SAP R/3 форум ABAP консультантов
Russian ABAP Developer's Club

Home - FAQ - Search - Memberlist - Usergroups - Profile - Log in to check your private messages - Register - Log in - English
Blogs - Weblogs News

Shows Authority Profiles and Objects by USER



 
Post new topic   Reply to topic    Russian ABAP Developer's Club Forum Index -> Security and Monitoring
View previous topic :: View next topic  
Author Message
admin
Администратор
Администратор



Joined: 01 Sep 2007
Posts: 1636

PostPosted: Wed Aug 20, 2008 9:33 am    Post subject: Shows Authority Profiles and Objects by USER Reply with quote

Code:
REPORT ZAUTHRPT LINE-SIZE 132 NO STANDARD PAGE HEADING MESSAGE-ID ZZ.
*--------------------------------------------------------------
*  This program creates a report based on:
*  Composite profiles, Single Profiles, Objects,
*  Authorizations and their Values.
*  Author: Dean Demertzis
*--------------------------------------------------------------
TABLES: USR03, USR04, USR10, USR12, TOBJT, DFIES.

SELECT-OPTIONS  BNAME  FOR USR04-BNAME DEFAULT SY-UNAME.

PARAMETERS: DO-EXPRT(1) DEFAULT ' '
            NO-DISPLAY.

DATA:   BEGIN OF INTFIELD OCCURS 10,
          FIELDNAME LIKE TOBJ-FIEL1,
          LNG       TYPE I,
          TYPE,
          FTEXT     LIKE DFIES-SCRTEXT_L,
          CONVEXIT  LIKE DFIES-CONVEXIT,
        END OF INTFIELD.

DATA: BEGIN OF TABUSR OCCURS 500,
         USERID     LIKE  USR04-BNAME,
         PROFILE    LIKE  XU213-PROFILE,
      END OF TABUSR.

DATA: BEGIN OF TABPRO OCCURS 500,
         USERID     LIKE  USR04-BNAME,
         PROFILE    LIKE  XU213-PROFILE,
      END OF TABPRO.

DATA: BEGIN OF TABAUTH OCCURS 500,
         USERID     LIKE  USR04-BNAME, "Userid
         PROFILE    LIKE  XU213-PROFILE,    "Profile
         OBJECT     LIKE  USR12-OBJCT, "Object
         RULE       LIKE  USR12-AUTH,  "Authorization
      END OF TABAUTH.

DATA: BEGIN OF TABVAL OCCURS 500,
         USERID     LIKE  USR04-BNAME,
         PROFILE    LIKE  XU213-PROFILE,
         OBJECT     LIKE  USR12-OBJCT,
         RULE       LIKE  USR12-AUTH,  "Authorization
         SFIELD     LIKE  TOBJ-FIEL1,  "Field Name
         VON(18),                      "Value From
         BIS(18),                      "Value To
         USED-IN-REPORT-ALREADY,
      END OF TABVAL.

DATA:   MAXUSR   TYPE I VALUE 300,
        MAXCPF   TYPE I VALUE 300,
        MAXPRO   TYPE I VALUE 170,
        PROFLNG  LIKE SY-FDPOS VALUE 12,     "Profile
        OBJLNG   LIKE SY-FDPOS VALUE 10,     "Object
        AUTHLNG  LIKE SY-FDPOS VALUE 12,     "Authorization
        FLDLNG   LIKE SY-FDPOS VALUE 10,     "Field
        TEMP-USERID     LIKE  USR04-BNAME,
        PREV-OBJECT     LIKE  USR12-OBJCT,
        PREV-RULE       LIKE  USR12-AUTH,    "Authorization
        PREV-SFIELD     LIKE  TOBJ-FIEL1,
        TEMP-PROFILE    LIKE  XU213-PROFILE,
        USER-NAME       LIKE  USR03-NAME1,
        SYST_LANGUAGE   VALUE 'D',
        USER-DEPT(31),
        USER-COST-CENTER(31),
        PREV-PROFILE    LIKE  XU213-PROFILE.


FIELD-SYMBOLS:  <TEXT>.

START-OF-SELECTION.

