokar.
      IF sy-subrc <> 0 .
  no AUTHORITY
  the sy-subrc is <> 0. how can I see the data into this object? can i add data into?

  Hi Fabrizio,
  1. This is a normal
     'authorisation not there'
    issue.
  2. Contact your basis team
     and they will help out
     by assigning the values
     for the particular auth object
     for the required profile
     for the particular user !
  regards,
  amit m.

• RRMX Authority check

  hi,
  There are two SAP BW systems , one with component SAP_BW SAPKW70017 (say B1) , and other one with SAP_BW component SAPKW70103 ( say B2)
  In B2 , When a user executes RRMX , it takes them to the Business explorer(excel sheet) , however it throws a message in the GUI that "No authorization to change role <role>
  Message no. S#423"
  This message is received as soon as you get the excel sheet opened .
  When further looked into the situation , seems like in B2 , the follwing select statement is executed ,( as soon as u execute RRMX)for checking the change access for all the users "assigned roles" ( I wonder why all roles?) with the object S_USER_AGr and throws the message when there is no 02 activity for any of the roles present with the user .
  SELECT agr_name FROM agr_users INTO l_agr_name WHERE uname = sy-uname.
      CALL FUNCTION 'PRGN_AUTH_ACTIVITY_GROUP'  -
  > "this further throws the message"
        EXPORTING
          activity_group = l_agr_name
          action_change  = 'X'
        EXCEPTIONS
          not_authorized = 12
          OTHERS         = 13.
      IF sy-subrc = 0.
        e_s_system_info-can_change_pfcg_roles = rs_c_true.
  Whereas in B1 (old release) no such message is thrown for the same user . seems there is no such change activity check in the begining?( not too sure) and only when the user clicks the Role option in Query dialog , S_USER_AGR is checked as per the ST01 trace.
  Is this a bug in SAP_BW 701 release ? If so , do you the SAP notes for correcting the same ?please reply at the earliest .Thanks in advance

  Some customers have S_USER_GRP actvt '02' in production environments for the RRMX "key" users who publish queries to be able to add them to the menu for the users. A change in authorization data might not be required, typically.
  But this "change" authority gives more access than just the menu, and the user will need other authorizations for S_USER_TCD and VAL as well.
  It has been replaced by the BEXWeb, which you should take a look into.
  As SAP "owns" the authority-checks in their programs, they seemed to have felt it appropriate to add the same check to RRMX for "key" users.
  > Is this a bug in SAP_BW 701 release ?
  I don't think it is a bug in BW 7.01. Arguably they could have added it earlier.
  There is an approach to control this via the sideinfo.dat file using the program ID of the query - but I guess few did that or even knew about it. It is not intuitive.
  Cheers,
  Julius