I was rather hoping to have a way other than going to the NWA (NetWeaver Administrator) and assigning the application for each and every user created on the mobile device. The problem with this approach is that if the users get added or deleted, on the mobile device, then the corresponding modification will have to be done in NWA.

Is there some setting somewhere in the NWA or while deploying an application or on mobile client, which allow users to access applications assigned on the mobile device by some other user.

Hi,

in the old Mi (2.5) admin we had the ability to setup a user in a way, that his assigned software got available on all machines he used the first time. So you added the stuff to a user and marked the tick: available on all machines - and so as he logged on to a new device, this caused to make the app available to him.

In 7.0 you can create a role and add users and devices to this role. But if you remove a user from a role, then the user will be removed form all devices, so I guess this does not completely fullfill your need either.

You could think about building that as a custom solution inside your app. Devices are started by a technical user and inside the app you can define which user is allowe dto use that app and what part of the app he is allwed to use.

I mean: adding a user to a device is not that critical and problematic, it is that you want to take away this user form the machine the easy way that is not that easy.

Beside that: make sure your SyncBO is multi user enabled. Otherwidse every user will get his own dedicated dataset, which will blow up the machine if you think about catalog data fro example.

Regards,

Oliver

Thanks Oliver. I will attempt to assign a role and proceed forward.

Let me elaborate my requirement a bit.

Here the problem is that, there are multiple users on a single device, using the same set of applications. The entity for which this application is being built has numerous warehouses. In each warehouse there are a set of people, who will use the same application. We know for a fact, that there will be a single computer per warehouse, where all of these people will log into and carry out the work.

So instead of assigning application to users, I wanted to make the application available to all the users who log into the device. The issue is that on monday there will be 3 users, A , B and C who need to work on the application. Come tuesday, the users who will access the application will be A, C and D. And so on. It will become very tiring to assign application to all such users. Also the churn of the users will be quite high. So for example, B will not access the application for 1 month and then will access it for a fortnight.

The cardinal requirement is that there cannot be a common login ID or user. For example all the users cannot use users A's login credentials. They will have to use their own credentials. Something to do with integrity and accountability.

I was hoping there would be a easy way, to accomplish this, without the data duplication issue, that you pointed out.

Is there something that we can do while creating the application or MCD ? Or some where a setting while the application gets deployed ?

We have a similar scenario, but we used a common id and a second login screen within the application approach

other options I have seen in the forum is to disable any type of authorization check whatsoever,

opening any and every application to all users

1) manipulate the configuration with

com.sap.tc.mobile.cfs.deploy.check_authorizations=false

This will disable authorization checks for that particular MI client\device.

2) give your users the role

SAP_DOE_ALL_APP_VISIBLE

user has access to all applications

Thanks a lot, your answer was the most helpful. I am not a fan of the first approach, having a secondary login, inside the application.

I will go with your second options. However I have the following queries regarding the same. If you can help me out, or point out the way where I can get more information regarding the same, it would be greatly appreciated.

1) Do both the steps, i.e. defining the property, "com.sap.tc.mobile.cfs.deploy.check_authorizations" and providing users the role "SAP_DOE_ALL_APP_VISIBLE" mutually exclusive or are they inclusive. That is do they have to be done together or only one of them will suffice ?

2) The setting, "com.sap.tc.mobile.cfs.deploy.check_authorizations", has to be done on the MI Client or on the MI Server ?

3) Is the setting, i.e. "com.sap.tc.mobile.cfs.deploy.check_authorizations", available with MI Client 7.0 with MDK 2.5 ?

4) Where exactly do I assign the role, SAP_DOE_ALL_APP_VISIBLE, to the users of my application ? I am presuming that it will be at the Netweaver/MI Server level and not at the MI client level.

Not required to do both. One or the other should suffice.

I am on MI 7.1 OCA so not experienced with what is available with MI Client 7.0 with MDK 2.5

I have seen this method of disabling check authorizations offered as solution for Laptop solution or solutions that involve JSP in this forum. So I assume it is available for MI 7.0

Do you know how to create a configuration file that the MI client can load?

MobileEngine.Config?

"com.sap.tc.mobile.cfs.deploy.check_authorizations" is consumed by the client, so it could be consumed by the client or sent from the server through a configuration Agent.

Regarding role, assign the "ALL_VISIBLE" role to the users you want to enable visibility of all Mobile Applications.

my other guess would be to modify the USER_AUTHORIZATIONS in the BASIS component?

Hi,

unfortunately the option with assigning app to all users - you are using MI7.0 as you mentioned in the very beginning - this option is only available from MI7.1 upwards..... sorry for this..... have not seen this option in MI7.0 up to now.

Regards,

Oliver