Query: Custom authorization check program (optional feature)
This functionality allows a Winshuttle Query user to build custom authorization check logic. The custom logic decides whether access to a table is allowed or not for the logged-on SAP user.
The custom authorization check will work in addition to the security table entries that are defined.
Note: This feature is optional. You are not required to create this in your SAP system.
Steps to create a custom authorization check program
First create the custom function group, create the function module for the custom check, and then activate the custom check.
Create the custom function group Z_WINSHUTTLE_CHK_ACSS_FUGR
- Enter the transaction code SE80.
- In the drop-down list, click Function Group.
- Type Z_WINSHUTTLE_CHK_ACSS_FUGR, and then click the Display button.
- When you are prompted to create the object, click Yes.
- Type Winshuttle Query Cust Auth chk func grp in the Short text box.
- In the Package box, select the package for Z developments.
- Create or select a transport request.
Create the function module for the custom check
- Select the new function group and right-click it, and then click Create > Function Module.
- In the Function Module box, type Z_WINSHUTTLE_CHECK_ACCESS.
- In the Short text box, type Z Winshuttle Query Custom Auth Object.
Important: The name and parameters must be exactly the same as in the screenshot above.
- Click Save.
- Click the Import tab, and enter the values that are shown below:
- Click the Export tab, and enter the values that are shown below:
- Click the Exceptions tab, and enter the values that are shown below:
- Save, check, and activate the FM.
Maintain the flag to activate the custom authorization check
- Enter transaction code SM30.
- In the Table/View box, type /WINSHTLQ/QREPRM, and then click Maintain.
- Click New, and enter the values that are shown below:
- Click Save, and then click Exit.
Code example
This code blocks access to the table MACKV for all Winshuttle Query users.
FUNCTION Z_WINSHUTTLE_CHECK_ACCESS.
*"----------------------------------------------------------------------
*"*"Local Interface:
*" IMPORTING
*" VALUE(TABLE) TYPE DD02L-TABNAME
*" EXPORTING
*" VALUE(ALLOWED) TYPE BOOLEAN
*" EXCEPTIONS
*" ERROR
*"----------------------------------------------------------------------
*Return access allowed ('X'=True or '-'=False) for current user
ALLOWED = ''. "Initialize
IF TABLE = 'MACKV'. "For any user
ALLOWED = '-'.
ELSE.
ALLOWED = 'X'.
ENDIF.
ENDFUNCTION.
*"----------------------------------------------------------------------
You can also add authority-check calls for your own authorization objects in the conditions for the current user (system field SY-UNAME).