Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Is possible to use variables as auth. value?

Go to solution
Former Member

‎02-19-2016 10:45 AM

0 Kudos

Hi!

I need to restrict access to specific data only to own user who creates that data.

There is an authorization object, it checks the user:

Is don't want to create a role for individual user, is posible to specify some value (like sy-uname) to use that role in all users?

Thank you in advance.

Preview file
9 KB
1 ACCEPTED SOLUTION

Go to solution
Former Member

‎02-19-2016 10:51 AM

0 Kudos

Nope, it is not possible to fill an authorization field with variables at runtime.

To use "user name" as a field of an object was not well thought out in the first place. Better would have been a switch like "own data = yes or no" or "responsibility groups" and then maintain the users in some customizing - also a bit ugly from the provisioning perspective but still better than user name..

Your last hope before creating a role per user would be to double-check in the docs and code exactly what this field does. Perhaps it supports some symbolic value which authorizes users for their own data? Or is not checked when it is their own responsibility data (meaning this field is only for access to other people's data).

Cheers,

Julius

5 REPLIES 5

Go to solution
Former Member

‎02-19-2016 10:51 AM

0 Kudos

Nope, it is not possible to fill an authorization field with variables at runtime.

To use "user name" as a field of an object was not well thought out in the first place. Better would have been a switch like "own data = yes or no" or "responsibility groups" and then maintain the users in some customizing - also a bit ugly from the provisioning perspective but still better than user name..

Your last hope before creating a role per user would be to double-check in the docs and code exactly what this field does. Perhaps it supports some symbolic value which authorizes users for their own data? Or is not checked when it is their own responsibility data (meaning this field is only for access to other people's data).

Cheers,

Julius

Go to solution
Former Member
In response to Former Member

‎02-19-2016 11:09 AM

0 Kudos

There are standard object and code, I wanted to avoid modifying the standard but i should do it (many users...)

Thank you!

Go to solution
Former Member
In response to Former Member

‎02-19-2016 11:59 AM

0 Kudos

I did not want to say that in case it is interpreted to be encouraging a modification, but the thought did also cross my mind...

I would suggest reporting it to SAP anyway though to ask about a standard solution and describe your problem to them.

Cheers,

Julius

Go to solution
Former Member
In response to Former Member

‎02-19-2016 12:03 PM

0 Kudos

I just found a note (release last Monday) where SAP implement new badi for that authorization in the new SP

Go to solution
Former Member
In response to Former Member

‎02-19-2016 12:17 PM

0 Kudos

There you go, not alone 🙂