Posted: Wed Sep 05, 2007 6:18 pm Post subject: Authorization Check Program
Authorization Check Program
Applies to:
4.6c
Summary
This program creates a report based on: Composite profiles, Single Profiles, Objects, Authorizations, and their Values.
Author(s): Aveek Ghose
Company: IBM India
Code:
*&---------------------------------------------------------------------*
*& Report ZCHECKAUTH
*&
*&---------------------------------------------------------------------*
REPORT ZAUTHRPT LINE-SIZE 132 NO STANDARD PAGE HEADING MESSAGE-ID ZZ.
*--------------------------------------------------------------
* This program creates a report based on:
* Composite profiles, Single Profiles, Objects,
* Authorizations and their Values.
*--------------------------------------------------------------
TABLES: USR03, USR04, USR10, USR12, TOBJT, DFIES.
SELECT-OPTIONS BNAME FOR USR04-BNAME DEFAULT SY-UNAME.
PARAMETERS: DO-EXPRT(1) DEFAULT ' '
NO-DISPLAY.
DATA: BEGIN OF INTFIELD OCCURS 10,
FIELDNAME LIKE TOBJ-FIEL1,
LNG TYPE I,
TYPE,
FTEXT LIKE DFIES-SCRTEXT_L,
CONVEXIT LIKE DFIES-CONVEXIT,
END OF INTFIELD.
DATA: BEGIN OF TABUSR OCCURS 500,
USERID LIKE USR04-BNAME,
PROFILE LIKE XU213-PROFILE,
END OF TABUSR.
DATA: BEGIN OF TABPRO OCCURS 500,
USERID LIKE USR04-BNAME,
PROFILE LIKE XU213-PROFILE,
END OF TABPRO.
DATA: BEGIN OF TABAUTH OCCURS 500,
USERID LIKE USR04-BNAME, "Userid
PROFILE LIKE XU213-PROFILE, "Profile
OBJECT LIKE USR12-OBJCT, "Object
RULE LIKE USR12-AUTH, "Authorization
END OF TABAUTH.
DATA: BEGIN OF TABVAL OCCURS 500,
USERID LIKE USR04-BNAME,
PROFILE LIKE XU213-PROFILE,
OBJECT LIKE USR12-OBJCT,
RULE LIKE USR12-AUTH, "Authorization
SFIELD LIKE TOBJ-FIEL1, "Field Name
VON(18), "Value From
BIS(18), "Value To
USED-IN-REPORT-ALREADY,
END OF TABVAL.
DATA: MAXUSR TYPE I VALUE 300,
MAXCPF TYPE I VALUE 300,
MAXPRO TYPE I VALUE 170,
PROFLNG LIKE SY-FDPOS VALUE 12, "Profile
OBJLNG LIKE SY-FDPOS VALUE 10, "Object
AUTHLNG LIKE SY-FDPOS VALUE 12, "Authorization
FLDLNG LIKE SY-FDPOS VALUE 10, "Field
TEMP-USERID LIKE USR04-BNAME,
PREV-OBJECT LIKE USR12-OBJCT,
PREV-RULE LIKE USR12-AUTH, "Authorization
PREV-SFIELD LIKE TOBJ-FIEL1,
TEMP-PROFILE LIKE XU213-PROFILE,
USER-NAME LIKE USR03-NAME1,
SYST_LANGUAGE VALUE 'D',
USER-DEPT(31),
USER-COST-CENTER(31),
PREV-PROFILE LIKE XU213-PROFILE.
FIELD-SYMBOLS: <TEXT>.
START-OF-SELECTION.
SELECT * FROM USR04
WHERE BNAME IN BNAME. "Userid
PERFORM 100_LOAD_TABUSR.
ENDSELECT.
SORT TABUSR BY PROFILE ASCENDING
USERID ASCENDING.
IF DO-EXPRT EQ 'X'.
EXPORT TABVAL TO MEMORY ID 'ZAUTHRPT'.
ELSE.
PERFORM 500_PROCESS_REPORT.
ENDIF.
END-OF-SELECTION.
*-----------------------------------------------------------------
* Form 100_LOAD_TABUSR
*-----------------------------------------------------------------
* Load internal User Name and Profiles to internal table.
*-----------------------------------------------------------------
FORM 100_LOAD_TABUSR.
DATA: NRPRO TYPE I,
OFF TYPE I.
OFF = 2.
NRPRO = USR04-NRPRO / 12.
IF NRPRO > MAXUSR. NRPRO = 0. ENDIF.
DO NRPRO TIMES.
