I have a custom report with the following selection screen. It allows the user to input value ranges when executing the report.
I want to carryout an authorization check to the inputs that the user has entered.
For this I use AUTHORITY-CHECK OBJECT with the user and the selection field;
AUTHORITY-CHECK OBJECT 'P_PYEVDOC'
FOR USER sy-uname
ID 'BUKRS' FIELD pnpbukrs-low
.
Where pnpbukrs is the selection field that the user has entered.
How do I do this check properly for all possible combinations that the user might give?
When I provide the direct pnpbukrs field, the Options in the selection field is considered in the auth. check giving errors.
When I user pnpbukrs-low, only a single value is used in the auth. check making a check bypass.
In case the selection table contains generic entries, intervals, excluded entries or excluded intervals, you should first get the list of companies corresponding to the selection table (with WHERE ... IN selectiontable ; IN will deal with all these kinds of filters), then do an authority-check on each of the real companies.
For instance, I assume that the companies are to be taken from the table T001 :
SELECT bukrs FROM t001 WHERE bukrs IN pnpbukrs INTO TABLE #DATA(companies).
LOOP AT companies ASSIGNING FIELD-SYMBOL(<company>).
AUTHORITY-CHECK OBJECT 'P_PYEVDOC'
ID 'BUKRS' FIELD <company>.
IF sy-subrc <> 0.
" this company is not authorized, do something
ENDIF.
ENDLOOP.
PS #1: If the goal is only to select the authorized data from a given table, you may use the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50)
PS #2: for AUTHORITY-CHECK, it's useless to mention FOR USER sy-uname as it's the default setting.
For range with any data
Go for #Sandra Rossi answer
For range filled with LOW component only:
Try looping over the select-options field and make an authority check for each iteration:
LOOP AT pnpbukrs ASSIGNING FIELD-SYMBOL(<line>).
AUTHORITY-CHECK OBJECT 'P_PYEVDOC'
FOR USER sy-uname
ID 'BUKRS'
FIELD <line>-low.
ENDLOOP.
Related
I am trying to achieve flattening a table into an array (or structure). My implementation is in SAP ABAP; however, I believe the question is code agnostic. I am wondering if there is an algorithm I'm not aware of or simple solution for what I'm trying to achieve. I will accept any language or pseudocode as an acceptable answer.
I am selecting from a "User Restrictions" (i.e., lt_restrictions) table stored on a database, e.g.:
This is needed for an SAP BSP MVC web app. When the app loads, I am doing user authorization checks to populate a "User Roles" (i.e., mt_user_roles) local table/array (i.e., attribute on an MVC model class).
The authorization checks involve routine ABAP -- using IF statements to conditionally populate the "User Roles" table, e.g.:
AUTHORITY-CHECK OBJECT 'PROGRAM_MANAGER_AUTH' ID 'xxx' FIELD 'yyy'.
IF ( sy-subrc = 0 ).
APPEND VALUE #( low = 'program_manager' ) TO me->mt_user_roles.
ENDIF.
If the user has both e.g., program manager AND entry user authorizations, this "User Roles" table/array would look like this:
With the two tables above, if the user has program manager and entry user roles, the only restriction is convert; therefore, I need to populate a "Restriction List" (i.e., ms_restrictions) like the following:
Otherwise, if the user has e.g., only the entry user role:
...
...there are 2 restrictions (release AND convert), so I would need to populate a "Restriction List" (i.e., ms_restrictions) like this:
I feel like there is a standard algorithm I could use or perhaps this could be done with SQL in a SELECT statement with my database table WHERE restriction = NULL (e.g., WHERE save = ' ') or using a SELECT ... WHERE x IN clause, perhaps, if the "Restrictions List" was a RANGE table?
I should mention, I already have an undesirable, partial solution which involves looping through the database table and having several IF statements for each restriction condition. "Restriction List" is named ms_restrictions, it is a class attribute ABAP STRUCTURE type (for ABAP newbies, this is basically a 1-D sized array):
LOOP AT lt_restrictions INTO DATA(ls_restriction).
LOOP AT mt_user_roles INTO DATA(ls_user_role).
"Check save restriction
IF (
ls_restriction-role = ls_user_role-role AND
ls_user_role = 'save'
).
ms_restrictions-save = 'x'.
ENDIF.
"Check release restriction
IF (
ls_restriction-role = ls_user_role-role AND
ls_user_role = 'release'
).
ms_restrictions-release = 'x'.
ENDIF.
"Check other restrictions
"......
ENDLOOP.
ENDLOOP.
The problem with the solution above is I have to write an IF statement for each restriction. More so, it doesn't take into account whether there are conflicts between 2 or more role restrictions, e.g., program manager has only 1 restriction while entry user has 2. My logic above could be extended to take this into account with -- well -- even more IF statements :-( .. I'm wondering if there's a different approach I can take?
