cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization check without using variable of type u0093Authorizationu0094

Former Member
0 Kudos
80

In WEB-reporting we want to authorize on a navigational attribute without using the variable of type

“ Authorization”. Why would we do this?

1. In a lot of queries we have to replace the existing variable of type “User entry” to a variable of type “Authorization”. We would like to avoid this work.

2. When the variable is not ready for input the Report will always include all the characteristic values for which the user is authorized. We don’s want this.

3. When the variable is ready for input on the selection screen all the authorized values are displayed and the user is able to select / deselect the values he/she wants to report. In case of a lot of authorized characteristic values the screen does not appear user-friendly.

What we want is a behavior like some parts of R/3. For example: Controlling Area X consists of the Costcenters C1000, C2000, C3000, C4000, C5000 and C6000. A particular user has authorization for Cost centers C1000, C3000 and C5000. When running a ABAP-report with Cosctcenters the user is able to select certain Costcenters. Three possibilities:

1. The user selects Costcenter C1000, C3000 and / or C5000: the ABAP reports the selected Costcenters.

2. The user selects Costcenter C2000, C4000 and / or C6000: the ABAP gives an error-message: “no authorization”.

3. The user does not select any Costcenters: the ABAP reads all the Costcenters and reports – on the basis of the users authorization – only Costcenters C1000, C3000 and C5000.

In term of BW: we would like to introduce authorizations for a specific InfoObject which is used as an navigational of an other InfoObject. In the queries a variable is used of the type “User entry”. The user can select one or more values on the selection screen; an authorization check is fulfilled. He may – however – choose to leave the selection field empty; in this case the OLAP processor should report only the authorized values (in our case the last situation results directly in an error-message “no authorization”).

Anyone has a suggestion?

Thx in advance,

Henk

View Entire Topic
Former Member
0 Kudos

If you change the variable to type exit, and user input enabled, you can then build your logic in the user exit.

If users have entered unauthorised values, it will be checked (by the system??). If this assumption is correct then all you need to do in your exit is to continue with the values entered by the user; and in case user has entered no values, populate the variable with values valid for the user (by reading the user authorization and corresponding charactertistics values and moving these to the variable).

--> Adding further

Since the authorization will not be checked by the system (I missed that these are not of authorization type variables), user exit will need to do this check. The logic for doing authorization checks / error messages / restricting based on authorizations - will have to be done in the user-exit.

cheers,

Message was edited by: Ajay Das