SAP Authorization Objects权限对象
Authorization Objects权限对象
业务场景:在自开发程序中,可以设置用户权限查询条件,例如满足:工厂代码+采购组,用户才能取得对应的采购订单信息、价格等。
即用于自开发代码:权限检查 ,检查当前账户的权限对象(命名以Z开头)Z*中是否具备查询条件中输入的权限。
步骤:
Step1. T-code: SU20 – Fields
Step2. T-code: SU21 – Objects
Step3. T-code: SU03 – Edit Authorizations
Step4. T-code: SU02 – Edit Profile
业务模拟:
现有自开发采购订单报表程序: Z_MM_PO,SE93为该程序分配事务码Z_PO,代码、输入界面参数及显示报表如下:
*&---------------------------------------------------------------------*
*& Report Z_MM_PO
*&
*&---------------------------------------------------------------------*
*&
*&
*&---------------------------------------------------------------------*
REPORT z_mm_po.
TABLES:ekko,ekpo,eket,makt.
TYPE-POOLS: slis. "类似.net引入命名空间
*-----------------------------------------------------------------------*
* Define types
*-----------------------------------------------------------------------*
TYPES: BEGIN OF typ_list,
bukrs TYPE ekko-bukrs,
ekorg TYPE ekko-ekorg,
ekgrp TYPE ekko-ekgrp,
ebeln TYPE ekko-ebeln,
ebelp TYPE ekpo-ebelp,
matnr TYPE makt-matnr,
maktx TYPE makt-maktx,
menge TYPE ekpo-menge,
meins TYPE ekpo-meins,
netpr TYPE ekpo-netpr,
waers TYPE ekko-waers,
eindt TYPE eket-eindt,
werks LIKE ekpo-werks,
END OF typ_list.
*-----------------------------------------------------------------------*
* Define data
*-----------------------------------------------------------------------*
DATA: gtd_data TYPE STANDARD TABLE OF typ_list,
gth_data TYPE typ_list.
DATA: gtd_title TYPE slis_t_listheader,
gth_title TYPE slis_listheader.
DATA: gtd_fieldcat TYPE slis_t_fieldcat_alv,
gth_fieldcat TYPE slis_fieldcat_alv.
DATA: gth_layout TYPE slis_layout_alv.
DATA: gd_spras TYPE spras.
DATA p_datum TYPE d.
*--------------------------------------------------------------------------*
* selection-screen
*--------------------------------------------------------------------------*
SELECTION-SCREEN BEGIN OF BLOCK b1 WITH FRAME TITLE text-001.
PARAMETERS: p_ekgrp LIKE ekko-ekgrp,
p_werks LIKE ekpo-werks.
SELECT-OPTIONS:
s_ebeln FOR ekko-ebeln,
s_matnr FOR ekpo-matnr ,
s_aedat FOR ekko-aedat OBLIGATORY.
SELECTION-SCREEN END OF BLOCK b1.
INITIALIZATION.
p_datum = sy-datum.
p_datum+6(2) = '01'.
p_datum = p_datum .
s_aedat-low = p_datum.
s_aedat-high = sy-datum .
APPEND s_aedat.
*----------------------------------------------------------------------*
* START-OF-SELECTION
*----------------------------------------------------------------------*
START-OF-SELECTION.
IF sy-uname <> 'ZDDIC'.
AUTHORITY-CHECK OBJECT 'Z_MM_PUR'
ID 'Z_WERKS' FIELD p_werks
ID 'Z_GRP ' FIELD p_ekgrp.
"通过authority-check object 来进行权限检查,ID是字段名,field是要检查的
IF sy-subrc <> 0.
MESSAGE s001(00) WITH '您没有权限查看此数据' DISPLAY LIKE 'E'.
EXIT.
ENDIF.
ENDIF.
PERFORM sub_get_data.
PERFORM sub_display.
PERFORM sub_clear.
*&---------------------------------------------------------------------*
*& Form SUB_GET_DATA
*&---------------------------------------------------------------------*
* text
*----------------------------------------------------------------------*
FORM sub_get_data .
*------SELECT HEADER DATA
SELECT
ekko~bukrs
ekko~ekorg
ekko~ekgrp
ekko~ebeln
ekpo~ebelp
makt~matnr
makt~maktx
ekpo~menge
ekpo~meins
ekpo~netpr
ekko~waers
eket~eindt
ekpo~werks
INTO CORRESPONDING FIELDS OF TABLE gtd_data
FROM ekko
INNER JOIN ekpo ON ekko~ebeln = ekpo~ebeln
LEFT JOIN eket ON ekpo~ebeln = eket~ebeln
AND ekpo~ebelp = eket~ebelp
LEFT JOIN makt ON ekpo~matnr = makt~matnr
WHERE ekko~aedat IN s_aedat
AND ekko~ekgrp EQ p_ekgrp
AND ekko~ebeln IN s_ebeln
AND ekpo~matnr IN s_matnr
AND ekpo~werks EQ p_werks.
