08-07-2009 12:46 PM
I want to create a authorizations for User to restrict particular data.
eg: In TCode VA03 I want to restrict a praticular user(eg user1) to have access to sales order,
If that sales order belongs to specific customer no eg: 001 in sold to party .
Is it possible.
I had tried on it but did not achieve that..
I had created a authorizations field..for Customer no Field name:KUNNR
I then created authorizations object and inserted the authorizations field.
I created a roles and inserted manually authorizations objects which i had created.
In Roles on Authorizatons field, i had given only required access to view particular Customer No say 002 .
So i want that the user can only view customer no 002 not customer no 001
So plz let me know asap
Thanks in Advance
Priyank Shah
08-07-2009 2:25 PM
ID 'ZTCODE' FIELD 'VA03'. " actual value
This is a contradiction...
Have you tried using customer groups?
That would be standard, but activated by assigning groups to them. It will work for most transactions and not only VA03, unless the data is aggregated.
Cheers,
Julius
08-07-2009 12:59 PM
> I had tried on it but did not achieve that..
>
> I had created a authorizations field..for Customer no Field name:KUNNR
> I then created authorizations object and inserted the authorizations field.
> I created a roles and inserted manually authorizations objects which i had created.
> In Roles on Authorizatons field, i had given only required access to view particular Customer No say 002 .
>
I miss the programming part in your list..... There's no way to enforce extra authorization checks without programming. Have an abaper look at customer exits in the program behind VA03. I beleieve there are some possibilities to insert customer code with extra AUTHORITY-CHECK statements.
08-07-2009 1:20 PM
Thanks for your Reply,
Actually from Programming it is working fine.. suppose i execute in se38..it works which i had mentioned below(Programming) ....
But i want the same in the transactions va03 if i assign a role to user....... plz help me
REPORT zbc_authorization_check.
DATA: wa_tstc TYPE tstc.
PARAMETERS: p_kunnr TYPE kunag.
AUTHORITY-CHECK OBJECT 'Z_SALES'
ID 'ACTVT' FIELD '03' " read access
ID 'KUNNR' FIELD p_kunnr " actual value
ID 'ZTCODE' FIELD 'VA03'. " actual value
IF sy-subrc EQ 0. " check authorization
fetch record
SELECT SINGLE * FROM tstc INTO wa_tstc
WHERE tcode EQ p_tcode.
WRITE: / 'Authorized!'.
WRITE:/ wa_tstc-tcode,
wa_tstc-pgmna,
wa_tstc-dypno,
wa_tstc-menue,
wa_tstc-cinfo,
wa_tstc-arbgb.
ELSE.
bad authorization
WRITE:/ 'Bad Authorization'.
ENDIF.
Thanks in Advance
Priyank Shah
08-07-2009 1:28 PM
I am sorry, I can read some abap but I am not a programmer. What are you trying to do here? Influence the transaction start?
08-07-2009 1:50 PM
You need to include your code in VA03. Have a look to see if there are any appropriate user exits or enhancement points which you can use to insert the code at a suitable point within the transaction.
08-07-2009 2:02 PM
Hi Jurjen,
Plz find more details
The code which i mentioned above is made by ABAPer to test my autorization object.
Also he told me that by putting that code in Customer Exit of VA03 it is possible to restrict user access.
Now for above functionality i am looking a solution where i can use basis technique (Roles and Authorization). I don't want to use Customer Exit/ Code.
thanks,
08-07-2009 2:09 PM
> Now for above functionality i am looking a solution where i can use basis technique (Roles and Authorization). I don't want to use Customer Exit/ Code.
I am fairly sure the custom code route is the only solution to your problem.
08-07-2009 2:25 PM
ID 'ZTCODE' FIELD 'VA03'. " actual value
This is a contradiction...
Have you tried using customer groups?
That would be standard, but activated by assigning groups to them. It will work for most transactions and not only VA03, unless the data is aggregated.
Cheers,
Julius
08-17-2009 1:12 PM