Solved: How to get ACTVT value for authority-check

craig_scott2 · ‎06-25-2010

I would like to do an AUTHORITY-CHECK in a user exit which can be called during processing from either standard or custom transactions. How can I determine the current activity so that I can pass the correct value in ACTVT in the AUTHORITY-CHECK call?

Thanks,

.. Craig

prasenjit_sharma · ‎06-28-2010

Hi,

The value of the field depends on the type activity that is performed on UI e.g., for create its 01, edit 02 and display 03 and so on. You can find more details of this inside the PFCG transaction when you open the auth-object.

Basically the authority-check statement will depend on your business process i.e., what access you want to give your user and you'd have to determine the subsequent processing of the program in case the check passes or fails.

Let me know if you need more help.

Regards

Prasenjit

Former Member · ‎06-25-2010

Display your object in SU21...look at the authorization fields. You may see an permitted activities push button at the bottom of the screen....look there also. You may to discuss with your security person, in some cases, to be sure you've got the right check... I sometimes have my security person turn me "on" and "off" to be sure my check works.

craig_scott2 · ‎06-25-2010

I'm sorry, BreakPoint, but you misunderstand my question. The user exit is triggered during Purchase Order processing from a number of programs (and transactions). For example, it may be triggered from transactions ME21 or ME21N or ME22 or ME22N, etc. At that point, we are not necessarily still in the originating program (eg. SAPMM06E for ME21) so I have look at the value SAPMM06E-ACTVT to find out what activity the user is attempting and pass this value in the AUTHORITY-CHECK call. I can hard code specific transaction/program values if I need to do so, but it would be more flexible if I didn't need to. Also, I have the calling transaction in SY-TCODE, but SYST doesn't always seem to have the program name that I need to find the right ACTVT value.

.. Craig

Former Member · ‎06-28-2010

I'd export some values (like sy-tcode, etc.) to a memory id, then import where I needed to know what was being executed.

prasenjit_sharma · ‎06-28-2010

Hi,

The value of the field depends on the type activity that is performed on UI e.g., for create its 01, edit 02 and display 03 and so on. You can find more details of this inside the PFCG transaction when you open the auth-object.

Basically the authority-check statement will depend on your business process i.e., what access you want to give your user and you'd have to determine the subsequent processing of the program in case the check passes or fails.

Let me know if you need more help.

Regards

Prasenjit

brad_bohn · ‎06-28-2010


The value of the field depends on the type activity that is performed on UI e.g., for create its 01, edit 02 and display 03 and so on. You can find more details of this inside the PFCG transaction when you open the auth-object.
Basically the authority-check statement will depend on your business process i.e., what access you want to give your user and you'd have to determine the subsequent processing of the program in case the check passes or fails.

He already knows those generalizations. In fact, he seems to have a very good grasp of the requirement. The problem he has is with PO processing the fact that the main program can change depending on the point of attack. Thus, if the exit doesn't hand off the value of the global variable ACTVT (which has already been pre-determined in the process), then you don't know which main program to access to get the value from memory via field symbol.

Craig, I would just try to hit one or the other, then try again if the assignment fails. There may be a more graceful approach available now but here's the way I used to do it with PO requirements:


...

  lv_fieldname = '(SAPLMEPO)EBAN'.
  ASSIGN (lv_fieldname) TO <fs_eban>.

  IF sy-subrc EQ 0.
    ls_eban = <fs_eban>.
  ELSE.
    CLEAR : lv_fieldname.
    lv_fieldname = '(SAPMM06E)EBAN'.
    ASSIGN (lv_fieldname) TO <fs_eban>.
    IF sy-subrc EQ 0.
      ls_eban = <fs_eban>.
    ENDIF.
  ENDIF.

...

craig_scott2 · ‎06-28-2010

Quite right, Brad. Points awarded for seeing my problem and expressing it so clearly. The problem with the "global variable" ACTVT is that it's not as "global" as I'd like. It would be nice to see it in SYST, for example, so that I could check it without having to know where the process was started from. Others have suggested passing the ACTVT in an export parameter but that means I need to look for a user-exit in every process that might trigger my user-exit in order to pass the export the value I need.

Does anyone know a truly "global" place to find ACTVT?

brad_bohn · ‎06-28-2010

Not that I know of. The closest you'll probably get is T180-TRTYP or a global TRTYP field but you'll probably still have to jump back to another global area to get it from a non-subroutine exit. Both SAPLMEPO and SAPMM06E use a globally declared field called 'XACTVT' though, so the best you can probably do is to try to access the value of that variable via field symbol in either main program and proceed from there.

craig_scott2 · ‎06-30-2010

Brad:

Table T180 looks like a good starting point. (Table T160 gives the same info but only for Purchasing transactions). I can translate the Transaction Type field in the table to an Activity and then base my check on that activity. These tables aren't a perfect solution because the table doesn't include all standard SAP transactions (eg. PK13/PK13N - Kanban Board transactions which trigger order creation) so I guess I'll have to use the table data when the transaction is present otherwise use the other methods.

Thanks for all your help.

.. Craig

ThomasZloch · ‎06-28-2010

Which user exit is it? Is there maybe any value being passed from the caller that could be translated into an ACTVT value?

Thomas