SAP R/3 форум ABAP консультантов
Russian ABAP Developer's Club

Home - FAQ - Search - Memberlist - Usergroups - Profile - Log in to check your private messages - Register - Log in - English

Blogs - Weblogs News

Summary of Roles, Profiles and Authorizations by User ID

Russian ABAP Developer's Club Forum Index -> Security and Monitoring

View previous topic :: View next topic

Author

Message

admin
Администратор

Joined: 01 Sep 2007
Posts: 1640

Posted: Wed Aug 20, 2008 10:03 am Post subject: Summary of Roles, Profiles and Authorizations by User ID

Code:

REPORT ZHRKOPAR_SECURITY_1 LINE-SIZE 120
NO STANDARD PAGE HEADING MESSAGE-ID ZZ.
************************************************************************
* Program name : ZHRKOPAR_SECURITY_1
* Original Author : James Frazier
* Creation Date : 09-17-2002
* Description : Summary of Roles, Profiles and Authorizations by
* User ID
*
* Frequency : Variable
* Project Name : LIS
************************************************************************
* MODIFICATION LOG
************************************************************************
* Change Change Change Change Version
* Author Date Description Number
*----------------------------------------------------------------------*
*
*
*
************************************************************************

************************************************************************
* TABLES
************************************************************************
TABLES: ADCP, " Person/Address assignment (central address administ
ADRP, " Persons (central address administration)
AGR_HIER, " Table for Structure Information for Menu
AGR_HIERT, " Role menu texts
AGR_USERS, " Assignment of roles to users
AGR_TEXTS, " File Structure for Hierarchical Menu - Customer
DFIES, " DD Interface: Table Fields for DDIF_FIELDINFO_GET
USR02, " Logon data
USR04, " User master authorizations
USR10, " User master authorization profiles
USR11, " User Master Texts for Profiles (USR10)
USR12, " User master authorization values
USR21, " Assign user name address key
UST04, " User masters
TOBJT. " Texts for Objects in Table TOBJ

************************************************************************
* STANDARD INCLUDES
************************************************************************

INCLUDE ZHRKOPAIFSTANDARD_HEADER.

************************************************************************
* DATA DECLARATIONS
************************************************************************
DATA: BEGIN OF ITAB-USER OCCURS 10,
USERID LIKE USR04-BNAME,
USERN LIKE USR21-PERSNUMBER,
AD_ADDRNUM LIKE USR21-ADDRNUMBER,
END OF ITAB-USER.

DATA: BEGIN OF ITAB_S OCCURS 10,
AGR_NAME LIKE AGR_USERS-AGR_NAME,
END OF ITAB_S.

DATA: BEGIN OF ITAB_R OCCURS 10,
AGR_NAME LIKE AGR_USERS-AGR_NAME,
END OF ITAB_R.

DATA: BEGIN OF INTFIELD OCCURS 10,
FIELDNAME LIKE TOBJ-FIEL1,
LNG TYPE I,
TYPE,
FTEXT LIKE DFIES-SCRTEXT_L,
CONVEXIT LIKE DFIES-CONVEXIT,
END OF INTFIELD.

DATA: BEGIN OF TABPRO OCCURS 500,
USERID LIKE USR04-BNAME,
PROFILE LIKE XU213-PROFILE,
END OF TABPRO.

DATA: BEGIN OF TABAUTH OCCURS 500,
USERID LIKE USR04-BNAME, "Userid
PROFILE LIKE XU213-PROFILE, "Profile
OBJECT LIKE USR12-OBJCT, "Object
RULE LIKE USR12-AUTH, "Authorization
END OF TABAUTH.

DATA: BEGIN OF TABVAL OCCURS 500,
USERID LIKE USR04-BNAME,
PROFILE LIKE XU213-PROFILE,
OBJECT LIKE USR12-OBJCT,
RULE LIKE USR12-AUTH, "Authorization
SFIELD LIKE TOBJ-FIEL1, "Field Name
VON(18), "Value From
BIS(18), "Value To
USED-IN-REPORT-ALREADY,
END OF TABVAL.

DATA: USER-NAME LIKE USR03-NAME1,
USER-ID(14),
WS-TEXT(10),
SYST_LANGUAGE VALUE 'D',
TEMP-USERID LIKE USR04-BNAME,
TEMP-PROFILE LIKE XU213-PROFILE,
MAXCPF TYPE I VALUE 300,
MAXPRO TYPE I VALUE 170,
FLDLNG LIKE SY-FDPOS VALUE 10, "Field
AUTHLNG LIKE SY-FDPOS VALUE 12,
OBJLNG LIKE SY-FDPOS VALUE 10, "Object
PROFLNG LIKE SY-FDPOS VALUE 12,
PREV-RULE LIKE USR12-AUTH, "Authorization
PREV-OBJECT LIKE USR12-OBJCT,
PREV-SFIELD LIKE TOBJ-FIEL1.