ENDFORM. "SUB_GET_DATA
*&---------------------------------------------------------------------*
*& Form SUB_TITLE
*&---------------------------------------------------------------------*
* text
*----------------------------------------------------------------------*
FORM sub_title.
REFRESH gtd_title.
CLEAR gth_title.
PERFORM sub_set_title USING 'H' '' '采购订单报表'.
PERFORM sub_set_title USING 'S' '日期 :' sy-datum.
PERFORM sub_set_title USING 'S' '作者 :' sy-uname.
ENDFORM. "SET_TITLE
*&---------------------------------------------------------------------*
*& Form sub_field
*&---------------------------------------------------------------------*
* text
*----------------------------------------------------------------------*
* --> p1 text
* <-- p2 text
*----------------------------------------------------------------------*
FORM sub_field .
* PERFORM SUB_SET_FIELD USING 1 'CHECK_BOX' 'GTD_DATA' '' '1'
* '选取' 'X' 'X' '' .
PERFORM sub_set_field USING 1 'BUKRS' 'GTD_DATA' '' '10'
'公司代码' '' '' 'X' .
PERFORM sub_set_field USING 2 'EKORG' 'GTD_DATA' '' '4'
'采购组织' '' '' 'X' .
PERFORM sub_set_field USING 3 'EKGRP' 'GTD_DATA' '' '3'
'采购组' '' '' '' .
PERFORM sub_set_field USING 4 'EBELN' 'GTD_DATA' '' '4'
'采购凭证号' '' '' '' .
PERFORM sub_set_field USING 5 'EBELP' 'GTD_DATA' '' '3'
'项目编号' '' '' '' .
PERFORM sub_set_field USING 6 'MATNR' 'GTD_DATA' '' '10'
'物料号' '' '' '' .
PERFORM sub_set_field USING 7 'MAKTX' 'GTD_DATA' '' '5'
'物料描述' '' '' 'X' .
PERFORM sub_set_field USING 8 'MENGE' 'GTD_DATA' '' '18'
'数量' '' '' 'X' .
PERFORM sub_set_field USING 9 'MEINS' 'GTD_DATA' '' '40'
'单位' '' '' '' .
PERFORM sub_set_field USING 10 'NETPR' 'GTD_DATA' '' '9'
'价格' '' '' '' .
PERFORM sub_set_field USING 11 'WAERS' 'GTD_DATA' '' '4'
'货币' '' '' '' .
PERFORM sub_set_field USING 12 'EINDT' 'GTD_DATA' '' '17'
'交货日期' '' '' '' .
PERFORM sub_set_field USING 13 'WERKS' 'GTD_DATA' '' '4'
'工厂' '' '' '' .
ENDFORM. " sub_field
*&---------------------------------------------------------------------*
*& Form sub_set_layout
*&---------------------------------------------------------------------*
* 设置ALV列表显示的布局
*&---------------------------------------------------------------------*
FORM sub_set_layout.
CLEAR gth_layout.
gth_layout-colwidth_optimize = 'X'. "设置为最适合的布局
gth_layout-zebra = 'X'.
ENDFORM. " sub_set_layout
*&---------------------------------------------------------------------*
*& Form set_pf_status
*&---------------------------------------------------------------------*
* AVL STATUS
*&---------------------------------------------------------------------*
FORM set_pf_status USING rt_extab TYPE slis_t_extab.
SET TITLEBAR 'PO2'. "设置报表标题
SET PF-STATUS 'ZSTATUS2' . "设置工具栏等
ENDFORM. "set_pf_status
*&---------------------------------------------------------------------*
*& Form sub_display
*&---------------------------------------------------------------------*
* text
*----------------------------------------------------------------------*
FORM sub_display .
PERFORM sub_title.
PERFORM sub_field.
PERFORM sub_set_layout.
CALL FUNCTION 'REUSE_ALV_GRID_DISPLAY'
EXPORTING
i_callback_program = sy-cprog
i_callback_top_of_page = 'ALV_TOP_OF_PAGE'
* I_CALLBACK_PF_STATUS_SET = 'SET_PF_STATUS'
* I_CALLBACK_USER_COMMAND = 'USER_COMMAND_ALV'
it_fieldcat = gtd_fieldcat
is_layout = gth_layout
TABLES
t_outtab = gtd_data "内表
EXCEPTIONS
program_error = 1
OTHERS = 2.
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDFORM. "SUB_DISPLAY
*&---------------------------------------------------------------------*
*& Form alv_top_of_page
*&---------------------------------------------------------------------*
* ALV列表抬头的设定
*&---------------------------------------------------------------------*
FORM alv_top_of_page.
CALL FUNCTION 'REUSE_ALV_COMMENTARY_WRITE'
EXPORTING
it_list_commentary = gtd_title.
