on 06-06-2013 5:11 AM
Hi,
I have activated access control engine for ONEORDER objects. Everything is working as expected except one thing. The transaction type for which I activated ACE are visible (as per the access given) but all other transaction types are not visible. How do i make the other transaction types visible?
Any help will be appreciated.
Thanks in advance.
Find below the code i have written (particular methods only)
METHOD if_crm_ace_actors_from_object~get_actors_from_objects.
DATA: lwa_req_objects TYPE crmt_object_name_tab,
lwa_guid TYPE crms_ace_object_guid,
lwa_header_guid TYPE crmt_object_guid_tab,
lt_partner TYPE crmt_partner_external_wrkt,
lt_orderadm_h TYPE crmt_orderadm_h_wrkt,
ls_orderadm_h TYPE crmt_orderadm_h_wrk,
ls_partner TYPE crmt_partner_external_wrk,
lv_smbp_number TYPE crmt_partner_no,
lv_partner_no TYPE cmst_partner_no, "bu_partner,
lv_user_name TYPE syuname,
lv_check TYPE boolean,
ls_actor_id TYPE crms_ace_object_actors.
DATA: it_ace_actor TYPE crmt_ace_actor_id,
ls_ace_actor TYPE crms_ace_actor_id,
lv_partner_guid TYPE bu_partner_guid.
CALL METHOD me->get_business_partner
IMPORTING
ev_usr_name = lv_user_name
ev_partner_no = lv_partner_no.
INCLUDE crm_direct.
INSERT gc_object_name-partner INTO TABLE lwa_req_objects.
INSERT gc_object_name-orderadm_h INTO TABLE lwa_req_objects.
LOOP AT it_object_guids INTO lwa_guid.
REFRESH: it_ace_actor,lwa_header_guid, lt_orderadm_h , lt_partner.
REFRESH: lwa_header_guid.
APPEND lwa_guid-object_guid TO lwa_header_guid.
*Call the FM to get the BP number of Sales Manager for the one order object
CALL FUNCTION 'CRM_ORDER_READ'
EXPORTING
it_header_guid = lwa_header_guid
iv_only_spec_items = 'X'
it_requested_objects = lwa_req_objects
IMPORTING
et_orderadm_h = lt_orderadm_h
et_partner = lt_partner.
IF sy-subrc EQ 0.
READ TABLE lt_orderadm_h INTO ls_orderadm_h INDEX 1.
IF sy-subrc EQ 0.
IF ls_orderadm_h-process_type EQ 'ZTSK'.
READ TABLE lt_partner INTO ls_partner WITH KEY partner_fct = 'Z0000013'.
IF sy-subrc EQ 0.
ls_ace_actor-actor_id = ls_partner-bp_partner_guid.
APPEND ls_ace_actor TO it_ace_actor.
ENDIF.
IF it_ace_actor IS NOT INITIAL.
ls_actor_id-object_guid = lwa_guid-object_guid.
ls_actor_id-actors = it_ace_actor. "ls_territories_partner-table_line.
APPEND ls_actor_id TO et_actor_ids.
ENDIF.
ELSE.
APPEND lwa_guid TO et_failed_objects.
ENDIF.
ENDIF.
ENDIF.
ENDLOOP.
SORT et_actor_ids BY object_guid.
DELETE ADJACENT DUPLICATES FROM et_actor_ids COMPARING object_guid.
ENDMETHOD.
METHOD if_crm_ace_objects_by_filter~check_objects_by_filter.
DATA: ls_object_guid TYPE crms_ace_object_guid,
lt_partnerroles TYPE TABLE OF bapibus1006_roles,
lv_process_type TYPE crmt_process_type,
lt_return TYPE TABLE OF bapiret2,
guid_ref TYPE crmt_object_guid.
LOOP AT im_object_guid_table INTO ls_object_guid.
CLEAR lv_process_type.
MOVE ls_object_guid-object_guid TO guid_ref.
CALL FUNCTION 'CRM_ORDERADM_H_READ_OW'
EXPORTING
iv_orderadm_h_guid = guid_ref
IMPORTING
ev_process_type = lv_process_type
EXCEPTIONS
admin_header_not_found = 1
OTHERS = 2.
IF lv_process_type = 'ZTSK'.
APPEND ls_object_guid TO ex_object_guid_table.
ENDIF.
ENDLOOP.
ENDMETHOD.
METHOD if_crm_ace_objects_by_filter~get_objects_by_filter.
SELECT guid FROM crmd_orderadm_h INTO TABLE ex_object_guid_table.
ENDMETHOD.
Hello, Sagar.
Could you please check which mode is set for ACE in your system? You can find it in IMG -> CRM -> Basic Functions -> Access Control Engine -> Maintain General Parameters. It's RESTRICTIVE_MODE parameter. Check if it's set or not.
More important thing is your implementation of GET_OBJECTS_BY_FILTER. I strongly recommend to consider Note 1178926 - FAQ: Access Control Engine. There is an attachment to it called ACE_Best_Practice_guide.zip. Please consider it carefully. Particularly the section "ACE Implementation". As stated there:
In your OBF (interface IF_CRM_ACE_OBJECTS_BY_FILTER), think of the best way to filter your objects for the rule in the ‘GET_OBJECTS_BY_FILTER’ method. Try to be restrictive by defining your target clearly. Try to target each object with only one right to avoid confusion. Be efficient when you select your objects and only select the objects you are targeting for a rule. The implementation of ‘GET_OBJECTS_BY_FILTER’ is mandatory.
So it seems that your simple select makes all your issue. In other words you have to apply the similar check as you do in CHECK_OBJECTS_BY_FILTER. Apply the process type filter when selecting from CRMD_ORDERADM_H.
Hope this will help you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
5 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.