Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Value based authorization

sukhbold_altanbat
Active Participant

‎04-06-2011 11:00 AM

0 Kudos

Hi Experts,

I would like to know how does SAP authorize that the user can update/edit/view the particular business document (example: sales order, purchase requisition) depends on field value.

example1:

user A is not suppose to view purchase requisition of more than 10000$. But user B can view this PR.

example2:

user X cannot release SO 123123123 because of some values (it could be SO type, customer, no of items or total amount). But user Y can release this SO.

Basically how to restrict security access when information is dynamically changed.

Thanks,

Sukhbold

1 REPLY 1

mvoros
Active Contributor

‎04-07-2011 12:14 AM

0 Kudos

Hi,

as you know authorization check is always a question if user has authorization for particular object and values. Therefore you have to map values into sets. For example PO with total value less than 1000$ is set A and everything else is set B and then check if a user has authorization for set A or B. For example this is how PO release strategies work, To summarize it, an application needs to map values into discrete values and then authorization checks is performed for these new values.

If you want to implement something like this then I would suggest using BRF+ if you are on sufficient release level. This allows you to pass business rules definition back to business. You just need to agree on interface.

Cheers