ENDFORM. "alv_top_of_page
*&---------------------------------------------------------------------*
*& Form user_command_alv
*&---------------------------------------------------------------------*
* ALV 用户事件
*&---------------------------------------------------------------------*
*&---------------------------------------------------------------------*
*& Form sub_clear
*&---------------------------------------------------------------------*
* text
*----------------------------------------------------------------------*
FORM sub_clear .
FREE: gtd_data,
gth_data.
ENDFORM. " sub_clear
*&---------------------------------------------------------------------*
*& Form sub_set_title
*&---------------------------------------------------------------------*
* ALV列表抬头信息的属性设置
*&---------------------------------------------------------------------*
* --> i_typ "输出的类型
* --> i_key "文本
* --> i_info "数值
*&---------------------------------------------------------------------*
FORM sub_set_title USING i_typ TYPE any
i_key TYPE any
i_info TYPE any.
CLEAR gth_title.
gth_title-typ = i_typ. "输出的类型
gth_title-key = i_key. "文本
gth_title-info = i_info. "数值
APPEND gth_title TO gtd_title.
ENDFORM. "sub_set_title
*&---------------------------------------------------------------------*
*& Form sub_set_field
*&---------------------------------------------------------------------*
* 设置ALV字段的属性
*&---------------------------------------------------------------------*
* -->i_pos "显示列的位置
* -->i_fieldname "内表的字段名
* -->i_tabname "内表名
* -->i_box "显示复选框
* -->i_edit "是否为可输入
* -->i_key "设置主键
* -->i_hotspot "单击控制
* -->i_outputlen "控制输出列的宽度
* -->i_seltext "设置列的名称
* -->i_edit "可编辑
*&---------------------------------------------------------------------*
FORM sub_set_field USING i_pos TYPE any
i_fieldname TYPE any
i_tabname TYPE any
i_key TYPE any
i_outputlen TYPE any
i_seltext TYPE any
i_edit TYPE any
i_box TYPE any
i_no_zero TYPE any.
gth_fieldcat-col_pos = i_pos. "显示列的位置
gth_fieldcat-fieldname = i_fieldname. "内表的字段名
gth_fieldcat-tabname = i_tabname. "内表名
gth_fieldcat-key = i_key. "设置主键
gth_fieldcat-outputlen = i_outputlen. "控制输出列的宽度
gth_fieldcat-seltext_m = i_seltext. "设置列的名称
gth_fieldcat-edit = i_edit.
gth_fieldcat-checkbox = i_box.
gth_fieldcat-no_zero = i_no_zero.
APPEND gth_fieldcat TO gtd_fieldcat.
CLEAR gth_fieldcat.
ENDFORM. "sub_set_field
业务要求:设置账户为WILLIE时,用户只能查询:“工厂代码P999+采购组PG2” 对应的采购订单信息、价格。其他条件无权限。
1、SU20 新建字段:工厂、采购组织
2、SU21创建授权对象:
输入授权对象名称,选择对应的类别,并绑定相关字段:
3、SU03可以修改授权对象
4、SU02创建对用的授权参数文件。也可以使用PFCG创建授权参数文件,设置权限值:
若采用PFCG创建授权参数文件,输入T-CODE: PFCG 创建角色,分配报表事务码:
生成授权文件并维护授权数据,点击“人工的”增加授权对象“Z_MM_PUR”(上文创建的):
在授权对象中维护权限值(工厂P999,采购组织PG2),最后点击生成图标:
将角色分配给用户账户(即完成分配权限),最后点击“用户比较”:
5、登录账号WILLIE,测试权限功能:
进入事务代码“Z_PO”,输入查询条件不满足时显示无权限:
进入事务代码“Z_PO”,输入查询条件满足时可以查看报表:
注意:
步骤4中也可以使用SU02创建参数文件:
双击“权限文件”名称,进入维护,选中要维护的字段点击“维护值”,若维护查询权限条件为:工厂P999+采购组PG1
保存并激活:
SU01将参数文件分配给用户账号(同时也要将事务代码“Z_PO”给用户):
此时,就登录账号WILLIE就可以查询工厂P999,采购组PG1的PO报表了。
说明:
本文控制权限的核心是创建授权文件,以及在自开发程序中写入的以下代码:
authority-check object 'Z_MM_PUR'
id 'Z_WERKS' field p_werks
id 'Z_GRP ' field p_ekgrp.
"通过authority-check object 来进行权限检查,ID是字段名,field是要检查的
if sy-subrc <> 0.
message s001(00) with '您没有权限查看此数据' display like 'E'.
exit.
endif.
权限检查中的SY-SUBRC 返回值说明:
0: 用户权限检查通过.
4: 用户权限不足.
8: 参数的数量不正确.
12: 权限对象不存在.
附:常用用户账户信息表:以“US”开头:
文章来自于网络,如果侵犯了您的权益,请联系站长删除!