  SELECT * FROM USR04
    WHERE BNAME  IN BNAME.             "Userid
    PERFORM 100_LOAD_TABUSR.
  ENDSELECT.

  SORT TABUSR BY PROFILE ASCENDING
                 USERID  ASCENDING.

  PERFORM 200_PROCESS_PROFILES.
  PERFORM 400_PROCESS_AUTH_VALUES.
  SORT TABVAL BY USERID  ASCENDING
                 PROFILE ASCENDING
                 OBJECT  ASCENDING
                 RULE    ASCENDING
                 SFIELD  ASCENDING.

  TEMP-USERID   = SPACE.
  PREV-PROFILE  = SPACE.

  IF DO-EXPRT EQ 'X'.
    EXPORT TABVAL TO MEMORY ID 'ZAUTHRPT'.
  ELSE.
    PERFORM 500_PROCESS_REPORT.
  ENDIF.

END-OF-SELECTION.
*-----------------------------------------------------------------
*    Form   100_LOAD_TABUSR
*-----------------------------------------------------------------
*   Load internal User Name and Profiles to internal table.
*-----------------------------------------------------------------
FORM 100_LOAD_TABUSR.
  DATA: NRPRO TYPE I,
        OFF   TYPE I.

  OFF = 2.
  NRPRO = USR04-NRPRO / 12.
  IF NRPRO > MAXUSR. NRPRO = 0. ENDIF.
  DO NRPRO TIMES.
    ASSIGN USR04-PROFS+OFF(PROFLNG) TO <TEXT>.
    MOVE USR04-BNAME  TO TABUSR-USERID.
    WRITE <TEXT>      TO TABUSR-PROFILE.
    APPEND TABUSR.
    OFF = OFF + PROFLNG.
  ENDDO.
ENDFORM.

*-----------------------------------------------------------------
*    Form   200_PROCESS_PROFILES
*-----------------------------------------------------------------
*   Get all authorizations based on the profile name.
*-----------------------------------------------------------------
FORM 200_PROCESS_PROFILES.
  LOOP AT TABUSR.
    SELECT * FROM USR10
      WHERE PROFN  =  TABUSR-PROFILE.
      MOVE TABUSR-USERID     TO TEMP-USERID.
      MOVE TABUSR-PROFILE    TO TEMP-PROFILE.
      PERFORM 250_GET_AUTHORIZATIONS.
    ENDSELECT.
  ENDLOOP.

  SORT TABPRO BY PROFILE ASCENDING
                 USERID  ASCENDING.

* Process the profiles under the composite profile
  LOOP AT TABPRO.
    SELECT * FROM USR10
      WHERE PROFN  =  TABPRO-PROFILE.
      MOVE TABPRO-USERID     TO TEMP-USERID.
      MOVE TABPRO-PROFILE    TO TEMP-PROFILE.
      PERFORM 250_GET_AUTHORIZATIONS.
    ENDSELECT.
  ENDLOOP.

ENDFORM.
*-----------------------------------------------------------------
*    Form   250_GET_AUTHORIZATIONS
*-----------------------------------------------------------------
*   Distinguish between Single and composite profiles
*-----------------------------------------------------------------
FORM 250_GET_AUTHORIZATIONS.

  CASE USR10-TYP.
    WHEN 'C'.                          "Composite Profile
      PERFORM 260_PROCESS_COMP_PROFILES.
    WHEN 'S'.                          "Single Profile
      PERFORM 280_PROCESS_SINGLE_PROFILES.
    WHEN OTHERS.
      EXIT.
  ENDCASE.

ENDFORM.
*---------------------------------------------------------------------*
*       FORM 260_PROCESS_COMP_PROFILES                                *
*---------------------------------------------------------------------*
*  Composite profiles are loaded to internal table to be              *
*  processed later.                                                   *
*---------------------------------------------------------------------*
FORM 260_PROCESS_COMP_PROFILES.
  DATA: NRAUT TYPE I,
        OFF   TYPE I.

