02-03-2009 3:03 PM
Hello Gurus,
I am working on security side of a custom selection report. I have created a a authorization object in SU21 so that any user who does not have authorization will not be able to execute the report by using sy-subrc for authorization-check.
There is one more kind of authorization that is required. There is a dropdown selection field called 'Department' on selection screen which has around thre values. The requirement is security check on that selection field itself, so that when use does a dropdown, he would only see the department for which he/she is authorized.
Can someone tell how do I achieve this ? I know that we can specify the values in authorization object for which user can select data but do we have to do any coding for this in ABAP ?
Regards,
Rajesh.
02-03-2009 3:12 PM
Hi Drop down is created using FM : 'VRM_SET_VALUES' where ID and values hold the content... check the authorization check and send data to the Structures only if the authority check is passed..
AT SELECTION-SCREEN.
AUTHORITY-CHECK OBJECT 'S_CARRID'
ID 'CARRID' FIELD carr
ID 'ACTVT' FIELD '03'.
IF sy-subrc NE 0.
vrkme_lstbox_values-key = 'C'.
vrkme_lstbox_values-text = 'Display All'(015).
APPEND vrkme_lstbox_values TO vrkme_lstbox.
ENDIF.
CALL FUNCTION 'VRM_SET_VALUES'
EXPORTING
id = vrkme_lstbox_name
values = vrkme_lstbox
EXCEPTIONS
id_illegal_name = 1
OTHERS = 2.
02-03-2009 3:12 PM
Hi Drop down is created using FM : 'VRM_SET_VALUES' where ID and values hold the content... check the authorization check and send data to the Structures only if the authority check is passed..
AT SELECTION-SCREEN.
AUTHORITY-CHECK OBJECT 'S_CARRID'
ID 'CARRID' FIELD carr
ID 'ACTVT' FIELD '03'.
IF sy-subrc NE 0.
vrkme_lstbox_values-key = 'C'.
vrkme_lstbox_values-text = 'Display All'(015).
APPEND vrkme_lstbox_values TO vrkme_lstbox.
ENDIF.
CALL FUNCTION 'VRM_SET_VALUES'
EXPORTING
id = vrkme_lstbox_name
values = vrkme_lstbox
EXCEPTIONS
id_illegal_name = 1
OTHERS = 2.
02-03-2009 3:19 PM
hi,
You need to create authrization Object for department also as like we create for plant,company code..etc.
LOOP AT tbl_plant.
* Calling the subroutine to check each plant code.
PERFORM plant_code_check USING tbl_plant-werks
v_value
v_errmess
v_subrc.
* Get out and stop checking on the first failure.
IF sy-subrc NE 0.
IF v_errmess EQ space.
v_werks = tbl_plant-werks.
ENDIF.
EXIT.
ENDIF.
ENDLOOP.
*********************************************************************************************
FORM plant_code_check USING v_werks v_value v_errmess v_subrc.
* Authorization check here..
AUTHORITY-CHECK OBJECT 'ZPLANT'
ID 'ACTVT' FIELD v_value
ID 'WERKS' FIELD v_werks.
* Checking for Return code from the authority check.
IF sy-subrc NE 0.
* If error message printing option is turned on, write error message.
IF v_errmess NE space.
* Not authorized for this company code message.
MESSAGE e000(zm1) WITH text-010 v_werks.
ELSE.
v_subrc = sy-subrc. "Not authorized
ENDIF.
ENDIF.
ENDFORM.
Thanks
Parvathi