List of BUKRS which the current user is allowed to see












0















Is there a way to get a list of all BUKRS which the current user is allowed to see?



I want to use this list as a filter in open sql. Imagine the result of the method I search stored the result in bk_list. Then I could use bk_list like this:



SELECT * FROM some_table WHERE bukrs IN bk_list





abap







share|improve this question

























  • If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using AUTHORITY-CHECK.

    – Sandra Rossi
    Nov 19 '18 at 13:49
















0















Is there a way to get a list of all BUKRS which the current user is allowed to see?



I want to use this list as a filter in open sql. Imagine the result of the method I search stored the result in bk_list. Then I could use bk_list like this:



SELECT * FROM some_table WHERE bukrs IN bk_list





abap







share|improve this question

























  • If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using AUTHORITY-CHECK.

    – Sandra Rossi
    Nov 19 '18 at 13:49














0












0








0








Is there a way to get a list of all BUKRS which the current user is allowed to see?



I want to use this list as a filter in open sql. Imagine the result of the method I search stored the result in bk_list. Then I could use bk_list like this:



SELECT * FROM some_table WHERE bukrs IN bk_list





abap







share|improve this question
















Is there a way to get a list of all BUKRS which the current user is allowed to see?



I want to use this list as a filter in open sql. Imagine the result of the method I search stored the result in bk_list. Then I could use bk_list like this:



SELECT * FROM some_table WHERE bukrs IN bk_list





abap




abap






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 20 '18 at 8:11









jonrsharpe

77.2k11103208




77.2k11103208










asked Nov 19 '18 at 13:19









guettliguettli

3,30622129271




3,30622129271













  • If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using AUTHORITY-CHECK.

    – Sandra Rossi
    Nov 19 '18 at 13:49



















  • If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using AUTHORITY-CHECK.

    – Sandra Rossi
    Nov 19 '18 at 13:49

















If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using AUTHORITY-CHECK.

– Sandra Rossi
Nov 19 '18 at 13:49





If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using AUTHORITY-CHECK.

– Sandra Rossi
Nov 19 '18 at 13:49












2 Answers
2






active

oldest

votes


















6














Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :



DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).



authsql->add_authorization_object( EXPORTING

        iv_authorization_object = 'S_CARRID'

        it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )

        it_field_mapping = VALUE #(

              ( auth_field = 'CARRID'

                view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).



DATA(where) = authsql->get_sql_condition( ).



SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).





share|improve this answer































    4














    I am afraid you can do it one by one only. Roughly:



    SELECT bukrs
    
       INTO TABLE @DATA(lt_t001)
    
       FROM t001
    
       WHERE ... . "Selection critera, if necessary
    

    
LOOP AT lt_t001
    
     ASSIGNING FIELD-SYMBOL(<ls_t001>).
    
  DATA(lv_tabix) = sy-tabix.
    
  AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
    
           ID 'BUKRS' FIELD <ls_t001>-bukrs
    
           ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
    
  IF sy-subrc <> 0. "Auth check failed
    
    DELETE lt_t001 INDEX lv_tabix.
    
  ENDIF.
    
ENDLOOP.


    At the end lt_t001 contains only the company codes, for which the user has authorization.






    share|improve this answer
























    • OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.

      – guettli
      Nov 19 '18 at 15:10






    • 1





      It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.

      – JozsefSzikszai
      Nov 19 '18 at 15:30











    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53375514%2flist-of-bukrs-which-the-current-user-is-allowed-to-see%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    6














    Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :



    DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).
    

    
authsql->add_authorization_object( EXPORTING
    
        iv_authorization_object = 'S_CARRID'
    
        it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
    
        it_field_mapping = VALUE #(
    
              ( auth_field = 'CARRID'
    
                view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).
    

    
DATA(where) = authsql->get_sql_condition( ).
    

