on 2010 May 25 3:08 PM
I know that ACE can restrict permissions (read/write/delete) for entire business objects (Business Partner, Opportunity, Activity...).
Is it possible to assign security permissions (read/write) to individual attributes of business objects? For example, I want that some users could not view phone number for Business Partner.
ACE can not handle this on its own Pavel. And I don't think there is a 3rd engine.
Regards,
Amar.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We had similar requirement for transaction but that was more to do edit or non-edit authorization at field level, but i feel this will work for your scenario too.
First there is no standard tool available to do this, so, you'll have to create your own authorization objects in transaction SU21 (Basis will be able to do that) lets say ZAUTHOBJ, and then assign permitted activities for this object i.e. create/generate, change, display. Then you this authorization object in UI coding to check the permission level and give access at field level. Don't forget to assign this object to your PFCG role.
I'm not technical so can't tell you where to put the code on UI (may be some prepare output method), your tech team will be able to help you.
Also, its good idea to have seperate auth object for each field you want to restrict because of scalability in future.
Hope this gives you some idea...
Regards,
Vikas
Also, to add to above post, if you are only trying to BP try you luck with below auth objects
B_BUPA_ATT Business Partner: Authorization Types
B_BUPA_FDG Business Partner: Field Groups
B_BUPA_GRP Business Partner: Authorization Groups
For Configs refer to SPRO - Cross-Application - Business Partner - BP - Basic Settings - Authorization Management.
Regards,
Vikas
Is there another security engine, besides ACE and PFCG?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
23 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.