SAP 权限对象设置及在程序中的应用
如何設計和使用自定義的權限對象(自定義權限檢查函數)
在sap擴展中用戶往往都需要使用自己的權限對象,為了達到次目的,請按下列步驟建立和維護權限對象
1、Create an Anthorization Field(SU20)創建權限對象字段(存儲在AUTHX表中)
2、Create an Authorization Object(SU21) 創建權限對象
創建權限對象類別(存儲在TOBCT表中)
點擊對象類別創建權限對象(存儲在TOBJ表中),生成SAP_ALL
3、Assign an Authorization Object to an Object Class(SU02或PFCG)
4、權限賦值關系圖
??????????????????????? user? master record
??????????????????????? /? ............................../
??????????? auth. profile????????????? Composite auth. profile
????????????? /................./????????????????????? /????????????????? /
???????????? /?????????????????? /??????????????????? /??????????????????? /
? Authorization??????????????????????????????????????????? Auth. Profile
???? /?????????????????????????????????????????????????????????????? /................./??????????
5、Call "Authorith-Check" in Program? to Check Authorization.
這是我編寫針對具體權限對象替代Authorith-Check的函數
form zcustcheckauth using? value(z_vkbur) like vbak-vkbur
???????????????????? z_return type i.
data: wa_ust12 like ust12.
data: bgetsubfile(1) type c.
data: begin of db_file occurs 10,
???????? profile like ust04-profile,
???????? typ???? like usr10-typ,
????? end of db_file.
data: begin of mid_db_file occurs 10,
???????? profile like ust04-profile,
???????? typ???? like usr10-typ,
????? end of mid_db_file.
data: begin of db_file_end occurs 10,
???????? profile like ust04-profile,
????? end of db_file_end.
data: begin of db_auth occurs 10,
???????? objct like ust10s-objct,
???????? auth like ust10s-auth,
????? end of db_auth.
?? z_return = 4.
?? select ust04~profile usr10~typ
???? into corresponding fields of table db_file
???? from ust04
?????? inner join usr10 on usr10~profn = ust04~profile
???????? and usr10~aktps = 'A'
?? where ust04~bname = sy-uname.
?? refresh mid_db_file.
?? clear mid_db_file.
?? loop at db_file.
????? if db_file-typ <> 'C'.
??????? db_file_end-profile = db_file-profile.
??????? append db_file_end to db_file_end.
????? else.
??????? bgetsubfile = 'X'.
??????? append db_file to mid_db_file.
????? endif.
?? endloop.
?? refresh db_file.
?? clear db_file.
?? while bgetsubfile = 'X'.
???? bgetsubfile = space.
???? select ust10c~subprof as profile usr10~typ
?????? into corresponding fields of table db_file
???? from ust10c
?????? inner join usr10 on usr10~profn =? ust10c~subprof
???????? and usr10~aktps = 'A'
???? for all entries in mid_db_file
???? where ust10c~profn = mid_db_file-profile.
???? refresh mid_db_file.
???? clear mid_db_file.
???? loop at db_file.
????? if db_file-typ <> 'C'.
??????? db_file_end-profile = db_file-profile.
??????? append db_file_end to db_file_end.
????? else.
??????? bgetsubfile = 'X'.
??????? append db_file to mid_db_file.
????? endif.
???? endloop.
???? refresh db_file.
???? clear db_file.
?? endwhile.
?? select objct auth into corresponding fields of table db_auth
?? from ust10s
?? for all entries in db_file_end
?? where ust10s~aktps = 'A' and ust10s~profn = db_file_end-profile.
?? select von bis into corresponding fields of wa_ust12
???? from ust12
???? for all entries in db_auth
???? where ust12~aktps = 'A' and ust12~field = 'VKBUR'
?????? and ust12~objct = db_auth-objct
?????? and ust12~auth = db_auth-auth.
???? if ( wa_ust12-bis ne space ).
??????? if ( z_vkbur ge wa_ust12-von ).
????????? if ( z_vkbur le wa_ust12-bis ).
??????????? z_return = 0.
??????????? exit.
????????? endif.
??????? endif.
???? elseif ( z_vkbur = wa_ust12-von ).
?????? z_return = 0.
?????? exit.
???? elseif ( '*' = wa_ust12-von ).
?????? z_return = 0.
?????? exit.
???? endif.
?? endselect.
endform.
調用的方法
*&---------------------------------------------------------------------*
*&????? Form? USEREXIT_CHECK_VBAK
*&---------------------------------------------------------------------*
*???????????????????????????????????????????????????????????????????? *
*?????? This Userexit can be used to add additional logic for???????? *
*?????? checking the header for completeness and consistency.???????? *
*???????????????????????????????????????????????????????????????????? *
*?????? US_DIALOG? -? Indicator, that can be used to suppress???????? *
*???????????????????? dialogs in certain routines, e.g. in a????????? *
*???????????????????? copy routine.?????????????????????????????????? *
*???????????????????????????????????????????????????????????????????? *
*?????? This form is called from form VBAK_PRUEFEN.?????????????????? *
*???????????????????????????????????????????????????????????????????? *
*---------------------------------------------------------------------*
form userexit_check_vbak using us_dialog.
*{?? INSERT???????? DEVK901354??????????????????????????????????????? 1
?data: z_s_vkbur like knvv-vkbur.
?data: z_auth_check type i value 4.
?if sy-tcode = 'VA01' or
??? sy-tcode = 'VA02'.
?? authority-check object 'V_VBKA_VKO'
???????????????? id 'VKORG' dummy
???????????????? id 'VTWEG' dummy
???????????????? id 'SPART' dummy
???????????????? id 'VKBUR' field vbak-vkbur
???????????????? id 'VKGRP' dummy
???????????????? id 'KTAAR' dummy
???????????????? id 'ACTVT' dummy.
?? if? sy-subrc ne 0.
???? message e900(zdev).
?? endif."不能創建非主管商家訂單
?? if sy-tcode eq 'VA01'.
???? select single vkbur into z_s_vkbur
???? from knvv
???? where knvv~kunnr =? vbak-kunnr
?????? and knvv~vkorg =? vbak-vkorg
?????? and knvv~vtweg =? vbak-vtweg
?????? and knvv~spart =? vbak-spart
?????? and knvv~vkbur =? vbak-vkbur.
???? if sy-subrc ne 0.
?????? message e001(zdev).
???? endif.
?? endif.
?else.
?? perform zcustcheckauth using vbak-vkbur z_auth_check.
?? if? z_auth_check ne 0.? "如果沒有權限,取當前商家主管銷售組
???? select single vkbur into z_s_vkbur
???? from knvv
???? where knvv~kunnr =? vbak-kunnr.
???? if sy-subrc ne 0.
?????? message e001(zdev).
???? endif.??? "檢查當前商家主管銷售組是否在用戶權限內
???? z_auth_check = 4.
???? perform zcustcheckauth using z_s_vkbur z_auth_check.
???? if z_auth_check ne 0.
?????? message e900(zdev).
???? endif.
? endif.
?endif.
*}?? INSERT
總結
以上是生活随笔為你收集整理的SAP 权限对象设置及在程序中的应用的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: SAP系统权限管理及参数设置
- 下一篇: Sap权限相关设置、控制及传输