Role assignment to individual buttons on a report
Hi Gurus,
My custom program has buttons to perform the following operations : QA, GP , Payment etc etc,,,,
can I assign specific roles to every button so that the right person is able to use the buttons..
thank you
It can be done depending upon your requirement but can have some consequences also....
Security & Authority are two seperate concepts in SAP. Security is something you implement via Role Management and it is applicable at the level of a Txn Code and Authority you implement via Authority Objects and it is applicable at the level of Data/Tables.
What you are looking is the Security but the level you are looking is inside a Txn Code which is not possible. Inside a Txn Code only Authority works but you won't be able to implement the same because you want specific role level check at the Button level.
Do remember that if you alter a User Authority for this Requirement , change will be reflected across the SAP system ahd hence be precautious....
Edited by: AJAY TIWARI on Nov 21, 2008 4:45 AM
Similar Messages
-
Report to see user type and roles assigned to users in EP?
Hi,
a) Is there any reporting mechanism in EP? Any specific report which throws up user types and roles assigned to the users? There is an option of 'Export' in the user management role but unfortunately it does not give information on User Type.
b) If the group is assigned a role, How can we see ( in any report) the roles assigned to a group? In the 'export' option of the 'User Management' this information does not come.By default Portal UME comes along with the installation of portal.
Sometimes we may integrate external users using LDAP. At that time users come from ABAP stack or some active directories. But you can also create users in the portal UME. The purpose of using LDAP is to maintain the users centrally rather than creating again in portal.
You can check them in user administration->identity management and search for the users.
THere you can see some users will be from UME and some from LDAP.
User Admin tool is nothing but User Administration only.
Raghu -
Issue regarding Business Role assignment
Hi All,
1.
I have a user Agent1 which is assigned to position POS_IC_AGENT in my org structure.
In the infotype Business Role I have assigned IC_AGENT (standard) business role.
IC_AGENT has PFCG role SAP_CRM_UIU_IC_AGENT assigned to it.
But, when I run the application (for my user Agent1), only telephony buttons are visible on top, navigation bar and work area is empty (nothing is visible there)
2.
Now, when I open my user Agent1 in SU01 and assign PFCG role SAP_CRM_UIU_IC_AGENT.
Now when I run the application everything is visible (telephony, navigation bar and workarea).
Why is it not visible in first case?
I think it should work without assigning Role in SU01.. I mean it should have taken settings from Org. structure
Regards,
AshishHi Ashish,
As far as work center page context is concerned , its decided by the navigation bar profile and business role customizations ( we add work center home and several related stuff etc in navigation bar profile and make them activate/deactivate, visible/invisible through business role customizing ) .
PFCG role has nothing to do with what you see on the Work Center...it decides whether you can see or not..meaning whether you have authorization for disply of a business object and its related subobjects.
PFCG role basically determines the authorization objects that will be grated to the particular business role ( to which this PFCG role is linked ) PFCG is about CREATE/CHANGE/DELETE authorizations.
In first case, its business role linked authorizations. You dont see the work centers may be because USER has not granted the DISPLAY authorization for the business Object related to BP( i.e Account ) , or BO related to account search (BUPASEARCH ) as the IC agent home basically has Account identification home , or account search home...which overrides the PFCG authorizations attached to the business role.
Remember, individual object authorizations set for a user using transaction PFCG will have more priority over the Business role linked authorizations as 1 business role can be assigned to many users however if one user is not grated to see BP related data, this will still remain enforced even though the business Role PFCG is granting him to see...There is a difference between user specific authorizations and Business Role specific authorization...
In second case,its user linked Authorizations. When you add the PFCG role in SU01, this is being the User Specific Authorizations which will always have the priority and thus granting the display.
This is my basic understanding. I am 100% sure that PFCG role only controls the DISPLAY/CREATE/CHANGE related authorizations and lots more in context of authorizations. However what to include & show is decided by Navigation Profile and Business Role customizations.
If everything is intact in navigation bar profile and business role customizations, and still you dont see anything on the work center, then i am 100% sure that its related to User Authorizations
Refer pg 56 in CR580, it will clear your doubt.
Thanks & regards,
Suchita -
Hi experts,
I am using radio buttons in alv report by using screen painter but error occurs in alv that screen doesn't exist in module.
plz help me.Hi Ankita,
check this program.
*& Report ZALVGRID_WITH_RADIOBUTTONS
*& This program shows how to realize radiobuttons in ALV grid lists
*& using event HOTSPOT_CLICK.
*& Screen 100:
*& - Flow logic
*& PROCESS BEFORE OUTPUT.
*& MODULE PBO.
*& PROCESS AFTER INPUT.
*& MODULE PAI.
*& - Screen elements: none
*& - ok-code field -> gd_okcode
*& GUI Status MAIN100:
*& - F3 = 'BACK', Shift+F3 = 'EXIT', F12 = 'CANC'
PROGRAM zalvgrid_with_radiobuttons.
TYPE-POOLS: abap, icon. " INCLUDE . for releases < 6.20
TYPES: BEGIN OF ty_s_sflight.
