SAP Installation

Create Function Module

Estimated reading: 5 minutes 891 views

Steps: (Continued)

  1. The previous step will have left you in the “SE37 – Function Builder” screen and this is also where the next step takes off.

2. Enter “Z_FPC_PASSWORD_CHANGE” in the “Function Module” field.

3. Then click on the “Create” button.

4. Enter the name of the just created function group (“Z_FPC_PASSWORD”) in the “Function group” field
and enter “Remotely reset of user passwords” in the “Short text” field like shown below.

5. Click the “Save” button. This will bring up the Function Builder Change screen with the “Import” tab selected.

6. You would now need to enter and adjust values in more tabs so start by selecting the “Attributes” tab.

7. Select the “Remote-Enabled Module” as shown above and select the “Import” tab. In the table, add a row with the following definition:

Parameter Name: USER_NAME
Typing: TYPE
Associated Type: BAPIBNAME-BAPIBNAME
Default value: (no value)
Optional: Unselected
Pass Value: Selected
Short text: (will appear by default)

Then add another with the following information:

Parameter Name: PASSWORD
Typing: TYPE
Associated Type: BAPIPWD
Default value: (no value)

8. Select the “Export” tab.

9. In the table add a row with the following definition:

Parameter Name: RETURN
Typing: TYPE
Associated Type: STRING
Pass Value: Selected
Short text: (no value)

10. Select the “Source code” tab.

11. Copy & Paste the following code just above the “ENDOFFUNCTION” label.

FUNCTION Z_FPC_PASSWORD_CHANGE.

*"---------------------------------------------------------------------- *"

*"Local Interface:
*" IMPORTING
*" VALUE(USER_NAME) TYPE BAPIBNAME-BAPIBNAME
*" VALUE(PASSWORD) TYPE BAPIPWD
*" EXPORTING
*" VALUE(RETURN) TYPE STRING
*"----------------------------------------------------------------------
DATA: oref TYPE REF TO cx_root.
TRY.
" Put parameters into local variables
" (this is done because we have parameters conflicting with field names in usr02)
DATA:l_USERNAME TYPE BAPIBNAME-BAPIBNAME.
l_USERNAME = USER_NAME.
DATA: l_PASSWORD TYPE BAPIPWD.

l_PASSWORD = PASSWORD.

" Define local variable to hold data from usr02
DATA: BEGIN OF l_LOGONDATA OCCURS 1.
INCLUDE STRUCTURE uslogond.
DATA: END OF l_LOGONDATA.

" Define local variable to hold data from usr02
DATA: BEGIN OF l_USR02 OCCURS 1.
INCLUDE STRUCTURE usr02.
DATA: END OF l_USR02.

" Define local variable to hold roles assigned to the user
DATA: BEGIN OF l_ROLES OCCURS 1.
INCLUDE STRUCTURE BAPIAGR.
DATA: END OF l_ROLES.

" Define local variable to hold result from function call
DATA: BEGIN OF l_RETURN OCCURS 1.
INCLUDE STRUCTURE bapiret2.
DATA: END OF l_RETURN.

" Read logon data from usr02 into l_LOGONDATA
SELECT SINGLE * INTO CORRESPONDING FIELDS OF l_LOGONDATA
FROM usr02
WHERE bname = l_USERNAME.
IF sy-subrc NE 0.
RETURN = 'USER_NAME_NOT_EXIST'.
EXIT.
ENDIF.