FIELD-SYMBOLS: <TEXT>.

SELECT-OPTIONS BNAME FOR USR02-BNAME DEFAULT SY-UNAME.

************************************************************************
* START-OF-SELECTION
************************************************************************
START-OF-SELECTION.

PERFORM GET-NAME.

END-OF-SELECTION.

************************************************************************
* FORM PROCESSING
************************************************************************
FORM GET-NAME.

* Retrives all Users Ids from selection screen
SELECT * FROM USR21
WHERE BNAME IN BNAME.
MOVE USR21-BNAME TO ITAB-USER-USERID.
MOVE USR21-PERSNUMBER TO ITAB-USER-USERN.
MOVE USR21-ADDRNUMBER TO ITAB-USER-AD_ADDRNUM.
APPEND ITAB-USER.
ENDSELECT.

* Formats all Valid User Id
LOOP AT ITAB-USER.
AT NEW USERID.
NEW-PAGE.
PERFORM STANDARD_HEADER USING SY-DATUM SY-DATUM.
ULINE /1(120).
* SKIP 1.
ENDAT.
CLEAR: ADCP, ADRP, ITAB_S, ITAB_R,
USER-NAME, USER-ID, AGR_TEXTS, USR11.
REFRESH: ITAB_R.

IF ITAB-USER-USERN = SPACE.
MOVE 'User Name NOT Available' TO USER-NAME.
ELSE.

* Retrives Department
SELECT * FROM ADCP
WHERE ADDRNUMBER EQ ITAB-USER-AD_ADDRNUM.
ENDSELECT.
FORMAT COLOR 1.
WRITE:/ 'Plant :'.
FORMAT COLOR OFF.
WRITE ADCP-DEPARTMENT.
* SKIP 1.

* Retrives User Id Name
SELECT * FROM ADRP
WHERE PERSNUMBER EQ ITAB-USER-USERN.
ENDSELECT.
IF SY-SUBRC EQ 0.
CONCATENATE '(' ITAB-USER-USERID ')'
INTO USER-ID.
CONCATENATE ADRP-NAME_LAST ADRP-NAME_FIRST ADRP-NAMEMIDDLE
USER-ID
INTO USER-NAME SEPARATED BY SPACE.
ELSE.
MOVE 'User Name NOT Available' TO USER-NAME.
ENDIF.
ENDIF.
FORMAT COLOR 1 ON.
WRITE:/ 'Name :'.
FORMAT COLOR OFF.
WRITE USER-NAME.
* SKIP 1.

* Retrives Role Data Based on User ID
SELECT * FROM AGR_USERS
WHERE UNAME EQ ITAB-USER-USERID
AND FROM_DAT LE SY-DATUM
AND TO_DAT GE SY-DATUM.
FORMAT COLOR 1 ON.
WRITE:/ 'Role :' .
FORMAT COLOR OFF.
WRITE AGR_USERS-AGR_NAME HOTSPOT.
MOVE AGR_USERS-AGR_NAME TO ITAB_R-AGR_NAME.
MOVE AGR_USERS-AGR_NAME TO ITAB_S-AGR_NAME.
HIDE ITAB_S-AGR_NAME.
COLLECT ITAB_R.
APPEND ITAB_S.
SELECT * FROM AGR_TEXTS
WHERE AGR_NAME EQ AGR_USERS-AGR_NAME
AND SPRAS EQ SY-LANGU.
ENDSELECT.
WRITE: AGR_TEXTS-TEXT+0(50),
AGR_USERS-FROM_DAT, '-', AGR_USERS-TO_DAT.
* SKIP 1.
PERFORM GET-TRANS-AND-RPT.
ENDSELECT.

* PERFORM GET-TRANS-AND-RPT.

ENDLOOP.

ENDFORM.

*----------------*
AT LINE-SELECTION.
IF NOT ITAB_S-AGR_NAME IS INITIAL.
CALL FUNCTION 'SUPRN_PROFILE_GENERATOR'
EXPORTING
ACT_OBJID = ITAB_S-AGR_NAME
DISPLAY_MODE = 'X'.
CLEAR ITAB_S-AGR_NAME.
ENDIF.

*----------------------*
FORM GET-TRANS-AND-RPT.
DATA: WS-TEMP(85),
WS-TEMP-ROLE(50),
WS-FLAG.

