Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Table maintenance -> autorization check on field level

Former Member
0 Kudos

Dear all,

I generated a table maintenance view for a custom table via SE11 --> Utilities --> Table maintenance generator.

The table for which the maint. view was generated has a field bukrs. When a user enters a company code via table maintenance in SM30, i want to check if he has the right authorizations for that company code. This check, is this something i have to implement in the modification events or are there other alternatives?

Suppose i want a non-key field to be unique, is there a way to automatically check this, or has this to be done via implementation of the same events?

Kind regards,

J

1 ACCEPTED SOLUTION

former_member195698
Active Contributor
0 Kudos

You can also Try LOA (Line-oriented Authorizations) on your table.

This i think can be used restrict the user to only the company codes for which he has authorization.

In this way Even the "Display" of the Records will be restricted.

http://help.sap.com/saphelp_47x200/helpdata/en/6d/56cdd3edabc14ebd1bc84dae20dec8/content.htm

Regards,

Abhishek Jolly

18 REPLIES 18

former_member555112
Active Contributor
0 Kudos

Hi,

You can do it via the events.

There is one more alternative also.

Create a Z report with the plant as parameter or select-options.

Do an authorisation check on it using the authority object.

Then call the FM of SM30.

The FM of SM30 is 'VIEW_MAINTENANCE_CALL'

See the following code

PARAMETERS: y_p_lgnm TYPE lgnum.

DATA : y_v_string   TYPE string.

CONSTANTS: y_k_u        TYPE char1   VALUE 'U',
           y_k_x        TYPE char1   VALUE 'X',
           y_k_lgnum    TYPE char7   VALUE 'LGNUM',
           y_k_lgtyp    TYPE char5   VALUE 'LGTYP',
           y_k_eq       TYPE char2   VALUE 'EQ',
           y_k_viewname TYPE tabname VALUE 'YLOMANAGTROL'.

************************************************************************
*                   INTERNAL TABLE DECLARATION.
************************************************************************

DATA: y_i_seltab TYPE STANDARD TABLE OF vimsellist.

************************************************************************
*                   WORKAREA DECLARATION.
************************************************************************
DATA: y_wa_seltab TYPE vimsellist.

START-OF-SELECTION.

*authority check for warehouse number

  AUTHORITY-CHECK OBJECT 'L_LGNUM'
              ID y_k_lgnum FIELD y_p_lgnm
              ID y_k_lgtyp FIELD '*'.


  IF sy-subrc NE 0.
* user not authorised
    CONCATENATE y_p_lgnm text-003 INTO y_v_string SEPARATED BY space.
    MESSAGE s015(ylo1) WITH text-001
                            sy-uname
                            text-002
                            y_v_string.
  ELSE.


*Clear Internal Table
    CLEAR y_i_seltab.
    CLEAR y_wa_seltab.

*passing the selection parameters to the function module
*view_maintenance_call.

    y_wa_seltab-viewfield = y_k_lgnum.
    y_wa_seltab-value     = y_p_lgnm.
    y_wa_seltab-operator  = y_k_eq.

    APPEND y_wa_seltab TO y_i_seltab.

    CALL FUNCTION 'VIEW_MAINTENANCE_CALL'
      EXPORTING
        action               = y_k_u
        view_name            = y_k_viewname
        show_selection_popup = y_k_x
      TABLES
        dba_sellist          = y_i_seltab.
  ENDIF.

In my case i had a table YLOMANAGTROL with field LGNUM.

So i put an authority check on LGNUM.

Regards,

Ankur Parab

0 Kudos

Hi Ankur,

We made reference to the code you've shared here. We are creating a cusom transaction that will maintain an entries to the table. However, we encountered difficulties:

1. We want to restrict the entries of the table when executing the transaction by sales organization level through the assign role of the username.

     (Ex: I have a OTC_XXX_XXX role that contains sales org. ABC, DEF. The entries in the table of the custom transaction should only contain the ABC, DEF sales organization, wherein you can modify and add entries but limited to these sales org.)

2. In relation to number 1, we think to use the comparison of table AGR_USERS and AGR_DEFINE for us to do the requirement number 1.

Please share us your thoughts

Thanks;

emmbhoi

Former Member
0 Kudos

Hi,

Double click on the screen number which is assigned in the Table maintenance Generator.

In the PAI of screen you can add the Field <Field name> Module <Module name> and have the auth check.

