List of BUKRS which the current user is allowed to see












0















Is there a way to get a list of all BUKRS which the current user is allowed to see?



I want to use this list as a filter in open sql. Imagine the result of the method I search stored the result in bk_list. Then I could use bk_list like this:



SELECT * FROM some_table WHERE bukrs IN bk_list





abap







share|improve this question

























  • If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using AUTHORITY-CHECK.

    – Sandra Rossi
    Nov 19 '18 at 13:49
















0















Is there a way to get a list of all BUKRS which the current user is allowed to see?



I want to use this list as a filter in open sql. Imagine the result of the method I search stored the result in bk_list. Then I could use bk_list like this:



SELECT * FROM some_table WHERE bukrs IN bk_list





abap







share|improve this question

























  • If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using AUTHORITY-CHECK.

    – Sandra Rossi
    Nov 19 '18 at 13:49














0












0








0








Is there a way to get a list of all BUKRS which the current user is allowed to see?



I want to use this list as a filter in open sql. Imagine the result of the method I search stored the result in bk_list. Then I could use bk_list like this:



SELECT * FROM some_table WHERE bukrs IN bk_list





abap







share|improve this question
















Is there a way to get a list of all BUKRS which the current user is allowed to see?



I want to use this list as a filter in open sql. Imagine the result of the method I search stored the result in bk_list. Then I could use bk_list like this:



SELECT * FROM some_table WHERE bukrs IN bk_list





abap




abap






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 20 '18 at 8:11









jonrsharpe

77.2k11103208




77.2k11103208










asked Nov 19 '18 at 13:19









guettliguettli

3,30622129271




3,30622129271













  • If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using AUTHORITY-CHECK.

    – Sandra Rossi
    Nov 19 '18 at 13:49



















  • If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using AUTHORITY-CHECK.

    – Sandra Rossi
    Nov 19 '18 at 13:49

















If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using AUTHORITY-CHECK.

– Sandra Rossi
Nov 19 '18 at 13:49





If CDS is an alternative, there are built-in authorizations. Otherwise you need to know the authorization object (there is one for every SAP ERP module) and build the list yourself by using AUTHORITY-CHECK.

– Sandra Rossi
Nov 19 '18 at 13:49












2 Answers
2






active

oldest

votes


















6














Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :



DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).



authsql->add_authorization_object( EXPORTING

        iv_authorization_object = 'S_CARRID'

        it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )

        it_field_mapping = VALUE #(

              ( auth_field = 'CARRID'

                view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).



DATA(where) = authsql->get_sql_condition( ).



SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).





share|improve this answer































    4














    I am afraid you can do it one by one only. Roughly:



    SELECT bukrs
    
       INTO TABLE @DATA(lt_t001)
    
       FROM t001
    
       WHERE ... . "Selection critera, if necessary
    

    
LOOP AT lt_t001
    
     ASSIGNING FIELD-SYMBOL(<ls_t001>).
    
  DATA(lv_tabix) = sy-tabix.
    
  AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
    
           ID 'BUKRS' FIELD <ls_t001>-bukrs
    
           ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
    
  IF sy-subrc <> 0. "Auth check failed
    
    DELETE lt_t001 INDEX lv_tabix.
    
  ENDIF.
    
ENDLOOP.


    At the end lt_t001 contains only the company codes, for which the user has authorization.






    share|improve this answer
























    • OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.

      – guettli
      Nov 19 '18 at 15:10






    • 1





      It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.

      – JozsefSzikszai
      Nov 19 '18 at 15:30











    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53375514%2flist-of-bukrs-which-the-current-user-is-allowed-to-see%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    6














    Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :



    DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).
    

    
authsql->add_authorization_object( EXPORTING
    
        iv_authorization_object = 'S_CARRID'
    
        it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
    
        it_field_mapping = VALUE #(
    
              ( auth_field = 'CARRID'
    
                view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).
    

    
DATA(where) = authsql->get_sql_condition( ).
    

    
SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).





    share|improve this answer




























      6














      Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :



      DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).
      

      
authsql->add_authorization_object( EXPORTING
      
        iv_authorization_object = 'S_CARRID'
      
        it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
      
        it_field_mapping = VALUE #(
      
              ( auth_field = 'CARRID'
      
                view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).
      

