In the report development process, if several company codes use the same report, it is generally necessary to check the authority, which can prevent the authority of other company codes from being unable to access the relevant information.
Introduction to authority-check
In abap, we often use authority-check, of which we must encounter the most authority check of activity, such as 01 for create, 02 for change, and 03 for display.
authority-check object auth_obj [for user user ]
id id1 {field val1}|dummy
[id id2 {field val2}|dummy]
...
[id id10 {field val10}|dummy].
This kind of permission check is implemented by code in the program, and each parameter is analyzed as follows:
1) auth_obj corresponds to the name of the permission object.
2) for user user Perform permission checking by specifying a specific user. If there is no such option, the default is the currently logged in user.
3) id1.....
id10 corresponds to you have at least one and at most 10 permission fields to check.
4) val1.....
val10 corresponds to the value of the permission field check.
It can be seen from this that it means: for different ids (we generally call authority fields) under the authority object object, different permissions (the permissions here are specified by f1, such as 01 here, 02, 03, etc.) check.
In abap, if the object contains multiple ids, all of them need to be specified here. Here, if you don't want to check for a certain id, you can use field dummy to ommit it.
In addition, the different return values of sy-subrc after the authority-check also represent different meanings. Here is a brief summary:
0
permission check succeeded
4
permission check failed. The permission object has been maintained in the user master data, but the corresponding value is not specified, or the permission field is illegal, or too many permission fields are specified.
8
When writing abap authority-check, specify too many IDs (up to 10).
12
There is no such authority object in the user information, that is, the authority object is not maintained in the user master data.
16
There is no such profile in the user information
24
The specified fild name does not match the field required by the id in the authority-object
28 The
user information is incorrect
32 The
user information is incorrect
36 The
user information is incorrect
40
The illegal user id is used as a parameter for user Permission check.
使用注意:
1)确定对应的权限对象名字,比如设置销售组织就对应有多个权限对象。
dummy 字面意思是虚拟的意思。就是说权限对象中有这个权限检查字段,但是不对该字段做权限检查。
举例:
"对销售办事处进行检查
authority-check object 'Z_SD_VKGRP'
id 'VKGRP' field gwa_vbap-vkgrp.
"对销售组织进行检查
authority-check object 'V_VBAK_VKO'
id 'VKORG' field gwa_vbap-vkorg
id 'VTWEG' dummy
id 'SPART' dummy
id 'ACTVT' field '03'.