cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to create authorization checking with Tcode

Go to solution
suityan98
Explorer

on ‎08-12-2022 8:07 AM

0 Kudos

How to create authorization checking with tcode? I have tried many ways like creating transaction ZSDI_DRIVER_INFO and ZSDR_DRIVER_INFO during in tcode se80 and assigned the authorization object (F_BKPF_BUK) to the respective tcode.

But nothing change, even when testing I try to insert data not in authorization, It still allows the user to save. I am new in SAP ABAP. Hopefully can get some advice on this...

MODULE USER_COMMAND_0100 INPUT.

  CASE ok_code.
    WHEN 'CONFIRM' .
      

      IF gv_bukrs IS INITIAL
        OR gv_icno IS INITIAL
        OR gv_status IS INITIAL.

        MESSAGE 'Please fill in field required.' type 'E'.
        CALL SCREEN '0100'.

      ENDIF.
      PERFORM check_data.
    WHEN 'QUERY'.
      CALL SCREEN '0200'.
    WHEN 'UPDATE'.
      IF gv_bukrs IS INITIAL
        OR gv_icno IS INITIAL
        OR gv_status IS INITIAL.

        MESSAGE 'Please fill in field required.' type 'E'.
        CALL SCREEN '0100'.
      ENDIF.
      PERFORM check_data2.

    WHEN 'EXIT'.
      LEAVE TO SCREEN 0.
  ENDCASE.

Show replies
Show replies
venkateswaran_k
Active Contributor
‎08-12-2022 8:12 AM

Hi suityan98

Execute the t-code with the user who does not have this authorization.

If you are testing, you might have the sap_all authorization.

Answer

Accepted Solutions (1)

Accepted Solutions (1)

venkateswaran_k
Active Contributor
‎08-12-2022 8:24 AM
0 Kudos

Hi suityan98

You may add the following code in the USER_COMMAND_0100 ( as per your requirement )
CALL FUNCTION 'ISHMED_READ_USER_AUTH'
    EXPORTING
      i_user        = sy-uname
      i_object      = 'F_BKPF_BUK'
    TABLES
      t_authorities = i_authorization
    EXCEPTIONS
      read_error    = 1
      OTHERS        = 2.

READ TABLE i_authorization INTO wa_authorization WITH KEY objct = 'F_BKPF_BUK' 
                                                          actvt = 'A' 
                                                          field = 'ACTVT' 
                                                          von = '*'.
  IF sy-subrc NE 0.
    MESSAGE 'You are not authorized' DISPLAY LIKE 'E'.
  ENDIF.
NoteWhile testing as mentioned above, test with user who does not have this authorization.Regards,Venkat
Show replies
Show replies
suityan98
Explorer
‎08-12-2022 8:48 AM
0 Kudos

not able to call this function, how can i know the others possible function that I can use?

Answers (1)

Answers (1)

raymond_giuseppi
Active Contributor
‎08-16-2022 4:51 PM
0 Kudos

From your requirement I understand that you have to code some AUTHORITY-CHECK statements in your code such as 

  AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
           ID 'BUKRS' FIELD gv_bukrs
           ID 'ACTVT' FIELD '03'. " display/query
* For activity value, double-click on authorization object for list of values
* examples:
* 02  Update
* 03  Query
* 10  Confirm, etc.
  IF sy-subrc <> 0.
* Implement a suitable exception handling here
  ENDIF.

Adding the authorization object to the transaction definition will only trigger a check at start of transaction with the values you also provided to this transaction (click on 'values' from SE93 screen)

Show replies
Show replies
Ask a Question