Custom Authorization Checks

Release 5.2 or higher:

You can add custom authorization checks to restrict access to alerts in transaction /REM/ALERTS.
To enable this, you need an authorization object (existing or new), and a method implemented as a function module that performs the authorization check. The function module receives data to perform the authorization check:
OBJCT TYPE XUOBJECT -> receives the custom authorization object created for this purpose
ET_TMDATA TYPE /REM/TMDATA_TT -> receives and changes the entire TMDATA alerts subset
Then use transaction SM30 and maintain view /REM/CUST_AUTHZ.

Example:

This example code checks whether values for “Business Area” are maintained in the authorization object, and the Business Area is saved in /REM/TMDATA:FIELD1.

*”———————————————————————-
*”*”Local Interface:
*” IMPORTING
*” REFERENCE(OBJCT) TYPE XUOBJECT
*” CHANGING
*” REFERENCE(ET_TMDATA) TYPE /REM/TMDATA_TT
*”———————————————————————-

FIELD-SYMBOLS TYPE /rem/tmdata.
FIELD-SYMBOLS TYPE gsber.
DATA lv_label TYPE string.
DATA lv_businessarea TYPE string.
DATA lt_businessarea TYPE STANDARD TABLE OF gsber.

LOOP AT et_tmdata ASSIGNING .

IF -field1 IS NOT INITIAL.
SPLIT -field1 AT ‘:’ INTO lv_label lv_businessarea.
SPLIT lv_businessarea AT ‘,’ INTO TABLE lt_businessarea.

LOOP AT lt_businessarea ASSIGNING .
AUTHORITY-CHECK OBJECT objct
ID ‘GSBER’ FIELD .

IF sy-subrc IS NOT INITIAL.
CLEAR -hash.
ENDIF.
ENDLOOP.
ENDIF.

ENDLOOP.

DELETE et_tmdata WHERE hash IS INITIAL.