topic Authorization at data element level in Application Development and Automation Discussions

Authorization at data element level

Former Member — Sun, 25 Oct 2009 10:59:44 GMT

Hi all,

I have a requirement where i have to put a authorization check at data element BANKN .

In all the transactions which use BANKN data element( e.g FK01 , FK02, FK03 etc) , i need to put an auth check for Bank number .

Only those users who are authorized will be able to see the Bank number, other wise the field will be masked by ******* .

I tried with field exit , howerever , it gets triigerrred only at Change (that too not completely satisfying the requirement.)

Please provide me a solutiion for the same.

Also , how to mask a particulat field based on a condition

Thanks

Supriya Murudkar

Re: Authorization at data element level

Sandra_Rossi — Sun, 25 Oct 2009 13:47:08 GMT

for this kind of enhancement, you will have to modify the standard most of the time (with SSCR or with enhancement framework)

Re: Authorization at data element level

Former Member — Mon, 26 Oct 2009 06:02:31 GMT

Hi Sandra ,

I am using 4.7 and not enhancement framework ...

Is it possible in 4.7 ?

Can BTE help ?

Thanks

Supriya

Re: Authorization at data element level

Sm1tje — Mon, 26 Oct 2009 06:18:49 GMT

So why do you have to display the field (*****) anyway? If user has no authorization, the field should not be shown (displayed) at all.

Re: Authorization at data element level

Former Member — Mon, 26 Oct 2009 06:45:02 GMT

Actually , if the field is blank , then the end user will not come to know if the field does contain any value or just he is not authorized to view the same.

Authorization needs to be only on 1 field (having BANKN data elem ) and not on the entire transaction

Thanks

Supriya

Re: Authorization at data element level

Sandra_Rossi — Mon, 26 Oct 2009 10:16:00 GMT

As I said, most of the time, you should do modification of the standard. In 4.7, you only have SSCR.

I don't know FK* transactions, so I can't tell you if there is a BTE for that.

You should have better mentioned them in the title of your post to get more chance to have an answer, and do not mention "authorization at data element" (people wouldn't read it as it makes no sense in SAP).

By the way, another solution would be to use authorizations at transaction level: authorized people would use FK* transactions where bank field would be displayed, while some other people would use ZFK* transactions where bank field is NOT displayed, using transaction and screen variants

Re: Authorization at data element level

Former Member — Wed, 28 Oct 2009 06:51:13 GMT

Hi Supriya,

If I have understood your question correctly, you want a data element / domain authorization check.

data element check can be done by field exit whereas for domain check, you can use conversion exit.

1. Create a FM with names CONVERSION_EXIT_XXXXX_INPUT & CONVERSION_EXIT_XXXXX_INPUT where XXXXX represents your domain name

2. In the code section add the checks you want on the domain

3. go to se11 and call XXXXX in your conversion routines

This way you can ensure that your conversion exit is called whenever domain is used and additional code written by you will ensure what process you want to execute.

Re: Authorization at data element level

Former Member — Wed, 28 Oct 2009 06:53:50 GMT

Thanks a lot Mayank,

This is exactly what i wanted.

My solution is working as required .

Thanks

Supriya .