Construct SQL query from GET_AUTH_VALUES FM output

Question

I use the result of get_auth_values() whic has structure type us335 .

This result can contain single values or pairs of low-high values. I want to use these us335 like results and do a SQL query. Combining the entries with AND .

I see these ways to solve this:

• create a SQL query with `WHERE COL IN (value1, value2, ...) AND COL <=value3 and col >=value4...
• create a SQL query using OpenSQL specific IN seltab with my own code (using RANGE)
• create a SQL query using OpenSQL specific IN seltab with a built-in method (which I don't know up to now)

I guess there are even more ways to solve this.

What is the most feasible way?

Answer 1

Assemble a dynamic WHERE clause. Start with the function module RH_DYNAMIC_WHERE_BUILD . Write an own string builder if it doesn't fit.

You could also build ranges for dynamic IN clauses but this would be harder. The field types vary and as ranges are type-specific ( TYPE RANGE OF <type> ) you will end up with a lot of over-dynamic code that is no fun programming.

Pay attention to the following details when building the WHERE clause:

• Field names in the authorizations may differ from the column names you select from. You may need to map them.

• Authorization values may contain the placeholder * . Make sure you translate it to the ABAP operator CP or the SQL operator LIKE . If the value is only an asterisk, you can ignore the condition because it will not restrict anything.

• The function module accepts values up to a length of 20 characters while authorization values may be up to 40 characters. If you need the full length, the function module is insufficient.

• String-like fields require enclosing the values in quotes for correct SQL syntax, while non-string values such as integers must not be enclosed to make the selection work right. Make sure you choose the right enclosing for the column's type.

• I am not sure the Code Inspector recognizes that combination of function modules as secure. Dynamic WHERE clauses are a potential intrusion point for SQL injection. Code Inspector usually rejects control flows that delegate clause assembly to some other class. You may need to add escaping with the methods of class cl_abap_dyn_prg .

Answer 2

As Florian said you have not many options here. If you want to query your custom structure table only dynamic where clause will help you or constructing multiple seltabs (ranges), but the latter may be non-functional if the table key is very complex.

Here is more functional than technical solution but nevertheless. If you want to query your custom table with auth data from get_auth_values() FM, I propose to use auxiliary database table:

DATA: lt_tab TYPE TABLE OF us335.
CALL FUNCTION 'GET_AUTH_VALUES'
  EXPORTING
    object1 = 'B_USERSTAT'
    user    = sy-uname
    tcode   = 'SPRO'
  TABLES
    values  = lt_tab.

SELECT agr_users~uname, agr_1251~auth, agr_users~agr_name
  FROM agr_1251
  JOIN agr_users
    ON agr_users~agr_name = agr_1251~agr_name
  INTO TABLE @DATA(lt_agr)
  FOR ALL ENTRIES IN @lt_tab
  WHERE object   = 'B_USERSTAT'
    AND auth     = @lt_tab-auth
    AND low      = @lt_tab-lowval
    AND high     = @lt_tab-highval.

Here we select users by their authorizations with the help of table agr_1251 which structure fully resembles FM output structure. This gives you usernames + authorizations which you can use in your next selections.