ASSIGN USR04-PROFS+OFF(PROFLNG) TO <TEXT>.
MOVE USR04-BNAME TO TABUSR-USERID.
WRITE <TEXT> TO TABUSR-PROFILE.
APPEND TABUSR.
OFF = OFF + PROFLNG.
ENDDO.
ENDFORM.
*-----------------------------------------------------------------
* Form 200_PROCESS_PROFILES
*-----------------------------------------------------------------
* Get all authorizations based on the profile name.
*-----------------------------------------------------------------
FORM 200_PROCESS_PROFILES.
LOOP AT TABUSR.
SELECT * FROM USR10
WHERE PROFN = TABUSR-PROFILE.
MOVE TABUSR-USERID TO TEMP-USERID.
MOVE TABUSR-PROFILE TO TEMP-PROFILE.
PERFORM 250_GET_AUTHORIZATIONS.
ENDSELECT.
ENDLOOP.
SORT TABPRO BY PROFILE ASCENDING
USERID ASCENDING.
* Process the profiles under the composite profile
LOOP AT TABPRO.
SELECT * FROM USR10
WHERE PROFN = TABPRO-PROFILE.
MOVE TABPRO-USERID TO TEMP-USERID.
MOVE TABPRO-PROFILE TO TEMP-PROFILE.
PERFORM 250_GET_AUTHORIZATIONS.
ENDSELECT.
ENDLOOP.
ENDFORM.
*-----------------------------------------------------------------
* Form 250_GET_AUTHORIZATIONS
*-----------------------------------------------------------------
* Distinguish between Single and composite profiles
*-----------------------------------------------------------------
FORM 250_GET_AUTHORIZATIONS.
CASE USR10-TYP.
WHEN 'C'. "Composite Profile
PERFORM 260_PROCESS_COMP_PROFILES.
WHEN 'S'. "Single Profile
PERFORM 280_PROCESS_SINGLE_PROFILES.
WHEN OTHERS.
EXIT.
ENDCASE.
ENDFORM.
*---------------------------------------------------------------------*
* FORM 260_PROCESS_COMP_PROFILES *
*---------------------------------------------------------------------*
* Composite profiles are loaded to internal table to be *
* processed later. *
*---------------------------------------------------------------------*
FORM 260_PROCESS_COMP_PROFILES.
DATA: NRAUT TYPE I,
OFF TYPE I.
OFF = 2.
NRAUT = USR10-NRAUT / 12. "Number of authorizations
IF NRAUT > MAXCPF. NRAUT = 0. ENDIF.
DO NRAUT TIMES.
ASSIGN USR10-AUTHS+OFF(PROFLNG) TO <TEXT>.
WRITE <TEXT> TO TABPRO-PROFILE.
MOVE TEMP-USERID TO TABPRO-USERID.
APPEND TABPRO.
OFF = OFF + PROFLNG.
ENDDO.
ENDFORM.
*---------------------------------------------------------------------*
* FORM 280_PROCESS_SINGLE_PROFILES *
*---------------------------------------------------------------------*
* Load all authorizations under a single profile to an internal *
* table. *
*---------------------------------------------------------------------*
FORM 280_PROCESS_SINGLE_PROFILES.
DATA: NRAUT TYPE I,
OFF TYPE I.
OFF = 2.
NRAUT = USR10-NRAUT / 22.
IF NRAUT > MAXPRO. NRAUT = 0. ENDIF.
DO NRAUT TIMES.
ASSIGN USR10-AUTHS+OFF(OBJLNG) TO <TEXT>.
WRITE <TEXT> TO TABAUTH-OBJECT.
OFF = OFF + OBJLNG.
ASSIGN USR10-AUTHS+OFF(AUTHLNG) TO <TEXT>.
WRITE <TEXT> TO TABAUTH-RULE.
MOVE TEMP-USERID TO TABAUTH-USERID.
MOVE TEMP-PROFILE TO TABAUTH-PROFILE.
APPEND TABAUTH.
OFF = OFF + AUTHLNG.
ENDDO.
ENDFORM.
*-----------------------------------------------------------------
* Form 400_PROCESS_AUTH_VALUES
*-----------------------------------------------------------------
* Load internal table with Userid, Profile, Object,
* Authorizations and Values
*-----------------------------------------------------------------
FORM 400_PROCESS_AUTH_VALUES.
LOOP AT TABAUTH.
SELECT * FROM USR12
WHERE OBJCT = TABAUTH-OBJECT
AND AUTH = TABAUTH-RULE.
PERFORM 450_LOAD_TABVALS.
