Then, we create a WD component named Y_AUTHORIZATION.The component structure is presented.
WD component structure
By using this WD component, we can search for a record in the database table YPERSON and we can delete a record in case the authorization enabled us to perform the desired activity.The view layout and view context structure are presented.
Checking the Authorization of the Current User
When the user presses the Delete button, the Framework triggers the event handler method onactiondelete.
Context structure and view layout
The onactiondelete event handler methodMETHOD onactiondelete.
As we can see,we have implemented an authorization check before performing the delete action.
AUTHORITY-CHECK OBJECT ’ZTEST_AUTH’
ID ‘ACTVT’ FIELD ‘06’
ID ‘ZAF_PERSON’ FIELD lv_id_person.In this way, we check the authorization of the current user.
We can have minimum one and maximum ten authorization fields with specified IDs. In this case,we have the ACTVT and our own created authorization field ZAF_PERSON. For each authorization field, we can specify a value to be checked or we can use the additional DUMMY to avoid checking the respective field.
The check is successful only if all the conditions are fulfilled: the field ACTVT (Activity) with the permissible value 06 (Delete) AND the field “ZAF_PERSON” whose permissible value is one of the IDs from 004 to 100.If the check is successful,the sy-subrc = 0;otherwise, it is set to a value not equal with 0:
4 – Authorization check not successful.
12 – No authorization was found for the authorization object.
24 – Incorrect authorization fields or an incorrect number of authorization fields was found.
In the Message Class YCL_T100_MSG, we have defined two messages with the IDs 003 and 004,required to show the success message,or the error message in case the action is not allowed.We have created a role ZTEST_ROLE, but we haven’t assigned it to our user.
This is the reason why, at runtime, we are not allowed to delete the record with the ID “004”. Figure shows the User Interface at runtime.
In case we don’t have a certain authorization, as developer for fulfilling the required tasks,we can use the transaction SU53 to find what authorization is missing and to inform the administrator about it.After receiving an exception message caused by a failed authorization,we have to use the specified transaction and to make a screenshot for the administrator.For example,if we try to use the transaction SE11 and we don’t have the proper authorization, in the transaction SU53 we will see the object class, the authorization object and the authorizationfield we need.The transaction ST01 offers the possibility to create a system trace to find the missing authorization objects.
The missing authorization check
Assigning the User-Role and Running the Application
To be able to perform the delete action, we have to assign the created role to the user that needs to perform this action (In our case, the test user Gellert). By using the transaction SU01, we have the possibility to change user master records (e.g.change,lock or unlock,change this password),to delete user master records or to create a new user (directly or by copying an existing one).
In the tab “Roles”, we can assign our created role ZTEST_ROLE to the test user.
Assigning the role “ZTEST_ROLE” to our test user
We run again our Web Dynpro application.The authorization rights become effective and our test user can perform the delete action for the records 004–100 from the database table YPERSON.
The user is allowed to delete data
In case we are trying to delete a record not included in the range 004–100,we get the same “Not Authorized” message.In this case, the authorization check is performed and the system compares the values entered by the administrator in the authorization profile with the values required by the program.As a result,the check is not successful and he is not allowed to perform this task.
Deleting a record not included in the range 004–100
Other authorization objects, which we often check,are:
S_TCODE – to check the authorization to run a transaction
S_PROGRAM – to check the authorization to run a program
S_RFC – to check the authorization to run a RFC
S_TABU_DIS – for table maintenance
SAP ABAP Web Dynpro Related Tutorials
|SAP ABAP Tutorial|
SAP ABAP Web Dynpro Related Interview Questions
|SAP ABAP Interview Questions||SAP ABAP Web Dynpro Interview Questions|
|Sap Abap Hr Interview Questions||SAP ABAP Dictionary Interview Questions|
|SAP ABAP Enhancement Interview Questions||SAP ABAP Module Pool Interview Questions|
|SAP ABAP Report Developer Interview Questions||SAP ABAP Data Dictionary Interview Questions|
|SAP ABAP ALV Reports Interview Questions|
Sap Abap Web Dynpro Tutorial
Sap Easy Access
Designing A Web Dynpro Component
Context Nodes And Attributes At Design Time
Data Binding, Context Mapping And Interface Methods
View Controller Methods
Layout Ui Elements
User Interface Elements (ui Elements) Static And Dynamic Programming
Messages, Exceptions And Web Dynpro Abap
Writing Multilanguage Applications
Alv And Select Options
Integrating A Web Dynpro Application Into The Sap Netweaver Portal
Web Dynpro And Authorization
Web Dynpro Mind Map
All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.