Query: Custom authorization check program (optional feature)

This functionality allows a Winshuttle Query user to build custom authorization check logic. The custom logic decides whether access to a table is allowed or not for the logged-on SAP user.

The custom authorization check will work in addition to the security table entries that are defined.

Note: This feature is optional. You are not required to create this in your SAP system.

Steps to create a custom authorization check program

First create the custom function group, create the function module for the custom check, and then activate the custom check.

Create the custom function group Z_WINSHUTTLE_CHK_ACSS_FUGR

  1. Enter the transaction code SE80.
  2. In the drop-down list, click Function Group.
  3. Type Z_WINSHUTTLE_CHK_ACSS_FUGR, and then click the Display button.

    display button

  4. When you are prompted to create the object, click Yes.
  5. Type Winshuttle Query Cust Auth chk func grp in the Short text box.

  6. In the Package box, select the package for Z developments.

  7. Create or select a transport request.

Create the function module for the custom check

  1. Select the new function group and right-click it, and then click Create > Function Module.

  2. In the Function Module box, type Z_WINSHUTTLE_CHECK_ACCESS.
  3. In the Short text box, type Z Winshuttle Query Custom Auth Object.

    The name and parameters must be exactly the same as in the screenshot above.

  4. Click Save.
  5. Click the Import tab, and enter the values that are shown below:

  6. Click the Export tab, and enter the values that are shown below:

  7. Click the Exceptions tab, and enter the values that are shown below:

  8. Save, check, and activate the FM.

Maintain the flag to activate the custom authorization check

  1. Enter transaction code SM30.
  2. In the Table/View box, type /WINSHTLQ/QREPRM, and then click Maintain.

  3. Click New, and enter the values that are shown below:

  4. Click Save, and then click Exit.

Code example

This code blocks access to the table MACKV for all Winshuttle Query users.

FUNCTION Z_WINSHUTTLE_CHECK_ACCESS.
*"----------------------------------------------------------------------
*"*"Local Interface:
*"  IMPORTING
*"     VALUE(TABLE) TYPE  DD02L-TABNAME
*"  EXPORTING
*"     VALUE(ALLOWED) TYPE  BOOLEAN
*"  EXCEPTIONS
*"      ERROR
*"----------------------------------------------------------------------
*Return access allowed ('X'=True or '-'=False) for current user
  ALLOWED = ''. "Initialize
  IF TABLE = 'MACKV'. "For any user
    ALLOWED = '-'.
  ELSE.
    ALLOWED = 'X'.
  ENDIF.

ENDFUNCTION.

*"----------------------------------------------------------------------

You can also add authority-check calls for your own authorization objects in the conditions for the current user (system field SY-UNAME).