on 11-07-2017 6:14 AM
Hi Experts,
I have developed a custom Web Dynpro Report in which there is provision for displaying document (FB03 and MIR4) on click of a button on selecting corresponding record in the ALV.
Below code is used to generate the URL for the doc and then displaying using external window.
Now the requirement is to give default display rights to all users (To view FB03 and MIR4) who is using this report even if they don't have authorization to that.
Is their any trick to override the authority check ?
Awaiting your valuable response.
Thanks,
Manoj
I will try to say this as nicely as I can: That's a really really really really bad solution.
- On technical level it's a very long winded way to just give everyone read access to everything, because
- you're giving everyone access to every document, therefore
- you might as well give everyone read everything authorisation for FB03 and MIR4
Find out what people need to see and build a component to show it to them. With proper authorisation checks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Why the 😞 ..?
To me that sounds like an easier solution than to mess around with URLs and custom hacks to break SAP's authorization checks. In the UK and probably most EU countries your company could be hauled up for data protection violations for making any financial document accessible to anyone via a simple URL. And it's definitely quicker to implement and can be nicer for the users (depending on exact needs).
Hi,
I am agree with Mike, it's a bad idea.
For your information, most of the time, in SAP context, the CALL TRANSACTION '...' did not check the authorization to call the transaction.
But, the problem is not the transaction but all the objects behind the transaction. Have a look to all the object that could be checked during the FB03 or MIR4 using the transaction SU24.
If you are using a WebDynpro program, you could create a node in the SICF with a dedicated user/passwd. This node will call the transaction FB03 or MIR4 and return the result.
Ask your developper if he could do that
regards
Fred
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Manoj,
the part for your webdynpro you have developed to display the MIR4 or the FB03, you have to create a dedicated webdynpro for it.
Each time you create a webdynpro, SAP create itself a node in the SICF transaction (you could find them using the filter in the first screen). In the SICF node you could change several things, like the error page, the default language, .. and you could set a username & password (like for RFC SM59)
So your user, will connect to the system, start the first webdynpro, this webdynpro will call the webdynpro MIR4/FB03 and in this webdynpro, the user used by SAP will be another user with the good authorization.
We used the same logic to create webdynpro page to reset password.
good luck
Fred
User | Count |
---|---|
80 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.