Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization objects

former_member210666
Participant
0 Kudos

Hi Friends,

I have a issue with regard to authorization for a report, the scenerio is like this.

I have a cost center report and this report is accessed by many users, now the business wants to restrict the usage of this report.

User A accessing this report should be able to see the output of this report for cost center X only

User B accessing this report should be able to see the output of this report for cost center Y only

and so on...

This restriction is required only for this particular report. It should not affect the existing authorizations of user.

How to achieve this.

Is it possible that i create variants for this report and assign this variant to the user accesing this report. If this is possible can any body please let me know how to do this.

Thanks

15 REPLIES 15

Former Member
0 Kudos

Hi,

This can be achieved by assigning the authorization object check in your report.

Include the following authorization object check in your report.

K_CSKS* (Please look in SUIM for relevant Cost center based object) there are for some specific restriction.

After including this object/s in report.

you can give the user A , Report access and above authorization object with certain cost center values.

Now above scenario may not work if user already have some values for cost center and you are not maintaining any cost center based restriction. if this is the case than you can create your own authorization object in SU21 with field value for the cost center check and include in the report authorization check. After wards you can create individual role or maintain in the User's roles as per your requirements.

0 Kudos

Hi Patel,

Will this authorization object restrict my user A to cost center X for all activities? If yes then i can't proceed with it bcoz we need this restriction only for one particualr report.

What i thought of is I can create a variant (Var1) for my report and user A should access this report with Var1 only and should not be able to change the values saved in the variant. Is it possible ?

Regards,

0 Kudos

If this is the case than i would suggest you to create your own customised objest with field value attached and include in the report. User will require this object with certain field value to be able to run the report. AS you have mentioned that you do not want to restrict the user besides this report than standard auth object will not work for this report as user may already have some auth.

Create Auth objest Z* in SU21 under CO area.

Attached field KOSTL and ACTVT field.

Now after creating the uath object, create auth check in the report code it self.

provide this objest manually in the role of the user A which is unique to the user or create the new one.

test and make sure it is working as per your requirement.

0 Kudos

As Kinjar Patel has suggested the authorization may only work if the roles of the user do not have cost center values other than the one intended for the authorization object for which you are including an authorization check in your program. If the user has more values for the same object intended for some other report/program which cannot be altered you need to go for a custom object using SU21 and include them in your program and thereafter in the role with required values.

Variants are just for default values and they can be changed and values displayed for other cost centers as well if the user has the relevant authorization.

The ability to save the changes for an report output depends on the values given for the activity field of the object. For example if only activity 03 has been given for field ACTVT then the user will not be able to make any changes and can only display the output.

0 Kudos

Hi Subramaniam & Patel,

Thanks for your detial explanation on the issue, its looks very beneficial i'll work out on ur suggestion and will update you with the results.

Cheers

0 Kudos

Please resist the temptation to cross-post even if it does relate to FICO security.

If you follow-up on your 10 unresolved questions and show some good spirit, then I am sure moderators will help your questions by moving them to better or other forums, where input could be usefull as well.

Cheers,

Julius

0 Kudos

Hi Patel,

Your solution helped me, but i am again stuck.

Authorization object is created successfully. This authorization object is assigned in the users role with required cost center/s value maintained in this object.

We have a report developed in report painter and a transaction is assigned to it. Now the issue is where do we check the authority-check in the code of a report painter report.

Thanks,

0 Kudos

Hi Julius,

Thanks, will try to follow ur suggestion.

Cheers

0 Kudos

Thanks.

Let me know when / if you want it moved to the ERP Financial Controlling forum...

Cheers,

Julius

0 Kudos

Hi Julius,

Actually this query was posted in ERP Financials - Controlling forum, but did not get any valid solution, so i posted it in this forum expecting for some concrete soultion, to an extent i got the inputs from members but still my problem is not solved.

cheers,

0 Kudos

Then I'm afraid only patience will help you...

Perhaps, while waiting, you can follow-up on the 9 other unresolved questions and try a search?

This indicates that you appreciate efforts to help you and folks might make the bit of effort to point you in the right direction.

I guess the opposite is also true.

Cheers,

Julius

0 Kudos

>

> We have a report developed in report painter and a transaction is assigned to it. Now the issue is where do we check the authority-check in the code of a report painter report.

>

> Thanks,

Hi,

If you search OSS for Report Painter Authorizations, you will get a list of notes which address this. There are a few solutions so I recommend reading through the notes with your FICO team.

0 Kudos

Hi,

As you have developed the authorisation object, you should now include authorisation check in the report it self. However having said that make sure you check against the correct object values, this check will be checked everytime your user run the report.

You can include this object at the start of the report as you want to restrict the user to run this.

your developer might help you in this.

0 Kudos

Hi Patel,

thanks, ur soultion worked. Issue tested successfully in sandbox.

Cheers,

sreekanth_sunkara
Active Participant
0 Kudos

This message was moderated.