List of BUKRS which the current user is allowed to see
up vote
0
down vote
favorite
Is there a way to get a list of all BUKRS which the current user is allowed to see?
I want to use this list as a filter in open sql. Imagine the result of the method I search stored the result in bk_list. Then I could use bk_list like this:
SELECT * FROM some_table WHERE bukrs IN bk_list
abap
edited Nov 20 at 8:11
jonrsharpe
76k1098204
asked Nov 19 at 13:19
guettli
3,19619124262
add a comment |
up vote
0
down vote
favorite
Is there a way to get a list of all BUKRS which the current user is allowed to see?
I want to use this list as a filter in open sql. Imagine the result of the method I search stored the result in bk_list. Then I could use bk_list like this:
SELECT * FROM some_table WHERE bukrs IN bk_list
abap
edited Nov 20 at 8:11
jonrsharpe
76k1098204
asked Nov 19 at 13:19
guettli
3,19619124262
If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by usingAUTHORITY-CHECK.
– Sandra Rossi
Nov 19 at 13:49
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Is there a way to get a list of all BUKRS which the current user is allowed to see?
I want to use this list as a filter in open sql. Imagine the result of the method I search stored the result in bk_list. Then I could use bk_list like this:
SELECT * FROM some_table WHERE bukrs IN bk_list
abap
edited Nov 20 at 8:11
jonrsharpe
76k1098204
asked Nov 19 at 13:19
guettli
3,19619124262
Is there a way to get a list of all BUKRS which the current user is allowed to see?
I want to use this list as a filter in open sql. Imagine the result of the method I search stored the result in bk_list. Then I could use bk_list like this:
SELECT * FROM some_table WHERE bukrs IN bk_list
abap
abap
edited Nov 20 at 8:11
jonrsharpe
76k1098204
asked Nov 19 at 13:19
guettli
3,19619124262
edited Nov 20 at 8:11
jonrsharpe
76k1098204
asked Nov 19 at 13:19
guettli
3,19619124262
edited Nov 20 at 8:11
jonrsharpe
76k1098204
edited Nov 20 at 8:11
jonrsharpe
76k1098204
edited Nov 20 at 8:11
jonrsharpe
76k1098204
76k1098204
asked Nov 19 at 13:19
guettli
3,19619124262
asked Nov 19 at 13:19
guettli
3,19619124262
asked Nov 19 at 13:19
guettli
3,19619124262
3,19619124262
If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by usingAUTHORITY-CHECK.
– Sandra Rossi
Nov 19 at 13:49
add a comment |
If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by usingAUTHORITY-CHECK.
– Sandra Rossi
Nov 19 at 13:49
If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using
AUTHORITY-CHECK.– Sandra Rossi
Nov 19 at 13:49
If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using
AUTHORITY-CHECK.– Sandra Rossi
Nov 19 at 13:49
add a comment |
2 Answers
2
active
oldest
votes
up vote
6
down vote
Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :
DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).
authsql->add_authorization_object( EXPORTING
iv_authorization_object = 'S_CARRID'
it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
it_field_mapping = VALUE #(
( auth_field = 'CARRID'
view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).
DATA(where) = authsql->get_sql_condition( ).
SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).
answered Nov 19 at 14:36
Sandra Rossi
2,0731315
add a comment |
up vote
4
down vote
I am afraid you can do it one by one only. Roughly:
SELECT bukrs
INTO TABLE @DATA(lt_t001)
FROM t001
WHERE ... . "Selection critera, if necessary
LOOP AT lt_t001
ASSIGNING FIELD-SYMBOL(<ls_t001>).
DATA(lv_tabix) = sy-tabix.
AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
ID 'BUKRS' FIELD <ls_t001>-bukrs
ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
IF sy-subrc <> 0. "Auth check failed
DELETE lt_t001 INDEX lv_tabix.
ENDIF.
ENDLOOP.
At the end lt_t001 contains only the company codes, for which the user has authorization.
answered Nov 19 at 14:03
JozsefSzikszai
1,513311
OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.
– guettli
Nov 19 at 15:10
1
It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.
– JozsefSzikszai
Nov 19 at 15:30
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
6
down vote
Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :
DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).
authsql->add_authorization_object( EXPORTING
iv_authorization_object = 'S_CARRID'
it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
it_field_mapping = VALUE #(
( auth_field = 'CARRID'
view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).
DATA(where) = authsql->get_sql_condition( ).
SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).
answered Nov 19 at 14:36
Sandra Rossi
2,0731315
add a comment |
up vote
6
down vote
Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :
DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).
authsql->add_authorization_object( EXPORTING
iv_authorization_object = 'S_CARRID'
it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
it_field_mapping = VALUE #(
( auth_field = 'CARRID'
view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).
DATA(where) = authsql->get_sql_condition( ).
SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).
answered Nov 19 at 14:36
Sandra Rossi
2,0731315
add a comment |
up vote
6
down vote
up vote
6
down vote
Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :
DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).
authsql->add_authorization_object( EXPORTING
iv_authorization_object = 'S_CARRID'
it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
it_field_mapping = VALUE #(
( auth_field = 'CARRID'
view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).
