Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Using BAdI HRBAS00_STRUAUTH to override structural authorization for specific T-codes

former_member74904
Contributor
0 Kudos

Hi all,

For a client I'm trying to develop an exception to structural authorizations for specific T-codes.

I have figured out that using BAdI HRBAS00_STRUAUTH should be suitable for this.

There are two relevant methods that I can and should use, namely: CHECK_AUTHORITY_VIEW & CHECK_AUTHORITY_SEARCH.

This is what they look like:


method IF_EX_AUTHORITY_BADI~CHECK_AUTHORITY_VIEW.

CASE sy-tcode.

  WHEN 'IW51' OR 'CAT3' OR 'CATS_DA' OR 'PPOSE'.

      exit_flag = 'X'.

      sy-subrc = 0.

  WHEN OTHERS.

       exit_flag = ''.

ENDCASE.

endmethod.


and



method IF_EX_AUTHORITY_BADI~CHECK_AUTHORITY_SEARCH.

  CASE sy-tcode.

     WHEN 'IW51' OR 'CAT3' OR 'CATS_DA' OR 'PPOSE'.

   SKIP_STANDARD = 'X'.

  WHEN OTHERS.

    SKIP_STANDARD = ''.

  ENDCASE.

endmethod.

All other methods have been implemented albeit with no functionality.

The issue I'm facing is that this only seems to work for HR-related transactions. As you can see in the code above, for PPOSE the BAdI works in a desired way. The thing is, I don't need this override capability for PPOSE at all. The requirement is for T-codes IW51, CATS_DA and CAT3 only.

More specifically, my implementation should allow for an F4 search help to show all available persons and select them in the aforementioned transactions, not just the ones a user is authorized for by his or her structural profile.

I have also looked into BAdI HRBAS00_SEARCH, but couldn't figure out whether this is going to help me with my requirement.

I'd be grateful for anyone's take on this.

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Hi Dimitri,

Figuring out this BAdI is still on my to do list but as I currently don't have a sandbox and a developer key available, how about an alternate approach:

You can implement BAdI HRBAS00_GET_PROFL and add a check on the SY-TCODE to the standard implementation code. In case the SY-TCODE is 'IW51', 'CATS_DA' or 'CAT3' you can add structural authorizations to all Persons to the users view.

This should effectively give them structural access to all Persons in these tcodes without impacting their authorizations in the other tcodes.

Hope that fits your requirement.

Brent

2 REPLIES 2

Former Member
0 Kudos

Hi Dimitri,

Figuring out this BAdI is still on my to do list but as I currently don't have a sandbox and a developer key available, how about an alternate approach:

You can implement BAdI HRBAS00_GET_PROFL and add a check on the SY-TCODE to the standard implementation code. In case the SY-TCODE is 'IW51', 'CATS_DA' or 'CAT3' you can add structural authorizations to all Persons to the users view.

This should effectively give them structural access to all Persons in these tcodes without impacting their authorizations in the other tcodes.

Hope that fits your requirement.

Brent

0 Kudos

Hi Brent,

Thank you so much for your alternate approach. I just finished doing a quick test and it seems to do exactly what I want.

You sir have made my day

This is what I did:


method IF_EX_HRBAS00_GET_PROFL~GET_T77PR_TAB.

   DATA: profl_all TYPE hrprofl,

         t77pr_wa  TYPE t77pr.

   CASE sy-tcode.

     WHEN 'IW51' OR 'CATS_DA' OR 'CAT3'.

       profl_all = 'ALL'.

       SELECT * FROM t77pr INTO t77pr_wa

                WHERE profl = profl_all.

                APPEND t77pr_wa TO t77pr_tab.

       ENDSELECT.

    ENDCASE.

endmethod.

BTW, I don't think the DATA declaration for profl_all is really necessary.

Thank you very much for this!