We have created a SAP query and infoset for displaying invoices. We want to restrict the users from viewing data of company code for which they don't have display authorization. For instance if user is authorized only for displaying data for US company code then he should not be able to see the data for company Italy. Also the company code parameter is a select option in SAP query.
So the user can enter '*' also. In that case we want to display the data for all company codes for which user is authorized to. We tried to do change in code in infoset on AT SELECTION SCREEN but its not working as the variables in the program generated for query are not visible in Infosets. Please let us know how can we fix this requirement.
Code the Authority-check in section 6 - END-OF-SELECTION.
AUTHORITY-CHECK OBJECT 'V_KONH_VKO'
ID 'VKORG' FIELD A910-VKORG
ID 'SPART' FIELD '10'
ID 'ACTVT' FIELD '03'.
if sy-subrc <> 0.
MESSAGE 'Insufficient Authorization.Some data is truncated.' TYPE 'I'.
Go to tcode:SQ03 Usergroup, and enter the name of the usergroup or create a new user group.
Choose Assign Users and InfoSets.Enter the names of those users that are to belong to this user group.
Using Settings -> Without Selection, here you have to enter the names of the users manually.
To be able to make changes to queries, the user requires authorization for the authorization object S_QUERY with the value Change.
Using the pushbuttons:
Change Authorization, Select All, give authorization for all users of a user group.
Change Authorization, Delete All, revoke authorization for all users of a user group.
By clicking on the checkbox before the name of a user to set or delete the indicator, you can give or revoke change authorization for individual users.
Also, assign Infoset and Save.
Thanks alot for your valuable inputs.
I have made following modifications in the infosets.
*---Authorization for Company code entered by the users. *---This code will restrict users to see data for company *---codes which they are not authorized to. *---Select all the company codes based upon selection entered by the *---user SELECT bukrs FROM t001 INTO TABLE li_bukrs WHERE bukrs IN bukrs. IF sy-subrc EQ 0. *---Clear Screen variable for Company code CLEAR bukrs. REFRESH bukrs. *---Filter and prepare Select options for Company code table to be *---passed to query. Table will only have values of company codes he is *---authorized to for display. LOOP AT li_bukrs INTO lwa_bukrs. AUTHORITY-CHECK OBJECT 'F_BKPF_BUK' ID 'BUKRS' FIELD lwa_bukrs ID 'ACTVT' FIELD '03'. IF sy-subrc = 0. bukrs-sign = 'I'. bukrs-option = 'EQ'. bukrs-low = lwa_bukrs. bukrs-high = space. APPEND bukrs. ELSE. lv_flag = 'X'. ENDIF. ENDLOOP. *---Give warning message to the user in case he is not authorized to see *---data for all the company codes that he has entered. IF lv_flag = 'X'. MESSAGE ID 'ZF_MSS_FNG' TYPE 'W' NUMBER '015'. ENDIF. ENDIF.
I'm sorry to bring that old post but I'm in the same situation.
How and where to add your code in the SAP Query ?
When checking the source code, there is an error after the first select so the query couldn't be generated.
"The IN operator with "BUKRS" is followed neither by an internal table nor by a value list."
I managed to add this code directly into the program by replacing "bukrs" by the select-options object refering to company code (ex: SP$00003), but I'd prefer to maintain all this authorization check inside the SAP Query.
Is there any ABAP developer out there who can't help me achieving this authorization check through SAP Query.
How are you..!!
I have a similar requirement regarding Authority checks for selection screen inputs in a SAP Query,
Could you please share the resolution for this issue..!!
Edited by: SHIVAJI GANNAVARAPU on Jul 11, 2009 10:27 PM