Purpose:

Application to demonstrate handling the custom authorization checks in Web Dynpro ABAP

Scenario:

I would like to explain the functionality of handling the custom authorizations in Web Dynpro ABAP.

Process:

Here, the authorized users list along with roles have been maintained in the custom table and WDA application should check the user against the table entries and respond accordingly.

Process is divided as below

  1. Create a custom table YTR_AUTH_CHECK
  2. Generate the maintenance view & maintain the entries in the table
  3. Create an assistance class YCL_RK_AUTHORIZATIONS and methods to get data from table
  4. Create Webdynpro ABAP component

Pre-requisite:

Basic knowledge of Webdynpro ABAP, Data dictionary & OO ABAP

Step by step Process

1. Create a custom table : YTR_AUTH_CHECK

Go to t-code SE11 and enter table name as YTR_AUTH_CHECK and click on create button ( F5)  as below


Step 1:

Maintain the table “Delivery & Maintenance ” data as below

t1.PNG

Step 2:

Set the technical settings as below

t2.PNG

Step 3

Create domain for ROLE as below

t4.PNG

Set the range values as below

t4_1.PNG

Step 4:

Create data element for ROLE as below

t3.PNG

t3_1.PNG

Step5:

Create the table fields as below

t5.PNG

2. Generate the maintenance view & maintain the entries in the table

Now, we need to generate the table maintenance for table YTR_AUTH_CHECK

Step1:

Go to menu : Utilities—> Table Maintenance Generator as below

/wp-content/uploads/2014/02/t6_392311.png

Choose the authrozation group and create a function group and click on create button as below

t6_1.PNG

Step 2:

Go to t-code SM30 and choose the maintenance view YTR_AUTH_CHECK and Maintain the table entries as below

t6_4.PNG

3. Create an assistance class YCL_RK_AUTHORIZATIONS and methods to get data from table

Step1:

Go to t-code se24, create the class YCL_RK_AUTHORIZATIONS & enter the super class CL_WD_COMPONENT_ASSISTANCE as below

c1_1.PNG

Step3:

Create global constants for each role as below

c1_2.PNG

Step4:

Create a method GET_USER_DATA as below

c2.PNG

Step5:

Create the method parameter ES_RESULT as below

c3.PNG

Step6:

Write the below logic to get user data from table

c4.PNG

Continued…….

How to handle custom authorization checks in Web Dynpro ABAP – Part 2

To report this post you need to login first.

6 Comments

You must be Logged on to comment or reply to a post.

  1. Amy King

    Hi Rama,

    An alternative to maintaining a custom table for authorizations is you can have your Basis team create and assign Role objects for Student, Teacher or Admin and then check a user’s Role assignment by querying table AGR_USERS. For example,

    SELECT SINGLE COUNT(*)

           FROM  agr_users

           WHERE agr_name = ‘ZR:TEACHER_ROLE’

           AND   uname    =   sy-uname

           AND   from_dat <= sy-datum

           AND   to_dat     >= sy-datum.

    Cheers,

    Amy

    (0) 
    1. Ramakrishnappa Gangappa Post author

      Hi Amy,

      Thanks a lot for sharing this 🙂

      In fact, I was not knowing about the table AGR_USERS.

      That’s really  a good Idea and best approach if we have to go ahead with custom roles authorization.

      We can also do it by using standard authorization checks for roles and activity.

      Here I just picked, an idea of demonstrating the role based authorizations using custom tables. But, still, the custom tables can be handy if we want to have a complex authorization and it is to be maintainable by a super user.

      Regards,

      Rama

      (0) 
      1. Jozef Vaclavek

        If you ever used custom authorizations using such a Z-table, that is very, very WRONG approach. Authority-check has got it problems, but why to create another data storage for the purpose, for which SAP provides an uniform solution?

        (0) 
        1. Ramakrishnappa Gangappa Post author

          Hi Jozef,

          Thanks for your comments 🙂

          I agree, that the standard AUTHORIZATIONS CHECK is most optimal solution. But in case, if user wants to customize the authorization and maintainable by him/her. They can use custom table as per his/her requirement.

          Here, I explained, the concept of how to handle custom authorizations at WD application as an example.

          Regards,

          Rama

          (0) 
          1. Jozef Vaclavek

            ok, I appreciate your effort with this document, but everybody should avoid using such solutions. Our task as consultants should always be pushing the customer to the standard solutions and explaining the benefits of them. In this case, the customer should change it’s approach to the pfcg / su01, once he / she wants to manage the authorizations

            (0) 
            1. Ramakrishnappa Gangappa Post author

              Yes, thats true. 🙂 .. we always have to go with standard functionality provided by SAP and try to convince the users ( if they are convinced, won the battle 😎 )

              (0) 

Leave a Reply