INCLUDE TYPE sflight.
TYPES: button1 TYPE iconname.
TYPES: button2 TYPE iconname.
TYPES: button3 TYPE iconname.
TYPES: button4 TYPE iconname.
TYPES: END OF ty_s_sflight.
DATA:
gt_sflight TYPE STANDARD TABLE OF ty_s_sflight,
gs_layout TYPE lvc_s_layo,
gt_fcat TYPE lvc_t_fcat.
DATA:
gd_okcode TYPE ui_func,
go_docking TYPE REF TO cl_gui_docking_container,
go_grid TYPE REF TO cl_gui_alv_grid.
CLASS lcl_eventhandler DEFINITION
CLASS lcl_eventhandler DEFINITION.
PUBLIC SECTION.
CLASS-METHODS:
handle_hotspot_click FOR EVENT hotspot_click OF cl_gui_alv_grid
IMPORTING
e_row_id
e_column_id
es_row_no
sender.
ENDCLASS. "lcl_eventhandler DEFINITION
CLASS lcl_eventhandler IMPLEMENTATION
CLASS lcl_eventhandler IMPLEMENTATION.
METHOD handle_hotspot_click.
define local data
FIELD-SYMBOLS:
IS ASSIGNED ).
Set all radio buttons "unselected"
IS ASSIGNED ).
Set selected radio button "selected".
= icon_wd_radio_button.
ENDIF.
Force PAI followed by refresh of table display in PBO
CALL METHOD cl_gui_cfw=>set_new_ok_code
EXPORTING
new_code = 'REFRESH'
IMPORTING
RC =
ENDMETHOD. "handle_hotspot_click
ENDCLASS. "lcl_eventhandler IMPLEMENTATION
MAIN *
START-OF-SELECTION.
PERFORM select_data.
PERFORM init_controls.
PERFORM build_fieldcatalog.
PERFORM set_layout.
CALL METHOD go_grid->set_table_for_first_display
EXPORTING
i_structure_name = 'SFLIGHT'
is_layout = gs_layout
CHANGING
it_fieldcatalog = gt_fcat
it_outtab = gt_sflight.
Link docking container to dynpro
CALL METHOD go_docking->link
EXPORTING
repid = syst-repid
dynnr = '0100'
CONTAINER =
EXCEPTIONS
cntl_error = 1
cntl_system_error = 2
lifetime_dynpro_dynpro_link = 3
OTHERS = 4.
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
CALL SCREEN 100.
END-OF-SELECTION.
MODULE PBO OUTPUT *
MODULE pbo OUTPUT.
SET PF-STATUS 'MAIN100'.
SET TITLEBAR 'MAIN100'.
ENDMODULE. "PBO OUTPUT
MODULE PAI INPUT *
MODULE pai INPUT.
Leave report
CASE gd_okcode.
WHEN 'BACK' OR
'EXIT' OR
'CANC'.
SET SCREEN 0. LEAVE SCREEN.
Refresh table display
WHEN 'REFRESH'.
PERFORM refresh_display.
WHEN OTHERS.
do nothing
ENDCASE.
CLEAR gd_okcode.
ENDMODULE. "PAI INPUT
*& Form BUILD_FIELDCATALOG
text
--> p1 text
<-- p2 text
FORM build_fieldcatalog .
ALV List with Radio Buttons
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com
© 2007 SAP AG 7
define local data
DATA:
ls_fcat TYPE lvc_s_fcat.
CALL FUNCTION 'LVC_FIELDCATALOG_MERGE'
EXPORTING
I_BUFFER_ACTIVE =
i_structure_name = 'ICON'
I_CLIENT_NEVER_DISPLAY = 'X'
I_BYPASSING_BUFFER =
I_INTERNAL_TABNAME =
CHANGING
ct_fieldcat = gt_fcat
EXCEPTIONS
inconsistent_interface = 1
program_error = 2
OTHERS = 3.
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
DELETE gt_fcat WHERE ( fieldname <> 'NAME' ).
NOTE: field ICON-NAME has data element ICONNAME.
CALL FUNCTION 'LVC_FIELDCATALOG_MERGE'
EXPORTING
I_BUFFER_ACTIVE =
i_structure_name = 'SFLIGHT'
I_CLIENT_NEVER_DISPLAY = 'X'
I_BYPASSING_BUFFER =
I_INTERNAL_TABNAME =
CHANGING
ct_fieldcat = gt_fcat
EXCEPTIONS
inconsistent_interface = 1
program_error = 2
OTHERS = 3.
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
READ TABLE gt_fcat INTO ls_fcat
WITH KEY fieldname = 'NAME'.
IF ( syst-subrc = 0 ).
DELETE gt_fcat INDEX syst-tabix.
ENDIF.
ls_fcat-fieldname = 'BUTTON4'.
ls_fcat-coltext = ls_fcat-fieldname.
ls_fcat-icon = 'X'.
ls_fcat-hotspot = 'X'.
INSERT ls_fcat INTO gt_fcat INDEX 5.
ls_fcat-fieldname = 'BUTTON3'.
ls_fcat-coltext = ls_fcat-fieldname.
