如何设计和使用自定义的权限对象(自定义权限检查函数)

2006年08月25日 10:59:00

在sap扩展中用户往往都需要使用自己的权限对象,为了达到次目的,请按下列步骤建立和维护权限对象

1、Create an Anthorization Field(SU20)创建权限对象字段(存储在AUTHX表中)

2、Create an Authorization Object(SU21) 创建权限对象
创建权限对象类别(存储在TOBCT表中)
点击对象类别创建权限对象(存储在TOBJ表中),生成SAP_ALL

3、Assign an Authorization Object to an Object Class(SU02或PFCG)

4、权限赋值关系图

user master record
/ ............................../
auth. profile Composite auth. profile
/................./ / /
/ / / /
Authorization Auth. Profile
/ /................./

5、Call "Authorith-Check" in Program to Check Authorization.

这是我编写针对具体权限对象替代Authorith-Check的函数

form zcustcheckauth using value(z_vkbur) like vbak-vkbur
z_return type i.
data: wa_ust12 like ust12.
data: bgetsubfile(1) type c.
data: begin of db_file occurs 10,
profile like ust04-profile,
typ like usr10-typ,
end of db_file.

data: begin of mid_db_file occurs 10,
profile like ust04-profile,
typ like usr10-typ,
end of mid_db_file.

data: begin of db_file_end occurs 10,
profile like ust04-profile,
end of db_file_end.

data: begin of db_auth occurs 10,
objct like ust10s-objct,
auth like ust10s-auth,
end of db_auth.

z_return = 4.
select ust04~profile usr10~typ
into corresponding fields of table db_file
from ust04
inner join usr10 on usr10~profn = ust04~profile
and usr10~aktps = 'A'
where ust04~bname = sy-uname.

refresh mid_db_file.
clear mid_db_file.
loop at db_file.
if db_file-typ >< 'C'.
db_file_end-profile = db_file-profile.
append db_file_end to db_file_end.
else.
bgetsubfile = 'X'.
append db_file to mid_db_file.
endif.
endloop.
refresh db_file.
clear db_file.

while bgetsubfile = 'X'.
bgetsubfile = space.
select ust10c~subprof as profile usr10~typ
into corresponding fields of table db_file
from ust10c
inner join usr10 on usr10~profn = ust10c~subprof
and usr10~aktps = 'A'
for all entries in mid_db_file
where ust10c~profn = mid_db_file-profile.

refresh mid_db_file.
clear mid_db_file.
loop at db_file.
if db_file-typ >< 'C'.
db_file_end-profile = db_file-profile.
append db_file_end to db_file_end.
else.
bgetsubfile = 'X'.
append db_file to mid_db_file.
endif.
endloop.
refresh db_file.
clear db_file.
endwhile.

select objct auth into corresponding fields of table db_auth
from ust10s
for all entries in db_file_end
where ust10s~aktps = 'A' and ust10s~profn = db_file_end-profile.

select von bis into corresponding fields of wa_ust12
from ust12
for all entries in db_auth
where ust12~aktps = 'A' and ust12~field = 'VKBUR'
and ust12~objct = db_auth-objct
and ust12~auth = db_auth-auth.

if ( wa_ust12-bis ne space ).
if ( z_vkbur ge wa_ust12-von ).
if ( z_vkbur le wa_ust12-bis ).
z_return = 0.
exit.
endif.
endif.
elseif ( z_vkbur = wa_ust12-von ).
z_return = 0.
exit.
elseif ( '*' = wa_ust12-von ).
z_return = 0.
exit.
endif.
endselect.
endform.
调用的方法

*&---------------------------------------------------------------------*
*& Form USEREXIT_CHECK_VBAK
*&---------------------------------------------------------------------*
* *
* This Userexit can be used to add additional logic for *
* checking the header for completeness and consistency. *
* *
* US_DIALOG - Indicator, that can be used to suppress *
* dialogs in certain routines, e.g. in a *
* copy routine. *
* *
* This form is called from form VBAK_PRUEFEN. *
* *
*---------------------------------------------------------------------*
form userexit_check_vbak using us_dialog.
*{ INSERT DEVK901354 1
data: z_s_vkbur like knvv-vkbur.
data: z_auth_check type i value 4.
if sy-tcode = 'VA01' or
sy-tcode = 'VA02'.
authority-check object 'V_VBKA_VKO'
id 'VKORG' dummy
id 'VTWEG' dummy
id 'SPART' dummy
id 'VKBUR' field vbak-vkbur
id 'VKGRP' dummy
id 'KTAAR' dummy
id 'ACTVT' dummy.
if sy-subrc ne 0.
message e900(zdev).
endif."不能创建非主管商家订单
if sy-tcode eq 'VA01'.
select single vkbur into z_s_vkbur
from knvv
where knvv~kunnr = vbak-kunnr
and knvv~vkorg = vbak-vkorg
and knvv~vtweg = vbak-vtweg
and knvv~spart = vbak-spart
and knvv~vkbur = vbak-vkbur.
if sy-subrc ne 0.
message e001(zdev).
endif.
endif.
else.
perform zcustcheckauth using vbak-vkbur z_auth_check.

if z_auth_check ne 0. "如果没有权限,取当前商家主管销售组
select single vkbur into z_s_vkbur
from knvv
where knvv~kunnr = vbak-kunnr.
if sy-subrc ne 0.
message e001(zdev).
endif. "检查当前商家主管销售组是否在用户权限内
z_auth_check = 4.
perform zcustcheckauth using z_s_vkbur z_auth_check.
if z_auth_check ne 0.
message e900(zdev).
endif.
endif.
endif.
*} INSERT


endform.



Trackback: http://tb.blog.csdn.net/TrackBack.aspx?PostId=1116654


评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值