    
SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).





    share|improve this answer




























      6














      Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :



      DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).
      

      
authsql->add_authorization_object( EXPORTING
      
        iv_authorization_object = 'S_CARRID'
      
        it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
      
        it_field_mapping = VALUE #(
      
              ( auth_field = 'CARRID'
      
                view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).
      

      
DATA(where) = authsql->get_sql_condition( ).
      

      
SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).





      share|improve this answer


























        6












        6








        6







        Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :



        DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).
        

        
authsql->add_authorization_object( EXPORTING
        
        iv_authorization_object = 'S_CARRID'
        
        it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
        
        it_field_mapping = VALUE #(
        
              ( auth_field = 'CARRID'
        
                view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).
        

        
DATA(where) = authsql->get_sql_condition( ).
        

        
SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).





        share|improve this answer













        Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :



        DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).
        

        
authsql->add_authorization_object( EXPORTING
        
        iv_authorization_object = 'S_CARRID'
        
        it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
        
        it_field_mapping = VALUE #(
        
              ( auth_field = 'CARRID'
        
                view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).
        

        
DATA(where) = authsql->get_sql_condition( ).
        

        
SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 19 '18 at 14:36









        Sandra RossiSandra Rossi

        2,5181416




        2,5181416

























            4














            I am afraid you can do it one by one only. Roughly:



            SELECT bukrs
            
       INTO TABLE @DATA(lt_t001)
            
       FROM t001
            
       WHERE ... . "Selection critera, if necessary
            

            
LOOP AT lt_t001
            
     ASSIGNING FIELD-SYMBOL(<ls_t001>).
            
  DATA(lv_tabix) = sy-tabix.
            
  AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
            
           ID 'BUKRS' FIELD <ls_t001>-bukrs
            
           ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
            
  IF sy-subrc <> 0. "Auth check failed
            
    DELETE lt_t001 INDEX lv_tabix.
            
  ENDIF.
            
ENDLOOP.


            At the end lt_t001 contains only the company codes, for which the user has authorization.






            share|improve this answer
























            • OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.

              – guettli
              Nov 19 '18 at 15:10






            • 1





              It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.

              – JozsefSzikszai
              Nov 19 '18 at 15:30
















            4














            I am afraid you can do it one by one only. Roughly:



            SELECT bukrs
            
       INTO TABLE @DATA(lt_t001)
            
       FROM t001
            
       WHERE ... . "Selection critera, if necessary
            

            
LOOP AT lt_t001
            
     ASSIGNING FIELD-SYMBOL(<ls_t001>).
            
  DATA(lv_tabix) = sy-tabix.
            
  AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
            
           ID 'BUKRS' FIELD <ls_t001>-bukrs
            
           ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
            
  IF sy-subrc <> 0. "Auth check failed
            
    DELETE lt_t001 INDEX lv_tabix.
            
  ENDIF.
            
ENDLOOP.


            At the end lt_t001 contains only the company codes, for which the user has authorization.






            share|improve this answer
























            • OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.

              – guettli
              Nov 19 '18 at 15:10






            • 1





              It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.

              – JozsefSzikszai
              Nov 19 '18 at 15:30














            4












            4








            4







            I am afraid you can do it one by one only. Roughly:



            SELECT bukrs
            
       INTO TABLE @DATA(lt_t001)
            
       FROM t001
            
       WHERE ... . "Selection critera, if necessary
            

            
LOOP AT lt_t001
            
     ASSIGNING FIELD-SYMBOL(<ls_t001>).
            
  DATA(lv_tabix) = sy-tabix.
            
  AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
            
           ID 'BUKRS' FIELD <ls_t001>-bukrs
            
           ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
            
  IF sy-subrc <> 0. "Auth check failed
            
    DELETE lt_t001 INDEX lv_tabix.
            
  ENDIF.
            
ENDLOOP.


