ABAP实例：如何设计和使用自定义的权限对象-技术开发专区

ABAP实例：如何设计和使用自定义的权限对象

作者：SAP网编辑：李倩 2009-07-22 09:31 来源：IT168�

【IT168 技术文章】

在sap扩展中用户往往都需要使用自己的权限对象，为了达到次目的，请按下列步骤建立和维护权限对象

1、Create an Anthorization Field（SU20）创建权限对象字段（存储在AUTHX表中）

    2、Create an Authorization Object（SU21) 创建权限对象
    创建权限对象类别（存储在TOBCT表中）
    点击对象类别创建权限对象（存储在TOBJ表中），生成SAP_ALL

3、Assign an Authorization Object to an Object Class(SU02或PFCG)

4、权限赋值关系图

                            user master record
                            / ..............................\
                auth. profile              Composite auth. profile
                  /.................\                      /                  \
                 /                   \                    /                    \
      Authorization                                            Auth. Profile
         /                                                               /.................\

5、Call "Authorith-Check" in Program to Check Authorization.

这是我编写针对具体权限对象替代Authorith-Check的函数

    form zcustcheckauth using  value(z_vkbur) like vbak-vkbur
                         z_return type i.
    data: wa_ust12 like ust12.
    data: bgetsubfile(1) type c.
    data: begin of db_file occurs 10,
             profile like ust04-profile,
             typ     like usr10-typ,
          end of db_file.

    data: begin of mid_db_file occurs 10,
             profile like ust04-profile,
             typ     like usr10-typ,
          end of mid_db_file.

    data: begin of db_file_end occurs 10,
             profile like ust04-profile,
          end of db_file_end.

    data: begin of db_auth occurs 10,
             objct like ust10s-objct,
             auth like ust10s-auth,
          end of db_auth.

       z_return = 4.
       select ust04~profile usr10~typ
         into corresponding fields of table db_file
         from ust04
           inner join usr10 on usr10~profn = ust04~profile
             and usr10~aktps = 'A'
       where ust04~bname = sy-uname.

       refresh mid_db_file.
       clear mid_db_file.
       loop at db_file.
          if db_file-typ <> 'C'.
            db_file_end-profile = db_file-profile.
            append db_file_end to db_file_end.
          else.
            bgetsubfile = 'X'.
            append db_file to mid_db_file.
          endif.
       endloop.
       refresh db_file.
       clear db_file.

       while bgetsubfile = 'X'.
         bgetsubfile = space.
         select ust10c~subprof as profile usr10~typ
           into corresponding fields of table db_file
         from ust10c
           inner join usr10 on usr10~profn =  ust10c~subprof
             and usr10~aktps = 'A'
         for all entries in mid_db_file
         where ust10c~profn = mid_db_file-profile.

         refresh mid_db_file.
         clear mid_db_file.
         loop at db_file.
          if db_file-typ <> 'C'.
            db_file_end-profile = db_file-profile.
            append db_file_end to db_file_end.
          else.
            bgetsubfile = 'X'.
            append db_file to mid_db_file.
          endif.
         endloop.
         refresh db_file.
         clear db_file.
       endwhile.

       select objct auth into corresponding fields of table db_auth
       from ust10s
       for all entries in db_file_end
       where ust10s~aktps = 'A' and ust10s~profn = db_file_end-profile.

       select von bis into corresponding fields of wa_ust12
         from ust12
         for all entries in db_auth
         where ust12~aktps = 'A' and ust12~field = 'VKBUR'
           and ust12~objct = db_auth-objct
           and ust12~auth = db_auth-auth.

         if ( wa_ust12-bis ne space ).
            if ( z_vkbur ge wa_ust12-von ).
              if ( z_vkbur le wa_ust12-bis ).
                z_return = 0.
                exit.
              endif.
            endif.
         elseif ( z_vkbur = wa_ust12-von ).
           z_return = 0.
           exit.
         elseif ( '*' = wa_ust12-von ).
           z_return = 0.
           exit.
         endif.
       endselect.
    endform.

第1页：创建权限对象字段第2页：调用的方法

关注我们