Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization Objects for Multiple Fields on a Screen

former_member742973
Participant
0 Kudos
1,247

Hi,

I have a requirement to create authorization object on a screen with 20 fields and there are 3 users, each user for eg: User-A has rights to Display and modify a few fields and User-B has rights to diplay and modify a few fields and same is the case for the 3rd user, and there are some fields which all can modify.

what i can do is create 2 authorization objects for each user one with all fields that he can modify & Display and other with all fields which he can display only. In this way i will have to create 6 authorization objects for 3 users, is there a way to reduce to 3, one for each user or even bring it down to 1 for all.

Thanks,

Thirumal

1 ACCEPTED SOLUTION

Former Member
0 Kudos
630

Hi Thirumal,

1. In such case , we can do like this :

2. Create ONLY ONE Authorisation object.

3. In that object, take some field

(any field, new field which has some meaning)

(this field, in your case

can have 6 DIFFERENT values)

(these values u can extend in future, without

making any change in the authoirsation object)

4. then in your program,

check the authorisation object,

and check which field(s) he has got right.

5. then based upon hardcoded values for the field value,

u can

display, edit the SET of fields.

regards,

amit m.

9 REPLIES 9

Former Member
0 Kudos
631

Hi Thirumal,

1. In such case , we can do like this :

2. Create ONLY ONE Authorisation object.

3. In that object, take some field

(any field, new field which has some meaning)

(this field, in your case

can have 6 DIFFERENT values)

(these values u can extend in future, without

making any change in the authoirsation object)

4. then in your program,

check the authorisation object,

and check which field(s) he has got right.

5. then based upon hardcoded values for the field value,

u can

display, edit the SET of fields.

regards,

amit m.

0 Kudos
630

Hi Amit,

I am not able to follow you, can u elaborate it.

Thanks,

Thirumal

0 Kudos
630

Hi again,

1. when we create authorisation object,

we assign field(s) to it.

eg. Company code,

there may be various company codes

in sap system. eg. 5

So, they don't create 5 different authorisation

objects.

2. Rather, there is only one authorisation object,

and there is one field in that object.

3. now when a user is assigned the object,

the FIELD VALUE has to be given.

so in case of

user A: field value is 1000,

user B: field value is 2000,3000

user C: field value is 5000,1000

user 😧 field value is 4000

4. Now in programs,

when the user selects a company code in selection screen,

authority check is made,

for THAT SELECTED company code,

using that authorisation object.

5. In similar way,

u can do.

regards,

amit m.

0 Kudos
630

Hi Amit,

The case you have explained is where the user is restricted based on values but mine is based on fields, i will explain my case in detail again.

Fields USER-A USER-B USER-C

1. RNumber rw rw r

2. Reason rw rw rw

3. Detail Explanaion r rw r

4. Date r r r

5. Close date rw r rw

rw - read/write permission : r - Display only

This is a big list with another 20 fields, all with different rights as i shown above,they are all on the same screen.

My work would be to do the check when the user tries to save it and allow him to update fields only if he has rw to those fields.

Warm Regards,

Thirumal

0 Kudos
630

Hi again,

1. Ya, i have already understood your problem.

2. u agree that

there are SIX Different

field combinations (for read and edit )

3. For that,

u will hardcode

in your program itself . am i right ?

ie. if 1, then this,this,this

if 2, then this,this,this

if 3, then this,this,this

4. So instead of using

SIX different authorisation objects,

i m just saying that

use only one object

and in that object, create/use

on field (for value purpose 1,2,3,4,5,6)

(and not for screen field purpose).

5. then based on this value 1,2,3,4,5,6,

(which will be assigned to different users)

u can hardcode in your program,

ie. if 1, then this,this,this

if 2, then this,this,this

if 3, then this,this,this

6. Please see help on

authorisation objects

and tcode su21.

There u will get more understanding

of

AUTHORISATION OBJECT -


> FIELD(S)

(this fields are not screen fields,

rather they are fields of database

for which different values are assigned)

regards,

amit m.

0 Kudos
630

Hi Amit,

I am following you totally, but there is problem in it,

I will not end in hardcoding just 6 cases in my program, there will be 100's of cases because i am talking about 25 fields and there are 3 users have rw access across all fields and there is cross rights as well(not that they have distinct rights to set for fields)

For eg:-

Take there are 3 fields Field1 Field2 and Field3,

1. user2 has modification right to field 1 and 2(Assume i have assigned him a field value of 2 in authorisation field).

2. user1 has modification rights for all fields 1 2 and 3.

(i have assigned him a field value of 1 in authorisation field)

Now in my program User 2 is changing just field 1.

and my if statement will go like this...

if Field modified is 1 or 2 or 3.

Authorisation = 1

else if field modified is 1 or 2.

Authorisation = 2

end if.

now after this code the authorisation object for user 2 would be 1.

Authorisation would fail for this user.

This is just one simple case, i feel to solve this we will have build a big logic with different comibinations for the 25 fields.

Feel this might not work.

Thanks and regards,

Thirumal

0 Kudos
630

Hi again,

1. Thanks for the transparent example.

2. Taking the same,

it would be like this, in the program.

( u must agree that

if there are six different cases,

then there will be six different IF ENDIF

in your program, for edit/display combination of fields)

(you may also use GROUP1, GROUP2..GROUP4

concept along with authorisation concept

to group related fields )

2. suppose user2 or user 1 has logged in.

3. in the program,

before displaying the fields,

a) use authority-check

with 1, 2 and check sy-subrc to know

which VALUE (1,2) is there for rights.

b)then, logic would be like this

(for display/edit of all fields)

IF value = 1.

field1-visible = true

field1-editable = true

field2-visible = true

field2-editable = true

field3-visible = true

field3-editable = true

endif.

*----


if value = 2.

field1-visible = true

field1-editable = <b>false</b>

field2-visible = true

field2-editable = <b>false</b>

endif.

regards,

amit m.

0 Kudos
630

Hi Amit,

That looks like a great idea, Thanks for the same.

Warm Regards,

Thirumal

abdul_hakim
Active Contributor
0 Kudos
630

Hi Thirumal,

You can create one and assign it to all..

Cheers,

Abdul