How to handle custom authorization checks in Web Dynpro ABAP – Part 1
Purpose:
Application to demonstrate handling the custom authorization checks in Web Dynpro ABAP
Scenario:
I would like to explain the functionality of handling the custom authorizations in Web Dynpro ABAP.
Process:
Here, the authorized users list along with roles have been maintained in the custom table and WDA application should check the user against the table entries and respond accordingly.
Process is divided as below
- Create a custom table YTR_AUTH_CHECK
- Generate the maintenance view & maintain the entries in the table
- Create an assistance class YCL_RK_AUTHORIZATIONS and methods to get data from table
- Create Webdynpro ABAP component
Pre-requisite:
Basic knowledge of Webdynpro ABAP, Data dictionary & OO ABAP
Step by step Process
1. Create a custom table : YTR_AUTH_CHECK
Go to t-code SE11 and enter table name as YTR_AUTH_CHECK and click on create button ( F5) as below
Step 1:
Maintain the table “Delivery & Maintenance ” data as below
Step 2:
Set the technical settings as below
Step 3
Create domain for ROLE as below
Set the range values as below
Step 4:
Create data element for ROLE as below
Step5:
Create the table fields as below
2. Generate the maintenance view & maintain the entries in the table
Now, we need to generate the table maintenance for table YTR_AUTH_CHECK
Step1:
Go to menu : Utilities—> Table Maintenance Generator as below
Choose the authrozation group and create a function group and click on create button as below
Step 2:
Go to t-code SM30 and choose the maintenance view YTR_AUTH_CHECK and Maintain the table entries as below
3. Create an assistance class YCL_RK_AUTHORIZATIONS and methods to get data from table
Step1:
Go to t-code se24, create the class YCL_RK_AUTHORIZATIONS & enter the super class CL_WD_COMPONENT_ASSISTANCE as below
Step3:
Create global constants for each role as below
Step4:
Create a method GET_USER_DATA as below
Step5:
Create the method parameter ES_RESULT as below
Step6:
Write the below logic to get user data from table
Hi Rama,
An alternative to maintaining a custom table for authorizations is you can have your Basis team create and assign Role objects for Student, Teacher or Admin and then check a user's Role assignment by querying table AGR_USERS. For example,
Cheers,
Amy
Hi Amy,
Thanks a lot for sharing this 🙂
In fact, I was not knowing about the table AGR_USERS.
That's really a good Idea and best approach if we have to go ahead with custom roles authorization.
We can also do it by using standard authorization checks for roles and activity.
Here I just picked, an idea of demonstrating the role based authorizations using custom tables. But, still, the custom tables can be handy if we want to have a complex authorization and it is to be maintainable by a super user.
Regards,
Rama
If you ever used custom authorizations using such a Z-table, that is very, very WRONG approach. Authority-check has got it problems, but why to create another data storage for the purpose, for which SAP provides an uniform solution?
Hi Jozef,
Thanks for your comments 🙂
I agree, that the standard AUTHORIZATIONS CHECK is most optimal solution. But in case, if user wants to customize the authorization and maintainable by him/her. They can use custom table as per his/her requirement.
Here, I explained, the concept of how to handle custom authorizations at WD application as an example.
Regards,
Rama
ok, I appreciate your effort with this document, but everybody should avoid using such solutions. Our task as consultants should always be pushing the customer to the standard solutions and explaining the benefits of them. In this case, the customer should change it's approach to the pfcg / su01, once he / she wants to manage the authorizations
Yes, thats true. 🙂 .. we always have to go with standard functionality provided by SAP and try to convince the users ( if they are convinced, won the battle 😎 )