cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization with variables

Go to solution
dirk_meyer2
Explorer

on ‎08-02-2012 1:23 PM

0 Kudos

Hi there,

I am trying to get running an authorization for 0COSTCENTER based on the Datasource 0CO_OM_CCA_USER_1 and the DSOs

0TCA_DS01/2.

I created two CMOD exits i_step = 0 that read the DSOs based o the username.

Those I planted in the RSECADMIN for 0COSTCENTER (Values and Hierarchies).

In the Query I finally used a variable type "authorization" to get data from RSECADMIN - value entry enabled.

This is not listed in the cmod include.

This kind of works, but only kind of.

Running the report the variable window looks like using a variable i_step = 1.
All the entries form the DSOs appear allready as field entry (suggestion).

Using the value help everthing is displayed.

Selecting a costcenter that is not part of the auth scope results a more or less usless cryptic error statement with the need of refreshing.

From my understanding the authorization variable should work like an i_step = 0 exit, making a preselection for value help and offering an empty entrie field for the value.

If this isn´t so - well - where is the use of that type of variable.

Instead of it I would have to make a third exit  i_step = 0 getting all analysis auth. values by function module.

Thanks a lot for help

Cheers, Dirk

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-02-2012 1:40 PM
0 Kudos

Hi Dirk,

If you are setting 0COSTCENTER as auth.relevant and processing 0COSTCENTER in query via authorization, there is no need to create a customer exit for this variable.

The values get populated based on user's authorization.

Your understanding of authorization variable is correct and there is no need to create a new exit i_step = 0.

Br,

H

Show replies
Show replies
dirk_meyer2
Explorer
‎08-02-2012 1:50 PM
0 Kudos

Hi Harish,

thanks for the reply.

But I want to that based on the existing authorizations the user has

- a limited/preselected value help (whis is not the case) and

- a not populated value entry. This is now populated with all possible CCTRs.

Which is not good since he might want to select a single value from his 30 or so possible and when he wants to use the value help he sees everthing and not only what he has access to.

Cheers

Dirk

Former Member
‎08-02-2012 1:58 PM
0 Kudos

Hi Dirk,

This is not possible. If it's getting processed via authorization, the user can able to see only the values restricted for him. The user cannot see all the values which he don't have access.

You can try this in RSECADMIN with the user you want to execute and check the values which he's authorized with.

If the user is still viewing all the values, he might have some other authorization like 0BI_ALL in which he can see all the values irrespective of particular authorizations.

Br,

H

Former Member
‎08-03-2012 9:41 PM
0 Kudos

If the search help does not respect the AA auths, then perhaps you need to reconsider the selection field typing for a search help which does.

THere are often BAPIs for search helps. If you type it directly as the table field you will typically not have any authorization control over it (and additional fields displayed in the result).

Cheers,

Julius

Answers (1)

Answers (1)

dirk_meyer2
Explorer
‎08-08-2012 1:19 PM
0 Kudos

Hi all,

Thanks to the replies.

There has been indeed some profiles that should not have been there.

The setup working now, allthough the entry field still is populated with all possible values.

Since it is quite easy to delete it, I guess I have to live with it.

Thanks

Show replies
Show replies
Ask a Question