06-23-2009 1:43 PM
Dear all,
I generated a table maintenance view for a custom table via SE11 --> Utilities --> Table maintenance generator.
The table for which the maint. view was generated has a field bukrs. When a user enters a company code via table maintenance in SM30, i want to check if he has the right authorizations for that company code. This check, is this something i have to implement in the modification events or are there other alternatives?
Suppose i want a non-key field to be unique, is there a way to automatically check this, or has this to be done via implementation of the same events?
Kind regards,
J
06-24-2009 7:54 PM
You can also Try LOA (Line-oriented Authorizations) on your table.
This i think can be used restrict the user to only the company codes for which he has authorization.
In this way Even the "Display" of the Records will be restricted.
http://help.sap.com/saphelp_47x200/helpdata/en/6d/56cdd3edabc14ebd1bc84dae20dec8/content.htm
Regards,
Abhishek Jolly
06-23-2009 2:12 PM
Hi,
You can do it via the events.
There is one more alternative also.
Create a Z report with the plant as parameter or select-options.
Do an authorisation check on it using the authority object.
Then call the FM of SM30.
The FM of SM30 is 'VIEW_MAINTENANCE_CALL'
See the following code
PARAMETERS: y_p_lgnm TYPE lgnum.
DATA : y_v_string TYPE string.
CONSTANTS: y_k_u TYPE char1 VALUE 'U',
y_k_x TYPE char1 VALUE 'X',
y_k_lgnum TYPE char7 VALUE 'LGNUM',
y_k_lgtyp TYPE char5 VALUE 'LGTYP',
y_k_eq TYPE char2 VALUE 'EQ',
y_k_viewname TYPE tabname VALUE 'YLOMANAGTROL'.
************************************************************************
* INTERNAL TABLE DECLARATION.
************************************************************************
DATA: y_i_seltab TYPE STANDARD TABLE OF vimsellist.
************************************************************************
* WORKAREA DECLARATION.
************************************************************************
DATA: y_wa_seltab TYPE vimsellist.
START-OF-SELECTION.
*authority check for warehouse number
AUTHORITY-CHECK OBJECT 'L_LGNUM'
ID y_k_lgnum FIELD y_p_lgnm
ID y_k_lgtyp FIELD '*'.
IF sy-subrc NE 0.
* user not authorised
CONCATENATE y_p_lgnm text-003 INTO y_v_string SEPARATED BY space.
MESSAGE s015(ylo1) WITH text-001
sy-uname
text-002
y_v_string.
ELSE.
*Clear Internal Table
CLEAR y_i_seltab.
CLEAR y_wa_seltab.
*passing the selection parameters to the function module
*view_maintenance_call.
y_wa_seltab-viewfield = y_k_lgnum.
y_wa_seltab-value = y_p_lgnm.
y_wa_seltab-operator = y_k_eq.
APPEND y_wa_seltab TO y_i_seltab.
CALL FUNCTION 'VIEW_MAINTENANCE_CALL'
EXPORTING
action = y_k_u
view_name = y_k_viewname
show_selection_popup = y_k_x
TABLES
dba_sellist = y_i_seltab.
ENDIF.
In my case i had a table YLOMANAGTROL with field LGNUM.
So i put an authority check on LGNUM.
Regards,
Ankur Parab
04-06-2013 6:37 PM
Hi Ankur,
We made reference to the code you've shared here. We are creating a cusom transaction that will maintain an entries to the table. However, we encountered difficulties:
1. We want to restrict the entries of the table when executing the transaction by sales organization level through the assign role of the username.
(Ex: I have a OTC_XXX_XXX role that contains sales org. ABC, DEF. The entries in the table of the custom transaction should only contain the ABC, DEF sales organization, wherein you can modify and add entries but limited to these sales org.)
2. In relation to number 1, we think to use the comparison of table AGR_USERS and AGR_DEFINE for us to do the requirement number 1.
Please share us your thoughts
Thanks;
emmbhoi
06-23-2009 2:15 PM
Hi,
Double click on the screen number which is assigned in the Table maintenance Generator.
In the PAI of screen you can add the Field <Field name> Module <Module name> and have the auth check.
06-23-2009 3:08 PM
Thx for the responses.
A separate report is not an option, it has to be a solution to use within SM30 functionality.
