Open all | Close all

BI development using the SAP BW Query User exit RSR00001 to enhance your business warehouse querys


What is the BW user exit? and How does it work!

The SAP BW query exit RSR00001 is an Enhancement for Global Variables in Reporting. It is called up several times during the execution of a report. The parameter I_STEP is populated with a number from 0 to 3 to specify at what point the enhancement is being called.

i.e. If I_STEP = 1, then Call has taken place directly before any variable variable entry has been made. This can be used to pre populate selection variables

If I_STEP = 2, then then call has taken place directly after variable entry. This step is only started up when a variable is not input ready and could not be filled when I_STEP was equal to 1.

If I_STEP = 3, you can check the values of the variables. Triggering an exception (RAISE) causes the variable screen to appear once more. Afterwhich, I_STEP=2 is also called again. If I_STEP = 0, then the enhancement is not called from the variable screen. The call can come from the authorization check or from the Monitor.


Using Exit to populate query authorisation object dynamically

Please note the article has been written from an ABAPers point of view and some knowledge of creating BW queries will be required.

First you need to create an authorisation object which references a $Variable. In this example I am using $ZGMGRANT, which has been linked to the users authorisation profile via transaction PFCG.

Now Within the BW query you have created via Bex Analyser you need to create and authorisation field with the processing type of 'customer exit'.


The next step is to activate the customer exit 'EXIT_SAPLRRS0_001'. To do this create a project in the CMOD transaction, select the SAP enhancement RSR00001 and assign it to the enhancement project. Activate the project.

The enhancement RSR00001 (BW: Enhancements for Global Variables in Reporting) is called up several times during execution of the report. Here, the parameter I_STEP specifies when the enhancement is called.

I_STEP = 1
Call takes place directly before variable entry. Can be used to pre populate selection variables

I_STEP = 2
Call takes place directly after variable entry. This step is only started up when the same variable is not input ready and could not be filled at I_STEP=1.

I_STEP = 3 In this call, you can check the values of the variables. Triggering an exception (RAISE) causes the variable screen to appear once more. Afterwards, I_STEP=2 is also called again.

I_STEP = 0
The enhancement is not called from the variable screen. The call can come from the authorization check or from the Monitor. This is where you want to put the mod for populating the authorization object. code for this is as follows: 

  case i_vnam.
  WHEN 'ZGMGRANT'.  "Query field name
    if i_step = 0.
      BREAK-POINT.
      clear wa_ETRANGE.

*     Gets all grants a user is able to see from ZTable,
*     which is populated elsewhere  
      select grant_nbr
        from ZGMUSERGRANTS
        into corresponding fields of table it_ZGMUSERGRANTS
       where UNAME eq sy-uname.

*     Populate Authorisation Object. In i_step 0
*     E_T_RANGE is used to populate the authorisation object
      loop at it_ZGMUSERGRANTS into wa_ZGMUSERGRANTS.
        wa_ETRANGE-sign = 'I'.
        wa_ETRANGE-opt = 'EQ'.
        CALL FUNCTION 'CONVERSION_EXIT_ALPHA_INPUT'
          EXPORTING
            INPUT         = wa_ZGMUSERGRANTS-grant_nbr
         IMPORTING
           OUTPUT        = wa_ZGMUSERGRANTS-grant_nbr.
        wa_ETRANGE-low  = wa_ZGMUSERGRANTS-grant_nbr.
        append wa_ETRANGE to E_T_RANGE.
      endloop.
    endif.
  ENDCASE.

Using Exit to restrict users output

Please note this article has been written from an ABAPers point of view and some knowledge of creating BW queries will be required.

When using an authorisation object to restrict a query report it determines if the user can see everything in a range. If they cant see them all then an authorisation error will be displayed. You may have a requirement to still allow the user to see the report but to remove values they are not authorised to see.

This would be done by having 2 variables on the report selection screen, one for the user to enter their selection and a hidden one which will do the actual report restriction. The code for this will look something like this, where 'ZGMGTNOI' is the hidden field and '0S_GRANT' is the visible user input field. 


**** ZGMGTNOI variable derives input from variable OS_GRANT
  WHEN 'ZGMGTNOI'.
    if i_step = 2.

*     gets selection values entered by user (0S_GRANT)
      loop at I_T_VAR_RANGE into  wa_range where VNAM eq   '0S_GRANT'
                                             and IOBJNM eq '0GRANT_NBR'.
        wa_grant-low  = wa_range-low.
        wa_grant-high = wa_range-high.
        wa_grant-option  = wa_range-opt.
        wa_grant-sign = wa_range-sign.
        append wa_grant to r_grant.
      endloop.

*     selects all grants user is authorised to see within entered
*     selection values
      select grant_nbr
            from ZGMUSERGRANTS
            into corresponding fields of table it_ZGMUSERGRANTS
           where UNAME eq sy-uname
             and grant_nbr in r_grant.

*     If no values are found! Populates hidden restriction variable with
*     user input
      if sy-subrc ne 0.
        loop at r_grant into wa_grant.
          move-corresponding  wa_grant to wa_ETRANGE.
          wa_ETRANGE-opt = wa_grant-option.
          append wa_ETRANGE to E_T_RANGE.
        endloop.
*     If values are found! Populates hidden restriction variable with
*     all values user is authorised to see
      else.
        clear: wa_range.
        loop at it_ZGMUSERGRANTS into wa_ZGMUSERGRANTS.
          wa_ETRANGE-sign = 'I'.
          wa_ETRANGE-opt = 'EQ'.
          wa_ETRANGE-low  = wa_ZGMUSERGRANTS-grant_nbr.
          append wa_ETRANGE to E_T_RANGE.
        endloop.
      endif.
    endif.

 

Number of SAP Development Users currently online hit counters