INSERT ls_fcat INTO gt_fcat INDEX 5.
ls_fcat-fieldname = 'BUTTON2'.
ls_fcat-coltext = ls_fcat-fieldname.
INSERT ls_fcat INTO gt_fcat INDEX 5.
ls_fcat-fieldname = 'BUTTON1'.
ls_fcat-coltext = ls_fcat-fieldname.
INSERT ls_fcat INTO gt_fcat INDEX 5.
Renumbering of the columns
LOOP AT gt_fcat INTO ls_fcat.
ls_fcat-col_pos = syst-tabix.
MODIFY gt_fcat FROM ls_fcat INDEX syst-tabix.
ENDLOOP.
ENDFORM. " BUILD_FIELDCATALOG
*& Form SELECT_DATA
text
--> p1 text
<-- p2 text
FORM select_data .
define local data
DATA:
ls_sflight TYPE ty_s_sflight.
SELECT * FROM sflight INTO CORRESPONDING FIELDS OF TABLE gt_sflight.
ls_sflight-button1 = icon_wd_radio_button. " selected radiobutton
ls_sflight-button2 = icon_wd_radio_button_empty.
ls_sflight-button3 = icon_wd_radio_button_empty.
ls_sflight-button4 = icon_wd_radio_button_empty.
Alternatively: create icons using function module 'ICON_CREATE'
on SAP releases where these icons are not available.
MODIFY gt_sflight FROM ls_sflight
TRANSPORTING button1 button2 button3 button4
WHERE ( carrid IS NOT INITIAL ).
ENDFORM. " SELECT_DATA
*& Form INIT_CONTROLS
text
--> p1 text
<-- p2 text
FORM init_controls .
CHECK ( go_docking IS NOT BOUND ).
ALV List with Radio Buttons
SAP DEVELOPER NETWORK | sdn.sap.com BUSINESS PROCESS EXPERT COMMUNITY | bpx.sap.com
© 2007 SAP AG 9
Create docking container
CREATE OBJECT go_docking
EXPORTING
parent = cl_gui_container=>screen0
REPID =
DYNNR =
SIDE = DOCK_AT_LEFT
EXTENSION = 50
STYLE =
LIFETIME = lifetime_default
CAPTION =
METRIC = 0
ratio = 90
NO_AUTODEF_PROGID_DYNNR =
NAME =
EXCEPTIONS
cntl_error = 1
cntl_system_error = 2
create_error = 3
lifetime_error = 4
lifetime_dynpro_dynpro_link = 5
OTHERS = 6.
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
Size of container = full screen size
CALL METHOD go_docking->set_extension
EXPORTING
extension = 99999
EXCEPTIONS
cntl_error = 1
OTHERS = 2.
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
Create ALV grid instance
CREATE OBJECT go_grid
EXPORTING
I_SHELLSTYLE = 0
I_LIFETIME =
i_parent = go_docking
I_APPL_EVENTS = space
I_PARENTDBG =
I_APPLOGPARENT =
I_GRAPHICSPARENT =
I_NAME =
I_FCAT_COMPLETE = SPACE
EXCEPTIONS
error_cntl_create = 1
error_cntl_init = 2
error_cntl_link = 3
error_dp_create = 4
OTHERS = 5.
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
Set event handler for event HOTSPOT_CLICK
SET HANDLER:
lcl_eventhandler=>handle_hotspot_click FOR go_grid.
ENDFORM. " INIT_CONTROLS
*& Form REFRESH_DISPLAY
Refresh table display after switching the radiobuttons
--> p1 text
<-- p2 text
FORM refresh_display .
define local data
DATA:
ls_stable TYPE lvc_s_stbl.
ls_stable-row = abap_true.
ls_stable-col = abap_true.
CALL METHOD go_grid->refresh_table_display
EXPORTING
is_stable = ls_stable
I_SOFT_REFRESH =
EXCEPTIONS
finished = 1
OTHERS = 2.
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
ENDFORM. " REFRESH_DISPLAY
*& Form SET_LAYOUT
Set layout for ALV list
--> p1 text
<-- p2 text
FORM set_layout .
CLEAR: gs_layout.
gs_layout-cwidth_opt = abap_true. " optimize column width
gs_layout-zebra = abap_true.
ENDFORM. " SET_LAYOUT
Regards,
Prasanth
Reward if helpful -
Background job fails for BDC profile creation and role assignment
Hi Experts,
I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
Below is the process of job
1. ZMIS_AUTH_OBJECT_CREATE
Variant : auth-create
2. ZMIS_AUTH_ASSIGN_TO_ROLE
Variant : auth-assign
The problem is in second program, runs in foreground but fails in background.
Code which i have written in my second program
***BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
***Generation of Profile created
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14 .
Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
Regards,
ChetanHi Praveen,
Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
To achieve this i have written two programs
1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
"" Creation of Authorization Object
CALL FUNCTION 'ZAUTHOBJ'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
g_authname_001 = 'ZDUMMY_MIS'
g_targetauth_002 = wa_tab-auth
g_authtxt_003 = wa_tab-short_desc
g_authtxtmd_004 = wa_tab-med_desc
marked_04_005 = 'X'
g_authtxt_006 = wa_tab-short_desc
g_authtxtmd_007 = wa_tab-med_desc
tctiobjnm_04_008 = 'ZBUS_UNIT'
g_authtxt_009 = wa_tab-short_desc
g_authtxtmd_010 = wa_tab-med_desc
marked_05_011 = ''
opt_01_012 = 'EQ'
low_01_013 = wa_tab-bu
g_authtxt_014 = wa_tab-short_desc
g_authtxtmd_015 = wa_tab-med_desc
marked_04_016 = 'X'
g_authtxt_017 = wa_tab-short_desc
g_authtxtmd_018 = wa_tab-med_desc
tctiobjnm_04_019 = 'ZCONTRCT'
g_authtxt_020 = wa_tab-short_desc
g_authtxtmd_021 = wa_tab-med_desc
marked_05_022 = ''
opt_01_023 = 'EQ'
low_01_024 = lv_contract
g_authtxt_025 = wa_tab-short_desc
g_authtxtmd_026 = wa_tab-med_desc
g_authtxt_027 = wa_tab-short_desc
g_authtxtmd_028 = wa_tab-med_desc
g_authname_029 = wa_tab-auth
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
"" Creation of role
LOOP AT it_role INTO wa_role.
CLEAR wa_text.
wa_text-text = wa_role-desc.
wa_text-langu = 'E'.
APPEND wa_text TO it_text.
wa_jobrole-agr_name = wa_role-role_name.
wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
wa_method-usmethod = 'CHANGE'.
CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
EXPORTING
jobrole = wa_jobrole
parent = wa_parentrole
method = wa_method
TABLES
* RETURN =
shorttext = it_text
* LONGTEXT =
* MENU_NODES =
* MENU_TEXTS =.
ENDLOOP.
2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
""*BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message .
COMMIT WORK AND WAIT.
""*Generation of Profile created
LOOP AT it_role INTO wa_role.
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDLOOP.
For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
Regards,
Chetan -
Mass Change for Indirect Role Assignment
Hi all,
I am in the process of changing the companys authorisations from a standard SU01 role assignment to a position based indirect role assignment.
At the moment I am using PFCG going to the Org Mg button under the User tab then attaching the position that way. Is there a way of assigning more than one role to a position at the same time?
Is there a Mass Assignment option in PFCG or is there a separate transaction available to make this process quicker??
Thanks for your help
Ianyou can mass-assign people and roles if you go to transaction PPOME instead of PFCG. to make role assignments from PPOME please apply note 578271 first. be careful whilst implementing this <insert nasty word here> note because some of those view-clusters tend to refuse to load your changes = you can see them, but they don't work - might be you will have to flush table buffers for the changes to take effect.
-
How to create a radio button in ALV Reports
Hi all,
Best wishes to all..
Kindly reply me to this question... that is "How to create a radio button in ALV Report"
Thanks and Regards
AnjaliHI
here is an example :
PROGRAM ZUS_SDN_BCALV_GRID_DEMO_2.
Based on: BCALV_GRID_DEMO.
TYPE-POOLS: icon.
TYPES: BEGIN OF ty_s_sflight.
INCLUDE TYPE sflight.
TYPES: button1 TYPE lvc_emphsz.
TYPES: button2 TYPE lvc_emphsz.
TYPES: button3 TYPE lvc_emphsz.
TYPES: button4 TYPE lvc_emphsz.
TYPES: END OF ty_s_sflight.
DATA:
gt_sflight TYPE STANDARD TABLE OF ty_s_sflight,
gt_fcat TYPE lvc_t_fcat.
DATA: ok_code LIKE sy-ucomm,
gt_sflight TYPE TABLE OF sflight,
g_container TYPE scrfname VALUE 'BCALV_GRID_DEMO_0100_CONT1',
grid1 TYPE REF TO cl_gui_alv_grid,
g_custom_container TYPE REF TO cl_gui_custom_container.
CLASS lcl_eventhandler DEFINITION
CLASS lcl_eventhandler DEFINITION.
PUBLIC SECTION.
CLASS-DATA:
md_cnt TYPE i.
CLASS-METHODS:
handle_hotspot_click FOR EVENT hotspot_click OF cl_gui_alv_grid
IMPORTING
e_row_id
e_column_id
es_row_no
sender.
ENDCLASS. "lcl_eventhandler DEFINITION
CLASS lcl_eventhandler IMPLEMENTATION
CLASS lcl_eventhandler IMPLEMENTATION.
METHOD handle_hotspot_click.
define local data
FIELD-SYMBOLS:
<ls_entry> TYPE ty_s_sflight,
<ld_fld> TYPE ANY.
READ TABLE gt_sflight ASSIGNING <ls_entry> INDEX es_row_no-row_id.
CHECK ( <ls_entry> IS ASSIGNED ).