0 Kudos

Thx for the responses.

A separate report is not an option, it has to be a solution to use within SM30 functionality.

I dont think the PAI coding is that good as an alternative, because it will be overwritten everytime the maintenance view is regenerated.

Kind regards,

J.

0 Kudos

Hi,

You can assign a tcode to the separate report and call it instead of SM30.

The only option in table maintainance generator is to modify it.

But incase you regenerate it again the code will be lost.

Regards,

Ankur Parab

0 Kudos

Hello,

I've looked a bit into this approach, but as far as i can see, this still does not solve my problem. After the call to function module view_maintenance_call, you can still enter all company codes in de bukrs field for new entries in the table...

Kind regards,

J

0 Kudos

Hi,

Yes but since we are restricting the users at the start only with the error message using the authority check the users can enter only their plants.

Right now you might be able to see all plants because you have authorisation to all plants.

Just try to see with user id of different users having autorisation to different plants.

Regards,

Ankur Parab

Edited by: Ankur Parab on Jun 23, 2009 8:19 PM

0 Kudos

Hi,

You indeed check the authority for a given plant at the first screen, but suppose you give in 1002 and that's one you have authorization for, then you go to the maintenance view and via the table parameter y_i_seltab you restrict the values to 1002. Still, when you change to edit mode then, you can still enter company 1001 there...

Kind regards,

J.

0 Kudos

No. SM30 table maintenance would not allow to enter 1001, if you have specified 1002 in the Selection table Y_I_SELTAB.

Check this in SM30.

Open your table in SM30

Select the Check box "Enter Conditions"

Select the Company Code from the list

Enter your company code e.g. 1002

Now on the table maintenance screen, try to create a new entry with the 1001, system would give an error "Specify the key within the work area".

So, no need to worry on other keys other than entered in the Condition.

Regards,

Naimesh Patel

0 Kudos

Hello,

I just tried it and you are indeed correct. It seems to have that behavior for key fields, not for non-key fields. Is that correct?

Any idea if there's a standard sap way to check uniqueness of non-key fields?

Thx!

J.

0 Kudos

Non-key fields would not be unique. If they are unique then they would be Key fields. So, I don't think we have any that kind of facility to check uniqueness of Non-Key fields.

Regards,

Naimesh Patel

Peranandam
Contributor
0 Kudos

When a user enters a company code via table maintenance in SM30, i want to check if he has the right authorizations for that company code. This check, is this something i have to implement in the modification events or are there other alternatives?

create authorization object with authorization field ACTIVITY, BUKRS and UNAME.

Create role for the newly created authorization object. maintain list of company code and user name for which you would like to give authorizaion.

call authorization object in event 01 or 05.

Suppose i want a non-key field to be unique, is there a way to automatically check this, or has this to be done via implementation of the same events?

we dont have automatic check to check uniqueness of non key field.

do validation in event 05 .

Former Member
0 Kudos

>

> Suppose i want a non-key field to be unique, is there a way to automatically check this, or has this to be done via implementation of the same events?

I haven't tried this, but I don't see why it wouldn't work. Create a secondary index on the field that you want to be unique and define it as a unque index.

Of course, this makes the field a key field; I'm not sure if you really care about that though.

Rob

former_member195698
Active Contributor
0 Kudos

You can also Try LOA (Line-oriented Authorizations) on your table.

This i think can be used restrict the user to only the company codes for which he has authorization.

In this way Even the "Display" of the Records will be restricted.

http://help.sap.com/saphelp_47x200/helpdata/en/6d/56cdd3edabc14ebd1bc84dae20dec8/content.htm

Regards,

Abhishek Jolly

0 Kudos

Hello.

I will look into this approach. At first sight, it can be a possible solution for my problem, but gonna play with it a bit first to see if it has the expected behavior.

Thx alot!

Kind regards.

J.

0 Kudos

Hello,

If i want to restrict the user on a per line level, do i just need to assign this authorization object to a user's profile, or should it happen through authorization group, which is assigned to the table maintenance dialog?

At the moment, i can only choose authorization groups there with S_TABU_DIS behind it.

Kind regards,

J

0 Kudos

It will be through the object S_TABU_LIN but you can confirm that with your basis team member.

Regards,

Aj

0 Kudos

I found this howto. it's a very good description of what needs to be done:

http://www.mhn-consulting.com/Howto%20S_TABU_LIN.pdf