Skip to Content

How to skip authorization check for FB03/MIR4

Hi Experts,

I have developed a custom Web Dynpro Report in which there is provision for displaying document (FB03 and MIR4) on click of a button on selecting corresponding record in the ALV.

Below code is used to generate the URL for the doc and then displaying using external window.

Now the requirement is to give default display rights to all users (To view FB03 and MIR4) who is using this report even if they don't have authorization to that.

Is their any trick to override the authority check ?

Awaiting your valuable response.

Thanks,

Manoj

untitled.png (16.7 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Nov 07, 2017 at 07:22 PM

    I will try to say this as nicely as I can: That's a really really really really bad solution.

    - On technical level it's a very long winded way to just give everyone read access to everything, because
    - you're giving everyone access to every document, therefore
    - you might as well give everyone read everything authorisation for FB03 and MIR4

    Find out what people need to see and build a component to show it to them. With proper authorisation checks.

    Add comment
    10|10000 characters needed characters exceeded

    • Because I thought it can be done with some coding trick. But now i have to develop full screen with all the required information to be shown to user.

      I agree on violating authorization checks. That, we will handle with appropriate reason to auditor. But user wants to see.

      Thanks,

      Manoj

  • Nov 08, 2017 at 08:20 AM

    Hi,

    I am agree with Mike, it's a bad idea.

    For your information, most of the time, in SAP context, the CALL TRANSACTION '...' did not check the authorization to call the transaction.

    But, the problem is not the transaction but all the objects behind the transaction. Have a look to all the object that could be checked during the FB03 or MIR4 using the transaction SU24.

    If you are using a WebDynpro program, you could create a node in the SICF with a dedicated user/passwd. This node will call the transaction FB03 or MIR4 and return the result.

    Ask your developper if he could do that

    regards

    Fred

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Manoj,

      the part for your webdynpro you have developed to display the MIR4 or the FB03, you have to create a dedicated webdynpro for it.

      Each time you create a webdynpro, SAP create itself a node in the SICF transaction (you could find them using the filter in the first screen). In the SICF node you could change several things, like the error page, the default language, .. and you could set a username & password (like for RFC SM59)

      So your user, will connect to the system, start the first webdynpro, this webdynpro will call the webdynpro MIR4/FB03 and in this webdynpro, the user used by SAP will be another user with the good authorization.

      We used the same logic to create webdynpro page to reset password.

      good luck

      Fred