Set all radio buttons "unselected"
<ls_entry>-button1 = icon_wd_radio_button_empty.
<ls_entry>-button2 = icon_wd_radio_button_empty.
<ls_entry>-button3 = icon_wd_radio_button_empty.
<ls_entry>-button4 = icon_wd_radio_button_empty.
ASSIGN COMPONENT e_column_id-fieldname OF STRUCTURE <ls_entry>
TO <ld_fld>.
IF ( <ld_fld> IS ASSIGNED ).
Set selected radio button "selected".
<ld_fld> = icon_wd_radio_button.
ENDIF.
Force PAI followed by refresh of table display in PBO
CALL METHOD cl_gui_cfw=>set_new_ok_code
EXPORTING
new_code = 'DUMMY'
IMPORTING
RC =
ENDMETHOD. "handle_hotspot_click
ENDCLASS. "lcl_eventhandler IMPLEMENTATION
START-OF-SELECTION.
MAIN *
PERFORM select_data.
CALL SCREEN 100.
MODULE PBO OUTPUT *
MODULE pbo OUTPUT.
SET PF-STATUS 'MAIN100'.
IF g_custom_container IS INITIAL.
CREATE OBJECT g_custom_container
EXPORTING container_name = g_container.
CREATE OBJECT grid1
EXPORTING i_parent = g_custom_container.
PERFORM build_fieldcatalog.
CALL METHOD grid1->set_table_for_first_display
EXPORTING
i_structure_name = 'SFLIGHT'
CHANGING
it_fieldcatalog = gt_fcat
it_outtab = gt_sflight.
Set event handler for event TOOLBAR
SET HANDLER:
lcl_eventhandler=>handle_hotspot_click FOR grid1.
else.
CALL METHOD grid1->refresh_table_display
EXPORTING
IS_STABLE =
I_SOFT_REFRESH =
EXCEPTIONS
FINISHED = 1
others = 2.
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
ENDIF.
ENDMODULE. "PBO OUTPUT
MODULE PAI INPUT *
MODULE pai INPUT.
to react on oi_custom_events:
CALL METHOD cl_gui_cfw=>dispatch.
CASE ok_code.
WHEN 'EXIT'.
PERFORM exit_program.
WHEN OTHERS.
do nothing
ENDCASE.
CLEAR ok_code.
ENDMODULE. "PAI INPUT
FORM EXIT_PROGRAM *
FORM exit_program.
CALL METHOD G_CUSTOM_CONTAINER->FREE.
CALL METHOD CL_GUI_CFW=>FLUSH.
LEAVE PROGRAM.
ENDFORM. "EXIT_PROGRAM
*& Form BUILD_FIELDCATALOG
text
--> p1 text
<-- p2 text
FORM build_fieldcatalog .
define local data
DATA:
ls_fcat TYPE lvc_s_fcat,
ls_hype TYPE lvc_s_hype.
CALL FUNCTION 'LVC_FIELDCATALOG_MERGE'
EXPORTING
I_BUFFER_ACTIVE =
i_structure_name = 'LVC_S_FCAT'
I_CLIENT_NEVER_DISPLAY = 'X'
I_BYPASSING_BUFFER =
I_INTERNAL_TABNAME =
CHANGING
ct_fieldcat = gt_fcat
EXCEPTIONS
inconsistent_interface = 1
program_error = 2
OTHERS = 3.
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
DELETE gt_fcat WHERE ( fieldname <> 'EMPHASIZE' ).
CALL FUNCTION 'LVC_FIELDCATALOG_MERGE'
EXPORTING
I_BUFFER_ACTIVE =
i_structure_name = 'SFLIGHT'
I_CLIENT_NEVER_DISPLAY = 'X'
I_BYPASSING_BUFFER =
I_INTERNAL_TABNAME =
CHANGING
ct_fieldcat = gt_fcat
EXCEPTIONS
inconsistent_interface = 1
program_error = 2
OTHERS = 3.
IF sy-subrc <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
READ TABLE gt_fcat INTO ls_fcat
WITH KEY fieldname = 'EMPHASIZE'.
IF ( syst-subrc = 0 ).
DELETE gt_fcat INDEX syst-tabix.
ENDIF.
ls_fcat-fieldname = 'BUTTON4'.
ls_fcat-icon = 'X'.
ls_fcat-hotspot = 'X'.
INSERT ls_fcat INTO gt_fcat INDEX 4.
ls_fcat-fieldname = 'BUTTON3'.
INSERT ls_fcat INTO gt_fcat INDEX 4.
ls_fcat-fieldname = 'BUTTON2'.
INSERT ls_fcat INTO gt_fcat INDEX 4.
ls_fcat-fieldname = 'BUTTON1'.
INSERT ls_fcat INTO gt_fcat INDEX 4.
LOOP AT gt_fcat INTO ls_fcat.
ls_fcat-col_pos = syst-tabix.
MODIFY gt_fcat FROM ls_fcat INDEX syst-tabix.
ENDLOOP.
ENDFORM. " BUILD_FIELDCATALOG
*& Form SELECT_DATA
text
--> p1 text
<-- p2 text
FORM select_data .
define local data
DATA:
ls_sflight TYPE ty_s_sflight.
SELECT * FROM sflight INTO CORRESPONDING FIELDS OF TABLE gt_sflight.
ls_sflight-button1 = icon_wd_radio_button.
ls_sflight-button2 = icon_wd_radio_button_empty.
ls_sflight-button3 = icon_wd_radio_button_empty.
ls_sflight-button4 = icon_wd_radio_button_empty.
MODIFY gt_sflight FROM ls_sflight
TRANSPORTING button1 button2 button3 button4
WHERE ( carrid IS NOT INITIAL ).
ENDFORM. " SELECT_DATA
Regards,
Prasanth
Reward all helpful answers -
OBPM 10gR3 Dynamic Role Assignment at user login
Hi,
For all the great integration with LDAP in 10gR3, unfortunately, the system is unable to deal with dynamically-defined LDAP groups.
Our goal is to apply a BPM Role to ALL humans defined in our LDAP.
All humans happen to already be defined by a dynamically-defined LDAP group called 'AllPeople'.
It would have been perfect if we could simply assign our BPM Role, 'Employee', to the LDAP group, 'AllPeople'. Sadly you can't (one for the next release pls).
So as a workaround, what we want to do instead is assign the BPM Role 'Employee' to each individual user dynamically when they first login.
Since the FDI library is useless outside of a BPM context (you'll find that some of the familiar methods of RoleAssignment are missing), We opted to create an actual BPM process to conduct role assignments, and we would then trigger it via PAPI.
The question then was, where/when do we invoke the process such that it does the role assignment quickly and soon enough for the appropriate views and applications to appear in their workspace straight after login?
We opted for a customised implementation of the SSOWorkspaceLoginInterface class.
However, we tried making the invocation in the setupAuthenticatedSession() and the processRequest() methods but, although the role assignment was successfully done in either case, sadly the user's session was loaded without the new changes - perhaps loaded quicker than the role assignment could be fed back through the directory.
Therefore, we dumped the invocation in the actual constuctor - and this seems to work for the most part. Yet on the odd ocassion, the role assignment is not quick enough to be realised in the user's workspace session - the user has to logout and back in before the changes are realised.
We've even tried to get the execution to sleep for a second or two, while the PAPI thread goes about doing the role assignment - again not much success.
So I really have 2 questions:
1. Where during login can we make a PAPI call to do a role assignment so that it should be picked up by the time the session is created? perhaps we already are doing it in the right place.
2. How could we refresh/request a new session cookie without explicitly logging out and back in again? Note, page refresh is not enough.
Thanks for reading.Sorry for the belated response - I don't get notified of replies.
The code for my custom SSOLoginModule class is:-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Properties;
import fuego.workspace.security.SSOWorkspaceLoginInterface;
import fuego.papi.Arguments;
import fuego.papi.CommunicationException;
import fuego.papi.InstanceInfo;
import fuego.papi.OperationException;
import fuego.papi.ProcessService;
import fuego.papi.ProcessServiceSession;
import fuego.sso.SSOLoginException;
import fuego.sso.SSOUserLogin;
import fuego.jsfcomponents.Util;
import fuego.workspace.model.common.WorkspaceApplicationBean;
public class CustomSSOWorkspaceLogin extends SSOUserLogin implements SSOWorkspaceLoginInterface {
private ProcessService pService;
private ProcessServiceSession pServiceSession;
private Properties properties;
public SSOWorkspaceDBLogin() {
//Do the role assignment here because it works, and does not work in the ideal location of setupAuthenticatedSession method
pService = createProcessService();
pServiceSession = createProcessServiceSession();
assignDefaultRole(Util.getHttpServletRequest().getRemoteUser());
private ProcessService createProcessService() {
return WorkspaceApplicationBean.getCurrent().getProcessService();
private ProcessServiceSession createProcessServiceSession() {
return pService.createSession("yourdirectoryusername","yourdirectorypassword",null);
//This method is used to remotely invoke a BPM process to do the role assignment - no external API to do this directly!
private void assignDefaultRole(String email) {
try {
String processId = "myRoleAssignmentProcessId";
String argumentName = "argumentName"; //the name of the input argument to feed in the participant
String argumentValue = email;
Arguments arguments = Arguments.create();
arguments.putArgument(argumentName, argumentValue);
InstanceInfo instance = pServiceSession.processCreateInstance(processId, arguments);
Long waitTime = new Long(1000);
Long timeLimit = new Long(5000);
boolean roleAssigned = false;
boolean timeLimitExceeded = false;
Long startTime = System.currentTimeMillis();
//Allow role assignment thread to complete
while (!roleAssigned && !timeLimitExceeded) {
try {
Thread.sleep(waitTime);
if (pServiceSession.processGetInstance(instance.getId()).isCompleted()) {
roleAssigned = true;
if (System.currentTimeMillis() - startTime > timeLimit) {
timeLimitExceeded = true;
} catch (InterruptedException e) {
e.printStackTrace();
//close process service session
pServiceSession.close();
//Do not close the service itself as it is shared with the Workspace itself!
