Solved: Access Control Engine for ONEORDER working only fo...

Former Member · ‎06-06-2013

Hi,

I have activated access control engine for ONEORDER objects. Everything is working as expected except one thing. The transaction type for which I activated ACE are visible (as per the access given) but all other transaction types are not visible. How do i make the other transaction types visible?

Any help will be appreciated.

Thanks in advance.

Find below the code i have written (particular methods only)

METHOD if_crm_ace_actors_from_object~get_actors_from_objects.

DATA:   lwa_req_objects         TYPE                  crmt_object_name_tab,
          lwa_guid                TYPE                   crms_ace_object_guid,
          lwa_header_guid         TYPE                   crmt_object_guid_tab,
          lt_partner              TYPE                   crmt_partner_external_wrkt,
          lt_orderadm_h           TYPE                   crmt_orderadm_h_wrkt,
          ls_orderadm_h           TYPE                   crmt_orderadm_h_wrk,
          ls_partner              TYPE                   crmt_partner_external_wrk,
          lv_smbp_number          TYPE                   crmt_partner_no,
          lv_partner_no           TYPE                   cmst_partner_no,      "bu_partner,
          lv_user_name            TYPE                   syuname,
          lv_check                TYPE                   boolean,
          ls_actor_id             TYPE                   crms_ace_object_actors.

DATA: it_ace_actor        TYPE crmt_ace_actor_id,
        ls_ace_actor        TYPE crms_ace_actor_id,
        lv_partner_guid     TYPE bu_partner_guid.

CALL METHOD me->get_business_partner
    IMPORTING
      ev_usr_name   = lv_user_name
      ev_partner_no = lv_partner_no.

INCLUDE crm_direct.

INSERT gc_object_name-partner INTO TABLE lwa_req_objects.
INSERT gc_object_name-orderadm_h INTO TABLE lwa_req_objects.

LOOP AT it_object_guids INTO lwa_guid.

REFRESH: it_ace_actor,lwa_header_guid, lt_orderadm_h , lt_partner.
REFRESH: lwa_header_guid.

APPEND lwa_guid-object_guid TO lwa_header_guid.

*Call the FM to get the BP number of Sales Manager for the one order object
    CALL FUNCTION 'CRM_ORDER_READ'
      EXPORTING
        it_header_guid       = lwa_header_guid
        iv_only_spec_items   = 'X'
        it_requested_objects = lwa_req_objects
      IMPORTING
        et_orderadm_h        = lt_orderadm_h
        et_partner           = lt_partner.

IF sy-subrc EQ 0.

READ TABLE lt_orderadm_h INTO ls_orderadm_h INDEX 1.
IF sy-subrc EQ 0.

IF ls_orderadm_h-process_type EQ 'ZTSK'.

          READ TABLE lt_partner INTO ls_partner WITH KEY partner_fct = 'Z0000013'.
          IF sy-subrc EQ 0.
            ls_ace_actor-actor_id = ls_partner-bp_partner_guid.
            APPEND ls_ace_actor TO it_ace_actor.
          ENDIF.

          IF it_ace_actor IS NOT INITIAL.
            ls_actor_id-object_guid = lwa_guid-object_guid.
            ls_actor_id-actors       = it_ace_actor. "ls_territories_partner-table_line.
            APPEND ls_actor_id TO et_actor_ids.
          ENDIF.

ELSE.

APPEND lwa_guid TO et_failed_objects.

        ENDIF.
      ENDIF.
    ENDIF.

ENDLOOP.

SORT et_actor_ids BY object_guid.
DELETE ADJACENT DUPLICATES FROM et_actor_ids COMPARING object_guid.

ENDMETHOD.

METHOD if_crm_ace_objects_by_filter~check_objects_by_filter.

DATA: ls_object_guid TYPE crms_ace_object_guid,
      lt_partnerroles TYPE TABLE OF bapibus1006_roles,
      lv_process_type TYPE crmt_process_type,
      lt_return       TYPE TABLE OF bapiret2,
      guid_ref        TYPE crmt_object_guid.

LOOP AT im_object_guid_table INTO ls_object_guid.
    CLEAR lv_process_type.
    MOVE ls_object_guid-object_guid TO guid_ref.
    CALL FUNCTION 'CRM_ORDERADM_H_READ_OW'
      EXPORTING
        iv_orderadm_h_guid     = guid_ref
      IMPORTING
        ev_process_type        = lv_process_type
      EXCEPTIONS
        admin_header_not_found = 1
        OTHERS                 = 2.
    IF lv_process_type = 'ZTSK'.
      APPEND ls_object_guid TO ex_object_guid_table.
    ENDIF.
ENDLOOP.

ENDMETHOD.

METHOD if_crm_ace_objects_by_filter~get_objects_by_filter.
SELECT guid FROM crmd_orderadm_h INTO TABLE ex_object_guid_table.
ENDMETHOD.

VishnAndr · ‎06-06-2013

Hello, Sagar.

Could you please check which mode is set for ACE in your system? You can find it in IMG -> CRM -> Basic Functions -> Access Control Engine -> Maintain General Parameters. It's RESTRICTIVE_MODE parameter. Check if it's set or not.

More important thing is your implementation of GET_OBJECTS_BY_FILTER. I strongly recommend to consider Note 1178926 - FAQ: Access Control Engine. There is an attachment to it called ACE_Best_Practice_guide.zip. Please consider it carefully. Particularly the section "ACE Implementation". As stated there:

In your OBF (interface IF_CRM_ACE_OBJECTS_BY_FILTER), think of the best way to filter your objects for the rule in the ‘GET_OBJECTS_BY_FILTER’ method. Try to be restrictive by defining your target clearly. Try to target each object with only one right to avoid confusion.  Be efficient when you select your objects and only select the objects you are targeting for a rule. The implementation of ‘GET_OBJECTS_BY_FILTER’ is mandatory.

So it seems that your simple select makes all your issue. In other words you have to apply the similar check as you do in CHECK_OBJECTS_BY_FILTER. Apply the process type filter when selecting from CRMD_ORDERADM_H.

Hope this will help you.

Access Control Engine for ONEORDER working only for one transaction type

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

crystal report for special term on customers & ven...

Re: EXECUTE QUERY ONLY IF USER IN MY LISTE

Re: Reset number range in C4C

Re: Maintain External ID for Customers/accounts vi...

Re: RFID wristbands for FEC (Family Entertainment ...