Showing results for 
Search instead for 
Did you mean: 

Authorization in web dynpro

Former Member
0 Kudos

Hi experts,

        I need to provide authorization facility to my web dynpro application. My application is online ticket tracking system where one can create ticket, modify ticket and close the tickets.


But i need to provide the facility of modify, create and deleting the ticket only to specific users and for the rest of the users the application should be in display mode only. So what i s the approach i should follow in solving this issue.

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
0 Kudos

Hi Venkat,

I want to suggest a design approach for your problem.

Create a context node say 'Authorization' in the component controller with attributes 'Create' 'Change' and 'Display' of type WDY_BOOLEAN.

Maintain a view where authorizations for various user actions can be maintained. Something like this:

UsernameActivityAuthorization Flag

Now when the user logs in set the context node 'Authorization' with respective authorization flag data.

While defining the UI element Button to Create, bind the enable property with the corresponding attribute 'Create'. Continue the same approach for other buttons as well. This will solve your requirement.



Former Member
0 Kudos

Hello Venkat ,

this approach would be fine .

  1. Create an authorisation objet SU21  . reference
  2. Maintain the common class for the auth checks . where you do the authorization check 
  4. In your code inital method ( WDINIT ) or where  ever the action triggers  check the authority  calling the class .
  5. Based on the return code bind the property of the view ui elemnts or .Show error message where ever you want to restrict the user to make the changes .

Thanks ,

Venkat Ratnam Naidu


Former Member
0 Kudos

Hi Venkat,

It is simeple one,Get the user name by using bellow FM  RH_GET_PERSON_FROM_USER.

Check user is authorised user or not then u can proceed with u r requirement.



Former Member
0 Kudos

Hi All,

I have created authorization objects and assigned roles to different user id's.

Say i have created 2 user id's, one user id for only display and other user id is for change/create.

Its working in my compnay server but when i transport the object into client developemnt system its not working so i have to create different id's in client system also.

Former Member
0 Kudos

Hi Venkat,

Please make sure that the users  having the kind of roles , auth object  in client system .

Thanks ,

Venkat Ratnam Naidu .

Former Member
0 Kudos

Thank you Venkat Ratnam for the reply and i will make sure users having auth objects and roles

Active Participant
0 Kudos


How do you identify, whether user wanted application in CREATE / EDIT / DELETE mode?

You must be passing some Application parameter- MODE (Pass value - C for Create, E for EDIT and D for DELETE) by using which you can identify to which mode user is trying to login.

Application parameter value can be caught in default plug of application main window. Either here or in WDDOMODIFYVIEW you have to write the code for Authorization check using below code.

   **Check wether user has authorized to execute this application or not.
      user                = sy-uname
      object              = c_auth_object
      field1              = c_fld1 "Set some field
      value1              = c_value1 "Mode
      user_dont_exist     = 1
      user_is_authorized  = 2
      user_not_authorized = 3
      user_is_locked      = 4
      OTHERS              = 5.

Here, do the Web Dynpro message handling and write RETURN(This is must) statement to come out of the component instance.



Active Contributor
0 Kudos

Hi Venkat

Apart from Lukas sol,

use authroity object ( like in normal abap ),  check the same in wddoint method... and depends on it visible or enable / disable the UI elements, i think it would be more easy.



Active Contributor
0 Kudos


I would build respective R3-Roles and assign them to the corresponding users. I would then make gobal constants in the WDA and ask at WDDOMODIFYVIEW or WDDOINIT or another hook whether the user has the right Roles to makes certain actions and set the create/modify/delete properties (enabled/invisible for example) accordingly. That would be my approach, since it's pretty transparent, easy to accomplish and allows for further restrictions by "minting" the R3-Roles with particular authorities.

Cheers, Lukas