FORMAT COLOR 1 ON.
MOVE 'TRANS/RPT:' to WS-TEXT.
WRITE:/12 WS-TEXT.
FORMAT COLOR OFF.
* cuts against the
* Retrives Transactions and Reports based on User Id
CLEAR: WS-TEMP, WS-TEMP-ROLE, WS-FLAG.
CONCATENATE AGR_USERS-AGR_NAME '*' INTO WS-TEMP-ROLE.

IF WS-FLAG EQ 'X'.
NEW-PAGE.
ENDIF.

SELECT * FROM AGR_HIER
WHERE AGR_NAME EQ AGR_USERS-AGR_NAME
AND REPORTTYPE EQ 'TR'.
CLEAR WS-TEXT.
SELECT * FROM AGR_HIERT
WHERE AGR_NAME EQ AGR_USERS-AGR_NAME
AND SPRAS EQ SY-LANGU
AND OBJECT_ID EQ AGR_HIER-OBJECT_ID.
ENDSELECT.
CONCATENATE AGR_HIER-REPORT '-' AGR_HIERT-TEXT
INTO WS-TEMP SEPARATED BY SPACE.
WRITE:/32 WS-TEMP.
ENDSELECT.
* IF SY-SUBRC EQ 0.
* SKIP 1.
* ENDIF.

FORMAT COLOR 1 ON.
MOVE 'Profile :' to WS-TEXT.
WRITE:/12 WS-TEXT.
FORMAT COLOR OFF.
CLEAR WS-TEXT.

* Retrives Profiles based on User Id
SELECT * FROM UST04
WHERE BNAME EQ ITAB-USER-USERID.
SELECT * FROM USR11
WHERE LANGU EQ SY-LANGU
AND PROFN EQ UST04-PROFILE.
ENDSELECT.
SEARCH USR11-PTEXT FOR AGR_USERS-AGR_NAME.
IF SY-SUBRC EQ 0.
WRITE:/32 UST04-PROFILE, USR11-PTEXT.
WS-FLAG = 'X'.
PERFORM PROCESS_PROFILE.
PERFORM PROCESS_REPORT.
ENDIF.
ENDSELECT.
SKIP 1.
*
ENDFORM. " GET-TRANS-AND-RPT

*-------------------*
FORM PROCESS_PROFILE.
CLEAR: TABVAL, TABPRO, TABAUTH.
REFRESH: TABVAL, TABPRO, TABAUTH.

SELECT * FROM USR10
WHERE PROFN = UST04-PROFILE.
MOVE ITAB-USER-USERID TO TEMP-USERID.
MOVE UST04-PROFILE TO TEMP-PROFILE.
ENDSELECT.

CASE USR10-TYP.
WHEN 'C'. "Composite Profile
PERFORM PROCESS_COMP_PROFILES.
WHEN 'S'. "Single Profile
PERFORM PROCESS_SINGLE_PROFILES.
WHEN 'G'. "09/09/02
PERFORM PROCESS_SINGLE_PROFILES. "09/09/02
WHEN OTHERS.
EXIT.
ENDCASE.

PERFORM PROCESS_AUTH_VALUES.

ENDFORM.

*------------------------*
FORM PROCESS_COMP_PROFILES.
DATA: NRAUT TYPE I,
OFF TYPE I.

OFF = 2.
NRAUT = USR10-NRAUT / 12. "Number of authorizations
IF NRAUT > MAXCPF. NRAUT = 0. ENDIF.
DO NRAUT TIMES.
ASSIGN USR10-AUTHS+OFF(PROFLNG) TO <TEXT>.
WRITE <TEXT> TO TABPRO-PROFILE.
MOVE TEMP-USERID TO TABPRO-USERID.
APPEND TABPRO.
OFF = OFF + PROFLNG.
ENDDO.

ENDFORM.

*---------------------------*
FORM PROCESS_SINGLE_PROFILES.
DATA: NRAUT TYPE I,
OFF TYPE I.

OFF = 2.
NRAUT = USR10-NRAUT / 22.
IF NRAUT > MAXPRO. NRAUT = 0. ENDIF.
DO NRAUT TIMES.
ASSIGN USR10-AUTHS+OFF(OBJLNG) TO <TEXT>.
WRITE <TEXT> TO TABAUTH-OBJECT.
OFF = OFF + OBJLNG.
ASSIGN USR10-AUTHS+OFF(AUTHLNG) TO <TEXT>.
WRITE <TEXT> TO TABAUTH-RULE.
MOVE TEMP-USERID TO TABAUTH-USERID.
MOVE TEMP-PROFILE TO TABAUTH-PROFILE.
APPEND TABAUTH.
OFF = OFF + AUTHLNG.
ENDDO.

