Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization to restrict user to view specific Sales Order(VA03)

Go to solution
Former Member

‎08-07-2009 12:46 PM

0 Kudos

I want to create a authorizations for User to restrict particular data.

eg: In TCode VA03 I want to restrict a praticular user(eg user1) to have access to sales order,

If that sales order belongs to specific customer no eg: 001 in sold to party .

Is it possible.

I had tried on it but did not achieve that..

I had created a authorizations field..for Customer no Field name:KUNNR

I then created authorizations object and inserted the authorizations field.

I created a roles and inserted manually authorizations objects which i had created.

In Roles on Authorizatons field, i had given only required access to view particular Customer No say 002 .

So i want that the user can only view customer no 002 not customer no 001

So plz let me know asap

Thanks in Advance

Priyank Shah

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎08-07-2009 2:25 PM

0 Kudos 
ID 'ZTCODE' FIELD 'VA03'. " actual value

This is a contradiction...

Have you tried using customer groups?

That would be standard, but activated by assigning groups to them. It will work for most transactions and not only VA03, unless the data is aggregated.

Cheers,

Julius

8 REPLIES 8

Go to solution
jurjen_heeck
Active Contributor

‎08-07-2009 12:59 PM

0 Kudos

> I had tried on it but did not achieve that..

>

> I had created a authorizations field..for Customer no Field name:KUNNR

> I then created authorizations object and inserted the authorizations field.

> I created a roles and inserted manually authorizations objects which i had created.

> In Roles on Authorizatons field, i had given only required access to view particular Customer No say 002 .

>

I miss the programming part in your list..... There's no way to enforce extra authorization checks without programming. Have an abaper look at customer exits in the program behind VA03. I beleieve there are some possibilities to insert customer code with extra AUTHORITY-CHECK statements.

Go to solution
Former Member
In response to jurjen_heeck

‎08-07-2009 1:20 PM

0 Kudos

Thanks for your Reply,

Actually from Programming it is working fine.. suppose i execute in se38..it works which i had mentioned below(Programming) ....

But i want the same in the transactions va03 if i assign a role to user....... plz help me

REPORT zbc_authorization_check.

DATA: wa_tstc TYPE tstc.

PARAMETERS: p_kunnr TYPE kunag.

AUTHORITY-CHECK OBJECT 'Z_SALES'

ID 'ACTVT' FIELD '03' " read access

ID 'KUNNR' FIELD p_kunnr " actual value

ID 'ZTCODE' FIELD 'VA03'. " actual value

IF sy-subrc EQ 0. " check authorization

  • fetch record

  • SELECT SINGLE * FROM tstc INTO wa_tstc

  • WHERE tcode EQ p_tcode.

WRITE: / 'Authorized!'.

  • WRITE:/ wa_tstc-tcode,

  • wa_tstc-pgmna,

  • wa_tstc-dypno,

  • wa_tstc-menue,

  • wa_tstc-cinfo,

  • wa_tstc-arbgb.

ELSE.

  • bad authorization

WRITE:/ 'Bad Authorization'.

ENDIF.

Thanks in Advance

Priyank Shah

Go to solution
jurjen_heeck
Active Contributor
In response to jurjen_heeck

‎08-07-2009 1:28 PM

0 Kudos

I am sorry, I can read some abap but I am not a programmer. What are you trying to do here? Influence the transaction start?

Go to solution
Former Member
In response to jurjen_heeck

‎08-07-2009 1:50 PM

0 Kudos

You need to include your code in VA03. Have a look to see if there are any appropriate user exits or enhancement points which you can use to insert the code at a suitable point within the transaction.

Go to solution
Former Member
In response to jurjen_heeck

‎08-07-2009 2:02 PM

0 Kudos

Hi Jurjen,

Plz find more details

The code which i mentioned above is made by ABAPer to test my autorization object.

Also he told me that by putting that code in Customer Exit of VA03 it is possible to restrict user access.

Now for above functionality i am looking a solution where i can use basis technique (Roles and Authorization). I don't want to use Customer Exit/ Code.

thanks,

Go to solution
jurjen_heeck
Active Contributor
In response to jurjen_heeck

‎08-07-2009 2:09 PM

0 Kudos

> Now for above functionality i am looking a solution where i can use basis technique (Roles and Authorization). I don't want to use Customer Exit/ Code.

I am fairly sure the custom code route is the only solution to your problem.

Go to solution
Former Member

‎08-07-2009 2:25 PM

0 Kudos 
ID 'ZTCODE' FIELD 'VA03'. " actual value

This is a contradiction...

Have you tried using customer groups?

That would be standard, but activated by assigning groups to them. It will work for most transactions and not only VA03, unless the data is aggregated.

Cheers,

Julius

Go to solution
Former Member

‎08-17-2009 1:12 PM

0 Kudos

Did not get a proper solutions