Google Search - Blog...........

ABAP - Concept Of Authorization For Users.

Summary
Whenever you create a report a program you want your program to be unavailable to access for unauthorized users or with very limited access. This could be done easily through authorization objects. You can easily find help through internet, but I am trying to provide step by step process for better picture

Table of Contents
Applies to:1
Summary.1
Author Bio.1
Concept3
Perquisite.3
Step-By-Step process.3
Creation of authorization Object4
ROLE Authorization:8
Programming authorization checks in your code.9
1. Setting PF-status.9
2. Setting authorization through programming.9
Related Content11
Disclaimer and Liability Notice.12
Concept
Suppose you want a program in which only authorized user can edit data. You have an edit pushbutton in the toolbar which should only execute if the user is authorized.
Perquisite
You have a screen named 100 in your report. It has two modules PBO_100 and PAI_100. Include a PF-STATUS 100 with an EDIT pushbutton with an icon function code 'EDIT'. Save and Activate the PF-STATUS.
Step-By-Step process
Creation of authorization Object
In authorization objects, authorization fields represent the values to be tested during authorization checks.
To create authorization fields, choose
Tools - ABAP Workbench - Development - Other tools - Authorization objects - Objects.
OR
Transaction Code SU21
Each object must be contained in an object class. The system displays a list of existing object classes. Object classes are organized according to the components of the system.
You can also define your own object classes. If you do so, select class names that begin with Y or Z according SAP naming convections.
Here we create a new class ZOBJ!zsn1.JPGthumbnail,align=center!

Save as a Local Object.
Now you can see an empty class included in the list!zsn2.JPGalign=center!

In the context menu of newly created object select Create Authorization Object!zsn3.JPGalign=center!

Enter name of the object as 'ZAUTH'.
In authorization field select F4 and include ACTVT by double click on the respective row.



On pressing ENTER a new setting option can be viewed 'FURTHER AUTHORIZATION OBJECt SETTING'
Press pushbutton PERMITTED ACTIVITIES. It will ask you to save. Save it. A new pop screen will follow.



Select Continue.
Since we want only authenticate user to get the functionality to edit so we select CHANGE functionality and save.



Close the CREATE AUTHORIZATION OBJECT menu.
Once again you can view the newly created object in su21 in your newly created class with permitted activities.
ROLE Authorization:
Ask you basis guy to add this new object to a role ,this role should be allocated to only authenticated users say 'user001'.
Programming authorization checks in your code
1. Setting PF-status
Add edit and exit commands. I have done EDIT in the screen shot.



2. Setting authorization through programming
AUTHORITY-CHECK OBJECT 'ZAUTH'
ID 'ACTVT' FIELD '02'.
By adding this statement our purpose will be solved to carry a check for current user who is running the program from his/her login. Suppose if we want for some specific user you can add addition FOR USER user .i.e.
AUTHORITY-CHECK OBJECT 'ZAUTH' FOR USER 'US0001'
ID 'ACTVT' FIELD '02'.
ACTVT is the name of the field contained in the object.
02 is the code for option CHANGE we selected at the time of object creation.
AUTHORITY-CHECK OBJECT 'ZAUTH'
ID 'ACTVT' FIELD '02'.
The above code will check the Object 'ZAUTH' if available for options selected (CHANGE) in the field (ACTVT) for current user and hence set SY-SUBRC.
Here I have added to set visible a button if current user in authenticated, you can add any code which you want to be executed if a user is authenticated one.
*
I have added the code in PBO module of the screen 100
//This is a code sample block
REPORT ZAUTH_TEST.
Data fcode type sy-ucomm.
Data ok_code type sy-ucomm.
CALL SCREEN 100.
MODULE PBO_100 OUTPUT.
CLEAR fcode.
REFRESH fcode.
AUTHORITY-CHECK OBJECT 'ZAUTH'
ID 'ACTVT' FIELD '02'.
IF sy-subrc <> 0.
APPEND 'EDIT' TO fcode.
ENDIF.
SET PF-STATUS '1001' EXCLUDING fcode.
ENDMODULE.
MODULE pai_1001 INPUT.
CASE ok_code.
WHEN 'EXIT'.
leave program.
ENDCASE.
Clear ok_code.
ENDMODULE. "pai_1001 INPUT

No comments:

Post a Comment