cancel
Showing results for 
Search instead for 
Did you mean: 

How to restrict permissions for individual business object fields?

Former Member
0 Kudos
73

I know that ACE can restrict permissions (read/write/delete) for entire business objects (Business Partner, Opportunity, Activity...).

Is it possible to assign security permissions (read/write) to individual attributes of business objects? For example, I want that some users could not view phone number for Business Partner.

Accepted Solutions (0)

Answers (2)

Answers (2)

amarnath_kathi
Active Contributor
0 Kudos

ACE can not handle this on its own Pavel. And I don't think there is a 3rd engine.

Regards,

Amar.

Former Member
0 Kudos

We had similar requirement for transaction but that was more to do edit or non-edit authorization at field level, but i feel this will work for your scenario too.

First there is no standard tool available to do this, so, you'll have to create your own authorization objects in transaction SU21 (Basis will be able to do that) lets say ZAUTHOBJ, and then assign permitted activities for this object i.e. create/generate, change, display. Then you this authorization object in UI coding to check the permission level and give access at field level. Don't forget to assign this object to your PFCG role.

I'm not technical so can't tell you where to put the code on UI (may be some prepare output method), your tech team will be able to help you.

Also, its good idea to have seperate auth object for each field you want to restrict because of scalability in future.

Hope this gives you some idea...

Regards,

Vikas

Former Member
0 Kudos

Also, to add to above post, if you are only trying to BP try you luck with below auth objects

B_BUPA_ATT Business Partner: Authorization Types

B_BUPA_FDG Business Partner: Field Groups

B_BUPA_GRP Business Partner: Authorization Groups

For Configs refer to SPRO - Cross-Application - Business Partner - BP - Basic Settings - Authorization Management.

Regards,

Vikas

Former Member
0 Kudos

Is there another security engine, besides ACE and PFCG?