02-19-2016 10:45 AM
Hi!
I need to restrict access to specific data only to own user who creates that data.
There is an authorization object, it checks the user:
Is don't want to create a role for individual user, is posible to specify some value (like sy-uname) to use that role in all users?
Thank you in advance.
02-19-2016 10:51 AM
Nope, it is not possible to fill an authorization field with variables at runtime.
To use "user name" as a field of an object was not well thought out in the first place. Better would have been a switch like "own data = yes or no" or "responsibility groups" and then maintain the users in some customizing - also a bit ugly from the provisioning perspective but still better than user name..
Your last hope before creating a role per user would be to double-check in the docs and code exactly what this field does. Perhaps it supports some symbolic value which authorizes users for their own data? Or is not checked when it is their own responsibility data (meaning this field is only for access to other people's data).
Cheers,
Julius
02-19-2016 10:51 AM
Nope, it is not possible to fill an authorization field with variables at runtime.
To use "user name" as a field of an object was not well thought out in the first place. Better would have been a switch like "own data = yes or no" or "responsibility groups" and then maintain the users in some customizing - also a bit ugly from the provisioning perspective but still better than user name..
Your last hope before creating a role per user would be to double-check in the docs and code exactly what this field does. Perhaps it supports some symbolic value which authorizes users for their own data? Or is not checked when it is their own responsibility data (meaning this field is only for access to other people's data).
Cheers,
Julius
02-19-2016 11:09 AM
There are standard object and code, I wanted to avoid modifying the standard but i should do it (many users...)
Thank you!
02-19-2016 11:59 AM
I did not want to say that in case it is interpreted to be encouraging a modification, but the thought did also cross my mind...
I would suggest reporting it to SAP anyway though to ask about a standard solution and describe your problem to them.
Cheers,
Julius
02-19-2016 12:03 PM
I just found a note (release last Monday) where SAP implement new badi for that authorization in the new SP
02-19-2016 12:17 PM