Solved: Authorizations using variants

Former Member · ‎04-30-2009

Hello,

I have an implementation with 30 work centers and I want to avoid define 30 roles all with the same operations but diferent organizational levels values in WERKS.

I would like to create only one profile that takes the organizational level from a variable or a user parameter.

Is that possible?How can i do that?

jurjen_heeck · ‎04-30-2009

> I want to avoid define 30 roles all with the same operations but diferent organizational levels values in WERKS.

Why do you want to avoid this? Looks like a fine opportunity for derived roles to me.

Former Member · ‎04-30-2009

Hi Ander,

User parameters cannot be used for restricting or providing the access. They can be used for setting default values for the users.

Regards,

Former Member · ‎04-30-2009

>


> Hi Ander,
> 
> User parameters cannot be used for restricting or providing the access. They can be used for setting default values for the users.
> 
> Regards,

Hi Lakshmi

There are plenty of parameters which are related to access, personally I do not like them.

EFB is a very common one for controlling ability to create PO's

jurjen_heeck · ‎04-30-2009

> I want to avoid define 30 roles all with the same operations but diferent organizational levels values in WERKS.

Why do you want to avoid this? Looks like a fine opportunity for derived roles to me.

Former Member · ‎04-30-2009

I agree with Jurjen, whichever way you look at it you will either have

1. lots of development work

2. 30+ roles to build

Former Member · ‎04-30-2009

Hello,

I agree in derived roles as a good solution but if is possible to use variables the number of roles in our system will be much lower and can be quite useful in other areas.

jabella · ‎05-04-2009

Ander,

You can create a variant of the transaction, hidding the work centers field or setting it as display only and then setting the corresponding parameter (you can get the parameter name pressing F1).

But I agree with all the other guys. It will be a pain to mantain:

- Evertytime you set a user you will need to set the parameter.

- Everytime you add a transaction to the user you will need to create a variant.

- You will need to test if the user is not able to access the data in any way. As the user is not restricted in an authorization level, it will be harder to keep a good security.

Regardes, Jose.

Former Member · ‎06-19-2009

Hi Ander,

Your purpose can be served by creating a single role and assigning a custom Analysis authorization object to it.

Regards,

Jaya

Former Member · ‎06-19-2009

Hi Jaya,

That approach relies on the user being in BW/BI and having the variable coded to pass in that info.

Former Member · ‎06-19-2009

Yes Alex. I m referring to that approach only.

First we have to maintain user specific data in a table.The variable will be processed by customer exit and we have to write a code such that it fetches the data from that table.

Hope this approach would suffice.

Regards,

Jaya

Former Member · ‎06-19-2009

Alex,here we want only the approach with variants??

Former Member · ‎06-19-2009

Hi Jaya,

I have a feeling that the original request was for an R/3 system, hence my response. If it is BW/BI then I agree with you about using the variable to populate the data.

Cheers

Alex

Former Member · ‎06-20-2009

Judging by the OP's other questions this is possibly an APO (Advanced Planner & Optimizer) system and the restriction is needed for the MRP run (Materials Requirement Planning)?

If that is the case, then the information should have been included - otherwise it is no wonder that we end up in a BI system, which could also include BusinessObjects...

Cheers,

Julius