      
DATA(where) = authsql->get_sql_condition( ).
      

      
SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).





      share|improve this answer


























        6












        6








        6







        Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :



        DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).
        

        
authsql->add_authorization_object( EXPORTING
        
        iv_authorization_object = 'S_CARRID'
        
        it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
        
        it_field_mapping = VALUE #(
        
              ( auth_field = 'CARRID'
        
                view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).
        

        
DATA(where) = authsql->get_sql_condition( ).
        

        
SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).





        share|improve this answer













        Another way to do it, based on the class CL_AUTH_OBJECTS_TO_SQL (>= 7.50), here the program reads the flights from the read-authorized airline carriers :



        DATA(authsql) = cl_auth_objects_to_sql=>create_for_open_sql( ).
        

        
authsql->add_authorization_object( EXPORTING
        
        iv_authorization_object = 'S_CARRID'
        
        it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
        
        it_field_mapping = VALUE #(
        
              ( auth_field = 'CARRID'
        
                view_field = VALUE #( table_ddic_name = 'SFLIGHT' field_name = 'CARRID' ) ) ) ).
        

        
DATA(where) = authsql->get_sql_condition( ).
        

        
SELECT * FROM sflight INTO TABLE @data(sflights) WHERE (where).






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 19 '18 at 14:36









        Sandra RossiSandra Rossi

        2,5181416




        2,5181416

























            4














            I am afraid you can do it one by one only. Roughly:



            SELECT bukrs
            
       INTO TABLE @DATA(lt_t001)
            
       FROM t001
            
       WHERE ... . "Selection critera, if necessary
            

            
LOOP AT lt_t001
            
     ASSIGNING FIELD-SYMBOL(<ls_t001>).
            
  DATA(lv_tabix) = sy-tabix.
            
  AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
            
           ID 'BUKRS' FIELD <ls_t001>-bukrs
            
           ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
            
  IF sy-subrc <> 0. "Auth check failed
            
    DELETE lt_t001 INDEX lv_tabix.
            
  ENDIF.
            
ENDLOOP.


            At the end lt_t001 contains only the company codes, for which the user has authorization.






            share|improve this answer
























            • OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.

              – guettli
              Nov 19 '18 at 15:10






            • 1





              It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.

              – JozsefSzikszai
              Nov 19 '18 at 15:30
















            4














            I am afraid you can do it one by one only. Roughly:



            SELECT bukrs
            
       INTO TABLE @DATA(lt_t001)
            
       FROM t001
            
       WHERE ... . "Selection critera, if necessary
            

            
LOOP AT lt_t001
            
     ASSIGNING FIELD-SYMBOL(<ls_t001>).
            
  DATA(lv_tabix) = sy-tabix.
            
  AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
            
           ID 'BUKRS' FIELD <ls_t001>-bukrs
            
           ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
            
  IF sy-subrc <> 0. "Auth check failed
            
    DELETE lt_t001 INDEX lv_tabix.
            
  ENDIF.
            
ENDLOOP.


            At the end lt_t001 contains only the company codes, for which the user has authorization.






            share|improve this answer
























            • OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.

              – guettli
              Nov 19 '18 at 15:10






            • 1





              It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.

              – JozsefSzikszai
              Nov 19 '18 at 15:30














            4












            4








            4







            I am afraid you can do it one by one only. Roughly:



            SELECT bukrs
            
       INTO TABLE @DATA(lt_t001)
            
       FROM t001
            
       WHERE ... . "Selection critera, if necessary
            

            
LOOP AT lt_t001
            
     ASSIGNING FIELD-SYMBOL(<ls_t001>).
            
  DATA(lv_tabix) = sy-tabix.
            
  AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
            
           ID 'BUKRS' FIELD <ls_t001>-bukrs
            
           ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
            
  IF sy-subrc <> 0. "Auth check failed
            
    DELETE lt_t001 INDEX lv_tabix.
            
  ENDIF.
            
ENDLOOP.


            At the end lt_t001 contains only the company codes, for which the user has authorization.






            share|improve this answer













            I am afraid you can do it one by one only. Roughly:



            SELECT bukrs
            
       INTO TABLE @DATA(lt_t001)
            
       FROM t001
            
       WHERE ... . "Selection critera, if necessary
            

            
LOOP AT lt_t001
            
     ASSIGNING FIELD-SYMBOL(<ls_t001>).
            
