Skip to Content
0

Analysis Authorization for Dynamic Query Selection using Customer Exit Variables - Is this possible?

Feb 21, 2017 at 10:45 AM

159

avatar image

Hello everyone!!

I want to develop a dynamic authorization concept, based on authorization table (1) and on user selection (2), valid across the system. The idea is, that different user groups receive different authorizations based on their business roles, irrelevantly of the query they use.The authorizations of the business roles are maintained in an authorization table. So far so good.

The crux is that in some cases the same user should receive different authorizations ('*' or ':'), based also on the query selection.

For example: We have a query with 3 InfoObjects (IO): SALES, COUNTRY, REVENUE. For both SALES and COUNTRY we have authorization objects filled with 2 customer exit variables. The authorization objects are not ready for input, as those should be filled in the customer exit, based on the user's authorizations.

A sales representative in Germany should see the REVENUE and all SALES '*' for COUNTRY "Germany", thus in the initial query selection screen the user receives all 3 InfoObjects, COUNTRY is filtered for Germany.

When the user removes IO COUNTRY and IO SALES in the Query Navigation, the combined REVENUE for all COUNTRIES should be displayed, e.g. SALES and COUNTRY authorizations should be ':'.

If the user wants to see all SALES without the country, nothing should be displayed for missing authorizations, SALES = ':'.

If the user then takes again COUNTRY in the Query Navigation, the initial results should be displayed.

Do You know, if this kind of dynamic authorizations is even possible?

If step 2 is used in the initial navigation, to filter the query with 'Germany' also step 3 and step 0 are executed in that order. For every following user navigation, only i_step = 0 is executed.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
Ivan Bakalov Mar 01, 2017 at 09:26 AM
0

Here a hint for those, who may want to implement something similar.

Even though it would be more elegant to solve the above problem with "no input ready" variables, it seems such approach is not a good idea with the current implementation of the query variable customer-exit mechanism.

Firstly, there seems to be no FuBa or interface for getting all variables with all respective values at i_step = 0. Same seems to be true for the query selection. Even if You manage to get the information at run-time, which if working on clients' systems You really shouldn't, You would also need to deactivate the query cache, where the values of the variables are stored. Consequently, You would get such a bad performance for the query, that probably no one would be willing to use it.

Thus basically, a remaining option is, using input-ready variables for the controlling InfoObjects. Every time, when they get changed i_step = 3 will be executed. At this point You could implement the necessary look-up logic and provide the result, via for example storing a variable or an object in memory, for further processing at i_step = 0.

In the context of the example from above, COUNTRY would be the controlling, input-ready variable, which would be changed by the user.

Further relevant information:

You could also consider using virtual authorizations:

Share
10 |10000 characters needed characters left characters exceeded