ENDSELECT.
ENDLOOP.
ENDFORM.
*---------------------------------------------------------------------*
* FORM 450_LOAD_TABVALS *
*---------------------------------------------------------------------*
* NOTE: Search SAPMS01J function FILL_TABUSR *
* Must be in workbench. *
*---------------------------------------------------------------------*
FORM 450_LOAD_TABVALS.
DATA: INTFLAG TYPE I VALUE 0,
OFF TYPE I,
VTYP,
LNG TYPE I,
CLNG(2),
GLNG(2).
OFF = 2.
ASSIGN USR12-VALS+OFF(1) TO <TEXT>.
WRITE <TEXT> TO VTYP.
WHILE VTYP <> ' ' AND OFF < USR12-LNG.
OFF = OFF + 1.
CASE VTYP.
WHEN 'F'.
OFF = OFF + 5.
ASSIGN USR12-VALS+OFF(2) TO <TEXT>.
WRITE <TEXT> TO CLNG.
LNG = CLNG.
OFF = OFF + 2.
ASSIGN USR12-VALS+OFF(FLDLNG) TO <TEXT>.
WRITE <TEXT> TO TABVAL-SFIELD.
OFF = OFF + FLDLNG.
WHEN 'E'.
ASSIGN USR12-VALS+OFF(LNG) TO <TEXT>.
WRITE <TEXT> TO TABVAL-VON.
IF TABVAL-VON = SPACE.
TABVAL-VON = ''' '''.
ENDIF.
PERFORM 480_PROCESS_MOVES.
APPEND TABVAL.
TABVAL-VON = SPACE.
TABVAL-BIS = SPACE.
OFF = OFF + LNG.
WHEN 'G'.
ASSIGN USR12-VALS+OFF(2) TO <TEXT>.
WRITE <TEXT> TO CLNG.
GLNG = CLNG.
OFF = OFF + 2.
ASSIGN USR12-VALS+OFF(LNG) TO <TEXT>.
IF INTFLAG = 0.
WRITE <TEXT> TO TABVAL-VON.
WRITE '*' TO TABVAL-VON+GLNG.
ELSE.
WRITE <TEXT> TO TABVAL-BIS.
WRITE '*' TO TABVAL-BIS+GLNG.
INTFLAG = 0.
ENDIF.
PERFORM 480_PROCESS_MOVES.
APPEND TABVAL.
TABVAL-VON = SPACE.
TABVAL-BIS = SPACE.
OFF = OFF + LNG.
WHEN 'V'.
INTFLAG = 1.
ASSIGN USR12-VALS+OFF(LNG) TO <TEXT>.
WRITE <TEXT> TO TABVAL-VON.
IF TABVAL-VON = SPACE.
TABVAL-VON = ''' '''.
ENDIF.
OFF = OFF + LNG.
WHEN 'B'.
INTFLAG = 0.
ASSIGN USR12-VALS+OFF(LNG) TO <TEXT>.
WRITE <TEXT> TO TABVAL-BIS.
IF TABVAL-BIS = SPACE.
TABVAL-BIS = ''' '''.
ENDIF.
PERFORM 480_PROCESS_MOVES.
APPEND TABVAL.
TABVAL-VON = SPACE.
TABVAL-BIS = SPACE.
OFF = OFF + LNG.
ENDCASE.
ASSIGN USR12-VALS+OFF(1) TO <TEXT>.
WRITE <TEXT> TO VTYP.
ENDWHILE.
ENDFORM.
*---------------------------------------------------------------------*
* FORM 480_PROCESS_MOVES *
*---------------------------------------------------------------------*
* ........ *
*---------------------------------------------------------------------*
FORM 480_PROCESS_MOVES.
MOVE TABAUTH-USERID TO TABVAL-USERID.
MOVE TABAUTH-PROFILE TO TABVAL-PROFILE.
MOVE TABAUTH-OBJECT TO TABVAL-OBJECT.
MOVE TABAUTH-RULE TO TABVAL-RULE.
ENDFORM.
*---------------------------------------------------------------
* FORM 500_PROCESS_REPORT
*---------------------------------------------------------------
* Create a report
*---------------------------------------------------------------
FORM 500_PROCESS_REPORT.
LOOP AT TABVAL.
AT NEW USERID.
NEW-PAGE.
SELECT SINGLE * FROM USR03
WHERE BNAME = TABVAL-USERID.
IF USR03-NAME1 = SPACE.
MOVE 'User Name NOT Available' TO USER-NAME.
ELSE.