I dont think the PAI coding is that good as an alternative, because it will be overwritten everytime the maintenance view is regenerated.
Kind regards,
J.
06-23-2009 3:18 PM
Hi,
You can assign a tcode to the separate report and call it instead of SM30.
The only option in table maintainance generator is to modify it.
But incase you regenerate it again the code will be lost.
Regards,
Ankur Parab
06-23-2009 3:34 PM
Hello,
I've looked a bit into this approach, but as far as i can see, this still does not solve my problem. After the call to function module view_maintenance_call, you can still enter all company codes in de bukrs field for new entries in the table...
Kind regards,
J
06-23-2009 3:49 PM
Hi,
Yes but since we are restricting the users at the start only with the error message using the authority check the users can enter only their plants.
Right now you might be able to see all plants because you have authorisation to all plants.
Just try to see with user id of different users having autorisation to different plants.
Regards,
Ankur Parab
Edited by: Ankur Parab on Jun 23, 2009 8:19 PM
06-23-2009 4:30 PM
Hi,
You indeed check the authority for a given plant at the first screen, but suppose you give in 1002 and that's one you have authorization for, then you go to the maintenance view and via the table parameter y_i_seltab you restrict the values to 1002. Still, when you change to edit mode then, you can still enter company 1001 there...
Kind regards,
J.
06-23-2009 4:49 PM
No. SM30 table maintenance would not allow to enter 1001, if you have specified 1002 in the Selection table Y_I_SELTAB.
Check this in SM30.
Open your table in SM30
Select the Check box "Enter Conditions"
Select the Company Code from the list
Enter your company code e.g. 1002
Now on the table maintenance screen, try to create a new entry with the 1001, system would give an error "Specify the key within the work area".
So, no need to worry on other keys other than entered in the Condition.
Regards,
Naimesh Patel
06-24-2009 10:11 AM
Hello,
I just tried it and you are indeed correct. It seems to have that behavior for key fields, not for non-key fields. Is that correct?
Any idea if there's a standard sap way to check uniqueness of non-key fields?
Thx!
J.
06-24-2009 2:19 PM
Non-key fields would not be unique. If they are unique then they would be Key fields. So, I don't think we have any that kind of facility to check uniqueness of Non-Key fields.
Regards,
Naimesh Patel
06-24-2009 6:28 PM
When a user enters a company code via table maintenance in SM30, i want to check if he has the right authorizations for that company code. This check, is this something i have to implement in the modification events or are there other alternatives?
create authorization object with authorization field ACTIVITY, BUKRS and UNAME.
Create role for the newly created authorization object. maintain list of company code and user name for which you would like to give authorizaion.
call authorization object in event 01 or 05.
Suppose i want a non-key field to be unique, is there a way to automatically check this, or has this to be done via implementation of the same events?
we dont have automatic check to check uniqueness of non key field.
do validation in event 05 .
06-24-2009 6:55 PM
>
> Suppose i want a non-key field to be unique, is there a way to automatically check this, or has this to be done via implementation of the same events?
I haven't tried this, but I don't see why it wouldn't work. Create a secondary index on the field that you want to be unique and define it as a unque index.
Of course, this makes the field a key field; I'm not sure if you really care about that though.
Rob
06-24-2009 7:54 PM
You can also Try LOA (Line-oriented Authorizations) on your table.
This i think can be used restrict the user to only the company codes for which he has authorization.
In this way Even the "Display" of the Records will be restricted.
http://help.sap.com/saphelp_47x200/helpdata/en/6d/56cdd3edabc14ebd1bc84dae20dec8/content.htm
Regards,
Abhishek Jolly
06-25-2009 11:41 AM
Hello.
I will look into this approach. At first sight, it can be a possible solution for my problem, but gonna play with it a bit first to see if it has the expected behavior.
Thx alot!
Kind regards.
J.
07-06-2009 1:37 PM
Hello,
If i want to restrict the user on a per line level, do i just need to assign this authorization object to a user's profile, or should it happen through authorization group, which is assigned to the table maintenance dialog?
At the moment, i can only choose authorization groups there with S_TABU_DIS behind it.
Kind regards,
J
07-09-2009 5:17 PM
It will be through the object S_TABU_LIN but you can confirm that with your basis team member.
Regards,
Aj
07-10-2009 8:09 AM
I found this howto. it's a very good description of what needs to be done: