cancel
Showing results for 
Search instead for 
Did you mean: 

Restrict the authorization of custom business object OWL entries based on the custom field

0 Kudos

Dear Experts,

We have a requirement to restrict the custom business object OWL entries based on the field "Confidential".

If the field is set to Confidential then, only the employees part of team should have an access to the data else , the data should be unrestricted for all the employees.

i have referred to blog https://blogs.sap.com/2014/07/21/instance-based-access-control/ to achieve this requirement , however as per the blog i feel , we can only inherit the standard access context but cannot restrict the data based on the field.

Any suggestions or thoughts on this requirement is really helpful

Thank you much

Accepted Solutions (0)

Answers (2)

Answers (2)

0 Kudos

Thank you so much saurabh.kabra for your kind response.

Yes , we have implemented this enhancement implementation for opportunity business object and works absolutely fine .

As per repository explorer , i see this Badi is applicable only for the standard business objects , please find the below snapshot for reference.

Hence , on save of custom business object this badi implementation is not getting triggered due to which unable to restrict or delete the access control entries.

So, is there any other alternative ways to restrict the custom business object entries based on the field Confidential as stated above in the query.

Thank you much

former_member226
Employee
Employee
0 Kudos

Hi,

SAP does provide a BADI CustomAccessControlListWrite in namespace http://sap.com/xi/AP/FO/MOM/Global in order to handle such cases for few standard business objects. This badi will enable you to handle access to such business object instances via OWL or via API.

Furthermore, SAP also provided sample code in repository explorer which, fortunately, carries exactly the same requirement for Lead as well as Opportunity based example. Hence my recommendation to you would be to just have a look at the example implementation and try to modify it as per your business need.

Note: We already implemented this in one of the customer project and it was quite easy to implement. Note that when you implement this BADI then you replace the SAP standard access control logic and hence extreme caution should be taken care for testing.

BR
Saurabh