Skip to Content
0

Block "normal" usage of transaction when using Personas

Jul 07, 2017 at 12:25 PM

41

avatar image

Hello,

We have a requirement from business, which come up with the idea to develop a Personas IE02 flavor for non-normal SAP user.

The user should only have authorization for the "simple" Personas IE02 flavor, but not for the normal IE02 (too dangerous).

I know, I can solve this concrete issue with some developments. But next time, we have such developments again.

By the way, how can I check in the IE02 coding, if the user come from a Personas flavor?

Is there any standard solution available for this? What is the recommended solution?

Thanks for any idea.

Bernhard

bko
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Tamas Hoznek
Jul 07, 2017 at 05:36 PM
0

You cannot prevent the user from logging on via the SAP GUI instead of the browser (if that's what you're looking for), but you could prevent them from accessing the Original Screen via authorization settings. You have to create a custom role that only permits the runtime authorization of using flavors and nothing else, and assign the simplified IE02 flavor to them as their default.

There is no standard solution yet to determine whether the user is logged on via a Personas or a SAP GUI session. However, a Personas script can determine whether the original screen or a flavor is active, using session.info.flavorId. This will be blank in case of the Original Screen.

Share
10 |10000 characters needed characters left characters exceeded
Bernhard Kolbenschlag Jul 12, 2017 at 12:52 PM
0

Hello Tamas,

thanks for your quick response;

I think, that the user can use a IE02 flavor only he have also the IE02 transaction authorization, correct?

with this authorizations, the user can also start the normal IE02 (within SAPgui for Windows) after normal logon;

exactly this - start of normal IE02 - should not be possible for this user group;

Idea is:

- add authorization for “only-Personas-IE02” to IE02 authorization role (or creation of a new Personas-IE02 role for this);

this is only necessary to distinguish between "normal-IE02" and "Personas-IE02" user; for some user both is allowed

- set global variable “Personas_call” (in function group) when starting IE02 flavor

- create implizite enhancement point (after start of IE02) and check: IF NOT “Personas_call“ AND “only-Personas-IE02” authorization,THEN exit IE02;

what do you think about this idea?

Share
10 |10000 characters needed characters left characters exceeded