ENDFORM.
*------------------------*
FORM PROCESS_AUTH_VALUES.

LOOP AT TABAUTH.
SELECT * FROM USR12
WHERE OBJCT = TABAUTH-OBJECT
AND AUTH = TABAUTH-RULE.
PERFORM LOAD_TABVALS.
ENDSELECT.
ENDLOOP.

ENDFORM.

*----------------*
FORM LOAD_TABVALS.
DATA: INTFLAG TYPE I VALUE 0,
OFF TYPE I,
VTYP,
LNG TYPE I,
CLNG(2),
GLNG(2).

OFF = 2.
ASSIGN USR12-VALS+OFF(1) TO <TEXT>.
WRITE <TEXT> TO VTYP.
WHILE VTYP <> ' ' AND OFF < USR12-LNG.
OFF = OFF + 1.
CASE VTYP.

WHEN 'F'.
OFF = OFF + 5.
ASSIGN USR12-VALS+OFF(2) TO <TEXT>.
WRITE <TEXT> TO CLNG.
LNG = CLNG.
OFF = OFF + 2.
ASSIGN USR12-VALS+OFF(FLDLNG) TO <TEXT>.
WRITE <TEXT> TO TABVAL-SFIELD.
OFF = OFF + FLDLNG.

WHEN 'E'.
ASSIGN USR12-VALS+OFF(LNG) TO <TEXT>.
WRITE <TEXT> TO TABVAL-VON.
IF TABVAL-VON = SPACE.
TABVAL-VON = ''' '''.
ENDIF.
PERFORM PROCESS_MOVES.
APPEND TABVAL.
TABVAL-VON = SPACE.
TABVAL-BIS = SPACE.
OFF = OFF + LNG.

WHEN 'G'.
ASSIGN USR12-VALS+OFF(2) TO <TEXT>.
WRITE <TEXT> TO CLNG.
GLNG = CLNG.
OFF = OFF + 2.
ASSIGN USR12-VALS+OFF(LNG) TO <TEXT>.
IF INTFLAG = 0.
WRITE <TEXT> TO TABVAL-VON.
WRITE '*' TO TABVAL-VON+GLNG.
ELSE.
WRITE <TEXT> TO TABVAL-BIS.
WRITE '*' TO TABVAL-BIS+GLNG.
INTFLAG = 0.
ENDIF.
PERFORM PROCESS_MOVES.
APPEND TABVAL.
TABVAL-VON = SPACE.
TABVAL-BIS = SPACE.
OFF = OFF + LNG.

WHEN 'V'.
INTFLAG = 1.
ASSIGN USR12-VALS+OFF(LNG) TO <TEXT>.
WRITE <TEXT> TO TABVAL-VON.
IF TABVAL-VON = SPACE.
TABVAL-VON = ''' '''.
ENDIF.
OFF = OFF + LNG.

WHEN 'B'.
INTFLAG = 0.
ASSIGN USR12-VALS+OFF(LNG) TO <TEXT>.
WRITE <TEXT> TO TABVAL-BIS.
IF TABVAL-BIS = SPACE.
TABVAL-BIS = ''' '''.
ENDIF.
PERFORM PROCESS_MOVES.
APPEND TABVAL.
TABVAL-VON = SPACE.
TABVAL-BIS = SPACE.
OFF = OFF + LNG.
ENDCASE.
ASSIGN USR12-VALS+OFF(1) TO <TEXT>.
WRITE <TEXT> TO VTYP.
ENDWHILE.

ENDFORM.

*------------------*
FORM PROCESS_MOVES.
MOVE TABAUTH-USERID TO TABVAL-USERID.
MOVE TABAUTH-PROFILE TO TABVAL-PROFILE.
MOVE TABAUTH-OBJECT TO TABVAL-OBJECT.
MOVE TABAUTH-RULE TO TABVAL-RULE.
ENDFORM.

*--------------*
FORM PROCESS_REPORT.
LOOP AT TABVAL.

AT NEW USERID.
SELECT SINGLE * FROM USR21
WHERE BNAME = TABVAL-USERID.

IF USR21-PERSNUMBER = SPACE.
MOVE 'User Name NOT Available' TO USER-NAME.
ELSE.
SELECT * FROM ADRP
WHERE PERSNUMBER EQ USR21-PERSNUMBER.
ENDSELECT.
IF SY-SUBRC EQ 0.
CONCATENATE ADRP-NAME_LAST ADRP-NAME_FIRST ADRP-NAMEMIDDLE
INTO USER-NAME SEPARATED BY SPACE.
ELSE.
MOVE 'User Name NOT Available' TO USER-NAME.
ENDIF.
ENDIF.