DATA(where) = authsql->get_sql_condition( ).
SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).
answered Nov 19 at 14:36
Sandra Rossi
2,0731315
Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :
DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).
authsql->add_authorization_object( EXPORTING
iv_authorization_object = 'S_CARRID'
it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
it_field_mapping = VALUE #(
( auth_field = 'CARRID'
view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).
DATA(where) = authsql->get_sql_condition( ).
SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).
answered Nov 19 at 14:36
Sandra Rossi
2,0731315
answered Nov 19 at 14:36
Sandra Rossi
2,0731315
answered Nov 19 at 14:36
Sandra Rossi
2,0731315
answered Nov 19 at 14:36
Sandra Rossi
2,0731315
2,0731315
add a comment |
add a comment |
up vote
4
down vote
I am afraid you can do it one by one only. Roughly:
SELECT bukrs
INTO TABLE @DATA(lt_t001)
FROM t001
WHERE ... . "Selection critera, if necessary
LOOP AT lt_t001
ASSIGNING FIELD-SYMBOL(<ls_t001>).
DATA(lv_tabix) = sy-tabix.
AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
ID 'BUKRS' FIELD <ls_t001>-bukrs
ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
IF sy-subrc <> 0. "Auth check failed
DELETE lt_t001 INDEX lv_tabix.
ENDIF.
ENDLOOP.
At the end lt_t001 contains only the company codes, for which the user has authorization.
answered Nov 19 at 14:03
JozsefSzikszai
1,513311
OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.
– guettli
Nov 19 at 15:10
1
It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.
– JozsefSzikszai
Nov 19 at 15:30
add a comment |
up vote
4
down vote
I am afraid you can do it one by one only. Roughly:
SELECT bukrs
INTO TABLE @DATA(lt_t001)
FROM t001
WHERE ... . "Selection critera, if necessary
LOOP AT lt_t001
ASSIGNING FIELD-SYMBOL(<ls_t001>).
DATA(lv_tabix) = sy-tabix.
AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
ID 'BUKRS' FIELD <ls_t001>-bukrs
ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
IF sy-subrc <> 0. "Auth check failed
DELETE lt_t001 INDEX lv_tabix.
ENDIF.
ENDLOOP.
At the end lt_t001 contains only the company codes, for which the user has authorization.
answered Nov 19 at 14:03
JozsefSzikszai
1,513311
OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.
– guettli
Nov 19 at 15:10
1
It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.
– JozsefSzikszai
Nov 19 at 15:30
add a comment |
up vote
4
down vote
up vote
4
down vote
I am afraid you can do it one by one only. Roughly:
SELECT bukrs
INTO TABLE @DATA(lt_t001)
FROM t001
WHERE ... . "Selection critera, if necessary
LOOP AT lt_t001
ASSIGNING FIELD-SYMBOL(<ls_t001>).
DATA(lv_tabix) = sy-tabix.
AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
ID 'BUKRS' FIELD <ls_t001>-bukrs
ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
IF sy-subrc <> 0. "Auth check failed
DELETE lt_t001 INDEX lv_tabix.
ENDIF.
ENDLOOP.
At the end lt_t001 contains only the company codes, for which the user has authorization.
answered Nov 19 at 14:03
JozsefSzikszai
1,513311
I am afraid you can do it one by one only. Roughly:
SELECT bukrs
INTO TABLE @DATA(lt_t001)
FROM t001
WHERE ... . "Selection critera, if necessary
LOOP AT lt_t001
ASSIGNING FIELD-SYMBOL(<ls_t001>).
DATA(lv_tabix) = sy-tabix.
AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
ID 'BUKRS' FIELD <ls_t001>-bukrs
ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
IF sy-subrc <> 0. "Auth check failed
DELETE lt_t001 INDEX lv_tabix.
ENDIF.
ENDLOOP.
At the end lt_t001 contains only the company codes, for which the user has authorization.
answered Nov 19 at 14:03
JozsefSzikszai
1,513311
answered Nov 19 at 14:03
JozsefSzikszai
1,513311
answered Nov 19 at 14:03
JozsefSzikszai
1,513311
answered Nov 19 at 14:03
JozsefSzikszai
1,513311
1,513311
OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.
– guettli
Nov 19 at 15:10
1
It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.
– JozsefSzikszai
Nov 19 at 15:30
add a comment |
OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.
– guettli
Nov 19 at 15:10
1
It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.
– JozsefSzikszai
Nov 19 at 15:30
OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.
– guettli
Nov 19 at 15:10
OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.
– guettli
Nov 19 at 15:10
1
1
It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.
– JozsefSzikszai
Nov 19 at 15:30
It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.
– JozsefSzikszai
Nov 19 at 15:30
add a comment |
draft saved
draft discarded
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53375514%2flist-of-bukrs-which-the-current-user-is-allowed-to-see%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using
AUTHORITY-CHECK.– Sandra Rossi
Nov 19 at 13:49