Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

one tcode with 3 different auth objects for 3 different set of teams with 3 different set of roles..

0 Kudos

Hi Gurus... In ECC.. We have one custom tcode already present in production system in some roles... This tcode is used by 2 different set of team.. One team should access only one tab and able to change (select check box prepare+save) and other team should access only one field (select check box release +save).
For both feilds (prepare,release) 2 seperate authorization objects created with only one field activity and only one filed value 02. We have seperate roles for both team 1 and team 2.
Role1: tcode T+object 1+filed activity 02 to access tab prepare
Role2:: tcode T+object 2+only one filed activity 02 to access tab release
As the tcode is same but the authorization objects are is different..
We have additional requirement to create new role to new set of team for new tab called Tag.. Abap team has created new authorization object and added it in the authority check of the program to restrict user's based on new tab called TAG

I have crated new role and assigned same custom tcode.. While testing I do see auth objects related to team1(prepare) and team2(release) in the trace with RC12..
One team should not have access to other team tab access as it's SOD.. In this case can we just ignore those 2 objects and do not add those objects related to team 1 and 2 in the roles of team 3 or shall we modify the code such that those objects should not check for team 3

Or can we add one filed value activity 03 on all those 3 objects and give display access to whom change access is not required.. In this case team 3 can I have display access to other 2 tabs(prepare, release)

Please suggest

2 REPLIES 2

LaxmiM
Participant
0 Kudos

Hello Venugopal,

Could you please clarify for team 3, which needs access to tab TAG are the other tabs also visible?

Laxmi Maurya

0 Kudos

Hi Venugopal,

yes you can add field value acitivity 03 on all those 3 objects.But in few cases where the customer dont want to give display access for others.

apart from that.. as you said it gives RC12 for the first two objects. Here there is an issue with program logic.

It was supposed to skip or pass if the object 1 and 2 was not found but it is failing.

For your above requirement below logic can be applies

Logic:

Check for object 1 -> not found-> pass to object 2

check for object 2-> not found-> pass to object 3

Check for object 3-> found ->Tag successful

similarly for other tasks like prepare and release.