  OFF = 2.
  NRAUT = USR10-NRAUT / 12.            "Number of authorizations
  IF NRAUT > MAXCPF. NRAUT = 0. ENDIF.
  DO NRAUT TIMES.
    ASSIGN USR10-AUTHS+OFF(PROFLNG) TO <TEXT>.
    WRITE <TEXT>         TO TABPRO-PROFILE.
    MOVE TEMP-USERID     TO TABPRO-USERID.
    APPEND TABPRO.
    OFF = OFF + PROFLNG.
  ENDDO.
ENDFORM.
*---------------------------------------------------------------------*
*       FORM 280_PROCESS_SINGLE_PROFILES                              *
*---------------------------------------------------------------------*
*  Load all authorizations under a single profile to an internal      *
*  table.                                                             *
*---------------------------------------------------------------------*
FORM 280_PROCESS_SINGLE_PROFILES.
  DATA: NRAUT TYPE I,
        OFF   TYPE I.

  OFF = 2.
  NRAUT = USR10-NRAUT / 22.
  IF NRAUT > MAXPRO. NRAUT = 0. ENDIF.
  DO NRAUT TIMES.
    ASSIGN USR10-AUTHS+OFF(OBJLNG) TO <TEXT>.
    WRITE <TEXT>           TO TABAUTH-OBJECT.
    OFF = OFF + OBJLNG.
    ASSIGN USR10-AUTHS+OFF(AUTHLNG) TO <TEXT>.
    WRITE <TEXT>           TO TABAUTH-RULE.
    MOVE TEMP-USERID       TO TABAUTH-USERID.
    MOVE TEMP-PROFILE      TO TABAUTH-PROFILE.
    APPEND TABAUTH.
    OFF = OFF + AUTHLNG.
  ENDDO.
ENDFORM.
*-----------------------------------------------------------------
*    Form   400_PROCESS_AUTH_VALUES
*-----------------------------------------------------------------
*   Load internal table with Userid, Profile, Object,
*   Authorizations and Values
*-----------------------------------------------------------------
FORM 400_PROCESS_AUTH_VALUES.
  LOOP AT TABAUTH.
    SELECT * FROM USR12
      WHERE OBJCT  =  TABAUTH-OBJECT
        AND AUTH   =  TABAUTH-RULE.
      PERFORM 450_LOAD_TABVALS.
    ENDSELECT.
  ENDLOOP.
ENDFORM.
*---------------------------------------------------------------------*
*       FORM 450_LOAD_TABVALS                                          *
*---------------------------------------------------------------------*
*  NOTE:   Search SAPMS01J  function FILL_TABUSR                      *
*          Must be in workbench.                                      *
*---------------------------------------------------------------------*
FORM 450_LOAD_TABVALS.
  DATA: INTFLAG TYPE I VALUE 0,
        OFF     TYPE I,
        VTYP,
        LNG     TYPE I,
        CLNG(2),
        GLNG(2).

  OFF = 2.
  ASSIGN USR12-VALS+OFF(1) TO <TEXT>.
  WRITE <TEXT> TO VTYP.
  WHILE VTYP <> '  ' AND OFF < USR12-LNG.
    OFF = OFF + 1.
    CASE VTYP.

      WHEN 'F'.
        OFF = OFF + 5.
        ASSIGN USR12-VALS+OFF(2) TO <TEXT>.
        WRITE <TEXT> TO CLNG.
        LNG = CLNG.
        OFF = OFF + 2.
        ASSIGN USR12-VALS+OFF(FLDLNG) TO <TEXT>.
        WRITE <TEXT> TO TABVAL-SFIELD.
        OFF = OFF + FLDLNG.

      WHEN 'E'.
        ASSIGN USR12-VALS+OFF(LNG) TO <TEXT>.
        WRITE <TEXT> TO TABVAL-VON.
        IF TABVAL-VON = SPACE.
          TABVAL-VON = ''' '''.
        ENDIF.
        PERFORM 480_PROCESS_MOVES.
        APPEND TABVAL.
        TABVAL-VON = SPACE.
        TABVAL-BIS = SPACE.
        OFF = OFF + LNG.

