2006 Apr 06 5:47 AM
Hi,
I have a requirement to create authorization object on a screen with 20 fields and there are 3 users, each user for eg: User-A has rights to Display and modify a few fields and User-B has rights to diplay and modify a few fields and same is the case for the 3rd user, and there are some fields which all can modify.
what i can do is create 2 authorization objects for each user one with all fields that he can modify & Display and other with all fields which he can display only. In this way i will have to create 6 authorization objects for 3 users, is there a way to reduce to 3, one for each user or even bring it down to 1 for all.
Thanks,
Thirumal
2006 Apr 06 5:50 AM
Hi Thirumal,
1. In such case , we can do like this :
2. Create ONLY ONE Authorisation object.
3. In that object, take some field
(any field, new field which has some meaning)
(this field, in your case
can have 6 DIFFERENT values)
(these values u can extend in future, without
making any change in the authoirsation object)
4. then in your program,
check the authorisation object,
and check which field(s) he has got right.
5. then based upon hardcoded values for the field value,
u can
display, edit the SET of fields.
regards,
amit m.
2006 Apr 06 5:50 AM
Hi Thirumal,
1. In such case , we can do like this :
2. Create ONLY ONE Authorisation object.
3. In that object, take some field
(any field, new field which has some meaning)
(this field, in your case
can have 6 DIFFERENT values)
(these values u can extend in future, without
making any change in the authoirsation object)
4. then in your program,
check the authorisation object,
and check which field(s) he has got right.
5. then based upon hardcoded values for the field value,
u can
display, edit the SET of fields.
regards,
amit m.
2006 Apr 06 6:07 AM
Hi Amit,
I am not able to follow you, can u elaborate it.
Thanks,
Thirumal
2006 Apr 06 6:19 AM
Hi again,
1. when we create authorisation object,
we assign field(s) to it.
eg. Company code,
there may be various company codes
in sap system. eg. 5
So, they don't create 5 different authorisation
objects.
2. Rather, there is only one authorisation object,
and there is one field in that object.
3. now when a user is assigned the object,
the FIELD VALUE has to be given.
so in case of
user A: field value is 1000,
user B: field value is 2000,3000
user C: field value is 5000,1000
user 😧 field value is 4000
4. Now in programs,
when the user selects a company code in selection screen,
authority check is made,
for THAT SELECTED company code,
using that authorisation object.
5. In similar way,
u can do.
regards,
amit m.
2006 Apr 06 6:45 AM
Hi Amit,
The case you have explained is where the user is restricted based on values but mine is based on fields, i will explain my case in detail again.
Fields USER-A USER-B USER-C
1. RNumber rw rw r
2. Reason rw rw rw
3. Detail Explanaion r rw r
4. Date r r r
5. Close date rw r rw
rw - read/write permission : r - Display only
This is a big list with another 20 fields, all with different rights as i shown above,they are all on the same screen.
My work would be to do the check when the user tries to save it and allow him to update fields only if he has rw to those fields.
Warm Regards,
Thirumal
2006 Apr 06 7:04 AM
Hi again,
1. Ya, i have already understood your problem.
2. u agree that
there are SIX Different
field combinations (for read and edit )
3. For that,
u will hardcode
in your program itself . am i right ?
ie. if 1, then this,this,this
if 2, then this,this,this
if 3, then this,this,this
4. So instead of using
SIX different authorisation objects,
i m just saying that
use only one object
and in that object, create/use
on field (for value purpose 1,2,3,4,5,6)
(and not for screen field purpose).
5. then based on this value 1,2,3,4,5,6,
(which will be assigned to different users)
u can hardcode in your program,
ie. if 1, then this,this,this
if 2, then this,this,this
if 3, then this,this,this
6. Please see help on
authorisation objects
and tcode su21.
There u will get more understanding
of
AUTHORISATION OBJECT -
> FIELD(S)
(this fields are not screen fields,
rather they are fields of database
for which different values are assigned)
regards,
amit m.
2006 Apr 06 8:19 AM
Hi Amit,
I am following you totally, but there is problem in it,
I will not end in hardcoding just 6 cases in my program, there will be 100's of cases because i am talking about 25 fields and there are 3 users have rw access across all fields and there is cross rights as well(not that they have distinct rights to set for fields)
For eg:-
Take there are 3 fields Field1 Field2 and Field3,
1. user2 has modification right to field 1 and 2(Assume i have assigned him a field value of 2 in authorisation field).
2. user1 has modification rights for all fields 1 2 and 3.
(i have assigned him a field value of 1 in authorisation field)
Now in my program User 2 is changing just field 1.
and my if statement will go like this...
if Field modified is 1 or 2 or 3.
Authorisation = 1
else if field modified is 1 or 2.
Authorisation = 2
end if.
now after this code the authorisation object for user 2 would be 1.
Authorisation would fail for this user.
This is just one simple case, i feel to solve this we will have build a big logic with different comibinations for the 25 fields.
Feel this might not work.
Thanks and regards,
Thirumal
2006 Apr 06 8:29 AM
Hi again,
1. Thanks for the transparent example.
2. Taking the same,
it would be like this, in the program.
( u must agree that
if there are six different cases,
then there will be six different IF ENDIF
in your program, for edit/display combination of fields)
(you may also use GROUP1, GROUP2..GROUP4
concept along with authorisation concept
to group related fields )
2. suppose user2 or user 1 has logged in.
3. in the program,
before displaying the fields,
a) use authority-check
with 1, 2 and check sy-subrc to know
which VALUE (1,2) is there for rights.
b)then, logic would be like this
(for display/edit of all fields)
IF value = 1.
field1-visible = true
field1-editable = true
field2-visible = true
field2-editable = true
field3-visible = true
field3-editable = true
endif.
*----
if value = 2.
field1-visible = true
field1-editable = <b>false</b>
field2-visible = true
field2-editable = <b>false</b>
endif.
regards,
amit m.
2006 Apr 06 9:34 AM
Hi Amit,
That looks like a great idea, Thanks for the same.
Warm Regards,
Thirumal
2006 Apr 06 6:07 AM
Hi Thirumal,
You can create one and assign it to all..
Cheers,
Abdul