" Check if the desired authorization roles has been assigned to the user.
" Remove comments from the following to activate this feature and do so only if you
" already have allowed your 'PWRESET' user to execute the 'BAPI_USER_GET_DETAIL'
" function and assigned them the 'Display' activity right (see documentation) and
" at last, if your users have the 'Z_FPC_PASSWORDUSER' role assigned to them.
" Modify this role name as you desire.
" CALL FUNCTION 'BAPI_USER_GET_DETAIL'

" EXPORTING
" username = l_USERNAME " TABLES
" activitygroups = l_ROLES
" return = l_RETURN.
"
" CLEAR l_RETURN.
" READ TABLE l_RETURN WITH KEY type = 'E'.
" IF sy-subrc EQ 0.
" RETURN = 'FAILED_TO_LIST_USER_ROLES'.
" EXIT.
" ENDIF.
"
" CLEAR l_ROLES.
" READ TABLE l_ROLES WITH KEY agr_name = 'Z_FPC_PASSWORD_USER'.
" IF sy-subrc NE 0.
" RETURN = 'USER_NOT_AUTHORIZED'.
" EXIT.
" ENDIF.

" Read everything from usr02 into l_USR02
SELECT SINGLE * INTO CORRESPONDING FIELDS OF l_USR02
FROM usr02
WHERE bname = l_USERNAME.

" Check if user is either 0 (normal) or 128 (locked after failed logon)
IF l_USR02-uflag NE 0 AND l_USR02-uflag NE 128.
RETURN = 'USER_IS_ADMINISTRATOR_LOCKED'.
EXIT.
ENDIF.

" Check if user is Password Deactivated
IF l_LOGONDATA-codvn EQ 'X' OR l_LOGONDATA-codvc EQ 'X'.
RETURN = 'USER_IS_PASSWORD_DEACTIVATED'.
EXIT.
ENDIF.

" Set the new password and set it to be productive

CALL FUNCTION 'BAPI_USER_CHANGE'
EXPORTING
username = l_USERNAME
password = l_PASSWORD
passwordx = 'X'
" Enable the following line on systems that supports this attribute in 'BAPI_USER_CHANGE' (> SP 19 in 7.00)
" productive_pwd = 'X'
TABLES
return = l_RETURN.

CLEAR l_RETURN.
READ TABLE l_RETURN WITH KEY type = 'E'.
IF sy-subrc EQ 0.
IF l_RETURN-id EQ '01' AND l_RETURN-number EQ 410.
RETURN = 'USER_IS_LOCKED_BY_ADMINISTRATOR_MAINTENANCE'.
EXIT.
ELSEIF l_RETURN-id EQ '00'.
" Add any known policy error to the condition...
IF l_RETURN-number EQ 187 OR l_RETURN-number EQ 188.
" RETURN = 'PASSWORD_NOT_ALLOWED'.
CONCATENATE 'PASSWORD_NOT_ALLOWED' l_RETURN-message INTO RETURN
SEPARATED BY ';'.
EXIT.
ELSE.
" RETURN = 'PASSWORD_RESET_FAILED'.
CONCATENATE 'PASSWORD_RESET_FAILED' l_RETURN-message l_RETURN-id l_RETURN-number
INTO RETURN SEPARATED BY ';'.
EXIT.
ENDIF.
ELSE. "
RETURN = 'PASSWORD_RESET_FAILED'.
CONCATENATE 'PASSWORD_RESET_FAILED' l_RETURN-message l_RETURN-id l_RETURN-number
INTO RETURN SEPARATED BY ';'.
EXIT.
ENDIF.

ENDIF.

" Unset password locked flag and pwdinitial flag
UPDATE usr02
SET
ltime = sy-uzeit
uflag = 0 pwdinitial = 0
WHERE bname = l_USERNAME.
COMMIT WORK.

RETURN = 'SUCCESS'.
EXIT.

CATCH cx_root INTO oref.
RETURN = 'FAILURE'.
EXIT.

ENDTRY.

ENDFUNCTION.

12. The screen will now look like the below.

13. Press CTRL+F2 to check the syntax. Press CTRL+F3 to activate the module. A screen with all inactive objects might appear. Here the related objects for this operation (the created function group and the function module) should be selected and click save. Configuration of Function Module is now completed.

Share this Doc

Create Function Module

Or copy link

CONTENTS