Skip to Content

one tcode with 3 different auth objects for 3 different set of teams with 3 different set of roles..

Hi Gurus... In ECC.. We have one custom tcode already present in production system in some roles... This tcode is used by 2 different set of team.. One team should access only one tab and able to change (select check box prepare+save) and other team should access only one field (select check box release +save).
For both feilds (prepare,release) 2 seperate authorization objects created with only one field activity and only one filed value 02. We have seperate roles for both team 1 and team 2.
Role1: tcode T+object 1+filed activity 02 to access tab prepare
Role2:: tcode T+object 2+only one filed activity 02 to access tab release
As the tcode is same but the authorization objects are is different..
We have additional requirement to create new role to new set of team for new tab called Tag.. Abap team has created new authorization object and added it in the authority check of the program to restrict user's based on new tab called TAG

I have crated new role and assigned same custom tcode.. While testing I do see auth objects related to team1(prepare) and team2(release) in the trace with RC12..
One team should not have access to other team tab access as it's SOD.. In this case can we just ignore those 2 objects and do not add those objects related to team 1 and 2 in the roles of team 3 or shall we modify the code such that those objects should not check for team 3

Or can we add one filed value activity 03 on all those 3 objects and give display access to whom change access is not required.. In this case team 3 can I have display access to other 2 tabs(prepare, release)

Please suggest

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • Jun 10 at 01:18 PM

    Hi Venugopal,

    yes you can add field value acitivity 03 on all those 3 objects.But in few cases where the customer dont want to give display access for others.

    apart from that.. as you said it gives RC12 for the first two objects. Here there is an issue with program logic.

    It was supposed to skip or pass if the object 1 and 2 was not found but it is failing.

    For your above requirement below logic can be applies

    Logic:

    Check for object 1 -> not found-> pass to object 2

    check for object 2-> not found-> pass to object 3

    Check for object 3-> found ->Tag successful

    similarly for other tasks like prepare and release.

    Add comment
    10|10000 characters needed characters exceeded