cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization based on Queries

Former Member

on ‎08-30-2013 1:42 PM

0 Kudos

Hello Experts,

I have the following problem requirement:

I have in total 4 Queries which are using the Infoobject Z_EMPLOYEE (Authorization relevant object).

out of the 4 Queries, I need that 2 Queries should show results based on the logged in user(Employee Number contained in Z_EMPLOYEE) only.

For this I have created a Authorization variable over Z_EMPLOYEE and restricted the Query based on the logged in user in the user authorization profile.

Further, I am not able now to display the other 2 Queries without any restriction of the logged in user!

If I remove the authorization variable over Z_EMPLOYEE in the Query, no results are shown. And if I restrict the Z_EMPLOYEE with the authorization variable, only data relevant to the Employee is displayed.

Can anyone shed some light on how to handle this situation?

Thanks in advance.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member182470
Active Contributor
‎08-30-2013 5:00 PM
0 Kudos

You have to create separate roles for 2 queries each. In the second set of 2 queries, do not use Z_EMPLOYEE field in Authorizations at all. Then your requirement will be achieved. Inf irst 2 queries, use as you are using now.

Show replies
Show replies
Former Member
‎09-02-2013 12:04 AM
0 Kudos

Thanks Suman for the response. But my Question still remains ... How to define authorization profile based on queries?

Can u upload a screenshot or so? I tried to include the query names in role creation in PFCG t code.. But it did not help for all 4 queries...

Regards...

Former Member
‎09-02-2013 8:07 AM
0 Kudos

Hi Kiran,

You can create role for query using below components.

You can restrict the query under component S_RS_COMP

To restrict queries use component :RSZCOMPID

Former Member
‎09-02-2013 8:10 AM
0 Kudos

You want to restrict any characteristic maintain authorization with the restriction( Z_Employee in your case) and assign it to main role under below component: S_RS_AUTH

Create a role and restrict and assign queries using above steps

former_member182470
Active Contributor
‎09-02-2013 8:39 AM
0 Kudos

You have to create 2 separate roles as i said earlier.

You need to first 2 queries to first role and other 2 to second role in PFCG.

Before that, you need to create Authorizations for these two roles separately in RSECAADMIN-->Maintenance screen. and keep * in first Authorization and do not keep ZEMPLOyee in second one in Maintenance screen.

MGrob
Active Contributor
‎08-30-2013 3:40 PM
0 Kudos

Hi

So you want two queries be restricted and two without? that is not going to work that easily you would have to create an authorization object that containes the queries names and z_EMPLOYEE and for two queries you limit it to the employee id and for the two others you set it on *. (Use : if you only need to show the aggreagted value)

hope it helps

Martin

Show replies
Show replies
Former Member
‎09-02-2013 12:07 AM
0 Kudos

Thanks Martin for the response.

Can u please add more detail on what authorization object u r talkin about..I think u got my question right but I m unable to understand ur solution yet..

Thanks n regards..

MGrob
Active Contributor
‎09-02-2013 8:00 AM
0 Kudos

Hi

Go to Tx RSECADMIN and create a new object adding your ZEMPLOYEE and 0TCTQUERY one with  ZEMPLOYEE as * for those two queries  0TCTQUERY restricted you want to allow to see all.

Then create a second one limiting the ZEMPLOYEE with authorization variable and the two other queries you only want to allow to see the two employees etc.

hope it helps

Martin

Former Member
‎09-02-2013 9:11 PM
0 Kudos

Thanks Martin for the fast response. i tried to create two authorization objects as you mentioned..

the first one is for all VIEWING and is defined as below 

0TCTQUERY with all the queries viewable

Z_EMPLOYE with *

the second one is with authorization variable

defined over only 1 Query with authorization variable

restricted to only the logged in user.... as below

but unfortunately this is not working.. Did I miss something? or am i on the wrong track.. do suggest.

former_member182470
Active Contributor
‎09-03-2013 6:35 AM
0 Kudos

You should not add Queries in TCTQUERY. As I told you in my last reply, you have to add those two queries each to separate Roles in PFCG. Please read my latest replies.

Former Member
‎09-03-2013 8:39 AM
0 Kudos

Hi Suman,

thanks for the reply with screenshots..

here i am condensing my questions based on only 2 Queries. Q0001 should show data based on the logged in user id & allow to edit the plan data and Q0002 should show all the available values of all users. Both the Queries are build on the same aggregation level. As you mentioned, I have created 2 profiles in PFCG txn: resourceplnng & resourceplnng_2 correspondingly to the above Queries. The Q0001 is working as expected but Q0002 is not showing the values at all. I am attaching the screenshots as below:

this is as expected since there is no data of this logged in user present in the Infoprovider.

this Query result should show all the available data

but nothing is displayed.. Sorry but still m missing the correct point I suppose.

former_member182470
Active Contributor
‎09-03-2013 9:47 AM
0 Kudos

HI,

Have you assigned User Ids in Users tab in your roles?

Go to the Assignment tab in RSECADMIN-->Users Tab and enter User Id--> Manual or Genrated Authorizations. You have to give Authorizations here.

Regards,

Suman

Former Member
‎09-03-2013 9:51 AM
0 Kudos

Yes, I have assigned approx. 6 Users for these Roles.

former_member182470
Active Contributor
‎09-03-2013 11:34 AM
0 Kudos

To achieve your requirement, you should assign authorizations based on ZEMPLOYEE for your two scenarios, right? That's the key for your issue. Please explore RSECADMIN.

http://scn.sap.com/docs/DOC-11451

former_member182470
Active Contributor
‎09-03-2013 2:16 PM
0 Kudos

Hi Kiran,

Step 1 : RSECADMIN-->Maintenance-->Create Authorizations by based on ZEMPLOYEE with * and name this whole Authorization as Query1. Repeat the same for Query2 but ZEMPLOYEE with some restricted values but not * here. This is what your requirement, right?

Step 2 : Go to User tab in RSECADMIN. Click on Assignment  button-->It will take you to Assignment of User. As you said, you have to repeat this process for all 6 users. You have to enter either in Manual( You have to enter what you created in Step 1). Repeat the same for two scenarios.

Step 3 : Go to PFCG-->Create two separate roles for two queries. In role definition-->Authorizations Tab-->Change Authorizations data-->See below pic

Do the same for your second role also. That's it, your issue will be resolved. I have given you how Authorizations generally we assign with our customized requirements. Hope your issue will be resolved.

Regards,

Suman

Ask a Question