如何设计和使用自定义的权限对象(自定义权限检查函数)
2006-08-25 10:59
555 查看
在sap扩展中用户往往都需要使用自己的权限对象,为了达到次目的,请按下列步骤建立和维护权限对象
1、Create an Anthorization Field(SU20)创建权限对象字段(存储在AUTHX表中)
2、Create an Authorization Object(SU21) 创建权限对象
创建权限对象类别(存储在TOBCT表中)
点击对象类别创建权限对象(存储在TOBJ表中),生成SAP_ALL
3、Assign an Authorization Object to an Object Class(SU02或PFCG)
4、权限赋值关系图
user master record
/ ............................../
auth. profile Composite auth. profile
/................./ / /
/ / / /
Authorization Auth. Profile
/ /................./
5、Call "Authorith-Check" in Program to Check Authorization.
这是我编写针对具体权限对象替代Authorith-Check的函数
form zcustcheckauth using value(z_vkbur) like vbak-vkbur
z_return type i.
data: wa_ust12 like ust12.
data: bgetsubfile(1) type c.
data: begin of db_file occurs 10,
profile like ust04-profile,
typ like usr10-typ,
end of db_file.
data: begin of mid_db_file occurs 10,
profile like ust04-profile,
typ like usr10-typ,
end of mid_db_file.
data: begin of db_file_end occurs 10,
profile like ust04-profile,
end of db_file_end.
data: begin of db_auth occurs 10,
objct like ust10s-objct,
auth like ust10s-auth,
end of db_auth.
z_return = 4.
select ust04~profile usr10~typ
into corresponding fields of table db_file
from ust04
inner join usr10 on usr10~profn = ust04~profile
and usr10~aktps = 'A'
where ust04~bname = sy-uname.
refresh mid_db_file.
clear mid_db_file.
loop at db_file.
if db_file-typ <> 'C'.
db_file_end-profile = db_file-profile.
append db_file_end to db_file_end.
else.
bgetsubfile = 'X'.
append db_file to mid_db_file.
endif.
endloop.
refresh db_file.
clear db_file.
while bgetsubfile = 'X'.
bgetsubfile = space.
select ust10c~subprof as profile usr10~typ
into corresponding fields of table db_file
from ust10c
inner join usr10 on usr10~profn = ust10c~subprof
and usr10~aktps = 'A'
for all entries in mid_db_file
where ust10c~profn = mid_db_file-profile.
refresh mid_db_file.
clear mid_db_file.
loop at db_file.
if db_file-typ <> 'C'.
db_file_end-profile = db_file-profile.
append db_file_end to db_file_end.
else.
bgetsubfile = 'X'.
append db_file to mid_db_file.
endif.
endloop.
refresh db_file.
clear db_file.
endwhile.
select objct auth into corresponding fields of table db_auth
from ust10s
for all entries in db_file_end
where ust10s~aktps = 'A' and ust10s~profn = db_file_end-profile.
select von bis into corresponding fields of wa_ust12
from ust12
for all entries in db_auth
where ust12~aktps = 'A' and ust12~field = 'VKBUR'
and ust12~objct = db_auth-objct
and ust12~auth = db_auth-auth.
if ( wa_ust12-bis ne space ).
if ( z_vkbur ge wa_ust12-von ).
if ( z_vkbur le wa_ust12-bis ).
z_return = 0.
exit.
endif.
endif.
elseif ( z_vkbur = wa_ust12-von ).
z_return = 0.
exit.
elseif ( '*' = wa_ust12-von ).
z_return = 0.
exit.
endif.
endselect.
endform.
调用的方法
*&---------------------------------------------------------------------*
*& Form USEREXIT_CHECK_VBAK
*&---------------------------------------------------------------------*
* *
* This Userexit can be used to add additional logic for *
* checking the header for completeness and consistency. *
* *
* US_DIALOG - Indicator, that can be used to suppress *
* dialogs in certain routines, e.g. in a *
* copy routine. *
* *
* This form is called from form VBAK_PRUEFEN. *
* *
*---------------------------------------------------------------------*
form userexit_check_vbak using us_dialog.
