When you define an external command, you can specify that an additional function module be called to check a user’s authorization to run a command.
You can define such an additional authorization check module yourself. Your function module must have the interface defined below for SXPG_DUMMY_COMMAND_CHECK. Like this function module, it may only allow or deny permission to carry out the command.
To ensure that such a user exit function module cannot be misused, the system checks that the interface of the authorization-checking function module matches the interface of SXPG_DUMMY_COMMAND_CHECK. It is therefore essential that SXPG_DUMMY_COMMAND_CHECK never be changed.
To write your own authorization-checking module, do the following:
...
1. Copy SXPG_DUMMY_COMMAND_CHECK to a name in the customer naming range (names beginning with Y or Z).
2. Write your authorization check.
3. Specify that the function module should be run when the command that is to be checked is run. Do this in the command definition (transaction SM69).
Do not change SXPG_DUMMY_COMMAND_CHECK or its interface. Never call this function module, either directly or by specifying it as the check module in a command definition. Copy it and then modify the new function module in order to implement an additional authorization check.
Interface Syntax:
IMPORTING
PROGRAMNAME =
<Program
or command from definition>
PARAMETERS = <Argument
string>
EXCEPTIONS
NO_PERMISSION
“
Command rejected by user exit auth. check
IMPORTING Parameters
Parameter name |
Use |
PROGRAMNAME |
The fully substituted pathname of the external command that is to be run. |
PARAMETERS |
Arguments for the external command as specified by the definition in the SAP system and by the calling program or user. These arguments are checked for impermissible characters, such as the ; under UNIX. Problems are registered with the SECURITY_RISK exception. |
Exceptions
Exception name |
Meaning |
NO_PERMISSION |
Prevents a command from being run if the authorization check that you have implemented in a check module fails. NO_PERMISSION triggers the exception SECURITY_RISK in the calling function module. |