      WHEN 'G'.
        ASSIGN USR12-VALS+OFF(2) TO <TEXT>.
        WRITE <TEXT> TO CLNG.
        GLNG = CLNG.
        OFF = OFF + 2.
        ASSIGN USR12-VALS+OFF(LNG) TO <TEXT>.
        IF INTFLAG = 0.
          WRITE <TEXT> TO TABVAL-VON.
          WRITE '*'    TO TABVAL-VON+GLNG.
        ELSE.
          WRITE <TEXT> TO TABVAL-BIS.
          WRITE '*'    TO TABVAL-BIS+GLNG.
          INTFLAG = 0.
        ENDIF.
        PERFORM 480_PROCESS_MOVES.
        APPEND TABVAL.
        TABVAL-VON = SPACE.
        TABVAL-BIS = SPACE.
        OFF = OFF + LNG.

      WHEN 'V'.
        INTFLAG = 1.
        ASSIGN USR12-VALS+OFF(LNG) TO <TEXT>.
        WRITE <TEXT> TO TABVAL-VON.
        IF TABVAL-VON = SPACE.
          TABVAL-VON = ''' '''.
        ENDIF.
        OFF = OFF + LNG.

      WHEN 'B'.
        INTFLAG = 0.
        ASSIGN USR12-VALS+OFF(LNG) TO <TEXT>.
        WRITE <TEXT> TO TABVAL-BIS.
        IF TABVAL-BIS = SPACE.
          TABVAL-BIS = ''' '''.
        ENDIF.
        PERFORM 480_PROCESS_MOVES.
        APPEND TABVAL.
        TABVAL-VON = SPACE.
        TABVAL-BIS = SPACE.
        OFF = OFF + LNG.
    ENDCASE.
    ASSIGN USR12-VALS+OFF(1) TO <TEXT>.
    WRITE <TEXT> TO VTYP.
  ENDWHILE.

ENDFORM.
*---------------------------------------------------------------------*
*       FORM 480_PROCESS_MOVES                                        *
*---------------------------------------------------------------------*
*       ........                                                      *
*---------------------------------------------------------------------*
FORM 480_PROCESS_MOVES.
  MOVE TABAUTH-USERID        TO TABVAL-USERID.
  MOVE TABAUTH-PROFILE       TO TABVAL-PROFILE.
  MOVE TABAUTH-OBJECT        TO TABVAL-OBJECT.
  MOVE TABAUTH-RULE          TO TABVAL-RULE.
ENDFORM.
*---------------------------------------------------------------
*    FORM 500_PROCESS_REPORT
*---------------------------------------------------------------
*   Create a report
*---------------------------------------------------------------
FORM 500_PROCESS_REPORT.
  LOOP AT TABVAL.

    AT NEW USERID.
      NEW-PAGE.
      SELECT SINGLE * FROM USR03
        WHERE BNAME =  TABVAL-USERID.

      IF USR03-NAME1 = SPACE.
        MOVE 'User Name NOT Available'  TO USER-NAME.
      ELSE.
        MOVE USR03-NAME1    TO USER-NAME.
      ENDIF.

*---------------------------------------------------------------
* If you want to display the Department comment back in
*---------------------------------------------------------------
*     IF USR03-ABTLG = SPACE.
*       MOVE 'Users Department NOT Available'  TO USER-DEPT.
*     ELSE.
*       MOVE USR03-ABTLG    TO USER-DEPT.
*     ENDIF.

      IF USR03-KOSTL = SPACE.
        MOVE 'Users Cost Center NOT Available'  TO USER-COST-CENTER.
      ELSE.
        MOVE USR03-KOSTL    TO USER-COST-CENTER.
      ENDIF.

    ENDAT.

    AT NEW PROFILE.
      WRITE:  / TABVAL-PROFILE.
    ENDAT.

    AT NEW OBJECT.
      WRITE: /15 TABVAL-OBJECT.
      SELECT SINGLE * FROM TOBJT
        WHERE LANGU = SY-LANGU
        AND   OBJECT = TABVAL-OBJECT.
      WRITE:  30 TOBJT-TTEXT.
      SKIP.
    ENDAT.

