https://community.sap.com/t5/application-development-and-automation-discussions/authorization-check-approach-needed-for-custom-transaction-code/m-p/10940134#M1892189 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Will the following approach help solve your problem:</P><P></P><P>Let us assign one role per user-interface:</P><P></P><P style="font-size: 12px; color: #333333; background: #ffffff;">1. Employee Role: P_TRAVL -&gt; AUTHP = O</P><P style="font-size: 12px; color: #333333; background: #ffffff;">2. Accountant/Manager Role : P_TRAVL -&gt; AUTHP = E</P><P style="font-size: 12px; color: #333333; background: #ffffff;"></P><P style="font-size: 12px; color: #333333; background: #ffffff;">In the report, while <SPAN style="color: #333333; font-size: 12px;">custom coding authorization check, if AUTHP retrieved value is:</SPAN></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><SPAN style="color: #333333; font-size: 12px;">O -&gt; display filtered content</SPAN></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><SPAN style="color: #333333; font-size: 12px;">E -&gt; display whole content</SPAN></P><P style="font-size: 12px; color: #333333; background: #ffffff;"></P><P style="font-size: 12px; color: #333333; background: #ffffff;">Let me know.</P></BODY></HTML> Wed, 18 Feb 2015 11:52:04 GMT Former Member 2015-02-18T11:52:04Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-check-approach-needed-for-custom-transaction-code/m-p/10940132#M1892187 <HTML><HEAD></HEAD><BODY><P>Hi Friends,</P><P></P><P>We have developed a custom report to display TRIPS (Travel Requests/Expenses). Also a transaction code has been assigned to it. The requirement is that, based on the user who is executing the report, the output should be displayed accordingly.</P><P>a. If the user is an Employee, then only his/her trips needs to be displayed.</P><P>b. If the user is an Accountant/Manager, then the report must display all the trips. Other Employees' as well as their own.</P><P></P><P>Our understanding was that a combination of the authorization object P_TRAVL and an authorization check code in the report program will be sufficient.</P><P></P><P>There are 3 different roles existing in the system for Employee, Accountant and Manager. The P_TRAVL object used in these roles has the below values:</P><P>1. Employee Role : P_TRAVL -&gt; AUTHP = O</P><P>2. Accountant Role : P_TRAVL -&gt; AUTHP = E,O</P><P>3. Manager Role : P_TRAVL -&gt; AUTHP = E,O</P><P></P><P>In the authorization check part of the report program, we are utilizing the FM "SUSR_USER_AUTH_FOR_OBJ_GET" by passing the User Name and the authorization object P_TRAVL and retrieving the AUTHP values and the profile name. Depending on these values (E or O) we get to know if it is an Employee or Accountant/Manager. Then the output is displayed accordingly.</P><P></P><P>The scenario where the above logic fails is when a person is assigned both the roles i.e. Employee's as well as Accountant/Manager's roles. In this scenario the Employee's validation restricts the output to be displayed.</P><P></P><P>Also now the client has come back saying that only the P_TRAVL object needs to be utilized and the custom coding authorization check should be removed. The reason being, when the custom transaction code for this report is put in a separate role which is meant for reporting purpose they are facing issues one of them being the above mentioned scenario which is failing.</P><P></P><P>QUERY : How can we put restrictions in the report only on the basis of P_TRAVL object? OR Is there some other approach to achieve this?</P><P></P><P>Please do share your expertise/experience. Do let me know if any more details are to be provided.</P><P></P><P>Thank you for your help in advance.</P><P></P><P>Regards,</P><P>Vish</P></BODY></HTML> Wed, 18 Feb 2015 09:56:38 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-check-approach-needed-for-custom-transaction-code/m-p/10940132#M1892187 Former Member 2015-02-18T09:56:38Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-check-approach-needed-for-custom-transaction-code/m-p/10940133#M1892188 <HTML><HEAD></HEAD><BODY><P>Vishwanath,</P><P></P><P>If I understood your issue correctly,try creating two T-Codes and then validating within the program based on the T Code in addition to the existing validations.Depending on the need you can add the required tcodes in the User Profile.