on 02-12-2019 12:07 PM
Hey,
I would like to know of the options that SAP provides for managing authorizations ....
In our organization we manage data with tables, objects, etc. In some tables we have records that are only relevant for certain user groups. I need a way to display the relevant data for each group.
We use “select” to get the data from the tables. Is there any way to manage the authorizations so that I won’t have to make big changes to the code.
Please,
Any help?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey,
Thanks for your answer. I will try to explain a little bit better my problem.
Our data is on several custom tables. Until few days ago we had only one type of users, which they could edit/add/remove data from tables.
And also, we use “select” - (abap) to take the data from the tables.
But now we got more groups of users which can not share data among the groups. And we need to add the data to same table our first group is using.
Is there any solution to this problem?
Hope you can help me
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi David
If your code doesn't contain any authorisation checks then there isn't much that can be done
Is this a custom built program? Is it on ABAP or a specific component as this determines which security models are available (i.e. you mentioned ACE which looks to be CRM specific)?
If it's data and custom tables, how is the data being accessed? If custom code, did you have a functional module, method or something you consistently call each time to access the data so you can add authority checks in? If the restriction is based on user groups in SU01 the you could create a custom authority object and define the field you need, including user group field for the data, etc.
It's a bit difficult for anyone to provide suggestions. However, to me it seems that security was never designed up front and it could be an expensive activity finding each and every scenario to add a check in as opposed to designing it with security requirements up front.
If the data isn't a lot to manage and it's SM30 type access then you could look at S_TABU_LIN authorisation and configure the scenarios. If it's high volume then it could be a negative performance issue in using that object.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi David - I recommend reading Otto Gold's blog on authorization checks: https://blogs.sap.com/2013/11/02/how-to-put-proper-authority-checks-to-your-custom-programs/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey,
Thanks for your answer. However, I am looking for a way to manage the authorization without changing the code (or adding the check in each and every time I use the sensitive data - if i don’t find another way I will do it).
In my research, i have found “ACE” but I don’t think that it solves my problem - relvent records per group of users in the same table.
Are you familiar with something else that SAP provides which can help me?
User | Count |
---|---|
83 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.