Hi everyone,
Here's my scenario: I want to restrict the data users can display in BEx queries by a specific list of company codes. The list will be maintained in a custom table that has: USER ID, Sequence No, Company Code
These are the steps I have taken:
1. Made the infoobject 0COMP_CODE Authorization relevant
2. Created a BEx variable of type Customer Exit, ZCOMPCODE and assigned it to 0COMP_CODE in BEx
3. I created a new authorization object in RSECADMIN, ZCOMP, inserted the Special Characters, as well as 0COMP_CODE, and assigned it the variable $ZCOMPCODE created in BEx
4. I assigned ZCOMP to a role and assigned that role to my test user
5. I created code in CMOD in the include ZXRSRU01 to carry out my logic to lookup the custom table with my list of company codes
Here's my issue:
My logic works fine, and the report only returns data for the company codes in the tables, ONLY if I also assigned 0BI_ALL to the S_RS_AUTH .
In other words:
- if S_RS_AUTH only has ZCOMP, my authorization check fails.
- if S_RS_AUTH has both ZCOMP and 0BI_ALL my report works
I have two roles assigned to my test user:
Z_COMP only has the S_RS_AUTH object in it
Z_REPORT_USER has all the other authorization based on template S_RS_RREPU. And I have deactivated S_RS_AUTH in it, as Z_COMP has it.
It seems counter intuitive to have to assign 0BI_ALL for my custom security to work, but not being a security person, I might have missed something, and would appreciate any input from the experts out there.
I look forward to your replies.
Marcelo Berger
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.