https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088104#M1615169 <HTML><HEAD></HEAD><BODY><P>Hi guys.. any other approach you can think of..</P><P>i think dynamic role asignment suggested by Alex makes it a break-through. Can i have some more details how to do this?</P></BODY></HTML> Thu, 21 Jul 2011 21:23:06 GMT Former Member 2011-07-21T21:23:06Z https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088096#M1615161 <HTML><HEAD></HEAD><BODY><P>Hi experts,</P><P></P><P>We have a requirement where in user access level for cost centers changes very frequently. This access details are maintained in a Z table. And this Z table will be maintained by the super user/lead user.</P><P></P><P>Now users should be restricted to only those cost centers that are maintained in the table in <STRONG>ALL TRANSACTIONS</STRONG>.</P><P></P><P>Is there any customer exit/ other approach available which can be applied here.</P><P>Any inputs are highly appreciated.</P><P></P><P>Thanks,</P><P>Asrar</P></BODY></HTML> Fri, 15 Jul 2011 20:21:36 GMT https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088096#M1615161 Former Member 2011-07-15T20:21:36Z https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088097#M1615162 <HTML><HEAD></HEAD><BODY><P>I've done this a couple of different ways. If I was to do it again I would look at a solution which uses the standard auth concept but dynamically maps appropriate roles to users based on the input logic (in your case a custom table).</P></BODY></HTML> Fri, 15 Jul 2011 21:07:18 GMT https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088097#M1615162 Former Member 2011-07-15T21:07:18Z https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088098#M1615163 <HTML><HEAD></HEAD><BODY><P>Hello Alex,</P><P></P><P>It would be great if you please share the details of your solutions towards this.</P><P></P><P>Thanks,</P><P>Asrar</P></BODY></HTML> Fri, 15 Jul 2011 21:16:35 GMT https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088098#M1615163 Former Member 2011-07-15T21:16:35Z https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088099#M1615164 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I'm happy to answer any specific questions but I'm not going to detail full solutions for commercial reasons. </P><P></P><P></P><P>Dynamically passing in auth values into the CO programs is tricky and you will spend a lot of time and money on it. If you go down this route then you must be very strict about which transactions are in scope and many modifications will need to be made to the supporting code.</P><P></P><P>A method which appends a role to a user is attractive as it does not require any changes to the underlying functional programs. It is not without it's limitations, especially around the number of roles which can be assigned to a user (312) but you can design around that when assessing your potential usage scenario's.</P></BODY></HTML> Sat, 16 Jul 2011 05:14:22 GMT https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088099#M1615164 Former Member 2011-07-16T05:14:22Z https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088100#M1615165 <HTML><HEAD></HEAD><BODY><P>A more realistic and less intrusive approach is to generate roles for all levels in the standard hierarchy and then watch for changes in a batch job which adapts and generates the new ones. If you are lucky, the hierarchy is being maintained in DEV and transported...</P><P></P><P>Then give the person whom you wanted to maintain the table access to PFCG and let them only assign these generated roles - so you will need a naming convention for them.</P><P></P><P>Works like a charm and adapts itself as the hierarchy changes. Automatically generating roles is a bit tricky but still much safer than modiying central check functions.</P><P></P><P>Cheers,</P><P>Julius</P></BODY></HTML> Sat, 16 Jul 2011 07:50:38 GMT https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088100#M1615165 Former Member 2011-07-16T07:50:38Z https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088101#M1615166 <HTML><HEAD></HEAD><BODY><P>I remembered you mentioned something like that before but couldn't remember any more of the details!</P></BODY></HTML> Sat, 16 Jul 2011 09:13:01 GMT https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088101#M1615166 Former Member 2011-07-16T09:13:01Z https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088102#M1615167 <HTML><HEAD></HEAD><BODY><P>Completely lost <SPAN __jive_emoticon_name="happy"></SPAN></P><P></P><P>Nevermind - I'll hopefully pick this up one day..</P><P></P><P>Cheers</P><P>David</P></BODY></HTML> Sat, 16 Jul 2011 22:30:09 GMT https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088102#M1615167 Former Member 2011-07-16T22:30:09Z https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088103#M1615168 <HTML><HEAD></HEAD><BODY><P>It sounds more complex that it is! Once you have the process worked out it's usually just a bit coding that needs to be done. </P><P></P><P>Julius' approach (automating the build of roles which represent new nodes on the standard hierarchy) is a bit more involved than a basic automated allocation tool but has significant time savings once implemented.</P></BODY></HTML> Mon, 18 Jul 2011 07:10:34 GMT https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088103#M1615168 Former Member 2011-07-18T07:10:34Z https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088104#M1615169 <HTML><HEAD></HEAD><BODY><P>Hi guys.. any other approach you can think of..</P><P>i think dynamic role asignment suggested by Alex makes it a break-through. Can i have some more details how to do this?</P></BODY></HTML> Thu, 21 Jul 2011 21:23:06 GMT https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088104#M1615169 Former Member 2011-07-21T21:23:06Z https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088105#M1615170 <HTML><HEAD></HEAD><BODY><P>Can you first tell us whether you are using the old k_repo_cca concept or the new k_cca concept via the standard hierarchy for all the actvt (now co_actions of the same object).</P><P></P><P>This makes a big difference....</P><P></P><P>Cheers,</P><P>Julius</P><P></P><P>Edited by: Julius Bussche on Jul 21, 2011 11:27 PM</P></BODY></HTML> Thu, 21 Jul 2011 21:26:46 GMT https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088105#M1615170 Former Member 2011-07-21T21:26:46Z https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088106#M1615171 <HTML><HEAD></HEAD><BODY><PRE><CODE><P>We have a requirement where in user access level for cost centers changes very frequently. This access details are maintained in a Z table. And this Z table will be maintained by the super user/lead user.</P><P></P><P>Now users should be restricted to only those cost centers that are maintained in the table in ALL TRANSACTIONS.</P><P></P></CODE></PRE><P></P><P>Identify the tcodes that uses cost centers and create custom transaction codes and make them read your Z table for the values.</P><P></P><P>Also, as highlighted by Julius. If the new concept is used, Cost center is a org field where it would be tough to read the values from a Z table. </P><P></P><P>Regards,</P><P>Raghu</P></BODY></HTML> Fri, 22 Jul 2011 09:41:16 GMT https://community.sap.com/t5/application-development-and-automation-discussions/dynamic-authorizations-using-customer-exit/m-p/8088106#M1615171 Former Member 2011-07-22T09:41:16Z