    IF ( TABVAL-RULE = PREV-RULE ) AND ( TABVAL-OBJECT = PREV-OBJECT ).
      PERFORM 550-CHECK-PREV-FIELD.
    ELSE.
      PERFORM 600-GET_FIELD_NAME.
      WRITE: /40 TABVAL-RULE,
              60 INTFIELD-FTEXT,       "Field text
             110 TABVAL-VON,           "Value From
             118 TABVAL-BIS.           "Value To
      MOVE TABVAL-RULE   TO PREV-RULE.
      MOVE TABVAL-OBJECT TO PREV-OBJECT.
      MOVE TABVAL-SFIELD       TO PREV-SFIELD.
    ENDIF.

* BREAK-POINT.
  ENDLOOP.
ENDFORM.
*---------------------------------------------------------------------*
*       FORM 550-CHECK-PREV-FIELD                                     *
*---------------------------------------------------------------------*
*   To avoid redundant printing of the field name.                    *
*---------------------------------------------------------------------*
FORM 550-CHECK-PREV-FIELD.
  IF TABVAL-SFIELD = PREV-SFIELD.
    WRITE: /110 TABVAL-VON,            "Value From
            118 TABVAL-BIS.            "Value To
  ELSE.
    PERFORM 600-GET_FIELD_NAME.
    WRITE: /60 INTFIELD-FTEXT,         "Field text
           110 TABVAL-VON,             "Value From
           118 TABVAL-BIS.             "Value To
    MOVE TABVAL-SFIELD       TO PREV-SFIELD.
  ENDIF.
ENDFORM.
*---------------------------------------------------------------------*
*       FORM 600-GET_FIELD_NAME                                       *
*---------------------------------------------------------------------*
*   Get the text name using the technical field name                  *
*---------------------------------------------------------------------*
FORM 600-GET_FIELD_NAME.

  CALL FUNCTION 'AUTH_FIELD_GET_INFO'
       EXPORTING
            FIELDNAME = TABVAL-SFIELD
       IMPORTING
            DATEL     = DFIES-ROLLNAME
            LNG       = DFIES-OUTPUTLEN
            RC        = SY-SUBRC
            TEXT      = DFIES-FIELDTEXT
            TYPE      = DFIES-INTTYPE.
  IF SY-SUBRC <> 0.
    INTFIELD-FTEXT  =  TABVAL-SFIELD.
    IF SY-LANGU <> SYST_LANGUAGE.
      CALL FUNCTION 'AUTH_FIELD_GET_INFO'
           EXPORTING
                FIELDNAME = TABVAL-SFIELD
                LANGU     = SYST_LANGUAGE
           IMPORTING
                DATEL     = DFIES-ROLLNAME
                LNG       = DFIES-OUTPUTLEN
                RC        = SY-SUBRC
                TEXT      = DFIES-FIELDTEXT
                TYPE      = DFIES-INTTYPE.
      IF SY-SUBRC <> 0.
        MESSAGE A999 WITH 'Could not Get Info of Field Authority'.
      ENDIF.
    ELSE.
      MESSAGE A999 WITH 'System Language Invalid'.
    ENDIF.
  ELSE.
    IF DFIES-FIELDTEXT <> SPACE.
      INTFIELD-FTEXT = DFIES-FIELDTEXT.
    ELSE.
      INTFIELD-FTEXT = TABVAL-SFIELD.
    ENDIF.
  ENDIF.

ENDFORM.

INCLUDE ZCONINC3.
SKIP 2.
WRITE: / 'User-ID=', TABVAL-USERID, 'User Name=', USER-NAME.
WRITE: /30 'Object',
       113 'Values'.
WRITE: / 'Profile',
        15 'Object',
        30 'Text',
        40 'Authorization',
        60 'Field Name',
       110 'From',
       118 'To'.
ULINE: /(7),15(6),30(6),40(13),60(11),110(10).
SKIP.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Russian ABAP Developer's Club Forum Index -> Security and Monitoring All times are GMT + 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


All product names are trademarks of their respective companies. SAPNET.RU websites are in no way affiliated with SAP AG.
SAP, SAP R/3, R/3 software, mySAP, ABAP, BAPI, xApps, SAP NetWeaver and any other are registered trademarks of SAP AG.
Every effort is made to ensure content integrity. Use information on this site at your own risk.