Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Complex authorizations

Former Member

on ‎2005 Jun 13 4:14 PM

0 Likes
357

Hi,

I'm having the following problem with authorizations:

I have one authorization object on e.g. 2 characteristics (0SALESORG, and 0DISTR_CHAN).

A specific user has 2 tasks in the organisation. He is responsible for:

  • Distribution Channel 'A' for all salesorgs in Europe

  • All distribution channels for sales org NL

I gave him authorization for:

  • 0DISTR_CHAN 'A', 0SALESORG: 'EU*'

  • 0DISTR_CHAN '*', 0SALESORG: 'EUNL'

This is a simplification of my actual problem, but describing the essence of the problem

Now, the user can run a specific query for both combinations. When he start the query, the variables are filled automatically with 0DISTR_CHAN: '', 0SALESORG 'EU'. When executing the query, the pop up appears: 'No Authorization'. This is correct as the user may not see everything for these combinations.

My question is: how can we make this user friendly.

The following options were mentioned by my team, but I don't like them:

1. Create 2 user IDs for the user. One for task 1 and a second one for the second task. Logging on with the correct user ID will use the correct profile.

2. Create 2 authorization object, two multiproviders, and two reports. When accessing report 1 only one authorization object is checked, and only one set of values is used for authorization.

Are there any other solutions, like generating a pop-up where a user can select which profile he wants to use when he executes a report?

Any other ideas?

Kind regards,

Frank de Vleeschauwer

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎2005 Jun 13 9:18 PM
0 Likes

Hi Aswin,

I am around this forum.Since i got registered as a customer my old points got transferred to my new userID.

As you suggest it all depend on how much complex scenario you want to implement.In my case we have 5 levels of security layer and we developed a security model and implemented with user Exit.

Thank you

Arun

Show replies
Show replies
Former Member
‎2005 Jun 13 8:59 PM
0 Likes

Hi,

Please take a look at the User exit for Virtual Characteristics & Key figures? We have implemented custom complex authorization by reading the Infocube data before populating it to the Data provider and modifying the custom field data with '-' and set a filter in the template not to show '-' for that security field.

You need to use the project 'RSR00002' involving 2 exits EXIT_SAPMRSRU_001, EXIT_SAPMRSRU_999 in the CMOD transaction.

Let me know if you need more explaination.

Thank you

Arun

Show replies
Show replies
Ashwin
Active Contributor
‎2005 Jun 13 9:08 PM
0 Likes

Hi Arun!

Welcome to SDN. I think you are back to SDN after a long time.

Regarding this issue... I think this can be solved using the heirarchies also which will be more robust in case of implementing more complex issues wich involve more levels of dependencies. whats your openion about this...

with regards

ashwin

Former Member
‎2005 Jun 14 8:03 AM
0 Likes

Hi Arun,

Thanks for replying to my post. I know the user exits for virtual characteristics and key figures.

I'm just wondering how you use these in this complex authorization case.

The main problem we have is that we don't know at the start of the report, for what task the user is opening the report.

Is it for:

  • Distribution Channel 'A' for all salesorgs in Europe OR

  • All distribution channels for sales org NL

Depending on this choice, we have to enter the variables in the selection screen (via the variables user exits, this is easy). The problem is that I'm looking for a good way to deal this. I'm not sure that virtual characteristics can help me with this.

Kind regards,

Frank de Vleeschauwer

Ashwin
Active Contributor
‎2005 Jun 13 4:21 PM
0 Likes

Hello!

you have to implement this logic with a user exit or you can assign authorizations based on the salses organization heirarchy

with regards

ashwin

Message was edited by: Ashwin Kumar Gadi

Show replies
Show replies
Ask a Question