SXPG_COMMAND_CHECK: Check Authorization to Execut (SAP Library - Programming with the Background Processing System (BC-CCM-BTC))

SXPG_COMMAND_CHECK: Check Authorization to Execute an External Command

Use this function module to check a user’s authorization to execute a particular external command. The function module checks that the user is authorized to execute the command:

with the arguments specified in ADDITIONAL_PARAMETERS
on the target host system, as identified by OPERATINGSYSTEM and TARGETSYSTEM.

If any R/3 profile parameter has been inserted in the portion of the command stored in the database, then the value of this parameter is substituted into the command. If an R/3 application server is active on the target system (TARGETSYSTEM), then the profile parameter values are read from the profile in effect on that system. No parameter substitution is made in ADDITIONAL_PARAMETERS.

After substitution, the command is checked for the presence of "dangerous" characters, such as the semicolon ; on UNIX systems.

If an additional "safety" function module has been specified in the definition of the command, then this is called as well in the course of processing. This function module can prevent execution of the command.

Should the function module complete successfully (without exceptions), then the following is returned:

The complete command name (including the path) from the command definition. R/3 profile parameters in the command are resolved to their values.

The command arguments from the command definition. R/3 profile parameters in the string are resolved to their values.

the additional parameters string, as specified in the call to the function module.

Profile parameters are resolved once again to their values when a command is actually dispatched to run.

Syntax

CALL FUNCTION ‘SXPG_COMMAND_CHECK’
IMPORTING
ADDITIONAL_PARAMETERS = <Argument string> " Default <space>
COMMANDNAME = <Name of command definition in R/3 System>
OPERATINGSYSTEM = <Target OS as defined in R/3 System>
TARGETSYSTEM = <Host system for execution of command>
EXPORTING
ALL_PARAMETERS = <Complete argument string>
DEFINED_PARAMETERS = <Arguments from command definition>
PROGRAMNAME = <Complete pathname of OS command>
EXCEPTIONS
X_ERROR " Reserved
COMMAND_NOT_FOUND " Command not defined in R/3 database
NO_PERMISSION " Command rejected by user exit auth. check
PARAMETERS_TOO_LONG " Complete parameter string exceeds
" 128 characters
PARAMETER_EXPECTED " Required parameter not specified
SECURITY_RISK " Security check failed
TOO_MANY_PARAMETERS " No ADDITONAL_PARAMETERS allowed
WRONG_CHECK_CALL_INTERFACE " Problem with function module
" for additional security check
ILLEGAL_COMMAND " Command not legitimately defined
OTHERS.

Parameters

IMPORTING Parameters

Parameter name	Use
ADDITIONAL_PARAMETERS	Arguments for the external command as specified by the calling program or user. These arguments are appended to any arguments specified in the externalcommand definition (DEFINED_PARAMETERS). These arguments are checked for impermissible characters, such as the ; under UNIX. Problems are registered with the SECURITY_RISK exception.
COMMANDNAME	The name of the definition of the external command, as specified in the maintenance function (transaction SM69).
OPERATINGSYSTEM and TARGETSYSTEM	Identify the host system on which the command is to be executed. OPERATINGSYSTEM is specified in the command definition (transaction SM69). TARGETSYSTEM is the host name of the system upon which the command is to run.

EXPORTING Parameters

Parameter name	Use
ALL_PARAMETERS	Returns the complete argument string for the command, consisting of ADDITIONAL_PARAMETERS and DEFINED_PARAMETERS. The string is as close to the potential runtime string as possible. For example, variables are substituted into the string from the target host system, if possible.
DEFINED_PARAMETERS	Returns the predefined argument string from the command definition in the R/3 System. The string is as close to the potential runtime string as possible. For example, variables are substituted into the string from the target host system, if possible.
PROGRAMNAME	The complete name (including path) of the command that is to be executed. Arguments are not included.

Exceptions

Exception name	Meaning
X_ERROR	Reserved for future use.
NO_PERMISSION	The AUTHORITY-CHECK of the user’s authorization for the authorization object S_LOG_COM failed. The user is not authorized to carry out the command named with the specified arguments on the target system.
COMMAND_NOT_FOUND	Command name, as identified by COMMANDNAME and OPERATINGSYSTEM, has not been defined in the maintenance function (transaction SM69).
PARAMETERS_TOO_LONG	The combined argument string (ADDITIONAL_PARAMETERS and the DEFINED_PARAMETERS, as returned in ALL_PARAMETERS) exceeds the limit of 128 characters in length.
SECURITY_RISK	Either: · The command contains impermissible characters. These are characters with potentially dangerous properties, such as ; under UNIX. · The command definition specifies that an extra check function module be run. This function module has rejected execution of the command.
WRONG_CHECK_CALL_ INTERFACE	The command definition specifies that an extra check function module is to be run. Either this function module is missing, or the interface defined for this function module does not match that of the standard R/3 function module SXPG_DUMMY_COMMAND_CHECK. For more information, please see SXPG_DUMMY_COMMAND_CHECK: Interface for Extra-Check Function Modules.
TOO_MANY_PARAMETERS	The command definition specifies that ADDITIONAL_PARAMETERS are not allowed. However, an additional string of command arguments was specified.
PARAMETER_EXPECTED	The command definition includes the placeholder character ?, which signifies that ADDITIONAL_PARAMETERS is required. However, no additional arguments string was supplied.
ILLEGAL_COMMAND	The external command definition was modified "illegally". That is, the command was not modified by means of the maintenance function (transaction SM69).
OTHERS	Catch any new exceptions added to this function module.