Entering content frame

 SXPG_DUMMY_COMMAND_CHECK:  Interface for Extra-Check Function Modules  Locate the document in its SAP Library structure

When you define an external command, you can specify that an additional function module be called to check a user’s authorization to run a command. 

You can define such an additional authorization check module yourself.  Your function module must have the interface defined below for SXPG_DUMMY_COMMAND_CHECK.  Like this function module, it may only allow or deny permission to carry out the command.

To ensure that such a user exit function module cannot be misused, the system checks that the interface of the authorization-checking function module matches the interface of SXPG_DUMMY_COMMAND_CHECK.  It is therefore essential that SXPG_DUMMY_COMMAND_CHECK never be changed. 

To write your own authorization-checking module, do the following:

...

       1.      Copy SXPG_DUMMY_COMMAND_CHECK to a name in the customer naming range (names beginning with Y or Z).

       2.      Write your authorization check.

       3.      Specify that the function module should be run when the command that is to be checked is run.  Do this in the command definition (transaction SM69). 

Note

Do not change SXPG_DUMMY_COMMAND_CHECK or its interface.  Never call this function module, either directly or by specifying it as the check module in a command definition.  Copy it and then modify the new function module in order to implement an additional authorization check. 

Interface Syntax:

IMPORTING                                                       
    PROGRAMNAME = <Program or command from definition>
    PARAMETERS  = <Argument string>
EXCEPTIONS                                                     
    NO_PERMISSION “ Command rejected by user exit auth. check

Parameters

IMPORTING Parameters

Parameter name

Use

PROGRAMNAME

The fully substituted pathname of the external command that is to be run.

PARAMETERS

Arguments for the external command as specified by the definition in the SAP system and by the calling program or user.

These arguments are checked for impermissible characters, such as the ; under UNIX.  Problems are registered with the SECURITY_RISK exception.

 

Exceptions

Exception name

Meaning

NO_PERMISSION

Prevents a command from being run if the authorization check that you have implemented in a check module fails.

NO_PERMISSION triggers the exception SECURITY_RISK in the calling function module.

 

 

 

 

 

Leaving content frame