*{ INSERT DEVK901354 1
data: z_s_vkbur like knvv-vkbur.
data: z_auth_check type i value 4.
if sy-tcode = 'VA01' or
sy-tcode = 'VA02'.
authority-check object 'V_VBKA_VKO'
id 'VKORG' dummy
id 'VTWEG' dummy
id 'SPART' dummy
id 'VKBUR' field vbak-vkbur
id 'VKGRP' dummy
id 'KTAAR' dummy
id 'ACTVT' dummy.
if sy-subrc ne 0.
message e900(zdev).
endif."不能创建非主管商家订单
if sy-tcode eq 'VA01'.
select single vkbur into z_s_vkbur
from knvv
where knvv~kunnr = vbak-kunnr
and knvv~vkorg = vbak-vkorg
and knvv~vtweg = vbak-vtweg
and knvv~spart = vbak-spart
and knvv~vkbur = vbak-vkbur.
if sy-subrc ne 0.
message e001(zdev).
endif.
endif.
else.
perform zcustcheckauth using vbak-vkbur z_auth_check.
if z_auth_check ne 0. "如果没有权限,取当前商家主管销售组
select single vkbur into z_s_vkbur
from knvv
where knvv~kunnr = vbak-kunnr.
if sy-subrc ne 0.
message e001(zdev).
endif. "检查当前商家主管销售组是否在用户权限内
z_auth_check = 4.
perform zcustcheckauth using z_s_vkbur z_auth_check.
if z_auth_check ne 0.
message e900(zdev).
endif.
endif.
endif.
*} INSERT
endform.
1、Create an Anthorization Field(SU20)创建权限对象字段(存储在AUTHX表中)
2、Create an Authorization Object(SU21) 创建权限对象
创建权限对象类别(存储在TOBCT表中)
点击对象类别创建权限对象(存储在TOBJ表中),生成SAP_ALL
3、Assign an Authorization Object to an Object Class(SU02或PFCG)
4、权限赋值关系图
user master record
/ ............................../
auth. profile Composite auth. profile
/................./ / /
/ / / /
Authorization Auth. Profile
/ /................./
5、Call "Authorith-Check" in Program to Check Authorization.
这是我编写针对具体权限对象替代Authorith-Check的函数
form zcustcheckauth using value(z_vkbur) like vbak-vkbur
z_return type i.
data: wa_ust12 like ust12.
data: bgetsubfile(1) type c.
data: begin of db_file occurs 10,
profile like ust04-profile,
typ like usr10-typ,
end of db_file.
data: begin of mid_db_file occurs 10,
profile like ust04-profile,
typ like usr10-typ,
end of mid_db_file.
data: begin of db_file_end occurs 10,
profile like ust04-profile,
end of db_file_end.
data: begin of db_auth occurs 10,
objct like ust10s-objct,
auth like ust10s-auth,
end of db_auth.
z_return = 4.
select ust04~profile usr10~typ
into corresponding fields of table db_file
from ust04
inner join usr10 on usr10~profn = ust04~profile
and usr10~aktps = 'A'
where ust04~bname = sy-uname.
refresh mid_db_file.
clear mid_db_file.
loop at db_file.
if db_file-typ <> 'C'.
db_file_end-profile = db_file-profile.
append db_file_end to db_file_end.
else.
bgetsubfile = 'X'.
append db_file to mid_db_file.
endif.
endloop.
refresh db_file.
clear db_file.
while bgetsubfile = 'X'.
bgetsubfile = space.
select ust10c~subprof as profile usr10~typ
into corresponding fields of table db_file
from ust10c
inner join usr10 on usr10~profn = ust10c~subprof
and usr10~aktps = 'A'
for all entries in mid_db_file
where ust10c~profn = mid_db_file-profile.
refresh mid_db_file.
clear mid_db_file.
loop at db_file.
if db_file-typ <> 'C'.
db_file_end-profile = db_file-profile.
append db_file_end to db_file_end.
else.
bgetsubfile = 'X'.
append db_file to mid_db_file.
endif.
endloop.
refresh db_file.
clear db_file.
endwhile.
select objct auth into corresponding fields of table db_auth
from ust10s
for all entries in db_file_end
where ust10s~aktps = 'A' and ust10s~profn = db_file_end-profile.
select von bis into corresponding fields of wa_ust12
from ust12
for all entries in db_auth
where ust12~aktps = 'A' and ust12~field = 'VKBUR'
and ust12~objct = db_auth-objct
and ust12~auth = db_auth-auth.
if ( wa_ust12-bis ne space ).
if ( z_vkbur ge wa_ust12-von ).
if ( z_vkbur le wa_ust12-bis ).
z_return = 0.
exit.
endif.
endif.
elseif ( z_vkbur = wa_ust12-von ).
z_return = 0.
exit.
elseif ( '*' = wa_ust12-von ).
z_return = 0.
exit.
endif.
endselect.
endform.