Also, I should mention. The resulting "Restrictions List", i.e., mt_restrictions, is needed in my view for disabling HTML buttons, e.g.:
<button value = 'Save' disabled = '//model/mt_restrictions-save' />
<button value = 'Release' disabled = '//model/mt_restrictions-release' />
<button value = 'Convert' disabled = '//model/mt_restrictions-convert' />
<button ... />
A solution I came up with involves using ABAP <FIELD-SYMBOL>s data-types and an OpenSQL FOR ALL ENTRIES IN SELECT statement addition.
By using <FIELD-SYMBOL>s, you can avoid any hardcoded attribute and/or structure component names. Now, the restriction rules can grow without having to future modify any code.
By using FOR ALL ENTRIES IN, you can sync your Roles table with your Restrictions table. Adding this clause allows you to SELECT from your transparent Role/Restrictions database table INTO a table, only including the roles applicable from the roles found in the AUTH-CHECK (because mt_user_roles populates a new row for each true AUTH-CHECK).
The method is_standard_user( ) is where the AUTH-CHECKs occur. If it equals ABAP_TRUE, then all restrictions are applied -- assuming the ms_restrictions structure components' values all default to ABAP_TRUE.
Dynamically looping through each structure component of ms_restrictions, you can READ the restrictions table for corresponding value. If value equals SPACE, then this means the current row doesn't have a restriction. So mark the structure component value to SPACE (because it may have been marked ABAP_TRUE in a prior iteration) -- this addresses the "conflicting roles issue".
"perform authorization checks
IF ( NOT me->is_standard_user( ) ).
"see if roles found
IF ( lines( me->mt_user_roles ) > 0 ).
"find pertaining restrictions for roles found in auth checks
SELECT
*
FROM
zmm_apr_roles
FOR ALL ENTRIES IN "select only rows applicable to auth-check
#me->mt_user_roles
WHERE
role = #me->mt_user_roles-role
INTO TABLE
#DATA(lt_restrictions).
"dynamically populate restriction list from multi-role restriction table
DATA: lr_descr_struc TYPE REF TO data.
DATA: lo_structdescr TYPE REF TO cl_abap_structdescr.
CREATE DATA lr_descr_struc LIKE ms_restrictions.
lo_structdescr ?= cl_abap_structdescr=>describe_by_data_ref( p_data_ref = lr_descr_struc ).
LOOP AT lo_structdescr->components ASSIGNING FIELD-SYMBOL(<lv_component>).
ASSIGN COMPONENT <lv_component>-name OF STRUCTURE ms_restrictions TO FIELD-SYMBOL(<lv_field>).
IF ( <lv_field> IS ASSIGNED ).
"non-restricted value overwrites restricted value
READ TABLE lt_restrictions WITH KEY (<lv_component>-name) = space TRANSPORTING NO FIELDS.
IF ( sy-subrc = 0 ).
<lv_field> = space.
ENDIF.
ENDIF.
ENDLOOP.
ENDIF.
ENDIF.
To add a new restriction, all that needs to be done is:
add new roles to zmm_apr_roles and the corresponding data-dictionary components
add new restrictions to corresponding components of ms_restrictions
I'm trying to figure out which BAPI/FM I could use to search amounts confirmed based on search criteria of date (+time if possible) and workcenter confirmed where was confirmed...
I would be using BAPI_PRODORDCONF_GETDETAIL which contains these informations, but according to BAPI guide I can only load in the data of confirmation number+confirmation counter.
Therefore the option would be to run BAPI_PRODORDCONF_GETLIST (but I can only input the production order range or confirmation number range), then filter what includes the workcenter and date I need and from those pick up confirmation number+counter and run it through BAPI_PRODORDCONF_GETDETAIL.
but this procedure of getting list of everything without data being filtered on serverside is extemly timeconsuming and out of SAP Gui I have timeout error... therefore I need any BAPI/FM which I could input the workcenter where was confirmed and date, and have the data filtered already...
Any ideas how to do that?
As far as I know there is no such standard FM, so your only choice is custom development.
I would suggest you MCPK transaction were this info is exposed in a handy form, but as I see that your requirement is to receive this info externally this is not appropriate for you.
The confirmations reside in AFRU table and workcenters are in CRHD, so to find confirmed quantities by workcenter you should join these tables, or use a view u_15673 where this info is linked:
TYPES: BEGIN OF prod_orders,
rueck TYPE afru-rueck, "confirmation number
rmzhl TYPE afru-rmzhl," confirmation counter
gmnga TYPE afru-gmnga, " quantity
arbid TYPE crhd-arbpl, " workcenter
END OF prod_orders.
DATA: orders TYPE TABLE OF prod_orders.
SELECT *
FROM u_15673
INTO CORRESPONDING FIELDS OF TABLE orders
WHERE isdd >= '20180101' AND isdz <= '163000'.