MOVE USR03-NAME1 TO USER-NAME.
ENDIF.
*---------------------------------------------------------------
* If you want to display the Department comment back in
*---------------------------------------------------------------
* IF USR03-ABTLG = SPACE.
* MOVE 'Users Department NOT Available' TO USER-DEPT.
* ELSE.
* MOVE USR03-ABTLG TO USER-DEPT.
* ENDIF.
IF USR03-KOSTL = SPACE.
MOVE 'Users Cost Center NOT Available' TO USER-COST-CENTER.
ELSE.
MOVE USR03-KOSTL TO USER-COST-CENTER.
ENDIF.
ENDAT.
AT NEW PROFILE.
WRITE: / TABVAL-PROFILE.
ENDAT.
AT NEW OBJECT.
WRITE: /15 TABVAL-OBJECT.
SELECT SINGLE * FROM TOBJT
WHERE LANGU = SY-LANGU
AND OBJECT = TABVAL-OBJECT.
WRITE: 30 TOBJT-TTEXT.
SKIP.
ENDAT.
IF ( TABVAL-RULE = PREV-RULE ) AND ( TABVAL-OBJECT = PREV-OBJECT ).
PERFORM 550-CHECK-PREV-FIELD.
ELSE.
PERFORM 600-GET_FIELD_NAME.
WRITE: /40 TABVAL-RULE,
60 INTFIELD-FTEXT, "Field text
110 TABVAL-VON, "Value From
118 TABVAL-BIS. "Value To
MOVE TABVAL-RULE TO PREV-RULE.
MOVE TABVAL-OBJECT TO PREV-OBJECT.
MOVE TABVAL-SFIELD TO PREV-SFIELD.
ENDIF.
* BREAK-POINT.
ENDLOOP.
ENDFORM.
*---------------------------------------------------------------------*
* FORM 550-CHECK-PREV-FIELD *
*---------------------------------------------------------------------*
* To avoid redundant printing of the field name. *
*---------------------------------------------------------------------*
FORM 550-CHECK-PREV-FIELD.
IF TABVAL-SFIELD = PREV-SFIELD.
WRITE: /110 TABVAL-VON, "Value From
118 TABVAL-BIS. "Value To
ELSE.
PERFORM 600-GET_FIELD_NAME.
WRITE: /60 INTFIELD-FTEXT, "Field text
110 TABVAL-VON, "Value From
118 TABVAL-BIS. "Value To
MOVE TABVAL-SFIELD TO PREV-SFIELD.
ENDIF.
ENDFORM.
*---------------------------------------------------------------------*
* FORM 600-GET_FIELD_NAME *
*---------------------------------------------------------------------*
* Get the text name using the technical field name *
*---------------------------------------------------------------------*
FORM 600-GET_FIELD_NAME.
CALL FUNCTION 'AUTH_FIELD_GET_INFO'
EXPORTING
FIELDNAME = TABVAL-SFIELD
IMPORTING
DATEL = DFIES-ROLLNAME
LNG = DFIES-OUTPUTLEN
* RC = SY-SUBRC
TEXT = DFIES-FIELDTEXT
TYPE = DFIES-INTTYPE.
IF SY-SUBRC <> 0.
INTFIELD-FTEXT = TABVAL-SFIELD.
IF SY-LANGU <> SYST_LANGUAGE.
CALL FUNCTION 'AUTH_FIELD_GET_INFO'
EXPORTING
FIELDNAME = TABVAL-SFIELD
LANGU = SYST_LANGUAGE
IMPORTING
DATEL = DFIES-ROLLNAME
LNG = DFIES-OUTPUTLEN
* RC = SY-SUBRC
TEXT = DFIES-FIELDTEXT
TYPE = DFIES-INTTYPE.
IF SY-SUBRC <> 0.
MESSAGE A999 WITH 'Could not Get Info of Field Authority'.
ENDIF.
ELSE.
MESSAGE A999 WITH 'System Language Invalid'.
ENDIF.
ELSE.
IF DFIES-FIELDTEXT <> SPACE.
INTFIELD-FTEXT = DFIES-FIELDTEXT.
ELSE.
INTFIELD-FTEXT = TABVAL-SFIELD.
ENDIF.
ENDIF.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
All product names are trademarks of their respective companies. SAPNET.RU websites are in no way affiliated with SAP AG. SAP, SAP R/3, R/3 software, mySAP, ABAP, BAPI, xApps, SAP NetWeaver and any other are registered trademarks of SAP AG. Every effort is made to ensure content integrity. Use information on this site at your own risk.