Hi fellow WD4A colleagues,
In the WD applications, we need to ensure that for a specific application it can be accessed by the users with the appropriate role.
WD application for Materials Change should only be accessed by users who have the role of Material Master responsible.
In this case, we do not want that a user who has a logon to the system but is not a Material Master responsible to be able to execute the Web Dynpro application (assuming he/she knew the exact URL).
I have tried searching on this topic and have found the following links:
[WD Security Narrative (but for WD Java)|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/1031cf90-0201-0010-1ea5-b27218821417]
They seem to indicate that you must build this check yourself in your own WD eg. in the WDDOINIT method to check if the user has the appropriate role. And if not, then a popup should be displayed with the appropriate message eg. "Access denied".
Has anyone else come across this in their WD projects? If so, could you confirm if this is an appropriate solution for the situation?
Thanks in advance,