Skip to Content

Using BAdI HRBAS00_STRUAUTH to override structural authorization for specific T-codes

Hi all,

For a client I'm trying to develop an exception to structural authorizations for specific T-codes.

I have figured out that using BAdI HRBAS00_STRUAUTH should be suitable for this.

There are two relevant methods that I can and should use, namely: CHECK_AUTHORITY_VIEW & CHECK_AUTHORITY_SEARCH.

This is what they look like:

method IF_EX_AUTHORITY_BADI~CHECK_AUTHORITY_VIEW.
CASE sy-tcode.
  WHEN 'IW51' OR 'CAT3' OR 'CATS_DA' OR 'PPOSE'.
      exit_flag = 'X'.
      sy-subrc = 0.
  WHEN OTHERS.
       exit_flag = ''.
ENDCASE.
endmethod.


and


method IF_EX_AUTHORITY_BADI~CHECK_AUTHORITY_SEARCH.
  CASE sy-tcode.
     WHEN 'IW51' OR 'CAT3' OR 'CATS_DA' OR 'PPOSE'.
   SKIP_STANDARD = 'X'.
  WHEN OTHERS.
    SKIP_STANDARD = ''.
  ENDCASE.
endmethod.

All other methods have been implemented albeit with no functionality.

The issue I'm facing is that this only seems to work for HR-related transactions. As you can see in the code above, for PPOSE the BAdI works in a desired way. The thing is, I don't need this override capability for PPOSE at all. The requirement is for T-codes IW51, CATS_DA and CAT3 only.

More specifically, my implementation should allow for an F4 search help to show all available persons and select them in the aforementioned transactions, not just the ones a user is authorized for by his or her structural profile.

I have also looked into BAdI HRBAS00_SEARCH, but couldn't figure out whether this is going to help me with my requirement.

I'd be grateful for anyone's take on this.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    avatar image
    Former Member
    Nov 03, 2015 at 11:53 AM

    Hi Dimitri,

    Figuring out this BAdI is still on my to do list but as I currently don't have a sandbox and a developer key available, how about an alternate approach:

    You can implement BAdI HRBAS00_GET_PROFL and add a check on the SY-TCODE to the standard implementation code. In case the SY-TCODE is 'IW51', 'CATS_DA' or 'CAT3' you can add structural authorizations to all Persons to the users view.

    This should effectively give them structural access to all Persons in these tcodes without impacting their authorizations in the other tcodes.

    Hope that fits your requirement.

    Brent

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Brent,

      Thank you so much for your alternate approach. I just finished doing a quick test and it seems to do exactly what I want.

      You sir have made my day 😉

      This is what I did:

      method IF_EX_HRBAS00_GET_PROFL~GET_T77PR_TAB.
         DATA: profl_all TYPE hrprofl,
               t77pr_wa  TYPE t77pr.
         CASE sy-tcode.
           WHEN 'IW51' OR 'CATS_DA' OR 'CAT3'.
             profl_all = 'ALL'.
             SELECT * FROM t77pr INTO t77pr_wa
                      WHERE profl = profl_all.
                      APPEND t77pr_wa TO t77pr_tab.
             ENDSELECT.
          ENDCASE.
      endmethod.
      

      BTW, I don't think the DATA declaration for profl_all is really necessary.

      Thank you very much for this!