            At the end lt_t001 contains only the company codes, for which the user has authorization.






            share|improve this answer













            I am afraid you can do it one by one only. Roughly:



            SELECT bukrs
            
       INTO TABLE @DATA(lt_t001)
            
       FROM t001
            
       WHERE ... . "Selection critera, if necessary
            

            
LOOP AT lt_t001
            
     ASSIGNING FIELD-SYMBOL(<ls_t001>).
            
  DATA(lv_tabix) = sy-tabix.
            
  AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
            
           ID 'BUKRS' FIELD <ls_t001>-bukrs
            
           ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
            
  IF sy-subrc <> 0. "Auth check failed
            
    DELETE lt_t001 INDEX lv_tabix.
            
  ENDIF.
            
ENDLOOP.


            At the end lt_t001 contains only the company codes, for which the user has authorization.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 19 '18 at 14:03









            JozsefSzikszaiJozsefSzikszai

            1,578312




            1,578312













            • OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.

              – guettli
              Nov 19 '18 at 15:10






            • 1





              It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.

              – JozsefSzikszai
              Nov 19 '18 at 15:30



















            • OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.

              – guettli
              Nov 19 '18 at 15:10






            • 1





              It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.

              – JozsefSzikszai
              Nov 19 '18 at 15:30

















            OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.

            – guettli
            Nov 19 '18 at 15:10





            OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.

            – guettli
            Nov 19 '18 at 15:10




            1




            1





            It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.

            – JozsefSzikszai
            Nov 19 '18 at 15:30





            It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.

            – JozsefSzikszai
            Nov 19 '18 at 15:30


















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53375514%2flist-of-bukrs-which-the-current-user-is-allowed-to-see%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Biblatex bibliography style without URLs when DOI exists (in Overleaf with Zotero bibliography)

            Image
            2 2 I have a Zotero bibliography in Overleaf. I use biblatex . usepackage[backend=biber,citestyle=authoryear]{biblatex} addbibresource{zoteroALH.bib} Bibliography entries look like: @book{de_saint-gervais_uniformization_2016, title = {Uniformization of {Riemann} {Surfaces}}, isbn = {978-3-03719-145-3}, url = {https://www.ems-ph.org/books/book.php?proj_nr=198&srch=series%7Chem}, urldate = {2019-02-03}, author = {de Saint-Gervais, Paul Henri}, year = {2016}, doi = {10.4171/145} } In the bibliography down the paper the reference shows like this: There is the DOI, great, but also the URL which is unnecessary when the DOI is there. How can I remove the URL when the DOI is present? biblatex bibliographies overleaf zote
            Read more

            ComboBox Display Member on multiple fields

            Image
            2 I'm trying to set the .DisplayMember property of a ComboBox in C#, but I want to bind it to multiple columns in the .DataSouce . My SQL looks like this: SELECT PersNbr, PersFirstName, PersMiddleName, PersLastName FROM Pers WHERE PersNbr = :persNbr; I'm saving this query in a DataTable so each column selected has it's own column in the Datatable . I want to make the .DisplayMember a combination of PersFirstName + PersMiddleName + PersLastName so their full name appears like this: comboBox.DisplayMemeber = "PersFirstName" + "PersMiddleName" + "PersLastName" I know I can just to this on the query: SELECT PersNbr, (PersFirstName || PersMiddleName || PersLastName) PersName and then just do this: comboBox.DisplayMember = "PersName"; but I
            Read more

            Is it possible to collect Nectar points via Trainline?

            Image
            2 Since I am not eligible for any Railcard, the only available discount/bonus scheme is Nectar Card for me. GWR, SWR, LNER and Virgin Trains allow to collect Nectar points and I have already linked a card to my GWR account. A friend suggested me to use Trainline App, because it can search for bus tickets either. I had a look at the application, but could not see any option for Nectar. Is there a way to collect Nectar points when I buy tickets via Trainline? uk trains loyalty-programs trainline share | improve this question asked Dec 2 '18 at 15:50 ahmedus 3,224 5 19 49
            Read more