Show TOC

 Examples of the HRPAD00AUTH_CHECK BAdI

The following examples are intentionally simple because a description of the complete, new implementation of the HRPAD00AUTH_CHECK BadI (Business Add-In) would be beyond the scope of this documentation.

  1. You have implemented the CHECK_... methods to return IS_AUTHORIZED = TRUE each time. This means that all authorization checks on HR master data are always positive and consequently, that all users can access all infotypes of all personnel numbers.

  2. You have implemented the CHECK_... methods to return IS_AUTHORIZED = FALSE each time. This means that all authorization checks on HR master data are always negative and consequently, that no users can access any infotypes of any personnel numbers. However in Reporting, users who have P_ABAP authorizations with simplification degree COARS = 2 would be able to access infotypes because no authorization check takes place in this case.

  3. You have activated the CL_HRPAD00AUTH_CHECK_STD class delivered in the standard system as BAdI. The authorization checks behave in dialog as expected. In Reporting, the authorization check would not, however, be simplified for reports for which a P_ABAP authorization with COARS = 1 is stored. The reason for this is that the standard system uses two classes for the authorization check:

  4. CL_HRPAD00AUTH_CHECK_STD and CL_HRPAD00AUTH_CHECK_FAST. If no BAdI is active, the second class is used for COARS = 1 . If a BAdI is active, the system only checks the authorization with COARS = 2 .

  5. You have implemented a class that carries out an authorization check in the constructor for SY-CPROG and COARS = 1 and that delegates all method calls to the CL_HRPAD00AUTH_CHECK_STD class if no authorization exists. If authorization exists, it delegates all method calls to the CL_HRPAD00AUTH_CHECK_FAST class. In this case the authorization checks would behave identically in dialog and in Reporting. When input helps are processed, the authorization check normally processes the methods of the CL_HRPAD00AUTH_CHECK_FAST class instead of the CL_HRPAD00AUTH_CHECK_STD class for reports with COARS = 1 .

  6. You have requirements that cannot be met using the standard time logic and therefore want to implement the following time logic in your system: The user who is responsible for a personnel number on the current day, should be authorized to access all data on that personnel number. Other users who are not responsible for this personnel number should not be authorized to access any data. In addition, the test procedures used up to now should continue to function as before. You do not use P_ABAP authorizations withCOARS = 1 in your system:

The above-mentioned checks are in principle already contained in the CL_HRPAD00AUTH_CHECK_STD class. You need only adjust the time logic. You do not want to create a copy of the class and implement this copy because you want to use the class to implement a complete customer-specific authorization check in your system. This means that all corrections delivered by SAP would need to be integrated manually. Since the CL_HRPAD00AUTH_CHECK_STD class already reacts correctly to all write accesses and also to all read accesses on the current date, you continue to delegate your own checks to this class. However, change the date each time beforehand to ensure the system returns the desired result. Note the following diagram and the Example: Implementation of HRPAD00AUTH_CHECK :