</P><P></P><P>K.Kiran.</P></BODY></HTML> Wed, 18 Feb 2015 11:38:54 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-check-approach-needed-for-custom-transaction-code/m-p/10940133#M1892188 kiran_k8 2015-02-18T11:38:54Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-check-approach-needed-for-custom-transaction-code/m-p/10940134#M1892189 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Will the following approach help solve your problem:</P><P></P><P>Let us assign one role per user-interface:</P><P></P><P style="font-size: 12px; color: #333333; background: #ffffff;">1. Employee Role: P_TRAVL -&gt; AUTHP = O</P><P style="font-size: 12px; color: #333333; background: #ffffff;">2. Accountant/Manager Role : P_TRAVL -&gt; AUTHP = E</P><P style="font-size: 12px; color: #333333; background: #ffffff;"></P><P style="font-size: 12px; color: #333333; background: #ffffff;">In the report, while <SPAN style="color: #333333; font-size: 12px;">custom coding authorization check, if AUTHP retrieved value is:</SPAN></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><SPAN style="color: #333333; font-size: 12px;">O -&gt; display filtered content</SPAN></P><P style="font-size: 12px; color: #333333; background: #ffffff;"><SPAN style="color: #333333; font-size: 12px;">E -&gt; display whole content</SPAN></P><P style="font-size: 12px; color: #333333; background: #ffffff;"></P><P style="font-size: 12px; color: #333333; background: #ffffff;">Let me know.</P></BODY></HTML> Wed, 18 Feb 2015 11:52:04 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-check-approach-needed-for-custom-transaction-code/m-p/10940134#M1892189 Former Member 2015-02-18T11:52:04Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-check-approach-needed-for-custom-transaction-code/m-p/10940135#M1892190 <HTML><HEAD></HEAD><BODY><P>Hi Kiran,</P><P></P><P>Not sure if you got the requirement fully, but two transactions is not what we are looking for.</P><P>The report output needs to be displaying values as per the user, Employee to see only his trips and Manager/Accountant to be able to view all the trips.</P><P>Thanks for sharing your thoughts.</P><P></P><P>Regards,</P><P>Vish</P></BODY></HTML> Wed, 18 Feb 2015 13:23:33 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-check-approach-needed-for-custom-transaction-code/m-p/10940135#M1892190 Former Member 2015-02-18T13:23:33Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-check-approach-needed-for-custom-transaction-code/m-p/10940136#M1892191 <HTML><HEAD></HEAD><BODY><P>Hi Utkarsha,</P><P></P><P>The existing approach is inclusive of what you have mentioned. If you look at the below part that I had mentioned in my post:</P><P>"<SPAN style="color: #333333; font-size: 12px;">In the authorization check part of the report program, we are utilizing the FM "SUSR_USER_AUTH_FOR_OBJ_GET" by passing the User Name and the authorization object P_TRAVL and retrieving the AUTHP values and the profile name. Depending on these values (E or O) we get to know if it is an Employee or Accountant/Manager. Then the output is displayed accordingly."</SPAN></P><P></P><P>Here you have proposed to assign one role per user type. This works fine in the current logic but there are few users having all the types of roles, so this approach fails.</P><P></P><P>Thanks for giving it a try.</P><P></P><P>Regards,</P><P>Vish</P></BODY></HTML> Wed, 18 Feb 2015 13:29:37 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-check-approach-needed-for-custom-transaction-code/m-p/10940136#M1892191 Former Member 2015-02-18T13:29:37Z https://community.sap.com/t5/application-development-and-automation-discussions/authorization-check-approach-needed-for-custom-transaction-code/m-p/10940137#M1892192 <HTML><HEAD></HEAD><BODY><P>Closing the thread. Solution identified was to handle it at the role level.</P></BODY></HTML> Thu, 17 Sep 2015 19:11:02 GMT https://community.sap.com/t5/application-development-and-automation-discussions/authorization-check-approach-needed-for-custom-transaction-code/m-p/10940137#M1892192 Former Member 2015-09-17T19:11:02Z