Custom authorisation checks from within actions

david_lees · ‎09-09-2008

Does anyone have any experience of using authorisation object /DBM/ORDER to control field entry from actions in DBM 6.0? We wish to control entry of certain fields such as pricing data between different levels of the business such as a parts manager, supervisor or counter assistant and are wondering if this object could be used or whether we should develop additional objects?

In this scenario would it be necessary to create an action for every business role, call the same execution code from each action and then assign the OE_ACTION (field /DBM/ORDAC in object /DBM/ORDER) to each user profile? If this is the case then I'm not quite sure how x number of actions (and corresponding event(s)) for each role should be configured however!

Former Member · ‎10-21-2008

Hello David,

as the /DBM/ORDER authorisation object does not contain all the field you may need i think the idea with own authority objects is a good idea.

Maybe you can implement the authority check within a class assigned to the CHECK-BADI of the relevant actions.

Kind regards

Robert

Former Member · ‎10-23-2008

Hi David,

It is true that you will need a custom authorization object for your requirement with all the fields as per your requirement into it.

Ex: ZDBM_FLDCHK with fields

PRSDT and so on.

Now you need to create a BADI Implementation for /DBM/BADI_OE_ACTION_PREPARE. Create this implementation without filter action so that this could be executed at every action. Within this BADI implementation you can write your code for checking whether the user has changed the values on screen by comparing the HEADER_DETAIL corresponding values in VBAK_COM.

I hope this helps.

Give points if useful.

Regards,

Prakash