  DATA(lv_tabix) = sy-tabix.
            
  AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
            
           ID 'BUKRS' FIELD <ls_t001>-bukrs
            
           ID 'ACTVT' FIELD '03'. "Here you need the proper activity (display '03' /change '02' / etc.)
            
  IF sy-subrc <> 0. "Auth check failed
            
    DELETE lt_t001 INDEX lv_tabix.
            
  ENDIF.
            
ENDLOOP.


            At the end lt_t001 contains only the company codes, for which the user has authorization.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 19 '18 at 14:03









            JozsefSzikszaiJozsefSzikszai

            1,578312




            1,578312













            • OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.

              – guettli
              Nov 19 '18 at 15:10






            • 1





              It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.

              – JozsefSzikszai
              Nov 19 '18 at 15:30



















            • OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.

              – guettli
              Nov 19 '18 at 15:10






            • 1





              It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.

              – JozsefSzikszai
              Nov 19 '18 at 15:30

















            OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.

            – guettli
            Nov 19 '18 at 15:10





            OK, this should work. If I understand this correctly, then you check every BUKR, if AUTHORITY-CHECK is successful, then add the BKUR to the list of allowed BUKRS. It is a bit like "brute force attack", but it works. Thank you for this answer.

            – guettli
            Nov 19 '18 at 15:10




            1




            1





            It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.

            – JozsefSzikszai
            Nov 19 '18 at 15:30





            It is the other way around: first all company codes are selected and then autorization is checked for each of them. If auth check fails, company code is removed from the list. On the other hand, yes it is brute force, but as far as I know, authorization can only be checked for single values and not for ranges/mass values.

            – JozsefSzikszai
            Nov 19 '18 at 15:30


















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53375514%2flist-of-bukrs-which-the-current-user-is-allowed-to-see%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            How to change which sound is reproduced for terminal bell?

            Image
            3 Recently upgrade to 18.10 from 18.04, and using the terminal is becoming annoying: the new alert sound is a drip ( /usr/share/sounds/gnome/default/alerts/drip.ogg ), and the previous one is still located at ( /usr/share/sounds/ubuntu/stereo/bell.ogg ). My issue is that at the gnome-terminal, when autocompleting or pressing left BOTH sounds are reproduced, at the same time. I want to just have ubuntu/stereo/bell.ogg active, not both . At the moment I have been only able to reduce the volume of the alerts (but still both are played), or turn the alerts down (but I dislike both "solutions"). gnome-terminal 18.10 teminal-bell share | improve this question
            Read more

            Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents

            Image
            up vote 5 down vote favorite 2 I would like to make it so that the vertical space below the title of each chapter is the same when using the Bjornstrup package (i.e. so that the descenders do not affect the spacing - as shown by the red arrow in the picture below). I think I'm fairly happy with the spacing around "A chapter", so I'd really like titles without descenders (e.g. "Contents") to have the same vertical spacing as "A chapter" below the title. I would also like to remove the large "0" in the contents title. Any help appreciated, as always. documentclass[11pt,a4paper]{book} % Packages[![enter image description here][1]][1] usepackage[left=3.5cm, right=3.5cm, top=4.3cm, bottom=4.25cm]{geometry} usepackage[utf8]{inputenc} usepackage{libertine} usepackage[libertine]{newtx
            Read more

            Can I use Tabulator js library in my java Spring + Thymeleaf project?

            Image
            0 I want to add Tabulator js to my java project. I added tabulator.min.js, tabulator.min.css to resources folder. After that added to my html page these dependencies as recommending in readme.md. <link rel="stylesheet" th:href="@{/css/tabulator.min.css}"> <script type="text/javascript" th:src="@{/js/tabulator.min.js}"></script> Now my tables view all elements, that I have in the html page, but not correct. In the documentation of Tabulator is example how to create header and table, var table = new Tabulator("#example-table", { columns:[ {title:"Name", field:"name", sorter:"string", width:200, editor:true}, {title:"Age", field:"age", sorter:"
            Read more