[ABAP] AUTHORITY-CHECK – Objekte in OpenSQL-WHERE-Condition wandeln

* ab ABAP 7.50

* Koverter-Objekt erzeugen
DATA(o_auth) = cl_auth_objects_to_sql=>create_for_open_sql( ).

* Objekte für AUTHORITY-CHECK hinzufügen
o_auth->add_authorization_object( iv_authorization_object = 'S_CARRID'
                                  it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
                                  it_field_mapping = VALUE #( ( auth_field = 'CARRID'
                                                                view_field = VALUE #( table_ddic_name = 'SFLIGHT'
                                                                                      field_name      = 'CARRID'
                                                                                    )
                                                              )
                                                            )
                                ).

* Ist der Benutzer berechtigt?
IF abap_true = o_auth->is_authorized( ).

* WHERE-Condition erzeugen
  DATA(lv_where_cond) = o_auth->get_sql_condition( ).

* Wenn leer, dann hat der Benutzer alle Berechtigungen
  IF lv_where_cond IS INITIAL.
    cl_demo_output=>write_data( 'Alle Berechtigungen.' ).
  ELSE.
* Ansonsten eingeschränkte Berechtigungen
    cl_demo_output=>write_data( |Eingeschränkte Berechtigungen: { lv_where_cond }| ).
  ENDIF.

* SELECT mit WHERE-Condition durchführen
  SELECT *
    INTO TABLE @DATA(it_sflight)
    FROM sflight
    WHERE (lv_where_cond).

* Datenausgabe
  cl_demo_output=>write_data( it_sflight ).
  cl_demo_output=>display( ).

ENDIF.

Links

[ABAP] Berechtigungsprüfung im Code

Variante 1 (FuBa AUTHORITY_CHECK_TCODE)

* Berechtigung für Ausführung der Transaktion SOST prüfen
CALL FUNCTION 'AUTHORITY_CHECK_TCODE'
  EXPORTING
    tcode  = 'SOST'
  EXCEPTIONS
    ok     = 1
    not_ok = 2
    OTHERS = 3.

CASE sy-subrc.
  WHEN 1.
    WRITE: / 'Ja'.
  WHEN 2.
    WRITE: / 'Nein'.
  WHEN OTHERS.
    WRITE: / 'Unbekannt'.
ENDCASE.

Variante 2 (AUTHORITY-CHECK OBJECT)

* Berechtigung für Ausführung der Transaktion SOST prüfen
AUTHORITY-CHECK OBJECT 'S_TCODE' ID 'TCD' FIELD 'SOST'.
IF sy-subrc = 0.
  WRITE: / 'Ja'.
ELSE.
  WRITE: / 'Nein'.
ENDIF.

Variante 3 (FuBa AUTHORITY_CHECK_DATASET)

* Dateizugriffsberechtigungen auf dem Applikationsserver prüfen
DATA: lv_filename TYPE authb-filename VALUE '/tmp/readme.txt'.

...

* activity
*   SABC_ACT_READ              -> 'READ'
*   SABC_ACT_WRITE             -> 'WRITE'
*   SABC_ACT_READ_WITH_FILTER  -> 'READ_WITH_FILTER'
*   SABC_ACT_WRITE_WITH_FILTER -> 'WRITE_WITH_FILTER'
*   SABC_ACT_DELETE            -> 'DELETE'
CALL FUNCTION 'AUTHORITY_CHECK_DATASET'
  EXPORTING
    activity         = sabc_act_read
    filename         = lv_filename
  EXCEPTIONS
    no_authority     = 1
    activity_unknown = 2
    OTHERS           = 3.

CASE sy-subrc.
  WHEN 0.
    WRITE: / 'Ok'.
  WHEN 1.
    WRITE: / 'no_authority'.
  WHEN 2.
    WRITE: / 'activity_unknown'.
  WHEN OTHERS.
    WRITE: / 'others'.
ENDCASE.

Weiterführende Infos: Link und Link