topic Re: regarding authorizations in Application Development and Automation Discussions

regarding authorizations

Former Member — Wed, 09 Aug 2006 11:24:58 GMT

dear friends,

i got a report with the fields EMPLOYEENUMBER, PROJECTNUMBER,PROJECTROLE, ASSIGNEDBY,ASSIGNEDUNTIL my requirement is whenever a EMPLOYEE login into bw with his LOGIN CREDENTIALS he should be able to see the information related to him (he should not see the other EMPLOYEENUMBER information.

for example let us assume the report is

empnum projnum projrole assignedby assigneduntil

11111 A1 PM HARI 20.11.2006

22222 B2 PM GIRI 11.3.2007

WHENEVER AN EMPLOYEE WITH EMPLOYEENUMBER 11111 LOGIN INTO BW WITH HIS LOGIN CREDENTIALS HE SHOULD SEE THE REPORT IN THE FOLLOWING WAY

EMPNUM PROJNUM PROJROLE ASSIGNEDBY ASSIGNEDUNTIL

11111 A1 PM HARI 20.11.2006

WHAT I HAD DONE IS I CREATED A USER(SU01) AND ROLE(PFCG) FOR THE EMPLOYEE WHOSE EMPLOYEE NUMBER IS 11111. AND THEN IN THE ROLE(PFCG)->AUTHORIZATION MENU, I GIVEN THE PROJECTNUMBER A1 MANUALLY AND DONE ALL THE REMAINING STUFF. AND NOW THE EMPLOYEE WITH THE EMPLOYEENUMBER 11111 IS ABLE TO LOGIN WITH HIS CREDENTIALS AND ABLE TO SEE THE INFORMATION WHICH IS RELATED TO HIM LIKE BELOW EXAMPLE,

EMPNUM PROJNUM PROJROLE ASSIGNEDBY ASSIGNEDUNTIL

11111 A1 PM HARI 20.11.2006

IF THIS IS THE CASE I GOT 1000 USERS IN BW WHO WERE ASSIGNED TO DIFFERENT PROJECT NUMBERS THEN I SHOULD CREATE THE 1000 ROLES FOR DIFFERENT USERS.

IS THIS THE ONLY WAY TO GO OR ISTHERE ANY OTHER WAY INSTEAD OF CREATING 100 ROLES FOR DIFFERENT USERS. PLEASE LET ME KNOW.

THANKS AND REGARDS,

HARI

Re: regarding authorizations

Former Member — Wed, 09 Aug 2006 11:26:59 GMT

dear i agree that this message is related to bw. btu here i am dealing with the creation of roles and users, so i need ur valuable suggestions.

thanks and regards,

hari

Re: regarding authorizations

Former Member — Wed, 09 Aug 2006 16:34:36 GMT

If it is completely based on Perssonel no. entity,

Probably your developer should make a logical entry in the code.

which should check whether personnel number for which user is checking for, should be equal to his own personnal number.

Re: regarding authorizations

Former Member — Tue, 15 Aug 2006 12:47:13 GMT

Hi,

maybe you should read this Thread

If this "$USER" mentioned in this Thread can be used also for other Authorization Fields, you can make your EMPLOYEENUMBER Auth. relevant, define a Role/Profil using your Field EMPNUM with $USER, assign it to your 1000 Users and use an authorization variable in our Query.

Depends on if $USER works for other Authorizations than S_RS_COMP or COMP1.

Regards

Roman

Re: regarding authorizations

Wolfgang_Janzen — Mon, 21 Aug 2006 11:51:36 GMT

In this case, AUTHORITY-CHECK is the wrong mechanism.

A simple "IF SY-UNAME = ..." is more appropriete.

But that is something the application developer has to decide. Please submit this query in the BW section.