Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Field level authorization...

Go to solution
Former Member

‎2009 Feb 03 10:30 PM

0 Likes
1,769

Hello Gurus,

I am working on field level authorization.

I have created a authorization field in SU20 tranaction. The field name is ZDEPRT, Data element is ZDPT and table ZTABLE.

Also created authorization object for this field in SU21.

This authorization Object is assigned to a role whwre I maintain the fields for data element ZDPT for which user can view the data. This role is assigned to a user.

Now, in a custom report data is selected from ZTABLE and displayed. It displays data for all the values of field even if I resticted that field with only ceratin values.

The database select was indeed done on the one which was used while creating SU20 entry.

Can someone throw some light ?

Regards,

Rajesh.

1 ACCEPTED SOLUTION
Read only

Go to solution
mvoros
Active Contributor

‎2009 Feb 04 12:00 AM

0 Likes
607

Hi,

you can define authorization fields in the transaction SU20 and then use these fields in the authorization objects in the transaction SU21. The check table in SU20 has the following meaning (SAP documentation)

If desired, enter a check table for the possible entries. For more information about check tables, see  Connection to the Check Table. The connection provides possible field values. Values ranges can also be defined using the domain with which a field is associated.

It means that you restrict values accepted by authorization object. It does not mean that you restrict displaying of values in the check table.

So if you want to restrict your query, you need to loop over the table and check for each line if the user has authorization for that value.

Cheers

1 REPLY 1
Read only

Go to solution
mvoros
Active Contributor

‎2009 Feb 04 12:00 AM

0 Likes
608

Hi,

you can define authorization fields in the transaction SU20 and then use these fields in the authorization objects in the transaction SU21. The check table in SU20 has the following meaning (SAP documentation)

If desired, enter a check table for the possible entries. For more information about check tables, see  Connection to the Check Table. The connection provides possible field values. Values ranges can also be defined using the domain with which a field is associated.

It means that you restrict values accepted by authorization object. It does not mean that you restrict displaying of values in the check table.

So if you want to restrict your query, you need to loop over the table and check for each line if the user has authorization for that value.

Cheers