Creating the Web Dynpro Component SAP ABAP Web Dynpro

Then, we create a WD component named Y_AUTHORIZATION.The component structure is presented.

WD component structure

By using this WD component, we can search for a record in the database table YPERSON and we can delete a record in case the authorization enabled us to perform the desired activity.The view layout and view context structure are presented.

Checking the Authorization of the Current User

When the user presses the Delete button, the Framework triggers the event handler method onactiondelete.

Context structure and view layout

The onactiondelete event handler method

METHOD onactiondelete.
DATA: lt_candidate TYPE TABLE OF yperson,
lr_node TYPE REF TO if_wd_context_node,
lv_id_person TYPE yidi.
DATA lr_api_controller TYPE REF TO if_wd_controller.
DATA lr_message_manager TYPE REF TO if_wd_message_manager.
lr_api_controller ?= wd_this->wd_get_api( ).
lr_message_manager = lr_api_controller->get_message_manager( ).
lr_node = wd_context->get_child_node('DELETE').
lr_node->get_attribute(EXPORTING name = 'ID_PERSON'
IMPORTING value = lv_id_person).
ID'ZAF_PERSON' FIELD lv_id_person.
IF sy-subrc EQ 0.
DELETE FROM yperson WHERE id_person = lv_id_person.
IF sy-subrc EQ 0.
msgid = 'YCL_T100_MSG'
msgno = '004'
msgty = 'S').
msgid ='YCL_T100_MSG'
msgno ='003'
msgty ='E'

As we can see,we have implemented an authorization check before performing the delete action.

ID ‘ZAF_PERSON’ FIELD lv_id_person.In this way, we check the authorization of the current user.

We can have minimum one and maximum ten authorization fields with specified IDs. In this case,we have the ACTVT and our own created authorization field ZAF_PERSON. For each authorization field, we can specify a value to be checked or we can use the additional DUMMY to avoid checking the respective field.

The check is successful only if all the conditions are fulfilled: the field ACTVT (Activity) with the permissible value 06 (Delete) AND the field “ZAF_PERSON” whose permissible value is one of the IDs from 004 to 100.If the check is successful,the sy-subrc = 0;otherwise, it is set to a value not equal with 0:

4 – Authorization check not successful.
12 – No authorization was found for the authorization object.
24 – Incorrect authorization fields or an incorrect number of authorization fields was found.

In the Message Class YCL_T100_MSG, we have defined two messages with the IDs 003 and 004,required to show the success message,or the error message in case the action is not allowed.We have created a role ZTEST_ROLE, but we haven’t assigned it to our user.

This is the reason why, at runtime, we are not allowed to delete the record with the ID “004”. Figure shows the User Interface at runtime.


In case we don’t have a certain authorization, as developer for fulfilling the required tasks,we can use the transaction SU53 to find what authorization is missing and to inform the administrator about it.After receiving an exception message caused by a failed authorization,we have to use the specified transaction and to make a screenshot for the administrator.For example,if we try to use the transaction SE11 and we don’t have the proper authorization, in the transaction SU53 we will see the object class, the authorization object and the authorizationfield we need.The transaction ST01 offers the possibility to create a system trace to find the missing authorization objects.

The missing authorization check

Assigning the User-Role and Running the Application

To be able to perform the delete action, we have to assign the created role to the user that needs to perform this action (In our case, the test user Gellert). By using the transaction SU01, we have the possibility to change user master records (e.g.change,lock or unlock,change this password),to delete user master records or to create a new user (directly or by copying an existing one).

User maintenance

In the tab “Roles”, we can assign our created role ZTEST_ROLE to the test user.

Assigning the role “ZTEST_ROLE” to our test user

We run again our Web Dynpro application.The authorization rights become effective and our test user can perform the delete action for the records 004–100 from the database table YPERSON.

The user is allowed to delete data

In case we are trying to delete a record not included in the range 004–100,we get the same “Not Authorized” message.In this case, the authorization check is performed and the system compares the values entered by the administrator in the authorization profile with the values required by the program.As a result,the check is not successful and he is not allowed to perform this task.

Deleting a record not included in the range 004–100

Other authorization objects, which we often check,are:
S_TCODE – to check the authorization to run a transaction
S_PROGRAM – to check the authorization to run a program
S_RFC – to check the authorization to run a RFC
S_TABU_DIS – for table maintenance

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status

SAP ABAP Web Dynpro Topics