on 01-29-2009 9:24 AM
Hi guys,
I have an application whereby the first page is a menu containing links to other web dynpro applications.
When the user clicks the URL, i want to check whether he has the appropriate role in order for him to proceed. If he doesn't have the appropriate role, then i want to show him a message.
How do i do that ?
Thanks
Regards,
Daniel
Is it necessary for the user to view the link to other application inspite of not havign the necessary roles?
You can retrieve the user's roles by setting the authentication porperty "On" and use the com.sap.security.. api methods to obtain the roles of the login user. Subsequently, display the links of application if the user has the necessary roles.
Hope this helps.
Regards,
Sharath
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Anagha,
Thanks for the tips.
I m thinking that if we put the check in the wdDoInit method of the views of the different applications and check the roles there. So if the user doesn't have the appropriate role, can fire the plug to to a common error page.
Will it not be more secured ?
Thanks.
Rgds,
Daniel
hi,
You can try by putting your aplication in "security zones" which first check before executing application whether user is assigned permission or not..
Chekc following link :-
http://help.sap.com/saphelp_erp2004/helpdata/en/25/85de55a94c4b5fa7a2d74e8ed201b0/frameset.htm
Regards,
Jigar Oza
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi guys,
Thanks for the tips.
I managed to find a solution to the above.
I created an exit plug of the interface view.
Then i did the authorization check in the onPlugDefault method of the interface view and if user doesnt have the required authority, fire the exit plug there. It works.
Rgds,
Daniel
you can use this code to check that user is assigned to a role.
public boolean isUserAssignedToRole( )
{
//@@begin isUserAssignedToRole()
try{
String cur_user = WDClientUser
.getCurrentUser()
.getSAPUser()
.getUniqueName();
IRole role = UMFactory.getRoleFactory().getRole( <Role ID>);
Iterator itr = role.getUserMembers( true);
while( itr.hasNext()){
IUser usr = UMFactory.getUserFactory().getUser( itr.next().toString());
if( usr.getUniqueName().equalsIgnoreCase( cur_user)){
return true;
}
}
}catch( WDUMException e){
} catch (UMException e) {
}
return false;
//@@end
}
set Visibility according to the return value.
vinod v
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Another way could be to check roles first and display only those urls that are permissible for that role.
Regards,
Anagha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.