调用的方法
*&---------------------------------------------------------------------*
*& Form USEREXIT_CHECK_VBAK
*&---------------------------------------------------------------------*
* *
* This Userexit can be used to add additional logic for *
* checking the header for completeness and consistency. *
* *
* US_DIALOG - Indicator, that can be used to suppress *
* dialogs in certain routines, e.g. in a *
* copy routine. *
* *
* This form is called from form VBAK_PRUEFEN. *
* *
*---------------------------------------------------------------------*
form userexit_check_vbak using us_dialog.
*{ INSERT DEVK901354 1
data: z_s_vkbur like knvv-vkbur.
data: z_auth_check type i value 4.
if sy-tcode = 'VA01' or
sy-tcode = 'VA02'.
authority-check object 'V_VBKA_VKO'
id 'VKORG' dummy
id 'VTWEG' dummy
id 'SPART' dummy
id 'VKBUR' field vbak-vkbur
id 'VKGRP' dummy
id 'KTAAR' dummy
id 'ACTVT' dummy.
if sy-subrc ne 0.
message e900(zdev).
endif."不能创建非主管商家订单
if sy-tcode eq 'VA01'.
select single vkbur into z_s_vkbur
from knvv
where knvv~kunnr = vbak-kunnr
and knvv~vkorg = vbak-vkorg
and knvv~vtweg = vbak-vtweg
and knvv~spart = vbak-spart
and knvv~vkbur = vbak-vkbur.
if sy-subrc ne 0.
message e001(zdev).
endif.
endif.
else.
perform zcustcheckauth using vbak-vkbur z_auth_check.
if z_auth_check ne 0. "如果没有权限,取当前商家主管销售组
select single vkbur into z_s_vkbur
from knvv
where knvv~kunnr = vbak-kunnr.
if sy-subrc ne 0.
message e001(zdev).
endif. "检查当前商家主管销售组是否在用户权限内
z_auth_check = 4.
perform zcustcheckauth using z_s_vkbur z_auth_check.
if z_auth_check ne 0.
message e900(zdev).
endif.
endif.
endif.
*} INSERT
endform.
相关文章推荐
- 如何设计和使用自定义的权限对象(自定义权限检查函数)
- 如何设计和使用自定义的权限对象(自定义权限检查函数)
- 如何设计和使用自定义的权限对象(自定义权限检查函数)
- 如何设计和使用自定义的权限对象(自定义权限检查函数)
- 如何设计和使用自定义的权限对象(自定义权限检查函数)
- ABAP实例:如何设计和使用自定义的权限对象
- 07.Django中的自定义认证方式和权限的设计与使用
- Web设计中如何使用XML数据源对象
- [备用]权限设计方案、如何使用session、MVC如何使用模板、DropdownList、怎么添加Bootstrape框架、使用ASP.NET MVC 4 Bootstrap Layout Template(VS2012)
- [翻译]如何使用LINQ方法来比较自定义类型的对象
- 如何添加一个自定义的columnstyles 到设计器中,以便在设计时直接使用他们?
- NSUserDefaults简介及如何使用 NSUserDefaults 存储自定义对象
- 使用MvcHandler设计自定义系统权限<下>
- 面向对象的设计方式处理Android编程中的GridView问题,以及自定义ListAdapter的使用
- Web设计中如何使用XML数据源对象(1)
- ADO.NET Entity Framework 如何:自定义建模和映射文件以使用自定义对象(实体框架)
- 如何使用YYCache存储自定义对象
- XAF 如何控制自定义按钮的使用权限[转]
- 扫描识别工具Dynamic Web TWAIN使用教程:如何自定义Web TWAIN对象
- How to use the windows active directory to authenticate user via logon form 如何自定义权限系统,使用 active directory验证用户登录