//pService.close();
} catch (Exception e) {
e.printStackTrace();
public void setupAuthenticatedSession(HttpServletRequest httpservletrequest, HttpServletResponse httpservletresponse) throws SSOLoginException {
//Unfortunately, the below does not work here because the role assignment is not fast enough
//The result is that the user logs in but cannot see any applications because the role assignment has not been made in time.
//Therefore, we run the below statements from the constructor - ugly but functions.
//pService = createProcessService();
//pServiceSession = createProcessServiceSession();
//assignDefaultRole(httpservletrequest.getRemoteUser());
public void processRequest(HttpServletRequest httpservletrequest, HttpServletResponse httpservletresponse) throws SSOLoginException {
} -
How to hide the Print and Export button in analytics report or tasks pane
Hi Experts,
In BIEE 11g,
How to hide the Print and Export button in analytics report or tasks pane ?
For example:
In console,I have created one userA which is belong to BIConsumer GROUP , when I make use of the highest user 'weblogic' to create one simple report, then the userA will login the analytivs to view this report (not dashboard), it will show the print and export as below.So customers do not want to give him the privilege for printing and exporting.
In addtion, go to catalog->tasks(left corner), it will also show the print and export button. So how to hide or not access these button?
Note: Maybe it can use the policy for consumer role for implementing this requirement, but I do not know how to modify the policy. Are you facing the problem? Thanks.Hi,
1. Create seperate folder for Reports & Dashobard.
2. For BI_Consumer (userA) set the catalog permission to view Dashboard Folder only and remove permission on the Report Folder (you can give traverse permission but don't give Open permision).
3. By this user won't be able to open or run any reports in that folder and the only way he can see the reports is through Dashboard and on dashboard the export and print buttone can be removed very easily.
Mark helpful if it helps.
Regards,
Kashi
Edited by: K N Yadav on 24 May, 2013 1:51 AM -
Function module to Delimit the roles assigned to the user
Hi All,
I am working on security role automation process abap report.My requirement is to delimit the roles assigned to the user on account of employee termination or retirement. I have used the function module "BAPI_USER_ACTGROUPS_ASSIGN" to delimit the role assigned to the user.
Passing the importing parameter "username" and in the Tables parameter"ACTIVITYGROUPS" passing the respective parameters AGR_NAME(Role), FROM_DAT(Start Date),TO_DAT(termination date - 1). When I passing the parameters as mentioned above,the role assigned to the user is getting deleted,instead of delimitation of the role assigned to the user.
Is there any other function module we can use to delmit the roles assigned to the user? Please help.
Regards,
Krishnanhai,
please try this.
/VIRSA/RE_BAPI_CREATE_ROLE- Create Roles
/VIRSA/ROLE_ASSIGN_CUA_NH
/VIRSA/RE_BAPI_ROLE_TO_USERS
ASSIGN_USERS_HIERARCHY - User Assignment to Role - this is a Normal FM
try this bapis this may work
BAPI_USER_LOCK
- BAPI_USER_PROFILES_ASSIGN
- BAPI_USER_LOCPROFILES_ASSIGN
- BAPI_USER_LOCACTGROUPS_ASSIGN
- BAPI_USER_CHANGE
- BAPI_USER_UNLOCK -
I am adding roles to positions using indirect role assignment, when adding the role to the position I am prompted to carry out a reconcilliation of indirect user assignments, receive message 'Indirect user assignments ok' so then I've run PFUD. When I check both the role and the user I cannot see the role attached to the user, but the role is listed in the 'Relationships' in PP01.
A new organisation structure has been created, when I click on the drop down at the 'change agent assignment' the old organisation structure is displayed. Any suggestions please how I can select the new organisation structure?
ThanksHello Anthea,
to pass on a role from a position to a SAP user id I would suggest the following.
Go to transaction SA38 and run report RHPROFL0.
Some notes on the report and report selections.
The report can be used to eveluate and assign roles from HR objects to SAP users. The report starts reading at a given HR object along an evaluation path. It then updates the SAP user found with authorisation roles.
Selections:
You have assigned the roles to a position therefore you should select object type S.
Then put the position number in the Object ID.
The key date is hopefully self explaining.
The evaluation path might have defaulted to PROFL0. That would be the correct one.
The program has a test mode. I suggest you run the test mode first. It will tell you what the program would change in an actual run.
In the next selection box - "Generate authorization profiles"
You might leave the ticks in the boxes:
- Standard authorizations
- PD authorizations
That will generate profiles if they aren't generated yet.
Next selection box - "Delete manually maintained authorisation profiles"
Leave the tick boxes blank if you have any direct assigned roles.
If you tick the boxes all roles and profiles directly assigned to SAP user ids will be deleted.
In section "New Users"
There is a tick box "Generate".
If that box is ticked the report will create new SAP user IDs for all occupied positions with roles but without SAP user ID on the Employee record.
You might leave that box unticked for the moment.
I suggest to create the application log --> Last tick box on the selection screen.
