on 2022 Mar 09 12:34 PM
Hi All,
I am trying to set up a CDS Access Control on CDS view C_PurReqnItm in order to restrict the items shown in the My Purchasing Document Items app by Profit Center. I would like to use the authorisation object K_PCA_HIER to do this, as it should allow me to specify a hierarchy node (profit center group) and see all the Profit Centers below that node.
I have marked the Profit Center Hierarchy as Reporting Relevant (txn HRY_REPRELEV) and replicated the runtime hierarchy into the HRRP* tables (txn HRRP_ERP). When I look at a data preview of CDS view I_ProfitCenterHierSubTree, I can see all nodes and Profit Centers.
I looked at another place the K_PCA_HIER auth object is used - access control I_GLAccountLineItem - and have copied that line into my custom access control. I have had to change the names of fields used, as the Profit Center field is in a view extension of C_PurReqnItm, so starts with a ZZ.
However, I can only pass the auth check if I set all the fields to '*' in my user role. As soon as I try and put in a restriction on the Hierachy ID or the Hierarchy Node, the auth check fails.
My question is: should this work? Should I be able to create a role using K_PCA_HIER for a Profit Center Group somewhere in the hierarchy and then expect to restrict a CDS view by only Profit Centers that are in that Group? Am I expecting too much of the system? There is so little documentation on either K_PCA_HIER or the DEFINE ACCESSPOLICY syntax that I don't have a good example to follow.
Many thanks,
Andrew
I saw your 2 questions on SCN for Profit Center and Cost Center Hierarchies and you also provided a solution. I was also looking for one but then I decided to search, using the where used of K_PCA_HIER. And I came across a few DCLs that SAP has written using this auth object and for Profit Center Hierarchies.
And one can simply use the below code and check the documentation for PFCG_MAPPING for learning what this offers - https://help.sap.com/doc/abapdocu_cp_index_htm/CLOUD/en-US/abencds_f1_define_pfcg_mapping.htm
@EndUserText.label:'Access control on
profit center hier'
@MappingRole:true
defineroleZI_JOURNALENTRYITEMCUBE{
grant
select
on
I_JOURNALENTRYITEMCUBE
where
(PROFITCENTER)=ASPECTPFCG_AUTH(K_PCAR_REP,PRCTR,ACTVT='03')
or
(GLACCOUNT,{PROFITCENTER,CONTROLLINGAREA})=ASPECTPFCG_AUTH(K_PCA_HIER,KSTAR,ACTVT='03',PFCG_MAPPING=I_PROFITCENTERHIERAUTH);
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
98 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.