如何设计和使用自定义的权限对象(自定义权限检查函数)
在sap扩展中用户往往都需要使用自己的权限对象,为了达到次目的,请按下列步骤建立和维护权限对象
1、Create an Anthorization Field(SU20)创建权限对象字段(存储在AUTHX表中)
2、Create an Authorization Object(SU21) 创建权限对象
创建权限对象类别(存储在TOBCT表中)
点击对象类别创建权限对象(存储在TOBJ表中),生成SAP_ALL
3、Assign an Authorization Object to an Object Class(SU02或PFCG)
4、权限赋值关系图
user master record
/ ............................../
auth. profile Composite auth. profile
/................./ / /
/ / / /
Authorization Auth. Profile
/ /................./
5、Call "Authorith-Check" in Program to Check Authorization.
这是我编写针对具体权限对象替代Authorith-Check的函数
form zcustcheckauth using value(z_vkbur) like vbak-vkbur
z_return type i.
data: wa_ust12 like ust12.
data: bgetsubfile(1) type c.
data: begin of db_file occurs 10,
profile like ust04-profile,
typ like usr10-typ,
end of db_file.
data: begin of mid_db_file occurs 10,
profile like ust04-profile,
typ like usr10-typ,
end of mid_db_file.
data: begin of db_file_end occurs 10,
profile like ust04-profile,
end of db_file_end.
data: begin of db_auth occurs 10,
objct like ust10s-objct,
auth like ust10s-auth,
end of db_auth.
z_return = 4.
select ust04~profile usr10~typ
into corresponding fields of table db_file
from ust04
inner join usr10 on usr10~profn = ust04~profile
and usr10~aktps = 'A'
where ust04~bname = sy-uname.
refresh mid_db_file.
clear mid_db_file.
loop at db_file.
if db_file-typ <> 'C'.
db_file_end-profile = db_file-profile.
append db_file_end to db_file_end.
else.
bgetsubfile = 'X'.
append db_file to mid_db_file.
endif.
endloop.
refresh db_file.
clear db_file.
while bgetsubfile = 'X'.
bgetsubfile = space.
select ust10c~subprof as profile usr10~typ
into corresponding fields of table db_file
from ust10c
inner join usr10 on usr10~profn = ust10c~subprof
and usr10~aktps = 'A'
for all entries in mid_db_file
where ust10c~profn = mid_db_file-profile.
refresh mid_db_file.
clear mid_db_file.
loop at db_file.
if db_file-typ <> 'C'.
db_file_end-profile = db_file-profile.
append db_file_end to db_file_end.
else.
bgetsubfile = 'X'.
append db_file to mid_db_file.
endif.
endloop.
refresh db_file.
clear db_file.
endwhile.
select objct auth into corresponding fields of table db_auth
from ust10s
for all entries in db_file_end
where ust10s~aktps = 'A' and ust10s~profn = db_file_end-profile.
select von bis into corresponding fields of wa_ust12
from ust12
for all entries in db_auth
where ust12~aktps = 'A' and ust12~field = 'VKBUR'
and ust12~objct = db_auth-objct
and ust12~auth = db_auth-auth.
if ( wa_ust12-bis ne space ).
if ( z_vkbur ge wa_ust12-von ).
if ( z_vkbur le wa_ust12-bis ).
z_return = 0.
exit.
endif.
endif.
elseif ( z_vkbur = wa_ust12-von ).
z_return = 0.
exit.
elseif ( '*' = wa_ust12-von ).
z_return = 0.
exit.
endif.
endselect.
endform.
调用的方法
*&---------------------------------------------------------------------*
*& Form USEREXIT_CHECK_VBAK
*&---------------------------------------------------------------------*
* *
* This Userexit can be used to add additional logic for *
* checking the header for completeness and consistency. *
* *
* US_DIALOG - Indicator, that can be used to suppress *
* dialogs in certain routines, e.g. in a *
* copy routine. *
* *
* This form is called from form VBAK_PRUEFEN. *
* *
*---------------------------------------------------------------------*
form userexit_check_vbak using us_dialog.
*{ INSERT DEVK901354 1
data: z_s_vkbur like knvv-vkbur.
data: z_auth_check type i value 4.
if sy-tcode = 'VA01' or
sy-tcode = 'VA02'.
authority-check object 'V_VBKA_VKO'
id 'VKORG' dummy
id 'VTWEG' dummy
id 'SPART' dummy
id 'VKBUR' field vbak-vkbur
id 'VKGRP' dummy
id 'KTAAR' dummy
id 'ACTVT' dummy.
if sy-subrc ne 0.
message e900(zdev).
endif."不能创建非主管商家订单
if sy-tcode eq 'VA01'.
select single vkbur into z_s_vkbur
from knvv
where knvv~kunnr = vbak-kunnr
and knvv~vkorg = vbak-vkorg
and knvv~vtweg = vbak-vtweg
and knvv~spart = vbak-spart
and knvv~vkbur = vbak-vkbur.
if sy-subrc ne 0.
message e001(zdev).
endif.
endif.
else.
perform zcustcheckauth using vbak-vkbur z_auth_check.
if z_auth_check ne 0. "如果没有权限,取当前商家主管销售组
select single vkbur into z_s_vkbur
from knvv
where knvv~kunnr = vbak-kunnr.
if sy-subrc ne 0.
message e001(zdev).
endif. "检查当前商家主管销售组是否在用户权限内
z_auth_check = 4.
perform zcustcheckauth using z_s_vkbur z_auth_check.
if z_auth_check ne 0.
message e900(zdev).
endif.
endif.
endif.
*} INSERT
endform.