Skip to Content
avatar image
Former Member

Authorizations managed by user parameter

Hello,

someone tell me that it was possible to manage authorisations by user parameter : for example, you can limit society code in the user and the organizational level in the role will take this value.

Do-you know if it's really possible and if yes, how to make the link between the role and the parameter.

Thank you for your answer.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • avatar image
    Former Member
    Oct 01, 2010 at 03:53 PM

    As far as I know this cannot be done by standard SAP tools. I would oppose it because in my opinion the user parameters should be accesible to the user for maintenance.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 01, 2010 at 05:51 PM

    AS Jurjen said not a good idea. You could search the SDN for lot of discussion on it already. One of them linked here for your help..

    [security-with-user-parameters]

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 01, 2010 at 08:40 PM

    Hi,

    User Parameter is not meant for Authorization or security check point. Rather it works similar to the concept of Bookmarking a Website so that you don't need to type the same webaddress again and again in future whenever you want to visit it.

    Similarly if you put some value in user parameter for a particular parameter (for e.g. Cost Center) then the user doesn't need to type the Value of the Cost Center the user is authorized to see again and again when ever any Transaction code needs it as Input from the User. That field will come to user as pre-filled with the value from it's saved parameter in SU01.

    regards,

    Dipanjan

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 01, 2010 at 08:49 PM

    You seem to have been flamed enough by the 3 gurus and they are correct... 😊

    Way out and what you are looking for is "personalization" (see the corresponding tabs in Su01 and PFCG).

    So... you can transport then and adminsitrate then without the user changing them as a preference (as PIDs are by design).

    It works (unless the backend user has more auths) and is the 14h concept in the security model (PID's are unlucky number 13th concept which is used).

    If you dont want to or cannot use authorization objects, then use personalization keys (for the transportable roles or the local user master record).

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded