cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization in web dynpro

Former Member

on ‎2012 Mar 29 8:39 AM

0 Kudos
898

Hi experts,

        I need to provide authorization facility to my web dynpro application. My application is online ticket tracking system where one can create ticket, modify ticket and close the tickets.

Query?

But i need to provide the facility of modify, create and deleting the ticket only to specific users and for the rest of the users the application should be in display mode only. So what i s the approach i should follow in solving this issue.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎2012 Mar 29 11:42 AM
0 Kudos

Hi Venkat,

I want to suggest a design approach for your problem.

Create a context node say 'Authorization' in the component controller with attributes 'Create' 'Change' and 'Display' of type WDY_BOOLEAN.

Maintain a view where authorizations for various user actions can be maintained. Something like this:

UsernameActivityAuthorization Flag
A1Create
A1ChangeX
A1DisplayX
A2Create
A2Change
A2DisplayX
A3CreateX
A3ChangeX
A3DisplayX

Now when the user logs in set the context node 'Authorization' with respective authorization flag data.

While defining the UI element Button to Create, bind the enable property with the corresponding attribute 'Create'. Continue the same approach for other buttons as well. This will solve your requirement.

Regards,

Sayan

Show replies
Show replies
Former Member
‎2012 Apr 05 8:10 AM
0 Kudos

Hello Venkat ,

this approach would be fine .

  1. Create an authorisation objet SU21  . reference http://wiki.sdn.sap.com/wiki/display/ABAP/What+are+Authorization+Objects
  2. Maintain the common class for the auth checks . where you do the authorization check 
  3. CALLFUNCTION'AUTHORITY_CHECK'.
  4. In your code inital method ( WDINIT ) or where  ever the action triggers  check the authority  calling the class .
  5. Based on the return code bind the property of the view ui elemnts or .Show error message where ever you want to restrict the user to make the changes .

Thanks ,

Venkat Ratnam Naidu

Pl

Former Member
‎2012 Apr 05 8:24 AM
0 Kudos

Hi Venkat,

It is simeple one,Get the user name by using bellow FM  RH_GET_PERSON_FROM_USER.

Check user is authorised user or not then u can proceed with u r requirement.

Thanks,

Ravi.

Former Member
‎2012 Apr 17 9:19 AM
0 Kudos

Hi All,

I have created authorization objects and assigned roles to different user id's.

Say i have created 2 user id's, one user id for only display and other user id is for change/create.

Its working in my compnay server but when i transport the object into client developemnt system its not working so i have to create different id's in client system also.

Former Member
‎2012 Apr 17 11:17 AM
0 Kudos

Hi Venkat,

Please make sure that the users  having the kind of roles , auth object  in client system .

Thanks ,

Venkat Ratnam Naidu .

Former Member
‎2012 Apr 18 10:55 AM
0 Kudos

Thank you Venkat Ratnam for the reply and i will make sure users having auth objects and roles

bharath_k6
Active Participant
‎2012 Mar 29 11:17 AM
0 Kudos

Hi,

How do you identify, whether user wanted application in CREATE / EDIT / DELETE mode?

You must be passing some Application parameter- MODE (Pass value - C for Create, E for EDIT and D for DELETE) by using which you can identify to which mode user is trying to login.

Application parameter value can be caught in default plug of application main window. Either here or in WDDOMODIFYVIEW you have to write the code for Authorization check using below code.

   **Check wether user has authorized to execute this application or not.
  CALL FUNCTION 'AUTHORITY_CHECK'
    EXPORTING
      user                = sy-uname
      object              = c_auth_object
      field1              = c_fld1 "Set some field
      value1              = c_value1 "Mode
    EXCEPTIONS
      user_dont_exist     = 1
      user_is_authorized  = 2
      user_not_authorized = 3
      user_is_locked      = 4
      OTHERS              = 5.

Here, do the Web Dynpro message handling and write RETURN(This is must) statement to come out of the component instance.

Regards,

Bharath

Show replies
Show replies
former_member199125
Active Contributor
‎2012 Mar 29 8:58 AM
0 Kudos

Hi Venkat

Apart from Lukas sol,

use authroity object ( like in normal abap ),  check the same in wddoint method... and depends on it visible or enable / disable the UI elements, i think it would be more easy.

Regards

Srinivas

Show replies
Show replies
Lukas_Weigelt
Active Contributor
‎2012 Mar 29 8:46 AM
0 Kudos

Hi,

I would build respective R3-Roles and assign them to the corresponding users. I would then make gobal constants in the WDA and ask at WDDOMODIFYVIEW or WDDOINIT or another hook whether the user has the right Roles to makes certain actions and set the create/modify/delete properties (enabled/invisible for example) accordingly. That would be my approach, since it's pretty transparent, easy to accomplish and allows for further restrictions by "minting" the R3-Roles with particular authorities.

Cheers, Lukas

Show replies
Show replies
Ask a Question