To pull this externally, you must create RFC-enabled FM or use RFC_READ_TABLE and fetch this view with parameters, here is the sample.
Another approach is to use RFC_ABAP_INSTALL_AND_RUN. You must create an ABAP program that uses WRITE for output the results as a standard list to screen.
Send the lines of this program to RFC_ABAP_INSTALL_AND_RUN to PROGRAM parameter and the code will be executed on the remote system and this FM will return screen results as the lines of table WRITES.
Possible sample based on MCPK tcode to send to RFC_ABAP_INSTALL_AND_RUN:
CLEAR lwa_selection.
lwa_selection-selname = 'SL_SPTAG'.
lwa_selection-sign = 'I'.
lwa_selection-option = 'BT'.
lwa_selection-low = '20180101'.
lwa_selection-high = '20201231'.
APPEND lwa_selection TO li_selection.
CLEAR lwa_selection.
lwa_selection-selname = 'SL_ARBPL'.
lwa_selection-sign = 'I'.
lwa_selection-option = 'EQ'.
lwa_selection-low = '10400001'.
APPEND lwa_selection TO li_selection.
SUBMIT rmcf0200 WITH SELECTION-TABLE li_selection
with par_stat = abap_true
EXPORTING LIST TO MEMORY
AND RETURN.
DATA: xlist TYPE TABLE OF abaplist.
DATA: xtext TYPE TABLE OF char200.
CALL FUNCTION 'LIST_FROM_MEMORY'
TABLES
listobject = xlist.
CALL FUNCTION 'LIST_TO_TXT'
EXPORTING
list_index = -1
TABLES
listtxt = xtext
listobject = xlist.
IF sy-subrc = 0.
LOOP AT xtext ASSIGNING FIELD-SYMBOL(<text>).
WRITE <xtext>.
ENDLOOP.
ENDIF.
However, this approach is not flexible because MCPK standard layout is a bit different than you want, and is not easy to adjust programmatically.
Because of that I recommend to stick to the RFC_READ_TABLE approach.
I was trying to challenge myself to make an ALV report that displays all the data by company code. but some document number has a gap.
I want to fill the gap between missing number
For example:
last index value: 20012
then next value is: 20014
How do I able to insert 20013 in the grid if the report is using all the data that exist in internal tables?
Thanks.
This is just blind text typing, but I hope you are able to understand it ... should be quite simple. Dont expect complete code, unless your are not even providing ANY code.
DATA: lv_current type i,
lv_next type i.
SORT lt_internalTable by BUKRS ascending.
LOOP AT lt_internalTable into ls_internalTable.
MOVE sy-tabix to lv_current.
READ TABLE lt_internalTable into ls_tempinternalTable INDEX sy-tabix + 1.
MOVE sy-tabix to lv_next.
IF (lv_next - lv_current) > 1.
... do your stuff
ENDIF.
CLEAR: ls_internalTable, lv_current, lv_next.
ENDLOOP.
I am creating a database in Microsoft Access 2010 where when a user logged in the database, the user will only see records that is related to him or her. I've put a criteria in the record's query specifically in IssuingManager field which is [Forms]![frm_Home]![txtUser] but I always get enter parameter value when I run it. txtUser is an invisible text box in my main form so the records will have a reference on which records to filter. My main goal is to limit the user's data to their own records and hide or block them to others. I am new to access and still learning it. Any help or other ways I can filter the data or limit it to the records that is only related to the current user logged in is a big help.
