08-28-2007 9:22 PM
Hi experts.
I am uploading some data to a file in a folder in application server, created in AL11 tcode.
In my program i need to restrict the unauthorized users to create/write/read a file in app server.
I dont know how to do this.
Kindly give me the code, please it wil be helpfull for you all.
I dont know how to use the auth object or function module, to do this.
Is the basis/security people need to do something.
Kindly revert me back ASAP.
KK
08-28-2007 9:37 PM
HI,
Normally the access is controlled by the role of that particular user you need not do that.. but how every if you want to hardcode a specific path to be accessed by a specific users then you can do that .. but when it moves to production.. at the first case it will be restricted at the authorization or role of that user..so u dont need to worry about it..
Thansk
Mahesh
08-28-2007 9:40 PM
Thanks for ur reply Mahesh.
But im sorry i couldnt understand anything.
Normally OPEN dataset checks this authorization, but it throws a runtime execption. So that why im checking it manaully.
So i want to restrict the user to access the file.
You said we can do that, how can we acheive that?
Nithin
08-28-2007 9:45 PM
Ok..
use a try catch block and write ur open dataset statments in that block..
and handle these exceptions..
DATASET_TOO_MANY_FILES: Maximum number of open files exceeded.
OPEN_DATASET_NO_AUTHORITY: User does not have authorization to access the file.
OPEN_PIPE_NO_AUTHORITY: User does not have authorization to access the file using OPEN DATASET with the FILTER addition.
DATASET_NO_PIPE: OPEN DATASET with the FILTER addition is not supported on the current operating system
<b> DATA : OREF TYPE REF TO CX_ROOT. " To Hold the Exception
try.
open dataset lv_file .....
*-- Handle the exception for
CATCH CX_ROOT INTO OREF.
LV_TEXT = OREF->GET_TEXT( ).
endtry.</b>
LV_TEXT WILL CONTAIN THE EXACT MESSAGE. YOU CAN PRINT THIS MESSAGE....
Thansk
Mahesh
08-28-2007 9:49 PM
Or use AUTHORITY_CHECK_DATASET function module before the open data set
This function module allow you to check the user's authorization to access files (with the key words OPEN DATASET, READ DATASET, TRANSFER and DELETE DATASET). A check should be performed before opening a file.
The authorization check is performed uwing the authorization object S_DATASET.
Description of function parameters:
PROGRAM: Name of the ABAP/4 program that contains the file access. If no program name is specified, the system assumes the current program.
ACTIVITY: Access type. The possible values are:
READ: Read file
WRITE: Change file
READ_WITH_FILTER: Read file with filter function
WRITE_WITH_FILTER: Change file with filter function
DELETE: Delete file
FILENAME: Name of accessed file
Example
Notes
The values to be passed as the ACTIVITY are defined as constants in the TYPE-POOL SABC.
08-28-2007 9:55 PM
Mahesh thanks for ur replies,
actually i did the FM in my code.
But im not able to understand now how to add the object in user profile or role..
can u explain me that?
and also it has write, read values, not create parameter.
If user needs to restrict to creating of file in app server, then how to do it?
KK
08-28-2007 9:59 PM
HI,
if you have written in ur code that is enough.. you dont need to add to the user profile how ever..
a person with the autorization object S_DATASET. will be able to do the changes.
a write permission means he can create also.. when ur program reads a application file then ensure that the user as read permission
if ur program creates a file then ensure the the user has write permissions.
Thanks
Mahesh
08-28-2007 10:10 PM
Hi Kiran,
As far as i know, the access to application server directories is controlled by the system or database administraor.. This is done by the basis team..
In your code call the function module 'PFL_CHECK_DIRECTORY' by passing the file path.. Also, you can pass the write / read check here..
This FM will return you whether the user is authorised for the specific task or not.
Thanks and Best Regards,
Vikas Bittera.
<b><REMOVED BY MODERATOR></b>
Message was edited by:
Alvaro Tejada Galindo
08-29-2007 3:52 AM
In the key word OPEN DATASET , you can use an addition called messages (You hit F1 on open dataset and read about it). This parameter will return you all the errors which occurred during OPEN DATASET.
You can use the same parameter to display the message.
This addition will keep the code really simple.
08-29-2007 6:13 PM
Hi guys,
My problem is not completely solved.
As mahesh said to use the Funciton module, i used it.
Its restricting the user for WRITE permission, but read is not working.
I am using the same FM for both, but read is returing sy-subrc = 0, where its failing.
So READ is not working for me, WRITE is working.
So any clues from you please.
Kindly help, i have tried alot.
KK
03-19-2008 3:38 PM