The SAP Fan Club Forums

[Baz]

we are implementing SAP ECC 6.0 and we are using LBK1.

however a defect/test issue has been raised as there are no authorisations checked on running LBK1.
we need to restrict the Functional Location to those that have that authorisation in their security profile, however on checking the program, there are no authorisation checks at all!!!

surely this can't be right? has anyone come across this and applied authorisations on this transaction?
does anyone have any suggestions on how we could restrict the data that is displayed?

[thx4allthefish]

I am shadowing this in Security/PM.

Baz, there are notes on that topic - have you checked 948460, 816787, 984703, 956288 ?

[Baz]

Thanks Fish

we need to hang the authorisations off of the functional location as this is how the design was built and all the other transactions that use this field work properly!
i will refer these notes to my team and see if they have already discounted them due to the fact that they are for old versions and we are implementing a new version of a bolt-on for SAP.

i may have to add an ehancement to the standard transaction add in my own authority check!

[Baz]

I am looking at utlising SU22 to see if i can add my own check into the transaction....

[Al.]

Hi Baz

Don't use SU22. If the auth check isn't in the code then you'll need to use an exit or EP to add it in. Updating SU22 won't change that.

Once you have added in an additional check & logic then use SU24 to update the customer check indicators. SU22 updates the SAP delivered ones and is not something you want to change as it can cause (more) pain later on.

[Baz]

Thanks Al

We did have an open OSS Note and they were supposed to be delivering the solution as part of the fix...
but they failed to deliver on all the objects...

i am thinking an Ehancement is the way to go..... as we should block at selection stage rather than filter out after the event in an Exit....

i did find an OSS Note that told me how to do it in SU22 but for a different object....

[Al.]

i did find an OSS Note that told me how to do it in SU22 but for a different object....

Hi Baz,

If SAP deliver some additional code as part of an OSS note and also list a standard auth object to restrict with then you could get away with SU22 as it is in effect "sanctioned" by the Walldorf wizards. Generally well worth leaving it alone for any other applications (like no supporting code) as it can cause some real trouble at upgrade time.

[Baz]

I have a solution!

using the BADI - TOOLBAR_FUNC_OHFW - create a custom version of LBK_SELECTION.

add Authority check in here.

[Al.]

Thanks for the update, glad it works

[Baz]

Thanks for the update, glad it works

it's only right to close it off as working!

[Baz]

just to update this....

there is another BAdi that resolves Authorisation issues:

BADI_EAM_AUTHORITY_CHECK_ORDER

if you create a custom implementation of this, then you can have checks on the following transactions:

IW38
IW39
IW72
IW73
IW37N
IW49N
IW30
IW40
IE07
IL07
IW32
IW33
IPM2
IPM3



but my original problem... although the load button checks authorisations, the Load Extended bypasses the check... so a partial success...
just working out how to disable the Load Extended button