Some general comments at the end.
The report RHPROFL0 might be scheduled in production systems if indirect role assignments are used. Depending on your needs make sure that the deletion of manual assigned profiles is activated or deactivated.
If you do not enter an object id, the report will run for all object ids.
A further note on the indirect setup.
If roles should be passed on from a Position to a SAP user id, it is important, that the following conditions are fulfilled.
The Position is valid/active as of the report key date.
The position has a holder at key date.
The holder has an assignment of a valid SAP user ID at key date. Infotype 0105 subtype 0001 for object type P.
The Roles on the position are valid at the key date.
I hope that helps solving your issue.
Best regards
Karsten -
CUA sync with child client issue for indirect role assignment.
Hello Security experts,
we have a indirect role assignment set up in our ECC environment. there is a syncronization issue from the parent CUA to the chlild client. The role assignments have been made to role although they are not always reaching target system without having to sync up either the role or the IDu2019s position # manually. This has been an ongoing issue CUA has on any role or user from time to time. any hint on fixing this issue. please help..Whole idea of CUA is to manage your roles and users centrally, on the contrary you can manage the roles/profiles by setting up the attributes for the CUA thorugh Central user Management console - SCUM Transaction.
CUA has its own pros -
Central rep,Users Sync,Role Provisioning statergy - Global composites(consists of individual child roles) Distibuted model -Provisioing at individual child systems for roles, etc.Central user store,easy maintenance.
on the contrary - change documents is always a concern ( because cua uses - interface Ids or the RFC ids to push the idocs from cua to child system), CUA maintenance while system refresh - Copied distribution models have to be deleted and re-created, system backups has to be defined per you distribution model, password maintenance if defined global then Child systems act as inactive nodes, reading the roles into cua which are created in childs so as to establish a pointer to that system.
It also depends on the number of systems you have in your landscape so that you can calculate the overhead and then have a Go -no-Go decison on CUA.
Overall, I consider CUA as a good approach provided we streamline the process of provisioning, de-provisioning per the cua standards.
Rakesh -
Hi forum,
I have a CUA configured where I want the profile and the role assignment to be distributed global from the central system. I can create new roles with PFCG assign, users there, but I dont see these new roles in the user details in SU01.
What am I doing wrong?
Thank you!Hi Chris,
Seems pretty simple to me. Since it is a new role you need to do a text comparision.
In the central system of CUA execute the report SUSR_ZBV_GET_RECEIVER_PROFILES in SE38 transaction.
In receiving systems give all the systems that are part of CUA including the central system (in this particular case only central system can be input since the new role is present in central system) Now execute it and then do the role assignment wither through SU01 or PFCG once again. Check once more.
After every new role creation this report needs to be executed. This is what is known as Text comparison of roles which can also be done in SU01. Check for the pushbutton for text comparision under tabsrtip Roles within SU01.
Regards.
Ruchit. -
How to disable execute button in ABAP report
Hi,
Is it possible to disbale the execute button of ABAP report? If yes, how?
Thanks & Regards,
LohitYou can do this
You can set the Authorization for execution and Assign it to user whom you dont want that option. so that they cannot execute the Program. -
Business role assignment get lost
Hello *,
from time to time single users report logon problems due to missing business role assignment.
In these cases business role was assigned via user in tx su01 directly. Whenever it happened the affected user itself is shown for last modifier of user record. But the users of course are not authorized to edit this data.
We assume that maybe the personalization in web ui could be the reason but up to know the behaviour was not reproduceable.
Does anyone know this issue?
Kind regards
ThomasHi Thomas,
Sorry but maybe I've explained myself poorly. You said that business roles that were missing are normally assigned directly in SU01. Then, in order to try to understand how they are remove, in SU01 transaction there is a functionality that allows you to see the change history for every add/removal of a role. This will tell you the user that performed the action and which tcode he used.
Check this functionality that it's available as a menu option in SU01. Maybe it can give you some good clues about what's happening.
Kind regards,
Garcia
Maybe you are looking for
-
IMac. Ppc g5 will not boot up past apple sign
I have the iMac G5 PPC with 10.5.8 leopard running it. I go to turn it on and I get to the apple sign and the cog wheel and the fan kicks into hyper drive and that's it! What do I do?
-
I cannot view pdf files with free download from Adobe. Simple
I cannot view pdf documents, since recent download of Adobe Reader. Click pdf doc, Adobe opens, but bleeps if I click anywhere on the screen, then closes. Recently I tried to look at my Amex Statement online, but Adobe wouldn't show the file. I downl
-
Hi, I am using Form 6i and copied Forms60Libraries in my local machine. I am developing form which will be registered with oracle apps. Now I want to run this form locally instead of uploading into server everytime while testing which I don't have ac
-
How can I type Vietnamese in the text box of the report.
-
Safari will not let me sign in to Yahoo mail??
Its been a few months that Safari will not allow me to sign in to my Yahoo account and ever other website I try to launch seems really sluggish. What can I do? I an not at all tech-savvy. Ran a Norton anti-virus but all seems ok? Can you help?