This is my SQL code:
SELECT AdditionalFields.Status, tbl_NTE.CaseIDNo, tbl_NTE.EmployeeName,
tbl_PAH.DPosition, tbl_NTE.Function, tbl_NTE.IssuingManager,
tbl_NTE.ApprovingManager, tbl_NTE.ObjectOfViolation, tbl_NTE.Offense,
tbl_NTE.ClassPenalty, tbl_NTE.CorrectiveActionPenalty,
tbl_NTE.ObjectOfViolation2, tbl_NTE.Offense2, tbl_NTE.ClassPenalty2,
tbl_NTE.ObjectOfViolation3, tbl_NTE.CorrectiveActionPenalty2,
tbl_NTE.Offense3, tbl_NTE.ClassPenalty3, tbl_NTE.ObjectOfViolation4,
tbl_NTE.CorrectiveActionPenalty3, tbl_NTE.Offense4, tbl_NTE.ClassPenalty4,
tbl_NTE.CorrectiveActionPenalty4, tbl_NTE.DatesWhenActsWasWereCommited,
tbl_NTE.DatesWhenActsWasWereDiscovered, tbl_NTE.NTEDate,
tbl_NTE.NTELastDateModified, tbl_NTE.NTELastTimeModified,
tbl_NTE.NTELastUser, tbl_PAH.PAHDate, tbl_PAH.PAHLastDateModified,
tbl_PAH.PAHLastTimeModified, tbl_PAH.PAHLastUser, tbl_NCA.NCADate,
tbl_NCA.NCALastDateModified, tbl_NCA.NCALastTimeModified,
tbl_NCA.NCALastUser, tbl_NTE.EndorsedNTENoticeToHR,
tbl_NTE.EndorsementOfNTEToIS, tbl_NTE.DateReceivedNTEByTheEmployee,
tbl_NTE.SubmissionOfWEtoIS, tbl_NTE.SubmissionOfWEtoHRER,
tbl_NTE.InitialDecision, tbl_PAH.ScheduleForPAH, tbl_PAH.Recommendation,
tbl_PAH.EndorsementOfDecisionNoticeFromPAHCommitteeChairToHR,
tbl_PAH.EndorsementOfFinalizedPAHRecommendationToIS,
tbl_NCA.EndorsementOfDA2ToHRForReview, tbl_NCA.EndorsementOfReviewedDA2ToIS,
tbl_NCA.EmployeeAcceptanceOfDecision,
AdditionalFields.DescriptionOfPenaltyFinalDecision,
AdditionalFields.ApplicableDatesofEffectivity, AdditionalFields.Remarks,
AdditionalFields.RunningTAT, AdditionalFields.TAT, tbl_NTE.EHRID,
tbl_NTE.IssuingManagerEmailAddress, tbl_NTE.WrittenExplanationDueDate,
tbl_NTE.OffenseNo5, tbl_NTE.Offense5, tbl_NTE.ObjectOfViolation5,
tbl_NTE.ClassPenalty5, tbl_NTE.CorrectiveActionPenalty5, tbl_NTE.OffenseNo6,
tbl_NTE.Offense6, tbl_NTE.ObjectOfViolation6, tbl_NTE.ClassPenalty6,
tbl_NTE.CorrectiveActionPenalty6, tbl_NTE.OffenseNo7, tbl_NTE.Offense7,
tbl_NTE.ObjectOfViolation7, tbl_NTE.ClassPenalty7,
tbl_NTE.CorrectiveActionPenalty7
FROM (tbl_Worker INNER JOIN ((tbl_PAH INNER JOIN tbl_NCA ON tbl_PAH.
[CaseIDNo] = tbl_NCA.[CaseIDNo]) INNER JOIN AdditionalFields ON
tbl_NCA.CaseIDNo = AdditionalFields.CaseIDNo) ON tbl_Worker.WorkerID =
tbl_NCA.NameOfIssuingManager) INNER JOIN tbl_NTE ON (tbl_NTE.CaseIDNo =
tbl_PAH.CaseIDNo) AND (tbl_Worker.WorkerName = tbl_NTE.IssuingManager)
WHERE (((tbl_NTE.IssuingManager)=[Forms]![frm_Home]![txtUser]));
I would recommend to avoid using form's field references in queries at all. If form closed, the query will request parameter, like most likely in your case.
Replace the reference by global function created in standard module. This function can store the name, for instance, in static/global variable or retrieve it from table. Main or login form can set this variable/table record once, then the form can be closed without affecting queries functionality
Add another column and put the username. So when selecting the records, there's a condition where user='username'. They look all the data base on what the username has.
your method is fine & correct; you just have some sort of cockpit implementation error
the criteria in the query should be: Forms!frm_Home.txtUser
you could have a spelling error in your form name or text box name
make the textbox visible and enter a valid entry and run the query manually
what you are getting appears to be a parameter prompt that means it cannot find the object i.e. form named frm_Home
I have a requirement to display the tcode description along with tcode field(column) in the output ALV grid of the report SM20.
The report already contain the tcode field (column) , so just want to add an additional column in the output to show the description of tcode along with the tcode.
TSTCT is the table and TTEXT is the field for tcode description.
How can i achieve this using enhancement .
I have searched and found that in the include rsau_class_auditlist_impl
there is a method i.e METHOD write_list_about_auditlog. In that method the itab is filled by
go_sal_rf->get_result_tab( EXPORTING id_reset = abap_false
CHANGING et_out_ext = mt_outtab_l ).
So as for me I have to implement the enhancement in this method.
Please, guide me how will I do the enhancement, so that it will display one column in the output.
If you need to concatenate the additional data into the table mt_outtab, you can do this via implicit enhancement in rsau_class_auditlist_impl.
My recommendation would be:
Add an additional Column to ts_out_ext in CL_SAL_READ_FILES line 145, this type definition can be enhanced, but you need to check where it's used.
Alternatively, you could replace program id with tcode description when the tcode description isn't empty, and re-purpose the programID field.
You would do this at the end of method WRITE_LIST_ABOUT_AUDITLOG line 167 has an ehnacement spot.