Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User-Exit, Badi for SP01

Former Member

‎03-02-2016 12:59 PM

0 Kudos

Hi Experts,

I have a requirement in which I need to restrict display access of few spools which have Sensitive data. By restriction I mean that some users would be allowed to view those spool, While remaining will not be able to view the spool.

Do we have any User-Exit, Badi for SP01?


You suggestions would be highly appreciated.

4 REPLIES 4

gabmarian
Active Contributor

‎03-02-2016 2:28 PM

0 Kudos

It sound like an authorization issue. As described here, authorization object S_SPO_ACT having fields called Authorization field for spool actions (SPOACTION)  and Value for the authorization check (SPOAUTH) can be used to control the access to spool requests.


Documentation of object S_SPO_ACT says:

"A user is permitted to perform a spool action if the value stored for this action in the user master matches the value in the authorization field in the spool request. If no value is specified in the authorization field of the spool request, all actions are permitted.

An authorization key can be entered at the time a spool request is created, for example when a user selects Print. If no value is specified, the spool system automatically uses the ID of the user creating the request as an implicit authorization value."

So my suggesstion is to set the property authorization value for the sentive spool requests (e.g. to  'SENSITIVE') and assign an authorization rule to the target users containing object S_SPO_ACT with field SPOAUTH = 'SENSITIVE' with the permitted actions litsted in field SPOACTION.


BR,

Gábor




Former Member

‎03-03-2016 4:34 PM

0 Kudos

Hi Meemank,

Can you please check if FM - EXIT_SAPLSPOR_001 will help you. Please check below URL for documentation.

http://www.se80.co.uk/sapfms/e/exit/exit_saplspor_001.htm

Hope it helps.

Thanks and Regards,

Raja Kiran Kumar.

Former Member

‎03-08-2016 1:24 PM

0 Kudos

Hi Meemank, I highly recommend the suggestion by Gábor Márián  

If at all, you wish to have it done using exits only, you may enhance any of the subroutines MAIN or DISPLAY_SPOOLJOBS of module pool RSPOSP01NR as per the requirement. Also, if you do it, make sure you don't impact SP01 functionality for any other spools.

Thanks

Mohit

raymond_giuseppi
Active Contributor

‎03-08-2016 1:43 PM

0 Kudos

First read  119147 - Spool: Authorizations. Only if you don't find any standard option, look at customer exit EXIT_SAPLSPOR_001 "Customer-Specific Spool Authorization Check" of Enhancement SPOOAUTH.

Hint: you could have found the exit Fm by analyzing (SE80) package SPOO of the transaction (function group starting with X) this package didn't contain many BAdI for a long time.

Regards,

Raymond