on 08-02-2012 1:23 PM
Hi there,
I am trying to get running an authorization for 0COSTCENTER based on the Datasource 0CO_OM_CCA_USER_1 and the DSOs
0TCA_DS01/2.
I created two CMOD exits i_step = 0 that read the DSOs based o the username.
Those I planted in the RSECADMIN for 0COSTCENTER (Values and Hierarchies).
In the Query I finally used a variable type "authorization" to get data from RSECADMIN - value entry enabled.
This is not listed in the cmod include.
This kind of works, but only kind of.
Running the report the variable window looks like using a variable i_step = 1.
All the entries form the DSOs appear allready as field entry (suggestion).
Using the value help everthing is displayed.
Selecting a costcenter that is not part of the auth scope results a more or less usless cryptic error statement with the need of refreshing.
From my understanding the authorization variable should work like an i_step = 0 exit, making a preselection for value help and offering an empty entrie field for the value.
If this isn´t so - well - where is the use of that type of variable.
Instead of it I would have to make a third exit i_step = 0 getting all analysis auth. values by function module.
Thanks a lot for help
Cheers, Dirk
Hi Dirk,
If you are setting 0COSTCENTER as auth.relevant and processing 0COSTCENTER in query via authorization, there is no need to create a customer exit for this variable.
The values get populated based on user's authorization.
Your understanding of authorization variable is correct and there is no need to create a new exit i_step = 0.
Br,
H
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Harish,
thanks for the reply.
But I want to that based on the existing authorizations the user has
- a limited/preselected value help (whis is not the case) and
- a not populated value entry. This is now populated with all possible CCTRs.
Which is not good since he might want to select a single value from his 30 or so possible and when he wants to use the value help he sees everthing and not only what he has access to.
Cheers
Dirk
Hi Dirk,
This is not possible. If it's getting processed via authorization, the user can able to see only the values restricted for him. The user cannot see all the values which he don't have access.
You can try this in RSECADMIN with the user you want to execute and check the values which he's authorized with.
If the user is still viewing all the values, he might have some other authorization like 0BI_ALL in which he can see all the values irrespective of particular authorizations.
Br,
H
If the search help does not respect the AA auths, then perhaps you need to reconsider the selection field typing for a search help which does.
THere are often BAPIs for search helps. If you type it directly as the table field you will typically not have any authorization control over it (and additional fields displayed in the result).
Cheers,
Julius
Hi all,
Thanks to the replies.
There has been indeed some profiles that should not have been there.
The setup working now, allthough the entry field still is populated with all possible values.
Since it is quite easy to delete it, I guess I have to live with it.
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.