ENDAT.
AT NEW PROFILE.
WRITE: / TABVAL-PROFILE.
ENDAT.

AT NEW OBJECT.
WRITE: /15 TABVAL-OBJECT.
SELECT SINGLE * FROM TOBJT
WHERE LANGU = SY-LANGU
AND OBJECT = TABVAL-OBJECT.
WRITE: 30 TOBJT-TTEXT.
SKIP.
ENDAT.
""
IF ( TABVAL-RULE = PREV-RULE ) AND ( TABVAL-OBJECT = PREV-OBJECT ).
PERFORM CHECK-PREV-FIELD.
ELSE.
PERFORM GET_FIELD_NAME.
WRITE: /40 TABVAL-RULE,
60 INTFIELD-FTEXT, "Field text
110 TABVAL-VON, "Value From
118 TABVAL-BIS. "Value To
MOVE TABVAL-RULE TO PREV-RULE.
MOVE TABVAL-OBJECT TO PREV-OBJECT.
MOVE TABVAL-SFIELD TO PREV-SFIELD.
ENDIF.

ENDLOOP.

ENDFORM.
*--------------------------*
FORM CHECK-PREV-FIELD.
IF TABVAL-SFIELD = PREV-SFIELD.
WRITE: /110 TABVAL-VON, "Value From
118 TABVAL-BIS. "Value To
ELSE.
PERFORM GET_FIELD_NAME.
WRITE: /60 INTFIELD-FTEXT, "Field text
110 TABVAL-VON, "Value From
118 TABVAL-BIS. "Value To
MOVE TABVAL-SFIELD TO PREV-SFIELD.
ENDIF.
ENDFORM.

*------------------------*
FORM GET_FIELD_NAME.
DATA: WS-RC LIKE SY-SUBRC.

CALL FUNCTION 'AUTH_FIELD_GET_INFO'
EXPORTING
FIELDNAME = TABVAL-SFIELD
IMPORTING
DATEL = DFIES-ROLLNAME
LNG = DFIES-OUTPUTLEN
RC = WS-RC
TEXT = DFIES-FIELDTEXT
TYPE = DFIES-INTTYPE.
IF SY-SUBRC <> 0.
CLEAR WS-RC.
INTFIELD-FTEXT = TABVAL-SFIELD.
IF SY-LANGU <> SYST_LANGUAGE.
CALL FUNCTION 'AUTH_FIELD_GET_INFO'
EXPORTING
FIELDNAME = TABVAL-SFIELD
LANGU = SYST_LANGUAGE
IMPORTING
DATEL = DFIES-ROLLNAME
LNG = DFIES-OUTPUTLEN
RC = WS-RC
TEXT = DFIES-FIELDTEXT
TYPE = DFIES-INTTYPE.
IF SY-SUBRC <> 0.
MESSAGE A999 WITH 'Could not Get Info of Field Authority'.
ENDIF.
ELSE.
MESSAGE A999 WITH 'System Language Invalid'.
ENDIF.
ELSE.
IF DFIES-FIELDTEXT <> SPACE.
INTFIELD-FTEXT = DFIES-FIELDTEXT.
ELSE.
INTFIELD-FTEXT = TABVAL-SFIELD.
ENDIF.
ENDIF.

ENDFORM.

*SKIP 2.
*WRITE: / 'User-ID=', TABVAL-USERID, 'User Name=', USER-NAME.
*WRITE: /30 'Object',
* 113 'Values'.
*WRITE: / 'Profile',
* 15 'Object',
* 30 'Text',
* 40 'Authorization',
* 60 'Field Name',
* 110 'From',
* 118 'To'.
*ULINE: /(7),15(6),30(6),40(13),60(11),110(10).
*SKIP.

Display posts from previous:

	Russian ABAP Developer's Club Forum Index -> Security and Monitoring	All times are GMT + 4 Hours
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum

All product names are trademarks of their respective companies. SAPNET.RU websites are in no way affiliated with SAP AG.
SAP, SAP R/3, R/3 software, mySAP, ABAP, BAPI, xApps, SAP NetWeaver and any other are registered trademarks of SAP AG.
Every effort is made to ensure content integrity. Use information on this site at your own risk.

SAP R/3 форум ABAP консультантовRussian ABAP Developer's Club

Summary of Roles, Profiles and Authorizations by User ID

SAP R/3 форум ABAP консультантов
Russian ABAP Developer's Club