Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization for the user to write/read/create a file in application serve

Former Member
0 Kudos

Hi experts.

I am uploading some data to a file in a folder in application server, created in AL11 tcode.

In my program i need to restrict the unauthorized users to create/write/read a file in app server.

I dont know how to do this.

Kindly give me the code, please it wil be helpfull for you all.

I dont know how to use the auth object or function module, to do this.

Is the basis/security people need to do something.

Kindly revert me back ASAP.

KK

10 REPLIES 10

Former Member
0 Kudos

HI,

Normally the access is controlled by the role of that particular user you need not do that.. but how every if you want to hardcode a specific path to be accessed by a specific users then you can do that .. but when it moves to production.. at the first case it will be restricted at the authorization or role of that user..so u dont need to worry about it..

Thansk

Mahesh

0 Kudos

Thanks for ur reply Mahesh.

But im sorry i couldnt understand anything.

Normally OPEN dataset checks this authorization, but it throws a runtime execption. So that why im checking it manaully.

So i want to restrict the user to access the file.

You said we can do that, how can we acheive that?

Nithin

0 Kudos

Ok..

use a try catch block and write ur open dataset statments in that block..

and handle these exceptions..

DATASET_TOO_MANY_FILES: Maximum number of open files exceeded.

OPEN_DATASET_NO_AUTHORITY: User does not have authorization to access the file.

OPEN_PIPE_NO_AUTHORITY: User does not have authorization to access the file using OPEN DATASET with the FILTER addition.

DATASET_NO_PIPE: OPEN DATASET with the FILTER addition is not supported on the current operating system

<b> DATA : OREF TYPE REF TO CX_ROOT. " To Hold the Exception

try.

open dataset lv_file .....

*-- Handle the exception for

CATCH CX_ROOT INTO OREF.

LV_TEXT = OREF->GET_TEXT( ).

endtry.</b>

LV_TEXT WILL CONTAIN THE EXACT MESSAGE. YOU CAN PRINT THIS MESSAGE....

Thansk

Mahesh

0 Kudos

Or use AUTHORITY_CHECK_DATASET function module before the open data set

This function module allow you to check the user's authorization to access files (with the key words OPEN DATASET, READ DATASET, TRANSFER and DELETE DATASET). A check should be performed before opening a file.

The authorization check is performed uwing the authorization object S_DATASET.

Description of function parameters:

PROGRAM: Name of the ABAP/4 program that contains the file access. If no program name is specified, the system assumes the current program.

ACTIVITY: Access type. The possible values are:

READ: Read file

WRITE: Change file

READ_WITH_FILTER: Read file with filter function

WRITE_WITH_FILTER: Change file with filter function

DELETE: Delete file

FILENAME: Name of accessed file

Example

Notes

The values to be passed as the ACTIVITY are defined as constants in the TYPE-POOL SABC.

0 Kudos

Mahesh thanks for ur replies,

actually i did the FM in my code.

But im not able to understand now how to add the object in user profile or role..

can u explain me that?

and also it has write, read values, not create parameter.

If user needs to restrict to creating of file in app server, then how to do it?

KK

0 Kudos

HI,

if you have written in ur code that is enough.. you dont need to add to the user profile how ever..

a person with the autorization object S_DATASET. will be able to do the changes.

a write permission means he can create also.. when ur program reads a application file then ensure that the user as read permission

if ur program creates a file then ensure the the user has write permissions.

Thanks

Mahesh

Former Member
0 Kudos

Hi Kiran,

As far as i know, the access to application server directories is controlled by the system or database administraor.. This is done by the basis team..

In your code call the function module 'PFL_CHECK_DIRECTORY' by passing the file path.. Also, you can pass the write / read check here..

This FM will return you whether the user is authorised for the specific task or not.

Thanks and Best Regards,

Vikas Bittera.

<b><REMOVED BY MODERATOR></b>

Message was edited by:

Alvaro Tejada Galindo

Former Member
0 Kudos

In the key word OPEN DATASET , you can use an addition called messages (You hit F1 on open dataset and read about it). This parameter will return you all the errors which occurred during OPEN DATASET.

You can use the same parameter to display the message.

This addition will keep the code really simple.

0 Kudos

Hi guys,

My problem is not completely solved.

As mahesh said to use the Funciton module, i used it.

Its restricting the user for WRITE permission, but read is not working.

I am using the same FM for both, but read is returing sy-subrc = 0, where its failing.

So READ is not working for me, WRITE is working.

So any clues from you please.

Kindly help, i have tried alot.

KK

0 Kudos

soloved